Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan:JS/Seedabutor.B and need help removing it


  • This topic is locked This topic is locked
25 replies to this topic

#1 tomblits

tomblits

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 15 April 2013 - 01:24 PM

A few days ago Microsoft Security Essentials began detecting Trojan:JS/Seedabutor.B in its real time detection after I updated the virus and spyware definitions in MSE. It automatically Quarantines it, but it keeps detecting the trojan every 10 minutes and Quaranteening it again. I did a full scan with MSE and deleted all detected virus/trojans and it still persisted. I then rebooted into Safe Mode and did a full scan with MSE and deleted all virus's and trojans again as well as a full scan with Malwarebytes' Anti-Malware and deleted all detected items. I did a disk clean up to delete all temporary files.  It still detects the trojan every 10 minutes. I have tried google searching for methods to manually delete it however every attempt I have made has been fruitless. This is what MSE says it detects for directories file:C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6K55H9LN\rss[1].htm. The last folder is always random and the number in [] brackets is random between 1 and 2.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Tom at 13:04:16 on 2013-04-15
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8182.4850 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\AMD\RAIDXpert\_jvm\bin\java.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\SmartCam\SmartCam.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate06142012
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing

\hpswp_printenhancer.dll
BHO: IEPlugin Class: {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files (x86)\ArcSoft\Media Converter for Philips\Internet

Video Downloader\ArcURLRecord.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player

\npdivx32.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office

\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared

\Windows Live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
BHO: Foxit Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing

\hpswp_BHO.dll
TB: Foxit Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB: Foxit Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing

\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing

\hpswp_bho.dll
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge] "D:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TrayServer] D:\Program Files (x86)\MAGIX\Movie_Edit_Pro_17_Plus_Download_Version\TrayServer_en.exe
mRun: [NokiaMusic FastStart] "D:\Program Files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -

launchedbylogin
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?

lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctODgwOTk1NDkyLVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMS1UMTIrOQ"&

"prod=90"&"ver=2012.0.1831"&"mid=7590781333b947d1b6add1a90a930420-7926b045a65a1fb52b28e210baaadccc503b6ba0
StartupFolder: C:\Users\Tom\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SPEEDF~1.LNK - C:\Program Files

(x86)\SpeedFan\speedfan.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office

\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars

\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging

\Smart Web Printing\hpswp_BHO.dll
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{0575A85A-9D62-4F23-B5DE-D02E6B74BF6E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{12FEBD2C-C817-457C-9DAF-23AF36E8A207} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{261FB601-5379-486A-BEDE-EA8A3F6AEC0F} : DHCPNameServer = 192.168.42.129
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office

\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office

\Office12\GrooveShellExtensions.dll
mASetup: {6DD5AFAA-ABA2-CBB9-CAE9-EC4FAEDB59DB} - C:\Users\Tom\AppData\Roaming\svchost.exe
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared

\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
x64-Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
x64-Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\gaau5ihn.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.battle.net/wow/en/forum/topic/7592909792
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I'm+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Tom\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2010-11-12 10:03; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing

\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64;ahcix64;C:\Windows\System32\drivers\ahcix64.sys [2008-10-13 226320]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 AMDRAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe [2003-9-29 110592]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2011-10-14 55936]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-12-9 21992]
R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2010-11-11 68136]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-12 418376]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
R2 Windows7FirewallService;Windows7FirewallService;C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [2010-11-12

614912]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-12-26 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-10-10 44928]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-10-16 25928]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-10-10 29696]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 !SASCORE;SAS Core Service;"D:\Program Files (x86)\SUPERAntiSpyware\SASCORE64.EXE" --> D:\Program Files (x86)\SUPERAntiSpyware

\SASCORE64.EXE [?]
S2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2011-10-14 136616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

/DisableUI --> C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe  [?]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-12 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 AODDriver;AODDriver;C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [2010-3-12 52280]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-12-11 25640]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin

\fbserver.exe [2008-8-7 3276800]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-12-11 30528]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-12 19456]
S3 RTL8192su;RNX-N180UBE Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtl8192su.sys [2012-3-7 676864]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011a\RpcAgentSrv.exe

[2010-11-18 93848]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-12 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-13 1255736]
S4 Folding@home-CPU-[1];Folding@home-CPU-[1];C:\Users\Tom\FAH\FAH6 -svcstart -d "C:\Users\Tom\FAH" --> C:\Users\Tom\FAH\FAH6 -

svcstart -d C:\Users\Tom\FAH [?]
.
=============== Created Last 30 ================
.
2013-04-15 03:25:11    76232    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{715B44CD-3DE7-

43E8-958C-C96947082ED7}\offreg.dll
2013-04-15 03:23:46    9311288    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{715B44CD-3DE7-

43E8-958C-C96947082ED7}\mpengine.dll
2013-04-13 17:03:10    9311288    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup

\mpengine.dll
2013-04-13 16:49:59    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-04-13 16:49:58    817664    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-04-13 16:49:58    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-04-13 16:49:58    1084928    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-04-13 16:49:57    2240512    ----a-w-    C:\Windows\System32\wininet.dll
2013-04-13 16:49:57    1766912    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-04-12 19:37:06    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-12 15:05:18    3072    ----a-w-    C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2013-04-12 15:01:00    2776576    ----a-w-    C:\Windows\System32\msmpeg2vdec.dll
2013-04-12 15:01:00    2284544    ----a-w-    C:\Windows\SysWow64\msmpeg2vdec.dll
2013-04-12 15:01:00    221184    ----a-w-    C:\Windows\System32\UIAnimation.dll
2013-04-12 15:01:00    187392    ----a-w-    C:\Windows\SysWow64\UIAnimation.dll
2013-04-12 14:59:55    514560    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2013-04-12 14:59:54    366592    ----a-w-    C:\Windows\System32\qdvd.dll
2013-04-10 01:53:34    3153408    ----a-w-    C:\Windows\System32\win32k.sys
2013-04-10 01:53:33    223752    ----a-w-    C:\Windows\System32\drivers\fvevol.sys
2013-04-10 01:53:33    1655656    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-10 01:53:32    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-04-10 01:53:32    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-04-10 01:53:32    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-10 01:53:32    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-04-10 01:53:32    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-04-10 01:53:31    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-04-05 17:43:27    --------    d-----w-    C:\Users\Tom\AppData\Local\FLT
2013-04-04 23:42:24    --------    d-----w-    C:\Users\Tom\AppData\Roaming\Curse Advertising
2013-03-21 00:30:58    972264    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5562E772-A8AE-

4113-ABB5-74A497E4ABD9}\gapaengine.dll
2013-03-20 20:14:37    19968    ----a-w-    C:\Windows\System32\drivers\usb8023x.sys
2013-03-20 20:14:37    19968    ----a-w-    C:\Windows\System32\drivers\usb8023.sys
.
==================== Find3M  ====================
.
2013-04-15 03:59:37    23080    ----a-w-    C:\Windows\gdrv.sys
2013-04-09 22:19:50    25640    ----a-w-    C:\Windows\etdrv.sys
2013-04-09 22:19:42    30528    ----a-w-    C:\Windows\GVTDrv64.sys
2013-04-04 19:50:32    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-04-02 10:34:28    282744    ------w-    C:\Windows\System32\MpSigStub.exe
2013-03-13 04:07:21    73432    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 04:07:21    693976    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-12 00:35:34    861088    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-03-12 00:35:33    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-02-21 10:29:37    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:14:05    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-02-19 12:01:03    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:14    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:53    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:18    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-12 05:45:24    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31    474112    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-01-20 21:59:04    230320    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 21:59:04    130008    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2010-10-10 03:06:58    232501    ----a-w-    C:\Program Files (x86)\Minecraft.exe
.
============= FINISH: 13:04:36.18 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:29 AM

Posted 15 April 2013 - 01:38 PM


Hello tomblits

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
  • Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 tomblits

tomblits
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 15 April 2013 - 02:14 PM

Results of screen317's Security Check version 0.99.62
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Flash Player 11.6.602.180
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox (21.0)
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Windows7FirewallControl Windows7FirewallService.exe
Windows7FirewallControl Windows7FirewallControl.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 25% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

# AdwCleaner v2.200 - Logfile created 04/15/2013 at 13:56:06
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Tom - TOM-PC
# Boot Mode : Normal
# Running from : C:\Users\Tom\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\FreeRIP3
Folder Deleted : C:\Program Files (x86)\Search Toolbar
Folder Deleted : C:\ProgramData\FreeRIP
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRIP3
Folder Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\gaau5ihn.default\jetpack

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\gaau5ihn.default\prefs.js

Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3856 octets] - [15/04/2013 13:56:06]

########## EOF - C:\AdwCleaner[S1].txt - [3916 octets] ##########

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tom [Admin rights]
Mode : Scan -- Date : 04/15/2013 14:00:47
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 activate.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SATA KINGSTON SNV425S SCSI Disk Device +++++
--- User ---
[MBR] 11241425d8f59956aab904f4508a5126
[BSP] e448ab36c59e41e0c90df25e23e94d70 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 61053 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: AMD 5+0 Stripe/RAID0 SCSI Disk Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: WDC WD64 01AALS-00L3B2 SCSI Disk Device +++++
--- User ---
[MBR] 8e200e36c8ecff3b31aaf970c33715e1
[BSP] 0162c926705906d70c456e95fe3fa723 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610477 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : >
RKreport[1]_S_04152013_02d1400.txt



RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tom [Admin rights]
Mode : Remove -- Date : 04/15/2013 14:01:35
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 activate.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SATA KINGSTON SNV425S SCSI Disk Device +++++
--- User ---
[MBR] 11241425d8f59956aab904f4508a5126
[BSP] e448ab36c59e41e0c90df25e23e94d70 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 61053 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: AMD 5+0 Stripe/RAID0 SCSI Disk Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: WDC WD64 01AALS-00L3B2 SCSI Disk Device +++++
--- User ---
[MBR] 8e200e36c8ecff3b31aaf970c33715e1
[BSP] 0162c926705906d70c456e95fe3fa723 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610477 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : >
RKreport[1]_S_04152013_02d1400.txt ; RKreport[2]_D_04152013_02d1401.txt






Note: RogueKiller made a report after I clicked on "Scan" button and after clicked on "Report" and I posted them both. The one that was created after "Scan" first and the one after "Report" second. The log from the scan was called RKreport[1], the log from the report was called RKreport[2]. Thanks for your rapid response. I am still getting the Trojan quaranteneded message every 10 minutes by Microsoft Security Essentials.

Edited by tomblits, 15 April 2013 - 03:00 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:29 AM

Posted 15 April 2013 - 03:22 PM


Hello tomblits

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

  • Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 tomblits

tomblits
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 15 April 2013 - 05:26 PM

ComboFix 13-04-15.01 - Tom 04/15/2013 16:15:55.1.3 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8182.6075 [GMT -5:00]
Running from: c:\users\Tom\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\542708-001-install-utility-b.exe
c:\program files (x86)\RegGenie
c:\program files (x86)\RegGenie\Backups\40502.4959267708
c:\program files (x86)\RegGenie\RegGenie.ini
c:\programdata\xml7D1D.tmp
c:\programdata\xml7F7E.tmp
c:\programdata\xmlD099.tmp
c:\programdata\xmlE448.tmp
c:\programdata\xmlF7C9.tmp
c:\users\Tom\AppData\Local\Temp\sfamcc00001.dll
c:\users\Tom\AppData\Local\Temp\sfareca00001.dll
c:\users\Tom\AppData\Roaming\BDD09D
c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\gaau5ihn.default\searchplugins\bing-zugo.xml
c:\windows\RegGenieOnUninstall.exe
c:\windows\SysWow64\tmpB614.tmp
c:\windows\SysWow64\tmpB624.tmp
E:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-03-15 to 2013-04-15 )))))))))))))))))))))))))))))))
.
.
2013-04-15 21:25 . 2013-04-15 21:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-15 03:23 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{715B44CD-3DE7-43E8-958C-C96947082ED7}\mpengine.dll
2013-04-13 17:03 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-13 16:49 . 2013-02-21 10:14 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-04-13 16:49 . 2013-02-21 10:30 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-04-13 16:49 . 2013-02-21 10:29 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-04-13 16:49 . 2013-02-21 10:15 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-04-13 16:49 . 2013-02-21 10:14 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-04-13 16:49 . 2013-02-21 10:30 1766912 ----a-w- c:\windows\SysWow64\wininet.dll
2013-04-13 16:49 . 2013-02-21 10:15 2240512 ----a-w- c:\windows\system32\wininet.dll
2013-04-13 16:49 . 2013-02-21 10:14 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-04-13 16:49 . 2013-02-21 10:14 19230208 ----a-w- c:\windows\system32\mshtml.dll
2013-04-12 19:37 . 2013-04-12 19:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-12 15:05 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-04-12 15:01 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-04-12 15:01 . 2013-01-13 19:24 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-04-12 15:01 . 2013-01-04 06:11 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-04-12 15:01 . 2013-01-04 06:11 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-04-12 14:59 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-04-12 14:59 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-04-10 01:53 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 01:53 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 01:53 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 01:53 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 01:53 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 01:53 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 01:53 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 01:53 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-10 01:53 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-05 17:43 . 2013-04-05 17:43 -------- d-----w- c:\users\Tom\AppData\Local\FLT
2013-04-04 23:42 . 2013-04-04 23:42 -------- d-----w- c:\users\Tom\AppData\Roaming\Curse Advertising
2013-03-21 00:30 . 2012-11-28 07:21 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5562E772-A8AE-4113-ABB5-74A497E4ABD9}\gapaengine.dll
2013-03-20 20:14 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-03-20 20:14 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-15 21:27 . 2010-11-11 17:44 23080 ----a-w- c:\windows\gdrv.sys
2013-04-12 15:15 . 2010-11-13 05:52 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-09 22:19 . 2011-12-12 04:51 25640 ----a-w- c:\windows\etdrv.sys
2013-04-09 22:19 . 2011-12-12 04:43 30528 ----a-w- c:\windows\GVTDrv64.sys
2013-04-04 19:50 . 2011-10-17 01:10 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 10:34 . 2010-11-11 17:01 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-13 04:07 . 2012-04-11 20:16 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 04:07 . 2011-05-21 03:07 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-12 00:35 . 2012-08-19 00:15 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-12 00:35 . 2010-11-18 19:39 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-12 05:45 . 2013-03-13 08:35 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 08:35 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 08:35 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 08:35 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 08:35 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 08:35 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-20 21:59 . 2013-01-20 21:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 21:59 . 2011-04-27 20:25 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2010-10-10 03:06 . 2010-11-18 16:06 232501 ----a-w- c:\program files (x86)\Minecraft.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2009-12-09 645296]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-06-29 1022352]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"Razer Imperator Driver"="c:\program files (x86)\Razer\Imperator\RazerImperatorSysTray.exe" [2012-02-09 979360]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctODgwOTk1NDkyLVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMS1UMTIrOQ&prod=90&ver=2012.0.1831&mid=7590781333b947d1b6add1a90a930420-7926b045a65a1fb52b28e210baaadccc503b6ba0" [?]
.
c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
speedfan - Shortcut.lnk - c:\program files (x86)\SpeedFan\speedfan.exe [2011-11-3 4657048]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-10-10 117248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SASDIFSV;SASDIFSV;d:\program files (x86)\SUPERAntiSpyware\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;d:\program files (x86)\SUPERAntiSpyware\SASKUTIL64.SYS [x]
R2 !SASCORE;SAS Core Service;d:\program files (x86)\SUPERAntiSpyware\SASCORE64.EXE [x]
R2 AMDRAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe [2003-09-29 110592]
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2011-10-14 136616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 AODDriver;AODDriver;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [2010-03-12 52280]
R3 cpuz134;cpuz134;c:\users\Tom\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 DIRECTIO;DIRECTIO;u:\torrents2\Passmark.PerformanceTest.v7.0.1022.x86.x64-EP1C\Crack.x86\DirectIo.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2013-04-09 25640]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2013-04-09 30528]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8192su;RNX-N180UBE Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-11-11 676864]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011a\RpcAgentSrv.exe [2009-08-11 93848]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-13 1255736]
S0 ahcix64;ahcix64;c:\windows\system32\DRIVERS\ahcix64.sys [2008-10-13 226320]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 AODDriver4.1;AODDriver4.1;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2011-10-14 55936]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-02-05 68136]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [2010-11-01 614912]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-10-11 44928]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-10-11 29696]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 04:07]
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3887875979-1050612063-1986803435-1001Core.job
- c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-22 13:47]
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3887875979-1050612063-1986803435-1001UA.job
- c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-22 13:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-20 6963744]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-20 1833504]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2010-11-01 1133056]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate06142012
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\gaau5ihn.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.battle.net/wow/en/forum/topic/7592909792
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I'm+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2010-11-12 10:03; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - d:\program files\Adobe\Adobe Bridge CS4\Bridge.exe
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-avast5 - c:\program files\Alwil Software\Avast5\avastUI.exe
Wow6432Node-HKLM-Run-TrayServer - d:\program files (x86)\MAGIX\Movie_Edit_Pro_17_Plus_Download_Version\TrayServer_en.exe
Wow6432Node-HKLM-Run-NokiaMusic FastStart - d:\program files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{6DD5AFAA-ABA2-CBB9-CAE9-EC4FAEDB59DB} - c:\users\Tom\AppData\Roaming\svchost.exe
AddRemove-{501451DE-5808-4599-B544-8BD0915B6B24}_is1 - c:\program files (x86)\FreeRIP3\unins000.exe
AddRemove-Tropico 4 - d:\program files (x86)\Tropico 4\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Folding@home-CPU-[1]]
"ImagePath"="c:\users\Tom\FAH\FAH6 -svcstart -d \"c:\users\Tom\FAH\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3887875979-1050612063-1986803435-1001\Software\SecuROM\License information*]
"datasecu"=hex:3e,04,9d,d4,ee,b3,67,fa,b0,65,7f,27,14,31,82,8e,c4,27,70,66,36,
22,43,3c,54,bf,69,bb,b8,cc,3a,a0,35,80,b1,64,e4,5b,f5,9a,32,5a,10,52,ec,3f,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\sphinx-soft\Vista-Wall\1.0\AppList\M*i*r*r*o*r*'*s* *E*d*g*e*"!\Zone]
"Name"="DisableAll"
"Result"=dword:00000001
"Advised"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\AMD\RAIDXpert\_jvm\bin\java.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
.
**************************************************************************
.
Completion time: 2013-04-15 16:38:04 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-15 21:38
.
Pre-Run: 4,657,807,360 bytes free
Post-Run: 3,232,944,128 bytes free
.
- - End Of File - - D3D1F31A0E99E383D3F71BF8EB610958

I did get the error "Illegal operation attempted on a registry key that has been marked for deletion." which was fixed by a restarted, but there were no other noteable problems.
The trojan never caused any noticeable performance issues but I was concerned about the security of any personal information on my computer. I am still getting the warning every 10 minutes from Microsoft Security Essentials that it detected Trojan:JS/Seedabutor.B and Quarantined it.

Edited by tomblits, 15 April 2013 - 05:27 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:29 AM

Posted 15 April 2013 - 08:35 PM



Hello tomblits

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • Please download aswMBR to your desktop.
    • Double click the aswMBR.exe icon to run it
    • it will ask to download extra definitions - ALLOW IT
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
    When you are complete please send me both reports

    Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 tomblits

tomblits
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 16 April 2013 - 11:06 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Tom on Mon 04/15/2013 at 23:09:38.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] "C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\gaau5ihn.default\extensions\jid1-OJBHGHRogDgOnQ@jetpack.xpi"
Successfully deleted: [Folder] C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\gaau5ihn.default\jetpack
Successfully deleted the following from C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\gaau5ihn.default\prefs.js

user_pref("extensions.jid1-xUfzOsOFlzSOXg@jetpack.install-event-fired", true);
user_pref("extensions.searchtoolbar@zugo.com.install-event-fired", true);
Emptied folder: C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\gaau5ihn.default\minidumps [126 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 04/15/2013 at 23:14:23.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-04-15 23:15:22
-----------------------------
23:15:22.673 OS Version: Windows x64 6.1.7601 Service Pack 1
23:15:22.673 Number of processors: 3 586 0x402
23:15:22.673 ComputerName: TOM-PC UserName: Tom
23:15:22.877 Initialize success
23:20:53.672 AVAST engine defs: 13041501
23:21:10.075 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\JRAID1Port2Path0Target0Lun0
23:21:10.077 Disk 0 Vendor: SATA____ 0000 Size: 61056MB BusType: 8
23:21:10.078 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\ahcix641Port3Path0Target0Lun0
23:21:10.080 Disk 1 Vendor: AMD_____ 1.10 Size: 4768371MB BusType: 1
23:21:10.081 Disk 2 \Device\Harddisk2\DR2 -> \Device\Scsi\ahcix641Port3Path0Target4Lun0
23:21:10.083 Disk 2 Vendor: WDC_WD64 01.0 Size: 610479MB BusType: 1
23:21:10.093 Disk 0 MBR read successfully
23:21:10.094 Disk 0 MBR scan
23:21:10.097 Disk 0 Windows 7 default MBR code
23:21:10.100 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 61053 MB offset 2048
23:21:10.112 Disk 0 scanning C:\Windows\system32\drivers
23:21:13.357 Service scanning
23:21:21.707 Modules scanning
23:21:21.712 Disk 0 trace - called modules:
23:21:21.716 ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll jraid.sys
23:21:21.719 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007cb7060]
23:21:21.722 3 CLASSPNP.SYS[fffff8800143b43f] -> nt!IofCallDriver -> \Device\Scsi\JRAID1Port2Path0Target0Lun0[0xfffffa8006b02050]
23:21:21.969 AVAST engine scan C:\Windows
23:21:22.920 AVAST engine scan C:\Windows\system32
23:22:35.341 AVAST engine scan C:\Windows\system32\drivers
23:22:39.514 AVAST engine scan C:\Users\Tom
23:24:54.350 AVAST engine scan C:\ProgramData
23:29:18.055 Scan finished successfully
23:31:25.755 Disk 0 MBR has been saved successfully to "C:\Users\Tom\Desktop\MBR.dat"
23:31:25.758 The log file has been saved successfully to "C:\Users\Tom\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-04-15 23:33:03
-----------------------------
23:33:03.682 OS Version: Windows x64 6.1.7601 Service Pack 1
23:33:03.682 Number of processors: 3 586 0x402
23:33:03.683 ComputerName: TOM-PC UserName: Tom
23:33:05.353 Initialize success
23:33:15.745 AVAST engine defs: 13041501
23:33:25.341 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\JRAID1Port2Path0Target0Lun0
23:33:25.343 Disk 0 Vendor: SATA____ 0000 Size: 61056MB BusType: 8
23:33:25.344 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\ahcix641Port3Path0Target0Lun0
23:33:25.346 Disk 1 Vendor: AMD_____ 1.10 Size: 4768371MB BusType: 1
23:33:25.348 Disk 2 \Device\Harddisk2\DR2 -> \Device\Scsi\ahcix641Port3Path0Target4Lun0
23:33:25.349 Disk 2 Vendor: WDC_WD64 01.0 Size: 610479MB BusType: 1
23:33:25.568 Disk 0 MBR read successfully
23:33:25.570 Disk 0 MBR scan
23:33:25.573 Disk 0 Windows 7 default MBR code
23:33:25.591 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 61053 MB offset 2048
23:33:25.836 Disk 0 scanning C:\Windows\system32\drivers
23:33:44.805 Service scanning
23:33:53.759 Modules scanning
23:33:53.764 Disk 0 trace - called modules:
23:33:53.773 ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll jraid.sys
23:33:53.776 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007cb7060]
23:33:53.779 3 CLASSPNP.SYS[fffff8800143b43f] -> nt!IofCallDriver -> \Device\Scsi\JRAID1Port2Path0Target0Lun0[0xfffffa8006b02050]
23:33:56.788 AVAST engine scan C:\
01:31:36.351 Scan finished successfully
11:02:26.901 Disk 0 MBR has been saved successfully to "C:\Users\Tom\Desktop\MBR.dat"
11:02:26.904 The log file has been saved successfully to "C:\Users\Tom\Desktop\aswMBR.txt"


I ran aswMBR twice, the first it was set to Quick Scan by default, the second I set it to scan my C: drive where the trojan resides. I am still getting the warning every 10 minutes from Microsoft Security Essentials that it detected Trojan:JS/Seedabutor.B and Quarantined it.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:29 AM

Posted 16 April 2013 - 12:31 PM



Hello tomblits


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
  • and I will see if I want to see the whole report

    Malwarebytes Anti-Rootkit

    1.Download Malwarebytes Anti-Rootkit
    2.Unzip the contents to a folder in a convenient location.
    3.Open the folder where the contents were unzipped and run mbar.exe
    4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    6.Wait while the system shuts down and the cleanup process is performed.
    7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
    • •Internet access
      •Windows Update
      •Windows Firewall
    9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
    10.Verify that your system is now functioning normally.

    If you have any problems running either one come back and let me know

    please reply with the reports from TDSSKiller and MBAR

    Gringo







I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 tomblits

tomblits
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 16 April 2013 - 01:57 PM

13:25:46.0733 4848 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:25:46.0780 4848 ============================================================
13:25:46.0780 4848 Current date / time: 2013/04/16 13:25:46.0780
13:25:46.0780 4848 SystemInfo:
13:25:46.0780 4848
13:25:46.0780 4848 OS Version: 6.1.7601 ServicePack: 1.0
13:25:46.0780 4848 Product type: Workstation
13:25:46.0780 4848 ComputerName: TOM-PC
13:25:46.0780 4848 UserName: Tom
13:25:46.0780 4848 Windows directory: C:\Windows
13:25:46.0780 4848 System windows directory: C:\Windows
13:25:46.0780 4848 Running under WOW64
13:25:46.0780 4848 Processor architecture: Intel x64
13:25:46.0780 4848 Number of processors: 3
13:25:46.0780 4848 Page size: 0x1000
13:25:46.0780 4848 Boot type: Normal boot
13:25:46.0780 4848 ============================================================
13:25:47.0934 4848 Drive \Device\Harddisk0\DR0 - Size: 0xEE804DE00 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
13:25:47.0934 4848 Drive \Device\Harddisk1\DR1 - Size: 0x48C27390000 (4656.61 Gb), SectorSize: 0x800, Cylinders: 0x251A2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
13:25:47.0950 4848 Drive \Device\Harddisk2\DR2 - Size: 0x950AF4DE00 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
13:25:47.0950 4848 ============================================================
13:25:47.0950 4848 \Device\Harddisk0\DR0:
13:25:47.0950 4848 MBR partitions:
13:25:47.0950 4848 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x773E800
13:25:47.0950 4848 \Device\Harddisk1\DR1:
13:25:47.0950 4848 GPT partitions:
13:25:47.0950 4848 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {7C5F4BFE-FCF2-11E0-A30D-00E04C77EDD3}, Name: Microsoft reserved partition, StartLBA 0xA, BlocksNum 0x10000
13:25:47.0950 4848 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {E12A7DEE-6C4E-448D-A6BB-D26EF7FD77A4}, Name: Basic data partition, StartLBA 0x10200, BlocksNum 0xFA00000
13:25:47.0950 4848 \Device\Harddisk1\DR1\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {277B1CFE-CF5C-49B3-BBDE-8D881EBAC2BB}, Name: Basic data partition, StartLBA 0xFA10200, BlocksNum 0x81E3E200
13:25:47.0950 4848 MBR partitions:
13:25:47.0950 4848 \Device\Harddisk2\DR2:
13:25:47.0950 4848 MBR partitions:
13:25:47.0950 4848 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A856800
13:25:47.0950 4848 ============================================================
13:25:47.0965 4848 C: <-> \Device\Harddisk0\DR0\Partition1
13:25:47.0965 4848 U: <-> \Device\Harddisk2\DR2\Partition1
13:25:48.0012 4848 D: <-> \Device\Harddisk1\DR1\Partition2
13:25:48.0043 4848 E: <-> \Device\Harddisk1\DR1\Partition3
13:25:48.0043 4848 ============================================================
13:25:48.0043 4848 Initialize success
13:25:48.0043 4848 ============================================================
13:26:01.0490 6796 ============================================================
13:26:01.0490 6796 Scan started
13:26:01.0490 6796 Mode: Manual;
13:26:01.0490 6796 ============================================================
13:26:04.0359 6796 ================ Scan system memory ========================
13:26:04.0359 6796 System memory - ok
13:26:04.0360 6796 ================ Scan services =============================
13:26:04.0386 6796 !SASCORE - ok
13:26:04.0686 6796 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:26:04.0689 6796 1394ohci - ok
13:26:04.0700 6796 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
13:26:04.0702 6796 ACDaemon - ok
13:26:04.0711 6796 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:26:04.0716 6796 ACPI - ok
13:26:04.0721 6796 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:26:04.0724 6796 AcpiPmi - ok
13:26:04.0749 6796 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:26:04.0750 6796 AdobeARMservice - ok
13:26:04.0829 6796 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:26:04.0833 6796 AdobeFlashPlayerUpdateSvc - ok
13:26:04.0855 6796 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:26:04.0862 6796 adp94xx - ok
13:26:04.0871 6796 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:26:04.0876 6796 adpahci - ok
13:26:04.0882 6796 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:26:04.0885 6796 adpu320 - ok
13:26:04.0893 6796 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:26:04.0895 6796 AeLookupSvc - ok
13:26:04.0907 6796 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:26:04.0916 6796 AFD - ok
13:26:04.0925 6796 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:26:04.0927 6796 agp440 - ok
13:26:04.0944 6796 [ B9F92CB71BE22C89C4E2E6821FBF45E8 ] ahcix64 C:\Windows\system32\DRIVERS\ahcix64.sys
13:26:04.0945 6796 ahcix64 - ok
13:26:04.0951 6796 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:26:04.0953 6796 ALG - ok
13:26:04.0959 6796 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:26:04.0961 6796 aliide - ok
13:26:05.0014 6796 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:26:05.0017 6796 AMD External Events Utility - ok
13:26:05.0103 6796 AMD FUEL Service - ok
13:26:05.0109 6796 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:26:05.0112 6796 amdide - ok
13:26:05.0119 6796 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
13:26:05.0120 6796 amdiox64 - ok
13:26:05.0135 6796 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:26:05.0137 6796 AmdK8 - ok
13:26:05.0422 6796 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:26:05.0544 6796 amdkmdag - ok
13:26:05.0558 6796 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:26:05.0561 6796 amdkmdap - ok
13:26:05.0565 6796 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:26:05.0566 6796 AmdPPM - ok
13:26:05.0578 6796 [ AFE7733A20BC394D34713440AF680B63 ] AMDRAIDXpert C:\Program Files (x86)\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
13:26:05.0580 6796 AMDRAIDXpert - ok
13:26:05.0585 6796 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:26:05.0587 6796 amdsata - ok
13:26:05.0596 6796 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:26:05.0599 6796 amdsbs - ok
13:26:05.0603 6796 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:26:05.0604 6796 amdxata - ok
13:26:05.0611 6796 [ B934322C68C30DCECA96C0274A51F7B0 ] AODDriver C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys
13:26:05.0613 6796 AODDriver - ok
13:26:05.0617 6796 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
13:26:05.0617 6796 AODDriver4.01 - ok
13:26:05.0634 6796 [ 6845A9781EF9D2FA5C494CC684A06B6A ] AODDriver4.1 C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys
13:26:05.0635 6796 AODDriver4.1 - ok
13:26:05.0640 6796 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
13:26:05.0640 6796 AODDriver4.2 - ok
13:26:05.0648 6796 [ 419DFC4FCF642A3D8D9794C15FCA92FD ] AODService C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
13:26:05.0650 6796 AODService - ok
13:26:05.0654 6796 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:26:05.0656 6796 AppID - ok
13:26:05.0662 6796 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:26:05.0663 6796 AppIDSvc - ok
13:26:05.0668 6796 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:26:05.0670 6796 Appinfo - ok
13:26:05.0681 6796 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:26:05.0683 6796 Apple Mobile Device - ok
13:26:05.0692 6796 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:26:05.0695 6796 arc - ok
13:26:05.0699 6796 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:26:05.0701 6796 arcsas - ok
13:26:05.0706 6796 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:26:05.0707 6796 AsyncMac - ok
13:26:05.0713 6796 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:26:05.0713 6796 atapi - ok
13:26:05.0721 6796 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
13:26:05.0723 6796 AtiHDAudioService - ok
13:26:05.0738 6796 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:26:05.0747 6796 AudioEndpointBuilder - ok
13:26:05.0759 6796 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:26:05.0761 6796 AudioSrv - ok
13:26:05.0774 6796 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:26:05.0775 6796 AxInstSV - ok
13:26:05.0785 6796 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:26:05.0791 6796 b06bdrv - ok
13:26:05.0800 6796 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:26:05.0804 6796 b57nd60a - ok
13:26:05.0813 6796 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:26:05.0814 6796 BDESVC - ok
13:26:05.0820 6796 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:26:05.0820 6796 Beep - ok
13:26:05.0835 6796 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:26:05.0843 6796 BFE - ok
13:26:05.0855 6796 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
13:26:05.0865 6796 BITS - ok
13:26:05.0868 6796 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:26:05.0870 6796 blbdrive - ok
13:26:05.0878 6796 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:26:05.0883 6796 Bonjour Service - ok
13:26:05.0887 6796 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:26:05.0889 6796 bowser - ok
13:26:05.0892 6796 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:26:05.0893 6796 BrFiltLo - ok
13:26:05.0896 6796 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:26:05.0897 6796 BrFiltUp - ok
13:26:05.0901 6796 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
13:26:05.0903 6796 BridgeMP - ok
13:26:05.0908 6796 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:26:05.0910 6796 Browser - ok
13:26:05.0917 6796 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:26:05.0921 6796 Brserid - ok
13:26:05.0925 6796 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:26:05.0926 6796 BrSerWdm - ok
13:26:05.0929 6796 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:26:05.0930 6796 BrUsbMdm - ok
13:26:05.0933 6796 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:26:05.0934 6796 BrUsbSer - ok
13:26:05.0938 6796 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:26:05.0945 6796 BTHMODEM - ok
13:26:05.0950 6796 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:26:05.0952 6796 bthserv - ok
13:26:05.0954 6796 catchme - ok
13:26:05.0959 6796 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:26:05.0961 6796 cdfs - ok
13:26:05.0966 6796 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
13:26:05.0969 6796 cdrom - ok
13:26:05.0975 6796 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:26:05.0977 6796 CertPropSvc - ok
13:26:05.0980 6796 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:26:05.0981 6796 circlass - ok
13:26:05.0988 6796 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:26:05.0993 6796 CLFS - ok
13:26:06.0001 6796 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:26:06.0004 6796 clr_optimization_v2.0.50727_32 - ok
13:26:06.0032 6796 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:26:06.0034 6796 clr_optimization_v2.0.50727_64 - ok
13:26:06.0040 6796 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:26:06.0050 6796 clr_optimization_v4.0.30319_32 - ok
13:26:06.0059 6796 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:26:06.0063 6796 clr_optimization_v4.0.30319_64 - ok
13:26:06.0067 6796 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:26:06.0068 6796 CmBatt - ok
13:26:06.0071 6796 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:26:06.0072 6796 cmdide - ok
13:26:06.0080 6796 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
13:26:06.0085 6796 CNG - ok
13:26:06.0089 6796 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:26:06.0090 6796 Compbatt - ok
13:26:06.0094 6796 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:26:06.0095 6796 CompositeBus - ok
13:26:06.0097 6796 COMSysApp - ok
13:26:06.0123 6796 cpuz134 - ok
13:26:06.0128 6796 [ C08063F052308B6F5882482615387F30 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
13:26:06.0128 6796 cpuz135 - ok
13:26:06.0131 6796 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:26:06.0132 6796 crcdisk - ok
13:26:06.0139 6796 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:26:06.0141 6796 CryptSvc - ok
13:26:06.0152 6796 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:26:06.0158 6796 DcomLaunch - ok
13:26:06.0168 6796 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:26:06.0172 6796 defragsvc - ok
13:26:06.0177 6796 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:26:06.0179 6796 DfsC - ok
13:26:06.0189 6796 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:26:06.0193 6796 Dhcp - ok
13:26:06.0266 6796 DIRECTIO - ok
13:26:06.0270 6796 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:26:06.0271 6796 discache - ok
13:26:06.0275 6796 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:26:06.0276 6796 Disk - ok
13:26:06.0281 6796 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:26:06.0284 6796 Dnscache - ok
13:26:06.0292 6796 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:26:06.0295 6796 dot3svc - ok
13:26:06.0301 6796 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
13:26:06.0303 6796 Dot4 - ok
13:26:06.0307 6796 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
13:26:06.0308 6796 Dot4Print - ok
13:26:06.0312 6796 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
13:26:06.0313 6796 dot4usb - ok
13:26:06.0318 6796 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:26:06.0320 6796 DPS - ok
13:26:06.0324 6796 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:26:06.0324 6796 drmkaud - ok
13:26:06.0338 6796 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:26:06.0341 6796 DXGKrnl - ok
13:26:06.0346 6796 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:26:06.0348 6796 EapHost - ok
13:26:06.0388 6796 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:26:06.0430 6796 ebdrv - ok
13:26:06.0439 6796 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:26:06.0440 6796 EFS - ok
13:26:06.0467 6796 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:26:06.0475 6796 ehRecvr - ok
13:26:06.0479 6796 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:26:06.0481 6796 ehSched - ok
13:26:06.0489 6796 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:26:06.0496 6796 elxstor - ok
13:26:06.0502 6796 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
13:26:06.0504 6796 EPSON_PM_RPCV4_01 - ok
13:26:06.0508 6796 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:26:06.0512 6796 ErrDev - ok
13:26:06.0519 6796 [ DCD7487D00AA4DFFAEB4C8B086AF1134 ] ES lite Service C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
13:26:06.0520 6796 ES lite Service - ok
13:26:06.0541 6796 [ 84486624268E078255BC7AA47F0960BC ] etdrv C:\Windows\etdrv.sys
13:26:06.0544 6796 etdrv - ok
13:26:06.0553 6796 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:26:06.0558 6796 EventSystem - ok
13:26:06.0563 6796 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:26:06.0566 6796 exfat - ok
13:26:06.0572 6796 Fabs - ok
13:26:06.0578 6796 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:26:06.0582 6796 fastfat - ok
13:26:06.0594 6796 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:26:06.0602 6796 Fax - ok
13:26:06.0607 6796 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:26:06.0608 6796 fdc - ok
13:26:06.0612 6796 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:26:06.0613 6796 fdPHost - ok
13:26:06.0616 6796 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:26:06.0618 6796 FDResPub - ok
13:26:06.0621 6796 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:26:06.0622 6796 FileInfo - ok
13:26:06.0626 6796 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:26:06.0627 6796 Filetrace - ok
13:26:06.0663 6796 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
13:26:06.0709 6796 FirebirdServerMAGIXInstance - ok
13:26:06.0721 6796 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:26:06.0729 6796 FLEXnet Licensing Service - ok
13:26:06.0733 6796 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:26:06.0734 6796 flpydisk - ok
13:26:06.0740 6796 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:26:06.0744 6796 FltMgr - ok
13:26:06.0748 6796 Folding@home-CPU-[1] - ok
13:26:06.0764 6796 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
13:26:06.0782 6796 FontCache - ok
13:26:06.0787 6796 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:26:06.0788 6796 FontCache3.0.0.0 - ok
13:26:06.0798 6796 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:26:06.0800 6796 FsDepends - ok
13:26:06.0803 6796 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:26:06.0803 6796 Fs_Rec - ok
13:26:06.0810 6796 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:26:06.0813 6796 fvevol - ok
13:26:06.0817 6796 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:26:06.0820 6796 gagp30kx - ok
13:26:06.0823 6796 [ 46E2828BCA26B31FA5A1DD4D84DF633D ] gdrv C:\Windows\gdrv.sys
13:26:06.0824 6796 gdrv - ok
13:26:06.0827 6796 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:26:06.0828 6796 GEARAspiWDM - ok
13:26:06.0839 6796 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:26:06.0848 6796 gpsvc - ok
13:26:06.0857 6796 [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64 C:\Windows\GVTDrv64.sys
13:26:06.0859 6796 GVTDrv64 - ok
13:26:06.0863 6796 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:26:06.0864 6796 hcw85cir - ok
13:26:06.0880 6796 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:26:06.0885 6796 HdAudAddService - ok
13:26:06.0890 6796 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:26:06.0892 6796 HDAudBus - ok
13:26:06.0899 6796 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:26:06.0900 6796 HidBatt - ok
13:26:06.0904 6796 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:26:06.0906 6796 HidBth - ok
13:26:06.0910 6796 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:26:06.0911 6796 HidIr - ok
13:26:06.0915 6796 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
13:26:06.0916 6796 hidserv - ok
13:26:06.0921 6796 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:26:06.0922 6796 HidUsb - ok
13:26:06.0926 6796 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:26:06.0928 6796 hkmsvc - ok
13:26:06.0936 6796 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:26:06.0940 6796 HomeGroupListener - ok
13:26:06.0946 6796 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:26:06.0950 6796 HomeGroupProvider - ok
13:26:06.0964 6796 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
13:26:06.0971 6796 hpqcxs08 - ok
13:26:06.0977 6796 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
13:26:06.0980 6796 hpqddsvc - ok
13:26:06.0985 6796 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:26:06.0988 6796 HpSAMD - ok
13:26:07.0012 6796 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
13:26:07.0024 6796 HPSLPSVC - ok
13:26:07.0033 6796 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
13:26:07.0035 6796 HTCAND64 - ok
13:26:07.0048 6796 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:26:07.0060 6796 HTTP - ok
13:26:07.0064 6796 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:26:07.0065 6796 hwpolicy - ok
13:26:07.0071 6796 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:26:07.0072 6796 i8042prt - ok
13:26:07.0081 6796 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:26:07.0086 6796 iaStorV - ok
13:26:07.0096 6796 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:26:07.0099 6796 IDriverT - ok
13:26:07.0111 6796 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:26:07.0121 6796 idsvc - ok
13:26:07.0126 6796 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:26:07.0128 6796 iirsp - ok
13:26:07.0139 6796 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:26:07.0149 6796 IKEEXT - ok
13:26:07.0180 6796 [ 4B071AEBBC13D60430EE0371B262F681 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:26:07.0224 6796 IntcAzAudAddService - ok
13:26:07.0228 6796 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:26:07.0230 6796 intelide - ok
13:26:07.0235 6796 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:26:07.0236 6796 intelppm - ok
13:26:07.0245 6796 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:26:07.0247 6796 IPBusEnum - ok
13:26:07.0253 6796 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:26:07.0256 6796 IpFilterDriver - ok
13:26:07.0266 6796 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:26:07.0273 6796 iphlpsvc - ok
13:26:07.0277 6796 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:26:07.0279 6796 IPMIDRV - ok
13:26:07.0284 6796 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:26:07.0287 6796 IPNAT - ok
13:26:07.0314 6796 [ 3C0D4B3E80FC4854CA325DD123CC4DED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:26:07.0323 6796 iPod Service - ok
13:26:07.0327 6796 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:26:07.0328 6796 IRENUM - ok
13:26:07.0331 6796 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:26:07.0332 6796 isapnp - ok
13:26:07.0339 6796 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:26:07.0344 6796 iScsiPrt - ok
13:26:07.0348 6796 [ DB85FE8D6CBAA2047CB4DA1B2C193D76 ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
13:26:07.0348 6796 JRAID - ok
13:26:07.0353 6796 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:26:07.0354 6796 kbdclass - ok
13:26:07.0358 6796 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:26:07.0359 6796 kbdhid - ok
13:26:07.0362 6796 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:26:07.0363 6796 KeyIso - ok
13:26:07.0367 6796 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:26:07.0368 6796 KSecDD - ok
13:26:07.0373 6796 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:26:07.0375 6796 KSecPkg - ok
13:26:07.0378 6796 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:26:07.0379 6796 ksthunk - ok
13:26:07.0386 6796 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:26:07.0392 6796 KtmRm - ok
13:26:07.0398 6796 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
13:26:07.0402 6796 LanmanServer - ok
13:26:07.0407 6796 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:26:07.0409 6796 LanmanWorkstation - ok
13:26:07.0414 6796 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
13:26:07.0414 6796 LGBusEnum - ok
13:26:07.0417 6796 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
13:26:07.0418 6796 LGVirHid - ok
13:26:07.0425 6796 [ E75ADCFAFDEF3F4C3AF3332928D59926 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
13:26:07.0427 6796 LightScribeService - ok
13:26:07.0431 6796 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:26:07.0432 6796 lltdio - ok
13:26:07.0439 6796 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:26:07.0444 6796 lltdsvc - ok
13:26:07.0451 6796 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:26:07.0453 6796 lmhosts - ok
13:26:07.0460 6796 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:26:07.0463 6796 LSI_FC - ok
13:26:07.0467 6796 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:26:07.0469 6796 LSI_SAS - ok
13:26:07.0473 6796 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:26:07.0475 6796 LSI_SAS2 - ok
13:26:07.0482 6796 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:26:07.0483 6796 LSI_SCSI - ok
13:26:07.0489 6796 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:26:07.0491 6796 luafv - ok
13:26:07.0498 6796 [ DE585D1D266805E5EEDAE911FDD16F38 ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
13:26:07.0499 6796 ManyCam - ok
13:26:07.0505 6796 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:26:07.0506 6796 MBAMProtector - ok
13:26:07.0517 6796 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:26:07.0525 6796 MBAMScheduler - ok
13:26:07.0539 6796 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:26:07.0548 6796 MBAMService - ok
13:26:07.0557 6796 [ 2E7FFDEF8BAFD04CBB517507B821E878 ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv_x64.sys
13:26:07.0558 6796 mcaudrv_simple - ok
13:26:07.0560 6796 MCSTRM - ok
13:26:07.0570 6796 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:26:07.0572 6796 Mcx2Svc - ok
13:26:07.0577 6796 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:26:07.0578 6796 megasas - ok
13:26:07.0585 6796 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:26:07.0594 6796 MegaSR - ok
13:26:07.0602 6796 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:26:07.0604 6796 Microsoft Office Groove Audit Service - ok
13:26:07.0611 6796 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:26:07.0613 6796 MMCSS - ok
13:26:07.0616 6796 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:26:07.0617 6796 Modem - ok
13:26:07.0624 6796 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:26:07.0624 6796 monitor - ok
13:26:07.0627 6796 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:26:07.0628 6796 mouclass - ok
13:26:07.0632 6796 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:26:07.0633 6796 mouhid - ok
13:26:07.0638 6796 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:26:07.0639 6796 mountmgr - ok
13:26:07.0644 6796 [ 7CA1BA754FC62FF4A1DA07AADDE5393B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:26:07.0647 6796 MozillaMaintenance - ok
13:26:07.0656 6796 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
13:26:07.0659 6796 MpFilter - ok
13:26:07.0665 6796 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:26:07.0669 6796 mpio - ok
13:26:07.0672 6796 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:26:07.0674 6796 mpsdrv - ok
13:26:07.0687 6796 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:26:07.0696 6796 MpsSvc - ok
13:26:07.0702 6796 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:26:07.0705 6796 MRxDAV - ok
13:26:07.0710 6796 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:26:07.0713 6796 mrxsmb - ok
13:26:07.0720 6796 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:26:07.0724 6796 mrxsmb10 - ok
13:26:07.0729 6796 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:26:07.0731 6796 mrxsmb20 - ok
13:26:07.0734 6796 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:26:07.0735 6796 msahci - ok
13:26:07.0741 6796 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:26:07.0744 6796 msdsm - ok
13:26:07.0753 6796 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:26:07.0756 6796 MSDTC - ok
13:26:07.0764 6796 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:26:07.0765 6796 Msfs - ok
13:26:07.0770 6796 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:26:07.0771 6796 mshidkmdf - ok
13:26:07.0775 6796 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:26:07.0776 6796 msisadrv - ok
13:26:07.0781 6796 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:26:07.0784 6796 MSiSCSI - ok
13:26:07.0787 6796 msiserver - ok
13:26:07.0792 6796 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:26:07.0797 6796 MSKSSRV - ok
13:26:07.0804 6796 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
13:26:07.0806 6796 MsMpSvc - ok
13:26:07.0812 6796 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:26:07.0813 6796 MSPCLOCK - ok
13:26:07.0818 6796 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:26:07.0819 6796 MSPQM - ok
13:26:07.0828 6796 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:26:07.0833 6796 MsRPC - ok
13:26:07.0839 6796 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:26:07.0840 6796 mssmbios - ok
13:26:07.0843 6796 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:26:07.0845 6796 MSTEE - ok
13:26:07.0848 6796 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:26:07.0852 6796 MTConfig - ok
13:26:07.0859 6796 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:26:07.0861 6796 Mup - ok
13:26:07.0869 6796 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:26:07.0885 6796 napagent - ok
13:26:07.0897 6796 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:26:07.0901 6796 NativeWifiP - ok
13:26:07.0915 6796 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:26:07.0928 6796 NDIS - ok
13:26:07.0931 6796 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:26:07.0933 6796 NdisCap - ok
13:26:07.0936 6796 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:26:07.0937 6796 NdisTapi - ok
13:26:07.0947 6796 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:26:07.0948 6796 Ndisuio - ok
13:26:07.0962 6796 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:26:07.0965 6796 NdisWan - ok
13:26:07.0969 6796 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:26:07.0970 6796 NDProxy - ok
13:26:07.0989 6796 [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
13:26:08.0001 6796 Nero BackItUp Scheduler 3 - ok
13:26:08.0007 6796 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
13:26:08.0008 6796 Net Driver HPZ12 - ok
13:26:08.0024 6796 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:26:08.0026 6796 NetBIOS - ok
13:26:08.0033 6796 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:26:08.0036 6796 NetBT - ok
13:26:08.0040 6796 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:26:08.0041 6796 Netlogon - ok
13:26:08.0050 6796 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:26:08.0055 6796 Netman - ok
13:26:08.0066 6796 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:26:08.0072 6796 netprofm - ok
13:26:08.0077 6796 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:26:08.0079 6796 NetTcpPortSharing - ok
13:26:08.0085 6796 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:26:08.0086 6796 nfrd960 - ok
13:26:08.0091 6796 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:26:08.0093 6796 NisDrv - ok
13:26:08.0102 6796 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
13:26:08.0107 6796 NisSrv - ok
13:26:08.0116 6796 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:26:08.0121 6796 NlaSvc - ok
13:26:08.0126 6796 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:26:08.0127 6796 Npfs - ok
13:26:08.0140 6796 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:26:08.0143 6796 nsi - ok
13:26:08.0147 6796 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:26:08.0148 6796 nsiproxy - ok
13:26:08.0179 6796 [ B8965FB53551B5455630A4B804D0791F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:26:08.0196 6796 Ntfs - ok
13:26:08.0208 6796 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:26:08.0209 6796 Null - ok
13:26:08.0211 6796 nvlddmkm - ok
13:26:08.0217 6796 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:26:08.0220 6796 nvraid - ok
13:26:08.0230 6796 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:26:08.0233 6796 nvstor - ok
13:26:08.0238 6796 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:26:08.0240 6796 nv_agp - ok
13:26:08.0261 6796 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:26:08.0266 6796 odserv - ok
13:26:08.0271 6796 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:26:08.0274 6796 ohci1394 - ok
13:26:08.0280 6796 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:26:08.0283 6796 ose - ok
13:26:08.0294 6796 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:26:08.0299 6796 p2pimsvc - ok
13:26:08.0307 6796 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:26:08.0314 6796 p2psvc - ok
13:26:08.0318 6796 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:26:08.0321 6796 Parport - ok
13:26:08.0325 6796 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:26:08.0327 6796 partmgr - ok
13:26:08.0332 6796 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:26:08.0336 6796 PcaSvc - ok
13:26:08.0341 6796 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
13:26:08.0343 6796 pccsmcfd - ok
13:26:08.0350 6796 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:26:08.0352 6796 pci - ok
13:26:08.0356 6796 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:26:08.0357 6796 pciide - ok
13:26:08.0364 6796 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:26:08.0367 6796 pcmcia - ok
13:26:08.0371 6796 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:26:08.0371 6796 pcw - ok
13:26:08.0387 6796 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:26:08.0396 6796 PEAUTH - ok
13:26:08.0538 6796 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:26:08.0540 6796 PerfHost - ok
13:26:08.0574 6796 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:26:08.0591 6796 pla - ok
13:26:08.0596 6796 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
13:26:08.0598 6796 PLFlash DeviceIoControl Service - ok
13:26:08.0605 6796 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:26:08.0611 6796 PlugPlay - ok
13:26:08.0616 6796 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
13:26:08.0618 6796 Pml Driver HPZ12 - ok
13:26:08.0625 6796 PnkBstrA - ok
13:26:08.0628 6796 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:26:08.0630 6796 PNRPAutoReg - ok
13:26:08.0637 6796 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:26:08.0639 6796 PNRPsvc - ok
13:26:08.0651 6796 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:26:08.0657 6796 PolicyAgent - ok
13:26:08.0666 6796 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:26:08.0669 6796 Power - ok
13:26:08.0673 6796 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:26:08.0675 6796 PptpMiniport - ok
13:26:08.0678 6796 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:26:08.0680 6796 Processor - ok
13:26:08.0686 6796 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:26:08.0689 6796 ProfSvc - ok
13:26:08.0695 6796 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:26:08.0695 6796 ProtectedStorage - ok
13:26:08.0701 6796 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:26:08.0702 6796 Psched - ok
13:26:08.0737 6796 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:26:08.0752 6796 ql2300 - ok
13:26:08.0757 6796 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:26:08.0759 6796 ql40xx - ok
13:26:08.0766 6796 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:26:08.0770 6796 QWAVE - ok
13:26:08.0775 6796 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:26:08.0776 6796 QWAVEdrv - ok
13:26:08.0780 6796 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:26:08.0782 6796 RasAcd - ok
13:26:08.0786 6796 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:26:08.0788 6796 RasAgileVpn - ok
13:26:08.0794 6796 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:26:08.0796 6796 RasAuto - ok
13:26:08.0801 6796 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:26:08.0803 6796 Rasl2tp - ok
13:26:08.0811 6796 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:26:08.0817 6796 RasMan - ok
13:26:08.0823 6796 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:26:08.0825 6796 RasPppoe - ok
13:26:08.0828 6796 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:26:08.0830 6796 RasSstp - ok
13:26:08.0838 6796 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:26:08.0842 6796 rdbss - ok
13:26:08.0846 6796 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:26:08.0847 6796 rdpbus - ok
13:26:08.0852 6796 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:26:08.0853 6796 RDPCDD - ok
13:26:08.0858 6796 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:26:08.0859 6796 RDPENCDD - ok
13:26:08.0865 6796 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:26:08.0866 6796 RDPREFMP - ok
13:26:08.0874 6796 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:26:08.0876 6796 RdpVideoMiniport - ok
13:26:08.0882 6796 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:26:08.0886 6796 RDPWD - ok
13:26:08.0892 6796 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:26:08.0895 6796 rdyboost - ok
13:26:08.0899 6796 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:26:08.0901 6796 RemoteAccess - ok
13:26:08.0907 6796 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:26:08.0910 6796 RemoteRegistry - ok
13:26:08.0915 6796 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:26:08.0917 6796 RpcEptMapper - ok
13:26:08.0920 6796 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:26:08.0922 6796 RpcLocator - ok
13:26:08.0932 6796 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:26:08.0935 6796 RpcSs - ok
13:26:08.0942 6796 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:26:08.0944 6796 rspndr - ok
13:26:08.0954 6796 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
13:26:08.0956 6796 RTL8167 - ok
13:26:08.0967 6796 [ FC00C0DE6DC83DE1B2B01420E2195B21 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
13:26:08.0975 6796 RTL8192su - ok
13:26:08.0978 6796 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:26:08.0979 6796 SamSs - ok
13:26:08.0990 6796 [ 5EFBBFCC6ADAC121C8E2FE76641ED329 ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011a\WNt500x64\Sandra.sys
13:26:08.0992 6796 SANDRA - ok
13:26:08.0997 6796 [ 20A06B4389BC4DC500BAB97D8EC763E8 ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011a\RpcAgentSrv.exe
13:26:09.0000 6796 SandraAgentSrv - ok
13:26:09.0002 6796 SASDIFSV - ok
13:26:09.0005 6796 SASKUTIL - ok
13:26:09.0013 6796 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:26:09.0015 6796 sbp2port - ok
13:26:09.0027 6796 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:26:09.0030 6796 SCardSvr - ok
13:26:09.0035 6796 [ 6CE6F98EA3D07A9C2CE3CD0A5A86352D ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
13:26:09.0035 6796 SCDEmu - ok
13:26:09.0042 6796 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:26:09.0043 6796 scfilter - ok
13:26:09.0106 6796 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:26:09.0119 6796 Schedule - ok
13:26:09.0123 6796 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:26:09.0124 6796 SCPolicySvc - ok
13:26:09.0131 6796 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:26:09.0134 6796 SDRSVC - ok
13:26:09.0138 6796 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:26:09.0139 6796 secdrv - ok
13:26:09.0143 6796 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:26:09.0145 6796 seclogon - ok
13:26:09.0148 6796 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
13:26:09.0154 6796 SENS - ok
13:26:09.0160 6796 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:26:09.0162 6796 SensrSvc - ok
13:26:09.0168 6796 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:26:09.0169 6796 Serenum - ok
13:26:09.0176 6796 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:26:09.0178 6796 Serial - ok
13:26:09.0184 6796 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:26:09.0185 6796 sermouse - ok
13:26:09.0209 6796 [ 12B41D84A4D058ADC60853C365DBFCCA ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
13:26:09.0217 6796 ServiceLayer - ok
13:26:09.0245 6796 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:26:09.0248 6796 SessionEnv - ok
13:26:09.0254 6796 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:26:09.0255 6796 sffdisk - ok
13:26:09.0266 6796 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:26:09.0267 6796 sffp_mmc - ok
13:26:09.0287 6796 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:26:09.0296 6796 sffp_sd - ok
13:26:09.0307 6796 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:26:09.0333 6796 sfloppy - ok
13:26:09.0340 6796 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:26:09.0345 6796 SharedAccess - ok
13:26:09.0361 6796 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:26:09.0367 6796 ShellHWDetection - ok
13:26:09.0371 6796 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:26:09.0373 6796 SiSRaid2 - ok
13:26:09.0377 6796 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:26:09.0379 6796 SiSRaid4 - ok
13:26:09.0385 6796 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:26:09.0387 6796 SkypeUpdate - ok
13:26:09.0392 6796 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:26:09.0394 6796 Smb - ok
13:26:09.0400 6796 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:26:09.0401 6796 SNMPTRAP - ok
13:26:09.0408 6796 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
13:26:09.0409 6796 speedfan - ok
13:26:09.0415 6796 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:26:09.0415 6796 spldr - ok
13:26:09.0428 6796 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:26:09.0444 6796 Spooler - ok
13:26:09.0483 6796 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:26:09.0524 6796 sppsvc - ok
13:26:09.0528 6796 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:26:09.0531 6796 sppuinotify - ok
13:26:09.0540 6796 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:26:09.0547 6796 srv - ok
13:26:09.0555 6796 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:26:09.0561 6796 srv2 - ok
13:26:09.0566 6796 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:26:09.0568 6796 srvnet - ok
13:26:09.0574 6796 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:26:09.0578 6796 SSDPSRV - ok
13:26:09.0582 6796 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:26:09.0584 6796 SstpSvc - ok
13:26:09.0586 6796 Steam Client Service - ok
13:26:09.0590 6796 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:26:09.0591 6796 stexstor - ok
13:26:09.0603 6796 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:26:09.0611 6796 stisvc - ok
13:26:09.0617 6796 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:26:09.0617 6796 swenum - ok
13:26:09.0633 6796 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:26:09.0639 6796 SwitchBoard - ok
13:26:09.0653 6796 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:26:09.0660 6796 swprv - ok
13:26:09.0681 6796 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:26:09.0701 6796 SysMain - ok
13:26:09.0707 6796 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:26:09.0711 6796 TabletInputService - ok
13:26:09.0719 6796 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:26:09.0724 6796 TapiSrv - ok
13:26:09.0729 6796 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:26:09.0731 6796 TBS - ok
13:26:09.0752 6796 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:26:09.0771 6796 Tcpip - ok
13:26:09.0794 6796 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:26:09.0801 6796 TCPIP6 - ok
13:26:09.0818 6796 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:26:09.0819 6796 tcpipreg - ok
13:26:09.0828 6796 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:26:09.0830 6796 TDPIPE - ok
13:26:09.0834 6796 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:26:09.0835 6796 TDTCP - ok
13:26:09.0840 6796 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:26:09.0847 6796 tdx - ok
13:26:09.0850 6796 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:26:09.0851 6796 TermDD - ok
13:26:09.0861 6796 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:26:09.0870 6796 TermService - ok
13:26:09.0874 6796 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:26:09.0876 6796 Themes - ok
13:26:09.0879 6796 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:26:09.0880 6796 THREADORDER - ok
13:26:09.0884 6796 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:26:09.0886 6796 TrkWks - ok
13:26:09.0897 6796 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:26:09.0900 6796 TrustedInstaller - ok
13:26:09.0907 6796 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:26:09.0908 6796 tssecsrv - ok
13:26:09.0914 6796 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:26:09.0916 6796 TsUsbFlt - ok
13:26:09.0925 6796 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:26:09.0927 6796 tunnel - ok
13:26:09.0937 6796 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:26:09.0944 6796 uagp35 - ok
13:26:09.0955 6796 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:26:09.0960 6796 udfs - ok
13:26:09.0969 6796 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:26:09.0971 6796 UI0Detect - ok
13:26:09.0974 6796 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:26:09.0975 6796 uliagpkx - ok
13:26:09.0979 6796 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
13:26:09.0980 6796 umbus - ok
13:26:09.0983 6796 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:26:09.0984 6796 UmPass - ok
13:26:09.0995 6796 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:26:10.0001 6796 upnphost - ok
13:26:10.0005 6796 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
13:26:10.0007 6796 USBAAPL64 - ok
13:26:10.0018 6796 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:26:10.0023 6796 usbccgp - ok
13:26:10.0027 6796 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:26:10.0029 6796 usbcir - ok
13:26:10.0034 6796 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:26:10.0035 6796 usbehci - ok
13:26:10.0043 6796 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:26:10.0051 6796 usbhub - ok
13:26:10.0054 6796 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:26:10.0055 6796 usbohci - ok
13:26:10.0059 6796 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:26:10.0060 6796 usbprint - ok
13:26:10.0064 6796 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:26:10.0066 6796 usbscan - ok
13:26:10.0069 6796 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
13:26:10.0071 6796 usbser - ok
13:26:10.0075 6796 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:26:10.0076 6796 USBSTOR - ok
13:26:10.0080 6796 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:26:10.0081 6796 usbuhci - ok
13:26:10.0085 6796 [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
13:26:10.0086 6796 usb_rndisx - ok
13:26:10.0091 6796 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:26:10.0093 6796 UxSms - ok
13:26:10.0095 6796 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:26:10.0096 6796 VaultSvc - ok
13:26:10.0103 6796 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:26:10.0103 6796 vdrvroot - ok
13:26:10.0116 6796 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:26:10.0127 6796 vds - ok
13:26:10.0132 6796 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:26:10.0134 6796 vga - ok
13:26:10.0138 6796 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:26:10.0139 6796 VgaSave - ok
13:26:10.0146 6796 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:26:10.0149 6796 vhdmp - ok
13:26:10.0158 6796 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:26:10.0159 6796 viaide - ok
13:26:10.0163 6796 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:26:10.0164 6796 volmgr - ok
13:26:10.0171 6796 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:26:10.0175 6796 volmgrx - ok
13:26:10.0182 6796 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:26:10.0188 6796 volsnap - ok
13:26:10.0194 6796 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:26:10.0197 6796 vsmraid - ok
13:26:10.0220 6796 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:26:10.0237 6796 VSS - ok
13:26:10.0240 6796 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:26:10.0242 6796 vwifibus - ok
13:26:10.0245 6796 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:26:10.0247 6796 vwififlt - ok
13:26:10.0260 6796 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:26:10.0266 6796 W32Time - ok
13:26:10.0270 6796 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:26:10.0271 6796 WacomPen - ok
13:26:10.0284 6796 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:26:10.0285 6796 WANARP - ok
13:26:10.0289 6796 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:26:10.0290 6796 Wanarpv6 - ok
13:26:10.0313 6796 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:26:10.0330 6796 WatAdminSvc - ok
13:26:10.0349 6796 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:26:10.0365 6796 wbengine - ok
13:26:10.0390 6796 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:26:10.0397 6796 WbioSrvc - ok
13:26:10.0405 6796 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:26:10.0410 6796 wcncsvc - ok
13:26:10.0415 6796 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:26:10.0417 6796 WcsPlugInService - ok
13:26:10.0425 6796 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:26:10.0426 6796 Wd - ok
13:26:10.0438 6796 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:26:10.0446 6796 Wdf01000 - ok
13:26:10.0456 6796 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:26:10.0458 6796 WdiServiceHost - ok
13:26:10.0462 6796 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:26:10.0463 6796 WdiSystemHost - ok
13:26:10.0470 6796 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:26:10.0475 6796 WebClient - ok
13:26:10.0481 6796 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:26:10.0486 6796 Wecsvc - ok
13:26:10.0497 6796 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:26:10.0499 6796 wercplsupport - ok
13:26:10.0504 6796 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:26:10.0506 6796 WerSvc - ok
13:26:10.0511 6796 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:26:10.0512 6796 WfpLwf - ok
13:26:10.0516 6796 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:26:10.0517 6796 WIMMount - ok
13:26:10.0524 6796 WinDefend - ok
13:26:10.0543 6796 [ BE94F78E11841CE2418726E6333E2603 ] Windows7FirewallService C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
13:26:10.0553 6796 Windows7FirewallService - ok
13:26:10.0556 6796 WinHttpAutoProxySvc - ok
13:26:10.0566 6796 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:26:10.0570 6796 Winmgmt - ok
13:26:10.0594 6796 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:26:10.0615 6796 WinRM - ok
13:26:10.0626 6796 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
13:26:10.0627 6796 WinUSB - ok
13:26:10.0640 6796 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:26:10.0654 6796 Wlansvc - ok
13:26:10.0683 6796 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:26:10.0707 6796 wlidsvc - ok
13:26:10.0710 6796 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:26:10.0711 6796 WmiAcpi - ok
13:26:10.0718 6796 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:26:10.0724 6796 wmiApSrv - ok
13:26:10.0727 6796 WMPNetworkSvc - ok
13:26:10.0731 6796 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:26:10.0732 6796 WPCSvc - ok
13:26:10.0736 6796 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:26:10.0739 6796 WPDBusEnum - ok
13:26:10.0744 6796 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:26:10.0745 6796 ws2ifsl - ok
13:26:10.0749 6796 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
13:26:10.0764 6796 wscsvc - ok
13:26:10.0770 6796 WSearch - ok
13:26:10.0804 6796 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:26:10.0830 6796 wuauserv - ok
13:26:10.0834 6796 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:26:10.0836 6796 WudfPf - ok
13:26:10.0841 6796 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:26:10.0846 6796 WUDFRd - ok
13:26:10.0851 6796 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:26:10.0853 6796 wudfsvc - ok
13:26:10.0859 6796 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:26:10.0863 6796 WwanSvc - ok
13:26:10.0871 6796 ================ Scan global ===============================
13:26:10.0874 6796 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:26:10.0880 6796 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:26:10.0889 6796 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:26:10.0893 6796 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:26:10.0904 6796 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:26:10.0909 6796 [Global] - ok
13:26:10.0909 6796 ================ Scan MBR ==================================
13:26:10.0911 6796 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:26:11.0101 6796 \Device\Harddisk0\DR0 - ok
13:26:11.0115 6796 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
13:26:11.0117 6796 \Device\Harddisk1\DR1 - ok
13:26:11.0134 6796 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
13:26:11.0141 6796 \Device\Harddisk2\DR2 - ok
13:26:11.0141 6796 ================ Scan VBR ==================================
13:26:11.0143 6796 [ 085F3F914A8F1D9BCB8E730762C24BBD ] \Device\Harddisk0\DR0\Partition1
13:26:11.0145 6796 \Device\Harddisk0\DR0\Partition1 - ok
13:26:11.0147 6796 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
13:26:11.0147 6796 \Device\Harddisk1\DR1\Partition1 - ok
13:26:11.0155 6796 [ E5C08E72FC834C580B7FA7D8DD63853B ] \Device\Harddisk1\DR1\Partition2
13:26:11.0156 6796 \Device\Harddisk1\DR1\Partition2 - ok
13:26:11.0170 6796 [ 065BA3EBB61D9A26024C51E7AED2E01A ] \Device\Harddisk1\DR1\Partition3
13:26:11.0171 6796 \Device\Harddisk1\DR1\Partition3 - ok
13:26:11.0174 6796 [ C1F0C4A325178BF6143C877E009082BB ] \Device\Harddisk2\DR2\Partition1
13:26:11.0175 6796 \Device\Harddisk2\DR2\Partition1 - ok
13:26:11.0175 6796 ================ Scan active images ========================
13:26:11.0175 6796 ============================================================
13:26:11.0175 6796 Scan finished
13:26:11.0175 6796 ============================================================
13:26:11.0258 6788 Detected object count: 0
13:26:11.0258 6788 Actual detected object count: 0
13:26:22.0819 7088 ============================================================
13:26:22.0819 7088 Scan started
13:26:22.0819 7088 Mode: Manual; SigCheck; TDLFS;
13:26:22.0819 7088 ============================================================
13:26:23.0290 7088 ================ Scan system memory ========================
13:26:23.0290 7088 System memory - ok
13:26:23.0290 7088 ================ Scan services =============================
13:26:23.0317 7088 !SASCORE - ok
13:26:23.0352 7088 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:26:23.0383 7088 1394ohci - ok
13:26:23.0394 7088 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
13:26:23.0404 7088 ACDaemon - ok
13:26:23.0414 7088 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:26:23.0424 7088 ACPI - ok
13:26:23.0428 7088 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:26:23.0459 7088 AcpiPmi - ok
13:26:23.0468 7088 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:26:23.0475 7088 AdobeARMservice - ok
13:26:23.0497 7088 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:26:23.0506 7088 AdobeFlashPlayerUpdateSvc - ok
13:26:23.0515 7088 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:26:23.0526 7088 adp94xx - ok
13:26:23.0534 7088 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:26:23.0544 7088 adpahci - ok
13:26:23.0550 7088 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:26:23.0558 7088 adpu320 - ok
13:26:23.0564 7088 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:26:23.0615 7088 AeLookupSvc - ok
13:26:23.0624 7088 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:26:23.0636 7088 AFD - ok
13:26:23.0640 7088 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:26:23.0647 7088 agp440 - ok
13:26:23.0659 7088 [ B9F92CB71BE22C89C4E2E6821FBF45E8 ] ahcix64 C:\Windows\system32\DRIVERS\ahcix64.sys
13:26:23.0666 7088 ahcix64 - ok
13:26:23.0670 7088 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:26:23.0682 7088 ALG - ok
13:26:23.0686 7088 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:26:23.0693 7088 aliide - ok
13:26:23.0699 7088 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:26:23.0711 7088 AMD External Events Utility - ok
13:26:23.0717 7088 AMD FUEL Service - ok
13:26:23.0721 7088 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:26:23.0727 7088 amdide - ok
13:26:23.0731 7088 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
13:26:23.0737 7088 amdiox64 - ok
13:26:23.0741 7088 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:26:23.0750 7088 AmdK8 - ok
13:26:23.0862 7088 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:26:23.0954 7088 amdkmdag - ok
13:26:23.0966 7088 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:26:23.0979 7088 amdkmdap - ok
13:26:23.0984 7088 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:26:23.0992 7088 AmdPPM - ok
13:26:24.0001 7088 [ AFE7733A20BC394D34713440AF680B63 ] AMDRAIDXpert C:\Program Files (x86)\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
13:26:24.0005 7088 AMDRAIDXpert ( UnsignedFile.Multi.Generic ) - warning
13:26:24.0005 7088 AMDRAIDXpert - detected UnsignedFile.Multi.Generic (1)
13:26:24.0015 7088 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:26:24.0022 7088 amdsata - ok
13:26:24.0028 7088 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:26:24.0037 7088 amdsbs - ok
13:26:24.0040 7088 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:26:24.0047 7088 amdxata - ok
13:26:24.0053 7088 [ B934322C68C30DCECA96C0274A51F7B0 ] AODDriver C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys
13:26:24.0059 7088 AODDriver - ok
13:26:24.0063 7088 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
13:26:24.0068 7088 AODDriver4.01 - ok
13:26:24.0073 7088 [ 6845A9781EF9D2FA5C494CC684A06B6A ] AODDriver4.1 C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys
13:26:24.0079 7088 AODDriver4.1 - ok
13:26:24.0082 7088 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
13:26:24.0087 7088 AODDriver4.2 - ok
13:26:24.0095 7088 [ 419DFC4FCF642A3D8D9794C15FCA92FD ] AODService C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
13:26:24.0100 7088 AODService - ok
13:26:24.0104 7088 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:26:24.0168 7088 AppID - ok
13:26:24.0172 7088 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:26:24.0195 7088 AppIDSvc - ok
13:26:24.0200 7088 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:26:24.0222 7088 Appinfo - ok
13:26:24.0228 7088 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:26:24.0234 7088 Apple Mobile Device - ok
13:26:24.0240 7088 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:26:24.0247 7088 arc - ok
13:26:24.0251 7088 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:26:24.0259 7088 arcsas - ok
13:26:24.0264 7088 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:26:24.0287 7088 AsyncMac - ok
13:26:24.0293 7088 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:26:24.0300 7088 atapi - ok
13:26:24.0305 7088 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
13:26:24.0314 7088 AtiHDAudioService - ok
13:26:24.0324 7088 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:26:24.0351 7088 AudioEndpointBuilder - ok
13:26:24.0360 7088 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:26:24.0385 7088 AudioSrv - ok
13:26:24.0390 7088 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:26:24.0410 7088 AxInstSV - ok
13:26:24.0420 7088 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:26:24.0431 7088 b06bdrv - ok
13:26:24.0439 7088 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:26:24.0451 7088 b57nd60a - ok
13:26:24.0458 7088 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:26:24.0466 7088 BDESVC - ok
13:26:24.0469 7088 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:26:24.0494 7088 Beep - ok
13:26:24.0506 7088 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:26:24.0532 7088 BFE - ok
13:26:24.0544 7088 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
13:26:24.0572 7088 BITS - ok
13:26:24.0585 7088 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:26:24.0594 7088 blbdrive - ok
13:26:24.0602 7088 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:26:24.0612 7088 Bonjour Service - ok
13:26:24.0617 7088 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:26:24.0624 7088 bowser - ok
13:26:24.0627 7088 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:26:24.0637 7088 BrFiltLo - ok
13:26:24.0640 7088 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:26:24.0649 7088 BrFiltUp - ok
13:26:24.0652 7088 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
13:26:24.0675 7088 BridgeMP - ok
13:26:24.0681 7088 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:26:24.0689 7088 Browser - ok
13:26:24.0696 7088 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:26:24.0709 7088 Brserid - ok
13:26:24.0712 7088 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:26:24.0721 7088 BrSerWdm - ok
13:26:24.0725 7088 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:26:24.0735 7088 BrUsbMdm - ok
13:26:24.0738 7088 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:26:24.0745 7088 BrUsbSer - ok
13:26:24.0751 7088 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:26:24.0761 7088 BTHMODEM - ok
13:26:24.0768 7088 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:26:24.0790 7088 bthserv - ok
13:26:24.0795 7088 catchme - ok
13:26:24.0799 7088 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:26:24.0824 7088 cdfs - ok
13:26:24.0829 7088 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
13:26:24.0837 7088 cdrom - ok
13:26:24.0842 7088 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:26:24.0875 7088 CertPropSvc - ok
13:26:24.0882 7088 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:26:24.0892 7088 circlass - ok
13:26:24.0905 7088 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:26:24.0916 7088 CLFS - ok
13:26:24.0933 7088 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:26:24.0940 7088 clr_optimization_v2.0.50727_32 - ok
13:26:24.0958 7088 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:26:24.0966 7088 clr_optimization_v2.0.50727_64 - ok
13:26:24.0976 7088 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:26:24.0984 7088 clr_optimization_v4.0.30319_32 - ok
13:26:24.0993 7088 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:26:25.0000 7088 clr_optimization_v4.0.30319_64 - ok
13:26:25.0008 7088 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:26:25.0015 7088 CmBatt - ok
13:26:25.0019 7088 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:26:25.0025 7088 cmdide - ok
13:26:25.0034 7088 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
13:26:25.0052 7088 CNG - ok
13:26:25.0057 7088 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:26:25.0064 7088 Compbatt - ok
13:26:25.0067 7088 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:26:25.0077 7088 CompositeBus - ok
13:26:25.0082 7088 COMSysApp - ok
13:26:25.0106 7088 cpuz134 - ok
13:26:25.0110 7088 [ C08063F052308B6F5882482615387F30 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
13:26:25.0116 7088 cpuz135 - ok
13:26:25.0119 7088 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:26:25.0126 7088 crcdisk - ok
13:26:25.0133 7088 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:26:25.0141 7088 CryptSvc - ok
13:26:25.0151 7088 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:26:25.0176 7088 DcomLaunch - ok
13:26:25.0183 7088 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:26:25.0208 7088 defragsvc - ok
13:26:25.0212 7088 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:26:25.0236 7088 DfsC - ok
13:26:25.0243 7088 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:26:25.0253 7088 Dhcp - ok
13:26:25.0333 7088 DIRECTIO - ok
13:26:25.0337 7088 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:26:25.0360 7088 discache - ok
13:26:25.0364 7088 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:26:25.0371 7088 Disk - ok
13:26:25.0376 7088 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:26:25.0386 7088 Dnscache - ok
13:26:25.0392 7088 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:26:25.0415 7088 dot3svc - ok
13:26:25.0421 7088 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
13:26:25.0437 7088 Dot4 - ok
13:26:25.0441 7088 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
13:26:25.0450 7088 Dot4Print - ok
13:26:25.0456 7088 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
13:26:25.0468 7088 dot4usb - ok
13:26:25.0473 7088 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:26:25.0497 7088 DPS - ok
13:26:25.0507 7088 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:26:25.0520 7088 drmkaud - ok
13:26:25.0533 7088 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:26:25.0550 7088 DXGKrnl - ok
13:26:25.0554 7088 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:26:25.0578 7088 EapHost - ok
13:26:25.0613 7088 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:26:25.0643 7088 ebdrv - ok
13:26:25.0649 7088 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:26:25.0658 7088 EFS - ok
13:26:25.0670 7088 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:26:25.0685 7088 ehRecvr - ok
13:26:25.0689 7088 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:26:25.0697 7088 ehSched - ok
13:26:25.0706 7088 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:26:25.0718 7088 elxstor - ok
13:26:25.0726 7088 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
13:26:25.0735 7088 EPSON_PM_RPCV4_01 - ok
13:26:25.0739 7088 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:26:25.0746 7088 ErrDev - ok
13:26:25.0753 7088 [ DCD7487D00AA4DFFAEB4C8B086AF1134 ] ES lite Service C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
13:26:25.0759 7088 ES lite Service - ok
13:26:25.0764 7088 [ 84486624268E078255BC7AA47F0960BC ] etdrv C:\Windows\etdrv.sys
13:26:25.0769 7088 etdrv - ok
13:26:25.0777 7088 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:26:25.0802 7088 EventSystem - ok
13:26:25.0808 7088 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:26:25.0831 7088 exfat - ok
13:26:25.0838 7088 Fabs - ok
13:26:25.0845 7088 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:26:25.0869 7088 fastfat - ok
13:26:25.0879 7088 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:26:25.0892 7088 Fax - ok
13:26:25.0896 7088 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:26:25.0903 7088 fdc - ok
13:26:25.0906 7088 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:26:25.0929 7088 fdPHost - ok
13:26:25.0934 7088 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:26:25.0957 7088 FDResPub - ok
13:26:25.0962 7088 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:26:25.0969 7088 FileInfo - ok
13:26:25.0972 7088 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:26:25.0995 7088 Filetrace - ok
13:26:26.0042 7088 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
13:26:26.0070 7088 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
13:26:26.0070 7088 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
13:26:26.0081 7088 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:26:26.0093 7088 FLEXnet Licensing Service - ok
13:26:26.0096 7088 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:26:26.0104 7088 flpydisk - ok
13:26:26.0110 7088 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:26:26.0120 7088 FltMgr - ok
13:26:26.0124 7088 Folding@home-CPU-[1] - ok
13:26:26.0139 7088 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
13:26:26.0158 7088 FontCache - ok
13:26:26.0165 7088 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:26:26.0171 7088 FontCache3.0.0.0 - ok
13:26:26.0177 7088 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:26:26.0184 7088 FsDepends - ok
13:26:26.0199 7088 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:26:26.0207 7088 Fs_Rec - ok
13:26:26.0214 7088 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:26:26.0226 7088 fvevol - ok
13:26:26.0232 7088 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:26:26.0240 7088 gagp30kx - ok
13:26:26.0250 7088 [ 46E2828BCA26B31FA5A1DD4D84DF633D ] gdrv C:\Windows\gdrv.sys
13:26:26.0260 7088 gdrv - ok
13:26:26.0273 7088 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:26:26.0279 7088 GEARAspiWDM - ok
13:26:26.0305 7088 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:26:26.0335 7088 gpsvc - ok
13:26:26.0345 7088 [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64 C:\Windows\GVTDrv64.sys
13:26:26.0355 7088 GVTDrv64 - ok
13:26:26.0360 7088 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:26:26.0373 7088 hcw85cir - ok
13:26:26.0435 7088 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:26:26.0510 7088 HdAudAddService - ok
13:26:26.0521 7088 HDAudBus - ok
13:26:26.0527 7088 HidBatt - ok
13:26:26.0533 7088 HidBth - ok
13:26:26.0538 7088 HidIr - ok
13:26:26.0546 7088 hidserv - ok
13:26:26.0730 7088 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:26:26.0829 7088 HidUsb - ok
13:26:26.0907 7088 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:26:26.0938 7088 hkmsvc - ok
13:26:26.0952 7088 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:26:26.0961 7088 HomeGroupListener - ok
13:26:26.0970 7088 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:26:27.0005 7088 HomeGroupProvider - ok
13:26:27.0057 7088 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
13:26:27.0069 7088 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
13:26:27.0069 7088 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
13:26:27.0084 7088 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
13:26:27.0093 7088 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
13:26:27.0093 7088 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
13:26:27.0102 7088 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:26:27.0109 7088 HpSAMD - ok
13:26:27.0160 7088 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
13:26:27.0172 7088 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
13:26:27.0172 7088 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
13:26:27.0181 7088 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
13:26:27.0204 7088 HTCAND64 - ok
13:26:27.0295 7088 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:26:27.0325 7088 HTTP - ok
13:26:27.0340 7088 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:26:27.0346 7088 hwpolicy - ok
13:26:27.0362 7088 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:26:27.0373 7088 i8042prt - ok
13:26:27.0412 7088 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:26:27.0422 7088 iaStorV - ok
13:26:27.0474 7088 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:26:27.0486 7088 IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:26:27.0486 7088 IDriverT - detected UnsignedFile.Multi.Generic (1)
13:26:27.0573 7088 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:26:27.0588 7088 idsvc - ok
13:26:27.0606 7088 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:26:27.0613 7088 iirsp - ok
13:26:27.0679 7088 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:26:27.0708 7088 IKEEXT - ok
13:26:27.0834 7088 [ 4B071AEBBC13D60430EE0371B262F681 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:26:27.0855 7088 IntcAzAudAddService - ok
13:26:27.0867 7088 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:26:27.0874 7088 intelide - ok
13:26:27.0894 7088 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:26:27.0908 7088 intelppm - ok
13:26:27.0924 7088 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:26:27.0953 7088 IPBusEnum - ok
13:26:27.0968 7088 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:26:27.0998 7088 IpFilterDriver - ok
13:26:28.0051 7088 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:26:28.0084 7088 iphlpsvc - ok
13:26:28.0098 7088 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:26:28.0105 7088 IPMIDRV - ok
13:26:28.0119 7088 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:26:28.0146 7088 IPNAT - ok
13:26:28.0265 7088 [ 3C0D4B3E80FC4854CA325DD123CC4DED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:26:28.0279 7088 iPod Service - ok
13:26:28.0299 7088 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:26:28.0315 7088 IRENUM - ok
13:26:28.0327 7088 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:26:28.0334 7088 isapnp - ok
13:26:28.0363 7088 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:26:28.0372 7088 iScsiPrt - ok
13:26:28.0387 7088 [ DB85FE8D6CBAA2047CB4DA1B2C193D76 ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
13:26:28.0412 7088 JRAID - ok
13:26:28.0426 7088 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:26:28.0433 7088 kbdclass - ok
13:26:28.0450 7088 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:26:28.0464 7088 kbdhid - ok
13:26:28.0471 7088 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:26:28.0483 7088 KeyIso - ok
13:26:28.0499 7088 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:26:28.0507 7088 KSecDD - ok
13:26:28.0528 7088 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:26:28.0536 7088 KSecPkg - ok
13:26:28.0551 7088 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:26:28.0577 7088 ksthunk - ok
13:26:28.0609 7088 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:26:28.0641 7088 KtmRm - ok
13:26:28.0650 7088 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
13:26:28.0672 7088 LanmanServer - ok
13:26:28.0692 7088 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:26:28.0715 7088 LanmanWorkstation - ok
13:26:28.0720 7088 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
13:26:28.0726 7088 LGBusEnum - ok
13:26:28.0729 7088 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
13:26:28.0734 7088 LGVirHid - ok
13:26:28.0741 7088 [ E75ADCFAFDEF3F4C3AF3332928D59926 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
13:26:28.0744 7088 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
13:26:28.0744 7088 LightScribeService - detected UnsignedFile.Multi.Generic (1)
13:26:28.0747 7088 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:26:28.0773 7088 lltdio - ok
13:26:28.0782 7088 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:26:28.0808 7088 lltdsvc - ok
13:26:28.0811 7088 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:26:28.0844 7088 lmhosts - ok
13:26:28.0858 7088 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:26:28.0867 7088 LSI_FC - ok
13:26:28.0881 7088 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:26:28.0888 7088 LSI_SAS - ok
13:26:28.0893 7088 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:26:28.0900 7088 LSI_SAS2 - ok
13:26:28.0904 7088 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:26:28.0913 7088 LSI_SCSI - ok
13:26:28.0919 7088 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:26:28.0945 7088 luafv - ok
13:26:28.0949 7088 [ DE585D1D266805E5EEDAE911FDD16F38 ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
13:26:28.0971 7088 ManyCam - ok
13:26:29.0015 7088 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:26:29.0022 7088 MBAMProtector - ok
13:26:29.0033 7088 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:26:29.0043 7088 MBAMScheduler - ok
13:26:29.0055 7088 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:26:29.0068 7088 MBAMService - ok
13:26:29.0072 7088 [ 2E7FFDEF8BAFD04CBB517507B821E878 ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv_x64.sys
13:26:29.0079 7088 mcaudrv_simple - ok
13:26:29.0082 7088 MCSTRM - ok
13:26:29.0087 7088 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:26:29.0095 7088 Mcx2Svc - ok
13:26:29.0099 7088 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:26:29.0106 7088 megasas - ok
13:26:29.0114 7088 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:26:29.0123 7088 MegaSR - ok
13:26:29.0133 7088 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:26:29.0139 7088 Microsoft Office Groove Audit Service - ok
13:26:29.0143 7088 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:26:29.0166 7088 MMCSS - ok
13:26:29.0170 7088 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:26:29.0192 7088 Modem - ok
13:26:29.0196 7088 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:26:29.0205 7088 monitor - ok
13:26:29.0208 7088 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:26:29.0215 7088 mouclass - ok
13:26:29.0220 7088 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:26:29.0230 7088 mouhid - ok
13:26:29.0234 7088 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:26:29.0241 7088 mountmgr - ok
13:26:29.0246 7088 [ 7CA1BA754FC62FF4A1DA07AADDE5393B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:26:29.0254 7088 MozillaMaintenance - ok
13:26:29.0260 7088 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
13:26:29.0271 7088 MpFilter - ok
13:26:29.0277 7088 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:26:29.0285 7088 mpio - ok
13:26:29.0289 7088 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:26:29.0311 7088 mpsdrv - ok
13:26:29.0326 7088 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:26:29.0353 7088 MpsSvc - ok
13:26:29.0359 7088 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:26:29.0371 7088 MRxDAV - ok
13:26:29.0376 7088 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:26:29.0385 7088 mrxsmb - ok
13:26:29.0393 7088 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:26:29.0401 7088 mrxsmb10 - ok
13:26:29.0406 7088 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:26:29.0414 7088 mrxsmb20 - ok
13:26:29.0417 7088 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:26:29.0424 7088 msahci - ok
13:26:29.0429 7088 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:26:29.0438 7088 msdsm - ok
13:26:29.0445 7088 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:26:29.0454 7088 MSDTC - ok
13:26:29.0460 7088 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:26:29.0482 7088 Msfs - ok
13:26:29.0486 7088 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:26:29.0509 7088 mshidkmdf - ok
13:26:29.0515 7088 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:26:29.0521 7088 msisadrv - ok
13:26:29.0528 7088 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:26:29.0551 7088 MSiSCSI - ok
13:26:29.0554 7088 msiserver - ok
13:26:29.0559 7088 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:26:29.0584 7088 MSKSSRV - ok
13:26:29.0589 7088 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
13:26:29.0598 7088 MsMpSvc - ok
13:26:29.0601 7088 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:26:29.0623 7088 MSPCLOCK - ok
13:26:29.0626 7088 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:26:29.0649 7088 MSPQM - ok
13:26:29.0660 7088 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:26:29.0670 7088 MsRPC - ok
13:26:29.0675 7088 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:26:29.0682 7088 mssmbios - ok
13:26:29.0686 7088 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:26:29.0708 7088 MSTEE - ok
13:26:29.0711 7088 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:26:29.0718 7088 MTConfig - ok
13:26:29.0724 7088 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:26:29.0731 7088 Mup - ok
13:26:29.0741 7088 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:26:29.0766 7088 napagent - ok
13:26:29.0774 7088 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:26:29.0787 7088 NativeWifiP - ok
13:26:29.0801 7088 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:26:29.0816 7088 NDIS - ok
13:26:29.0820 7088 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:26:29.0842 7088 NdisCap - ok
13:26:29.0846 7088 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:26:29.0868 7088 NdisTapi - ok
13:26:29.0872 7088 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:26:29.0895 7088 Ndisuio - ok
13:26:29.0902 7088 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:26:29.0928 7088 NdisWan - ok
13:26:29.0933 7088 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:26:29.0955 7088 NDProxy - ok
13:26:29.0972 7088 [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
13:26:29.0985 7088 Nero BackItUp Scheduler 3 - ok
13:26:29.0991 7088 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
13:26:29.0995 7088 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:26:29.0995 7088 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:26:29.0999 7088 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:26:30.0023 7088 NetBIOS - ok
13:26:30.0030 7088 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:26:30.0052 7088 NetBT - ok
13:26:30.0055 7088 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:26:30.0063 7088 Netlogon - ok
13:26:30.0070 7088 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:26:30.0096 7088 Netman - ok
13:26:30.0107 7088 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:26:30.0132 7088 netprofm - ok
13:26:30.0137 7088 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:26:30.0143 7088 NetTcpPortSharing - ok
13:26:30.0148 7088 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:26:30.0154 7088 nfrd960 - ok
13:26:30.0159 7088 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:26:30.0168 7088 NisDrv - ok
13:26:30.0176 7088 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
13:26:30.0188 7088 NisSrv - ok
13:26:30.0198 7088 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:26:30.0208 7088 NlaSvc - ok
13:26:30.0213 7088 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:26:30.0235 7088 Npfs - ok
13:26:30.0238 7088 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:26:30.0261 7088 nsi - ok
13:26:30.0264 7088 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:26:30.0286 7088 nsiproxy - ok
13:26:30.0318 7088 [ B8965FB53551B5455630A4B804D0791F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:26:30.0339 7088 Ntfs - ok
13:26:30.0344 7088 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:26:30.0366 7088 Null - ok
13:26:30.0369 7088 nvlddmkm - ok
13:26:30.0375 7088 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:26:30.0383 7088 nvraid - ok
13:26:30.0389 7088 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:26:30.0397 7088 nvstor - ok
13:26:30.0401 7088 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:26:30.0409 7088 nv_agp - ok
13:26:30.0421 7088 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:26:30.0431 7088 odserv - ok
13:26:30.0436 7088 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:26:30.0444 7088 ohci1394 - ok
13:26:30.0450 7088 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:26:30.0457 7088 ose - ok
13:26:30.0469 7088 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:26:30.0479 7088 p2pimsvc - ok
13:26:30.0489 7088 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:26:30.0500 7088 p2psvc - ok
13:26:30.0506 7088 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:26:30.0518 7088 Parport - ok
13:26:30.0524 7088 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:26:30.0532 7088 partmgr - ok
13:26:30.0538 7088 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:26:30.0550 7088 PcaSvc - ok
13:26:30.0555 7088 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
13:26:30.0562 7088 pccsmcfd - ok
13:26:30.0568 7088 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:26:30.0577 7088 pci - ok
13:26:30.0580 7088 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:26:30.0587 7088 pciide - ok
13:26:30.0593 7088 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:26:30.0602 7088 pcmcia - ok
13:26:30.0606 7088 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:26:30.0613 7088 pcw - ok
13:26:30.0626 7088 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:26:30.0653 7088 PEAUTH - ok
13:26:30.0717 7088 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:26:30.0725 7088 PerfHost - ok
13:26:30.0756 7088 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:26:30.0787 7088 pla - ok
13:26:30.0794 7088 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
13:26:30.0798 7088 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
13:26:30.0798 7088 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
13:26:30.0808 7088 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:26:30.0819 7088 PlugPlay - ok
13:26:30.0824 7088 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
13:26:30.0827 7088 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:26:30.0827 7088 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:26:30.0830 7088 PnkBstrA - ok
13:26:30.0834 7088 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:26:30.0841 7088 PNRPAutoReg - ok
13:26:30.0849 7088 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:26:30.0857 7088 PNRPsvc - ok
13:26:30.0868 7088 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:26:30.0894 7088 PolicyAgent - ok
13:26:30.0901 7088 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:26:30.0928 7088 Power - ok
13:26:30.0933 7088 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:26:30.0955 7088 PptpMiniport - ok
13:26:30.0959 7088 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:26:30.0967 7088 Processor - ok
13:26:30.0975 7088 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:26:30.0984 7088 ProfSvc - ok
13:26:30.0988 7088 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:26:30.0995 7088 ProtectedStorage - ok
13:26:31.0001 7088 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:26:31.0023 7088 Psched - ok
13:26:31.0048 7088 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:26:31.0069 7088 ql2300 - ok
13:26:31.0074 7088 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:26:31.0082 7088 ql40xx - ok
13:26:31.0088 7088 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:26:31.0101 7088 QWAVE - ok
13:26:31.0104 7088 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:26:31.0115 7088 QWAVEdrv - ok
13:26:31.0119 7088 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:26:31.0140 7088 RasAcd - ok
13:26:31.0145 7088 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:26:31.0167 7088 RasAgileVpn - ok
13:26:31.0171 7088 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:26:31.0195 7088 RasAuto - ok
13:26:31.0199 7088 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:26:31.0221 7088 Rasl2tp - ok
13:26:31.0229 7088 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:26:31.0254 7088 RasMan - ok
13:26:31.0259 7088 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:26:31.0283 7088 RasPppoe - ok
13:26:31.0288 7088 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:26:31.0311 7088 RasSstp - ok
13:26:31.0318 7088 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:26:31.0341 7088 rdbss - ok
13:26:31.0345 7088 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:26:31.0355 7088 rdpbus - ok
13:26:31.0358 7088 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:26:31.0380 7088 RDPCDD - ok
13:26:31.0385 7088 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:26:31.0408 7088 RDPENCDD - ok
13:26:31.0414 7088 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:26:31.0437 7088 RDPREFMP - ok
13:26:31.0443 7088 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:26:31.0451 7088 RdpVideoMiniport - ok
13:26:31.0458 7088 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:26:31.0466 7088 RDPWD - ok
13:26:31.0472 7088 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:26:31.0482 7088 rdyboost - ok
13:26:31.0486 7088 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:26:31.0510 7088 RemoteAccess - ok
13:26:31.0518 7088 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:26:31.0546 7088 RemoteRegistry - ok
13:26:31.0551 7088 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:26:31.0575 7088 RpcEptMapper - ok
13:26:31.0579 7088 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:26:31.0588 7088 RpcLocator - ok
13:26:31.0596 7088 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:26:31.0622 7088 RpcSs - ok
13:26:31.0626 7088 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:26:31.0650 7088 rspndr - ok
13:26:31.0659 7088 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
13:26:31.0671 7088 RTL8167 - ok
13:26:31.0681 7088 [ FC00C0DE6DC83DE1B2B01420E2195B21 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
13:26:31.0688 7088 RTL8192su ( UnsignedFile.Multi.Generic ) - warning
13:26:31.0688 7088 RTL8192su - detected UnsignedFile.Multi.Generic (1)
13:26:31.0692 7088 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:26:31.0700 7088 SamSs - ok
13:26:31.0706 7088 [ 5EFBBFCC6ADAC121C8E2FE76641ED329 ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011a\WNt500x64\Sandra.sys
13:26:31.0713 7088 SANDRA - ok
13:26:31.0716 7088 [ 20A06B4389BC4DC500BAB97D8EC763E8 ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011a\RpcAgentSrv.exe
13:26:31.0721 7088 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning
13:26:31.0721 7088 SandraAgentSrv - detected UnsignedFile.Multi.Generic (1)
13:26:31.0723 7088 SASDIFSV - ok
13:26:31.0726 7088 SASKUTIL - ok
13:26:31.0732 7088 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:26:31.0740 7088 sbp2port - ok
13:26:31.0746 7088 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:26:31.0771 7088 SCardSvr - ok
13:26:31.0775 7088 [ 6CE6F98EA3D07A9C2CE3CD0A5A86352D ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
13:26:31.0783 7088 SCDEmu - ok
13:26:31.0787 7088 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:26:31.0810 7088 scfilter - ok
13:26:31.0824 7088 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:26:31.0854 7088 Schedule - ok
13:26:31.0858 7088 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:26:31.0880 7088 SCPolicySvc - ok
13:26:31.0885 7088 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:26:31.0896 7088 SDRSVC - ok
13:26:31.0900 7088 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:26:31.0922 7088 secdrv - ok
13:26:31.0929 7088 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:26:31.0951 7088 seclogon - ok
13:26:31.0955 7088 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
13:26:31.0978 7088 SENS - ok
13:26:31.0982 7088 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:26:31.0990 7088 SensrSvc - ok
13:26:31.0993 7088 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:26:32.0001 7088 Serenum - ok
13:26:32.0005 7088 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:26:32.0012 7088 Serial - ok
13:26:32.0015 7088 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:26:32.0023 7088 sermouse - ok
13:26:32.0034 7088 [ 12B41D84A4D058ADC60853C365DBFCCA ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
13:26:32.0041 7088 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
13:26:32.0041 7088 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
13:26:32.0050 7088 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:26:32.0073 7088 SessionEnv - ok
13:26:32.0077 7088 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:26:32.0085 7088 sffdisk - ok
13:26:32.0088 7088 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:26:32.0098 7088 sffp_mmc - ok
13:26:32.0101 7088 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:26:32.0110 7088 sffp_sd - ok
13:26:32.0113 7088 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:26:32.0121 7088 sfloppy - ok
13:26:32.0128 7088 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:26:32.0151 7088 SharedAccess - ok
13:26:32.0159 7088 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:26:32.0183 7088 ShellHWDetection - ok
13:26:32.0186 7088 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:26:32.0193 7088 SiSRaid2 - ok
13:26:32.0197 7088 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:26:32.0204 7088 SiSRaid4 - ok
13:26:32.0210 7088 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:26:32.0217 7088 SkypeUpdate - ok
13:26:32.0221 7088 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:26:32.0243 7088 Smb - ok
13:26:32.0250 7088 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:26:32.0258 7088 SNMPTRAP - ok
13:26:32.0262 7088 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
13:26:32.0268 7088 speedfan - ok
13:26:32.0272 7088 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:26:32.0279 7088 spldr - ok
13:26:32.0288 7088 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:26:32.0299 7088 Spooler - ok
13:26:32.0338 7088 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:26:32.0384 7088 sppsvc - ok
13:26:32.0389 7088 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:26:32.0411 7088 sppuinotify - ok
13:26:32.0420 7088 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:26:32.0431 7088 srv - ok
13:26:32.0439 7088 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:26:32.0448 7088 srv2 - ok
13:26:32.0453 7088 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:26:32.0460 7088 srvnet - ok
13:26:32.0466 7088 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:26:32.0489 7088 SSDPSRV - ok
13:26:32.0494 7088 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:26:32.0517 7088 SstpSvc - ok
13:26:32.0520 7088 Steam Client Service - ok
13:26:32.0526 7088 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:26:32.0533 7088 stexstor - ok
13:26:32.0543 7088 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:26:32.0558 7088 stisvc - ok
13:26:32.0563 7088 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:26:32.0569 7088 swenum - ok
13:26:32.0580 7088 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:26:32.0588 7088 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
13:26:32.0588 7088 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
13:26:32.0597 7088 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:26:32.0623 7088 swprv - ok
13:26:32.0644 7088 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:26:32.0667 7088 SysMain - ok
13:26:32.0672 7088 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:26:32.0683 7088 TabletInputService - ok
13:26:32.0690 7088 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:26:32.0713 7088 TapiSrv - ok
13:26:32.0717 7088 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:26:32.0740 7088 TBS - ok
13:26:32.0764 7088 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:26:32.0789 7088 Tcpip - ok
13:26:32.0811 7088 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:26:32.0835 7088 TCPIP6 - ok
13:26:32.0841 7088 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:26:32.0848 7088 tcpipreg - ok
13:26:32.0853 7088 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:26:32.0861 7088 TDPIPE - ok
13:26:32.0864 7088 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:26:32.0871 7088 TDTCP - ok
13:26:32.0875 7088 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:26:32.0896 7088 tdx - ok
13:26:32.0900 7088 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:26:32.0907 7088 TermDD - ok
13:26:32.0918 7088 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:26:32.0944 7088 TermService - ok
13:26:32.0948 7088 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:26:32.0959 7088 Themes - ok
13:26:32.0963 7088 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:26:32.0984 7088 THREADORDER - ok
13:26:32.0989 7088 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:26:33.0013 7088 TrkWks - ok
13:26:33.0019 7088 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:26:33.0041 7088 TrustedInstaller - ok
13:26:33.0047 7088 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:26:33.0068 7088 tssecsrv - ok
13:26:33.0072 7088 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:26:33.0080 7088 TsUsbFlt - ok
13:26:33.0084 7088 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:26:33.0106 7088 tunnel - ok
13:26:33.0110 7088 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:26:33.0117 7088 uagp35 - ok
13:26:33.0124 7088 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:26:33.0147 7088 udfs - ok
13:26:33.0155 7088 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:26:33.0164 7088 UI0Detect - ok
13:26:33.0168 7088 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:26:33.0175 7088 uliagpkx - ok
13:26:33.0179 7088 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
13:26:33.0186 7088 umbus - ok
13:26:33.0190 7088 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:26:33.0197 7088 UmPass - ok
13:26:33.0204 7088 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:26:33.0229 7088 upnphost - ok
13:26:33.0233 7088 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
13:26:33.0240 7088 USBAAPL64 - ok
13:26:33.0244 7088 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:26:33.0252 7088 usbccgp - ok
13:26:33.0256 7088 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:26:33.0265 7088 usbcir - ok
13:26:33.0268 7088 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:26:33.0275 7088 usbehci - ok
13:26:33.0282 7088 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:26:33.0291 7088 usbhub - ok
13:26:33.0295 7088 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:26:33.0302 7088 usbohci - ok
13:26:33.0305 7088 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:26:33.0314 7088 usbprint - ok
13:26:33.0318 7088 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:26:33.0327 7088 usbscan - ok
13:26:33.0331 7088 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
13:26:33.0338 7088 usbser - ok
13:26:33.0342 7088 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:26:33.0350 7088 USBSTOR - ok
13:26:33.0353 7088 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:26:33.0360 7088 usbuhci - ok
13:26:33.0363 7088 [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
13:26:33.0371 7088 usb_rndisx - ok
13:26:33.0375 7088 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:26:33.0397 7088 UxSms - ok
13:26:33.0401 7088 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:26:33.0407 7088 VaultSvc - ok
13:26:33.0411 7088 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:26:33.0417 7088 vdrvroot - ok
13:26:33.0427 7088 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:26:33.0451 7088 vds - ok
13:26:33.0454 7088 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:26:33.0463 7088 vga - ok
13:26:33.0466 7088 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:26:33.0488 7088 VgaSave - ok
13:26:33.0494 7088 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:26:33.0503 7088 vhdmp - ok
13:26:33.0506 7088 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:26:33.0513 7088 viaide - ok
13:26:33.0516 7088 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:26:33.0523 7088 volmgr - ok
13:26:33.0530 7088 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:26:33.0540 7088 volmgrx - ok
13:26:33.0548 7088 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:26:33.0558 7088 volsnap - ok
13:26:33.0565 7088 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:26:33.0575 7088 vsmraid - ok
13:26:33.0595 7088 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:26:33.0628 7088 VSS - ok
13:26:33.0632 7088 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:26:33.0641 7088 vwifibus - ok
13:26:33.0645 7088 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:26:33.0655 7088 vwififlt - ok
13:26:33.0663 7088 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:26:33.0687 7088 W32Time - ok
13:26:33.0692 7088 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:26:33.0700 7088 WacomPen - ok
13:26:33.0704 7088 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:26:33.0725 7088 WANARP - ok
13:26:33.0728 7088 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:26:33.0749 7088 Wanarpv6 - ok
13:26:33.0766 7088 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:26:33.0784 7088 WatAdminSvc - ok
13:26:33.0803 7088 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:26:33.0820 7088 wbengine - ok
13:26:33.0827 7088 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:26:33.0839 7088 WbioSrvc - ok
13:26:33.0846 7088 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:26:33.0859 7088 wcncsvc - ok
13:26:33.0863 7088 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:26:33.0870 7088 WcsPlugInService - ok
13:26:33.0874 7088 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:26:33.0880 7088 Wd - ok
13:26:33.0891 7088 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:26:33.0907 7088 Wdf01000 - ok
13:26:33.0911 7088 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:26:33.0943 7088 WdiServiceHost - ok
13:26:33.0947 7088 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:26:33.0957 7088 WdiSystemHost - ok
13:26:33.0964 7088 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:26:33.0976 7088 WebClient - ok
13:26:33.0982 7088 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:26:34.0006 7088 Wecsvc - ok
13:26:34.0013 7088 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:26:34.0035 7088 wercplsupport - ok
13:26:34.0050 7088 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:26:34.0072 7088 WerSvc - ok
13:26:34.0076 7088 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:26:34.0097 7088 WfpLwf - ok
13:26:34.0100 7088 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:26:34.0107 7088 WIMMount - ok
13:26:34.0110 7088 WinDefend - ok
13:26:34.0122 7088 [ BE94F78E11841CE2418726E6333E2603 ] Windows7FirewallService C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
13:26:34.0129 7088 Windows7FirewallService ( UnsignedFile.Multi.Generic ) - warning
13:26:34.0129 7088 Windows7FirewallService - detected UnsignedFile.Multi.Generic (1)
13:26:34.0132 7088 WinHttpAutoProxySvc - ok
13:26:34.0141 7088 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:26:34.0165 7088 Winmgmt - ok
13:26:34.0188 7088 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:26:34.0223 7088 WinRM - ok
13:26:34.0230 7088 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
13:26:34.0239 7088 WinUSB - ok
13:26:34.0253 7088 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:26:34.0269 7088 Wlansvc - ok
13:26:34.0296 7088 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:26:34.0322 7088 wlidsvc - ok
13:26:34.0326 7088 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:26:34.0334 7088 WmiAcpi - ok
13:26:34.0341 7088 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:26:34.0350 7088 wmiApSrv - ok
13:26:34.0354 7088 WMPNetworkSvc - ok
13:26:34.0358 7088 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:26:34.0366 7088 WPCSvc - ok
13:26:34.0370 7088 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:26:34.0379 7088 WPDBusEnum - ok
13:26:34.0382 7088 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:26:34.0403 7088 ws2ifsl - ok
13:26:34.0407 7088 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
13:26:34.0419 7088 wscsvc - ok
13:26:34.0422 7088 WSearch - ok
13:26:34.0452 7088 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:26:34.0482 7088 wuauserv - ok
13:26:34.0487 7088 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:26:34.0495 7088 WudfPf - ok
13:26:34.0500 7088 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:26:34.0508 7088 WUDFRd - ok
13:26:34.0512 7088 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:26:34.0520 7088 wudfsvc - ok
13:26:34.0526 7088 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:26:34.0539 7088 WwanSvc - ok
13:26:34.0548 7088 ================ Scan global ===============================
13:26:34.0552 7088 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:26:34.0557 7088 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:26:34.0564 7088 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:26:34.0568 7088 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:26:34.0577 7088 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:26:34.0579 7088 [Global] - ok
13:26:34.0579 7088 ================ Scan MBR ==================================
13:26:34.0581 7088 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:26:34.0742 7088 \Device\Harddisk0\DR0 - ok
13:26:34.0757 7088 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
13:26:34.0883 7088 \Device\Harddisk1\DR1 - ok
13:26:34.0901 7088 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
13:26:34.0960 7088 \Device\Harddisk2\DR2 - ok
13:26:34.0960 7088 ================ Scan VBR ==================================
13:26:34.0963 7088 [ 085F3F914A8F1D9BCB8E730762C24BBD ] \Device\Harddisk0\DR0\Partition1
13:26:34.0965 7088 \Device\Harddisk0\DR0\Partition1 - ok
13:26:34.0967 7088 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
13:26:34.0968 7088 \Device\Harddisk1\DR1\Partition1 - ok
13:26:34.0989 7088 [ E5C08E72FC834C580B7FA7D8DD63853B ] \Device\Harddisk1\DR1\Partition2
13:26:34.0990 7088 \Device\Harddisk1\DR1\Partition2 - ok
13:26:35.0004 7088 [ 065BA3EBB61D9A26024C51E7AED2E01A ] \Device\Harddisk1\DR1\Partition3
13:26:35.0005 7088 \Device\Harddisk1\DR1\Partition3 - ok
13:26:35.0027 7088 [ C1F0C4A325178BF6143C877E009082BB ] \Device\Harddisk2\DR2\Partition1
13:26:35.0028 7088 \Device\Harddisk2\DR2\Partition1 - ok
13:26:35.0029 7088 ================ Scan active images ========================
13:26:35.0029 7088 ============================================================
13:26:35.0029 7088 Scan finished
13:26:35.0029 7088 ============================================================
13:26:35.0034 7120 Detected object count: 15
13:26:35.0035 7120 Actual detected object count: 15
13:26:54.0111 7120 AMDRAIDXpert ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:54.0111 7120 AMDRAIDXpert ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:54.0113 7120 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:54.0113 7120 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:54.0114 7120 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:54.0114 7120 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:54.0115 7120 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:54.0115 7120 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:54.0116 7120 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:54.0116 7120 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:54.0117 7120 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:54.0117 7120 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:54.0118 7120 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:54.0118 7120 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:54.0119 7120 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:54.0119 7120 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:54.0120 7120 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:54.0120 7120 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:54.0121 7120 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:54.0121 7120 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:54.0122 7120 RTL8192su ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:54.0122 7120 RTL8192su ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:54.0123 7120 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:54.0123 7120 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:54.0124 7120 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:54.0124 7120 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:54.0125 7120 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:54.0125 7120 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:26:54.0126 7120 Windows7FirewallService ( UnsignedFile.Multi.Generic ) - skipped by user
13:26:54.0126 7120 Windows7FirewallService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:27:22.0606 4796 Deinitialize success

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.16.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Tom :: TOM-PC [administrator]

4/16/2013 1:36:03 PM
mbar-log-2013-04-16 (13-36-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 33121
Time elapsed: 4 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

I posted the second TDSSKiller report and the first mbar report. I had a few issues. After the first reboot from TDSSKiller I had a black screen like nothing was loading after I logged in so I CTRL+ALT+DELETE and started Task Manager, Killed explorer process, then ran explorer. After that I had to start up TDSSKiller manually and did a scan. Then I started mbar and I get Failed: I/O error when trying to update. So I restarted my computer again and then TDSSKiller poped up by itself after getting into windows so I ran that again, it detected 15 objects both times so I just posted the second report. Then I started mbar and got a blue screen of death. Link to the exact screen at the end. Then I rebooted after the BSOD and I was able to run mbar including the update. It didn't detect anything so I ran it twice, I included the first report. I am still getting the Trojan quaranteneded message every 10 minutes by Microsoft Security Essentials. http://img197.imageshack.us/img197/456/imag0722k.jpg

Edited by tomblits, 16 April 2013 - 01:59 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:29 AM

Posted 16 April 2013 - 08:43 PM

I want you to uninstall MSE and reinstall it - I think it is something going on with MSE
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 tomblits

tomblits
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 18 April 2013 - 03:25 PM

I uninstalled MSE via windows Control Panel and reinstalled it. Did a full scan and it began detecting Trojan:JS/Seedabutor.B again, and it still is detecting it every 10 minutes. MSE also keep its detected items history if that is relevant at all, but I know I uninstalled it, and when reinstalling it when through its full procedure of re-downloading the virus data base and scans.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:29 AM

Posted 18 April 2013 - 04:33 PM

I would like you to change the system clock ahead 6 months and restart the computer


change the clock back and restart once more and see if it still finds it
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 tomblits

tomblits
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 18 April 2013 - 06:42 PM

I set the windows clock in the bottom windows taskbar to oct 18, 2013 then restarted, set it back to april 18, 2013, reset and it is still detecting the trojan.

Edited by tomblits, 19 April 2013 - 01:01 AM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:29 AM

Posted 21 April 2013 - 03:47 PM


Hello tomblits

Ok lets try running this now.


Please download Kaspersky Virus Removal Tool and SAVE it to your desktop
  • Right click and run as admin (xp please double click to run)
  • select lang
  • accept the license aggreement
  • click on settings (gear looking thing on the right)
  • put check mark in
    • system memory
      hidden objects
      disk boot sectors
      computer

  • go back to automatic scan
  • click on start scan
  • For this scan select skip for anything found
  • when the scan is complete click on the report button (looks like a peace of paper on the right of the gear looking thing)
  • on the left you will see
    • status
      Detected threats<-- click on this one
      automatic Scan report
      Manual disinfection report
  • click on the save button
    • save to a location that you can find it ( default is in the document folder)

  • copy and paste this report in your next post
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 tomblits

tomblits
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 23 April 2013 - 01:05 AM

I had a lot of trouble with this one. I ran the scan three times and the first two times it had a malfunction that caused it to stop. The first time it scanned 1.2mil files, the second it scanned .8mil files, and for reference my computer has ~3mil files. There are no detected threats, and the two scans do have reports under Automatic Scan report however their file size is ~300MB. I then ran it another time, and it did complete the scan after 7 hours of scanning and it said there were a total of 1.3mil files. I think the issue was there wasn't enough space on my C: drive, because that's the only change I made that seemed to fix the malfunctions. There are no detected threats from the completed scan either.

Edited by tomblits, 23 April 2013 - 01:53 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users