Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How do I remove riaiccape.exe


  • This topic is locked This topic is locked
15 replies to this topic

#1 skysis

skysis

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 05 June 2013 - 07:39 PM

The following is posted for bopme
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.21.2
Run by skysi at 19:25:24 on 2013-06-05
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.24574.16861 [GMT -5:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Windows\system32\svchost.exe -k bthaudiosvc
C:\Program Files (x86)\Jump Desktop\JumpService.exe
C:\Windows\SysWOW64\srvany.exe
C:\Windows\KMService.exe
D:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
C:\Windows\SysWOW64\nlssrv32.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
c:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\Program Files\GPSoftware\Directory Opus\dopusx64.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Java\jre7\bin\javaw.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 4.1\lightroom.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Filesi\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Filesi\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Directory Opus Desktop Dblclk] "C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /dblclk
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: FilterAdministratorToken = dword:1
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Translate Selection - C:\Program Files (x86)\TGF Interactive\Translate Genius\ContextMenu.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Filesi\Microsoft Office\Office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Filesi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{33539D63-6684-4F58-BA92-572DF6ED2ED1} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D517EB5C-82EA-4749-B1AB-E72ED1DE9CF7} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D517EB5C-82EA-4749-B1AB-E72ED1DE9CF7}\2375942554131363 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{D517EB5C-82EA-4749-B1AB-E72ED1DE9CF7}\2375942554136353 : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Filesi\Microsoft Office\Office14\GROOVEEX.DLL
SEH: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll
LSA: Notification Packages =  scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-SEH: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\skysi\AppData\Roaming\Mozilla\Firefox\Profiles\wknzsma9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/intl/en/options/
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\drivers\aswNdis.sys [2011-9-5 12368]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\System32\drivers\aswNdis2.sys [2011-9-5 253784]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2012-8-10 137312]
R0 hotcore3;hc3ServiceName;C:\Windows\System32\drivers\hotcore3.sys [2011-3-5 37392]
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2009-10-27 22568]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-6 56336]
R0 vidsflt67;Acronis Disk Storage Filter (67);C:\Windows\System32\drivers\vsflt67.sys [2012-8-10 146528]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\System32\drivers\aswFW.sys [2011-9-5 127320]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-9-5 505176]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-9-5 280408]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-17 171600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-27 203264]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-9-5 22360]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-9-5 64344]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-9-5 42184]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2011-9-5 121000]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]
R2 HFGService;Handsfree Headset Service;C:\Windows\System32\svchost.exe -k bthaudiosvc [2009-7-13 27136]
R2 iPodDrv;iPodDrv;C:\Windows\System32\drivers\iPodDrv.sys [2011-7-27 14952]
R2 JumpDesktop;Jump Desktop Service;C:\Program Files (x86)\Jump Desktop\JumpService.exe [2012-5-18 7680]
R2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
R2 LMIGuardianSvc;LMIGuardianSvc;D:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-5-11 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;D:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-4-2 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-7-9 72216]
R2 Marvell RAID;Marvell RAID Event Agent;C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [2010-3-7 235560]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-4 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-4 682344]
R2 MRUWebService;MRU Web Service;C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2008-6-12 24635]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2011-11-21 66560]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2012-8-6 301760]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2011-3-5 27136]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2013-4-3 551264]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-5-8 583968]
R3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2011-3-15 1847296]
R3 cmudaxp;ASUS Xonar DX Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2010-9-16 1266688]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-4 24176]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-11-20 75776]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-11-20 177152]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-24 535656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SetupARService;SetupARService;C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [2011-10-24 24576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2012-8-10 367200]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2012-5-8 36328]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-3-2 163368]
S3 BthAudioHF;BthAudioHF Service;C:\Windows\System32\drivers\BthAudioHF.sys [2009-12-21 52224]
S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-13 29184]
S3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2013-2-23 594472]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-2-23 39976]
S3 csr_a2dp;Bluetooth AV Profile;C:\Windows\System32\drivers\bthav.sys [2009-12-21 78848]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-5-8 82112]
S3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2012-1-23 44624]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-5-31 16776]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2011-3-5 25640]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-5-31 9096]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-3-5 30528]
S3 netr7364;Netopia RT73 Wireless Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]
S3 PhoneMyPC_Helper;PhoneMyPC_Helper;D:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe [2011-7-15 31232]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-3-11 20992]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2011-10-24 51712]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-3-5 24064]
S3 SamsungAllShareV2.0;Samsung AllShare PC;D:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-3-2 25504]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;D:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2011\RpcAgentSrv.exe [2011-9-6 93848]
S3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-6-17 154752]
S3 SimpleSlideShowServer;SimpleSlideShowServer;D:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-3-2 27584]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-5-8 157160]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-5-8 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-5-8 177128]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-5-8 202560]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2011-10-24 51712]
S3 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-11 59392]
S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-3-5 24064]
S3 vncserver;VNC Server;C:\Program Files\RealVNC\VNC Server\vncserver.exe [2012-8-13 4714888]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-11 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-8-10 3459024]
S4 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-3-5 68136]
S4 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
S4 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2011-3-5 72304]
S4 WysePocketCloud;Wyse PocketCloud;C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2012-3-20 175520]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="C:\Program Files (x86)\IVONA\IVONA Reader\IVONA Reader.exe" -l -o "%1" -x [default=ConvInIVONAReader  - 'Open' doesn't exist]
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-06-04 21:56:23 -------- d-----w- C:\Program Files (x86)\ESET
2013-06-04 21:22:58 -------- d-----w- C:\TDSSKiller_Quarantine
2013-06-04 08:11:37 -------- d-sh--w- C:\$RECYCLE.BIN
2013-06-04 07:40:58 98816 ----a-w- C:\Windows\sed.exe
2013-06-04 07:40:58 256000 ----a-w- C:\Windows\PEV.exe
2013-06-04 07:40:58 208896 ----a-w- C:\Windows\MBR.exe
2013-06-04 07:04:22 -------- d-----w- C:\Program Files (x86)\FileASSASSIN
2013-06-04 06:41:29 -------- d-----w- C:\Users\skysi\AppData\Roaming\Malwarebytes
2013-06-04 06:41:23 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-06-04 06:41:23 -------- d-----w- C:\ProgramData\Malwarebytes
2013-06-04 06:41:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-04 06:26:28 -------- d-sh--w- C:\ProgramData\svsupdates0
2013-05-31 14:02:21 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6903548C-E9DF-4889-AAC5-EBCD1BBD4B8C}\mpengine.dll
2013-05-21 06:35:19 -------- d-----w- C:\Windows\SysWow64\directx
2013-05-16 22:52:02 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-14 18:31:10 6128760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-05-14 18:31:10 6128760 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-05-11 06:40:30 -------- d-----w- C:\Users\skysi\.Virtualbox
2013-05-10 17:05:31 -------- d--h--w- C:\ProgramData\Common Files
.
==================== Find3M  ====================
.
2013-06-04 09:09:04 25640 ----a-w- C:\Windows\gdrv.sys
2013-05-30 20:47:23 419840 ----a-w- C:\Windows\System32\systemcpl.dll
2013-05-30 20:47:23 14848 ----a-w- C:\Windows\System32\slwga.dll
2013-05-30 20:47:23 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
2013-05-30 20:47:22 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2013-05-30 20:47:22 1008640 ----a-w- C:\Windows\System32\user32.dll
2013-05-16 22:51:59 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-05-16 22:51:59 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-05-15 17:12:44 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-15 17:12:43 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 07:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-03-09 00:07:12 30528 ----a-w- C:\Windows\GVTDrv64.sys
.
============= FINISH: 19:25:50.42 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:00 PM

Posted 08 June 2013 - 09:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
  • ===

    Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • ===

    thisisujrt.gif Please download
    Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
  • ===

    Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
    Link 1
    Link 2

    IMPORTANT !!! Save ComboFix.exe to your Desktop

    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    3. Do not install any other programs until this if fixed.


    How to : Disable Anti-virus and Firewall...
    http://www.bleepingcomputer.com/forums/topic114351.html

    Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
  • Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

    Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ===

    Third party programs if not up to date can be the cause of infiltration an infection.

    Please run this security check for my review.

    Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • ===

    Please paste the logs in your next reply DO NOT ATTACH THEM.
    Let me know what problem persists.


#3 skysis

skysis
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 09 June 2013 - 05:43 PM

Thanks a lot for your help, Forum Addict!

Here are the logs:

 

 

RogueKiller
 
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : skysi [Admin rights]
Mode : Scan -- Date : 06/09/2013 15:35:19
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 9 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED] ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
C:WINDOWSsystem32driversetchosts
127.0.0.1 localhost
 
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive4: WDC WD1002FAEX-007BA0 ATA Device +++++
--- User ---
[MBR] 8d026167fad392b3afdd9390b74511e2
[BSP] cef4d57c18a7cde6d3af6b84eb5bd094 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 414303 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 848700720 | Size: 539461 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[1]_S_06092013_02d1535.txt >>
RKreport[1]_S_06092013_02d1535.txt

 

 
AdwCleaner
 
# AdwCleaner v2.303 - Logfile created 06/09/2013 at 15:52:58
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Enterprise Service Pack 1 (64 bits)
# User : skysi - FARSCAPE1
# Boot Mode : Normal
# Running from : D:\Utilities\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16421
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v13.0.1 (en-US)
 
File : C:\Users\skysi\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.serge\prefs.js
 
[OK] File is clean.
 
File : C:\Users\skysi\AppData\Roaming\Mozilla\Firefox\Profiles\wknzsma9.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v27.0.1453.110
 
File : C:\Users\skysi\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [11732 octets] - [04/06/2013 16:37:19]
AdwCleaner[S1].txt - [11713 octets] - [04/06/2013 16:39:26]
AdwCleaner[S2].txt - [1163 octets] - [04/06/2013 16:45:39]
AdwCleaner[S3].txt - [1228 octets] - [09/06/2013 15:52:58]
 
########## EOF - C:\AdwCleaner[S3].txt - [1288 octets] ##########

 

Junkware Removal

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Enterprise x64
Ran by skysi on Sun 06/09/2013 at 16:02:14.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\splashtop"
Successfully deleted: [Folder] "C:\Users\skysi\appdata\local\splashtop"
Failed to delete: [Folder] "C:\Program Files (x86)\splashtop"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\skysi\appdata\local\{2EC23A50-4467-4E14-A7C5-827A7A3DC7BA}
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\skysi\AppData\Roaming\mozilla\firefox\profiles\febeprof.serge\extensions\requestpolicy@requestpolicy.com
Successfully deleted the following from C:\Users\skysi\AppData\Roaming\mozilla\firefox\profiles\febeprof.serge\prefs.js
 
user_pref("google.toolbar.button_option.cached.gtbSearchBlogs", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchBlogs\" t
user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchPhotos\"
user_pref("google.toolbar.button_option.cached.gtbSearchScholar", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchScholar
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_CTK0Y7F4MTG6NKYH03WT-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/
Emptied folder: C:\Users\skysi\AppData\Roaming\mozilla\firefox\profiles\febeprof.serge\minidumps [4 files]
 
 
 
~~~ Event Viewer Logs were cleared
 

ComboFix

 

ComboFix 13-06-08.02 - skysi 06/09/2013  16:18:02.3.8 - x64

Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.24574.21868 [GMT -5:00]
Running from: c:\users\skysi\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-09 to 2013-06-09  )))))))))))))))))))))))))))))))
.
.
2013-06-09 21:24 . 2013-06-09 21:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-09 21:02 . 2013-06-09 21:02 -------- d-----w- c:\windows\ERUNT
2013-06-09 21:01 . 2013-06-09 21:01 -------- d-----w- C:\JRT
2013-06-04 21:56 . 2013-06-04 21:56 -------- d-----w- c:\program files (x86)\ESET
2013-06-04 21:22 . 2013-06-04 21:22 -------- d-----w- C:\TDSSKiller_Quarantine
2013-06-04 07:04 . 2013-06-04 07:04 -------- d-----w- c:\program files (x86)\FileASSASSIN
2013-06-04 06:41 . 2013-06-04 06:41 -------- d-----w- c:\users\skysi\AppData\Roaming\Malwarebytes
2013-06-04 06:41 . 2013-06-04 06:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-04 06:41 . 2013-06-04 06:41 -------- d-----w- c:\programdata\Malwarebytes
2013-06-04 06:41 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-04 06:26 . 2013-06-04 08:04 -------- d-sh--w- c:\programdata\svsupdates0
2013-05-31 14:02 . 2013-05-14 06:48 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6903548C-E9DF-4889-AAC5-EBCD1BBD4B8C}\mpengine.dll
2013-05-16 22:52 . 2013-05-16 22:52 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-16 22:52 . 2013-05-16 22:51 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-14 18:31 . 2013-05-14 18:31 6128760 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-05-14 18:31 . 2013-05-14 18:31 6128760 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-05-11 06:40 . 2013-05-11 06:40 -------- d-----w- c:\users\skysi\.Virtualbox
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-06 00:39 . 2013-06-06 00:39 6776 ----a-w- C:\Attach.zip
2013-06-04 09:09 . 2011-03-05 09:10 25640 ----a-w- c:\windows\gdrv.sys
2013-05-30 20:47 . 2011-03-12 00:57 419840 ----a-w- c:\windows\system32\systemcpl.dll
2013-05-30 20:47 . 2011-03-12 00:57 14848 ----a-w- c:\windows\system32\slwga.dll
2013-05-30 20:47 . 2011-03-12 00:57 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2013-05-30 20:47 . 2011-03-12 00:57 1008640 ----a-w- c:\windows\system32\user32.dll
2013-05-30 20:47 . 2011-03-12 00:57 833024 ----a-w- c:\windows\SysWow64\user32.dll
2013-05-16 22:51 . 2012-07-09 14:26 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-05-16 22:51 . 2011-03-17 16:33 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-15 17:12 . 2012-05-01 03:14 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 17:12 . 2011-06-05 20:53 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 07:06 . 2011-01-02 21:12 278800 ------w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2013-05-30 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2013-05-30 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\skysi\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\skysi\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\skysi\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\skysi\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Directory Opus Desktop Dblclk"="c:\program files\GPSoftware\Directory Opus\dopusrt.exe" [2010-10-12 279008]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-02-17 109784]
"AdobeBridge"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-4-1 1390368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EE761688-C137-4b04-8FAB-3C9CDF0886F0}"= "c:\program files\GPSoftware\Directory Opus\dopuslib32.dll" [2010-10-12 324032]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
R0 PzWDM;PzWDM;c:\windows\system32\Drivers\PzWDM.sys;c:\windows\SYSNATIVE\Drivers\PzWDM.sys [x]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SetupARService;SetupARService;c:\program files (x86)\Realtek\Audio\SetupAfterRebootService.exe;c:\program files (x86)\Realtek\Audio\SetupAfterRebootService.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
R3 ALSysIO;ALSysIO;c:\users\skysi\AppData\Local\Temp\ALSysIO64.sys;c:\users\skysi\AppData\Local\Temp\ALSysIO64.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys;c:\windows\SYSNATIVE\DRIVERS\BthAudioHF.sys [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys;c:\windows\SYSNATIVE\DRIVERS\BthAvrcp.sys [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys;c:\windows\SYSNATIVE\drivers\bthav.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys;c:\windows\SYSNATIVE\DRIVERS\DKRtWrt.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 netr7364;Netopia RT73 Wireless Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R3 PhoneMyPC_Helper;PhoneMyPC_Helper;d:\program files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe;d:\program files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 SamsungAllShareV2.0;Samsung AllShare PC;d:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe;d:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;d:\program files\SiSoftware\SiSoftware Sandra Professional Home 2011\RpcAgentSrv.exe;d:\program files\SiSoftware\SiSoftware Sandra Professional Home 2011\RpcAgentSrv.exe [x]
R3 SimpleSlideShowServer;SimpleSlideShowServer;d:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe;d:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVLAN60.sys [x]
R3 vncserver;VNC Server;c:\program files\RealVNC\VNC Server\vncserver.exe;c:\program files\RealVNC\VNC Server\vncserver.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
R4 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [x]
R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
R4 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe;c:\windows\SysWOW64\XSrvSetup.exe [x]
R4 WysePocketCloud;Wyse PocketCloud;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys;c:\windows\SYSNATIVE\DRIVERS\hotcore3.sys [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt67.sys [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys;c:\windows\SYSNATIVE\drivers\iPodDrv.sys [x]
S2 JumpDesktop;Jump Desktop Service;c:\program files (x86)\Jump Desktop\JumpService.exe;c:\program files (x86)\Jump Desktop\JumpService.exe [x]
S2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;d:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;d:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;d:\program files (x86)\LogMeIn\x64\RaInfo.sys;d:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
S2 Marvell RAID;Marvell RAID Event Agent;c:\program files (x86)\Marvell\raid\svc\mvraidsvc.exe;c:\program files (x86)\Marvell\raid\svc\mvraidsvc.exe [x]
S2 MRUWebService;MRU Web Service;c:\program files (x86)\Marvell\raid\Apache2\bin\httpd.exe;c:\program files (x86)\Marvell\raid\Apache2\bin\httpd.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe;c:\program files\Macrium\Reflect\ReflectService.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [x]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]
S2 VBoxDrv;VBox Support Driver;d:\program files (x86)\YouWave Android\vb\VBoxDrv.sys;d:\program files (x86)\YouWave Android\vb\VBoxDrv.sys [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 20:44 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 17:12]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-18 15:38]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-18 15:38]
.
2013-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570261602-3034861705-1254230363-1000Core.job
- c:\users\skysi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-14 21:17]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2570261602-3034861705-1254230363-1000UA.job
- c:\users\skysi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-14 21:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\skysi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\skysi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\skysi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\skysi\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 21:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 21:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 21:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 21:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MountOverlayIcon]
@="{0F49CF41-FD97-4942-9F2A-35E8B489E7FB}"
[HKEY_CLASSES_ROOT\CLSID\{0F49CF41-FD97-4942-9F2A-35E8B489E7FB}]
2010-10-21 09:41 308736 ----a-w- c:\program files\WinMountPortable\App\WinMount_64\WinMTExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
d:\program files\Alwil Software\Avast5\snxPlugins64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"= "c:\program files\GPSoftware\Directory Opus\dopuslib.dll" [2010-10-12 742360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Translate Selection - c:\program files (x86)\TGF Interactive\Translate Genius\ContextMenu.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\skysi\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.serge\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/intl/en/options/
FF - prefs.js: keyword.URL - 
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-AssetManageHome_2010 - c:\users\skysi\Documents\uninstall.exe
AddRemove-dBpoweramp CD Writer - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-Splashtop Software Updater - c:\program files (x86)\Splashtop\Splashtop Software Updater\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2570261602-3034861705-1254230363-1000_Classes\CLSID\{FF8EE5B6-0EE0-E741-8128-E0DF451D45D5}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:d7,14,b6,87,4e,da,e2,63,ed,7a,b2,d4,52,77,60,b6,f2,02,29,e2,c5,
   d6,84,25,40,9e,7b,84,61,c0,0e,85,05,28,40,48,95,25,e0,60,40,51,28,32,75,48,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"v5Licence0"="15-6MH5-W1J4-U2P8-GHAM-HJYU-T73P8Z9"
"Activated"="Y"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:d7,14,b6,87,4e,da,e2,63,ed,7a,b2,d4,52,77,60,b6,f2,02,29,e2,c5,
   d6,84,25,40,9e,7b,84,61,c0,0e,85,05,28,40,48,95,25,e0,60,40,51,28,32,75,48,\
.
Completion time: 2013-06-09  16:26:10
ComboFix-quarantined-files.txt  2013-06-09 21:26
ComboFix2.txt  2013-06-04 07:51
.
Pre-Run: 274,781,835,264 bytes free
Post-Run: 274,722,328,576 bytes free
.
- - End Of File - - 502CECAE5A12D43846C90DB89023A798
A36C5E4F47E84449FF07ED3517B43A31
 

Security Check

 

Results of screen317's Security Check version 0.99.64  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
avast! Internet Security   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.70.0.1100  
 AVS Registry Cleaner version 2.2 
 Java 7 Update 21  
 Adobe Flash Player 11.7.700.202  
 Mozilla Firefox 13.0.1 Firefox out of Date!  
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.94  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 9% 
````````````````````End of Log`````````````````````` 
 

End

 
P.S. the file riaiccape.exe is still there in two locations.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:00 PM

Posted 10 June 2013 - 07:02 AM

Please run the RogueKiller tool and select the Delete button this time.

Post the log.

I do not see any reference to riaiccape.exe in your logs.
Where is it located?

I sugggest you update your Virus software and run it when installed.
===

If the riaiccape.exe is still present run this online scan.

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


#5 skysis

skysis
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 10 June 2013 - 08:10 PM

Hi Nasdaq,
 
I did run RougeKiller Delete function twice actually and posted logs. It's unable to delete riaiccape.exe
As you see in this ESET log, it's located in two places and can't be deleted. Eset can't do it. Neither can any other security apps. In fact, they can't even see the file. I have two security packages, MalwareBytes Pro and Avast. MalwareBytes can't see riaiccape.exe. Avast does see it but can't delete it. I tried to delete it while booting with PE BART, but all I got was access denied. Please read my initial message here: http://www.bleepingcomputer.com/forums/t/496951/how-do-i-remove-riaiccapeexe/

 

 
 
 
ESET log:
 
C:\Program Files (x86)\AVCHDCoder\Tools\Process.exe Win32/PrcView application
C:\ProgramData\svsupdates0\riaiccape.exe a variant of Win32/Injector.Autoit.MB trojan
C:\Qoobox\Quarantine\C\ProgramData\svsupdates0\riaiccape.exe.vir a variant of Win32/Injector.Autoit.MB trojan
C:\Users\All Users\svsupdates0\riaiccape.exe a variant of Win32/Injector.Autoit.MB trojan
C:\Users\skysi\Desktop\UVRT-v1.9.1.0-Installer.exe a variant of MSIL/Packed.CryptoObfuscator.C application
C:\Windows\Installer\188eef26.msi a variant of MSIL/Packed.CryptoObfuscator.C application


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:00 PM

Posted 11 June 2013 - 07:58 AM

Boot to Safe Mode
How to boot to Safe Mode, Vista - Windows 7
http://www.computerhope.com/issues/chsafe.htm#03
===

Delete this folder in bold.
C:\ProgramData\svsupdates0

Restart the computer normally.

Download "http://public.avast.com/~gmerek/aswMBR.exe" (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
===

Let me know if the Folder just delete has been created.

#7 skysis

skysis
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 11 June 2013 - 03:41 PM

The link to Avast you sent me does not work. Also I do have Avast Full suite on my computer. Can I use that to check my MBR?

Also, I did try to remove that folder from Safe mode. The computer does not see that folder unless I use the unhide command. And even then the folder can’t be removed. I get access denied. I did describe all this in my previous messages.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:00 PM

Posted 12 June 2013 - 07:48 AM

Sorry about this wrong link. This one should work.
It looks like we are dealing with a new Rootkit.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Note: You may be asked if you want to download Avast Free Antivirus I suggest you deny this download unless you do not have any Antivirus protection on the computer.
===
  • Please download RootRepeal.zip from here.
  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.
    nclahc.gif
  • Select ALL of the checkboxes and then click OK and it will start scanning your system.
    2j5lb6.gif
  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.
  • NOTE! Please remove any e-mail address in the RootRepeal report (if present).


#9 skysis

skysis
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 13 June 2013 - 02:47 AM

Thanks again for your help! Much appreciated! Here's the info.
 
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-13 02:29:46
-----------------------------
02:29:46.738    OS Version: Windows x64 6.1.7601 Service Pack 1
02:29:46.738    Number of processors: 8 586 0x1A05
02:29:46.738    ComputerName: FARSCAPE1  UserName: skysi
02:29:52.026    Initialize success
02:29:52.738    AVAST engine defs: 13053100
02:30:17.106    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:30:17.107    Disk 0 Vendor: WDC_WD1002FAEX-007BA0 05.01D05 Size: 953865MB BusType: 3
02:30:17.110    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
02:30:17.112    Disk 1 Vendor: WDC_WD6402AAEX-00Y9A0 05.01D05 Size: 610480MB BusType: 3
02:30:17.115    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-4
02:30:17.116    Disk 2 Vendor: ST3000DM001-9YN166 CC4B Size: 2861584MB BusType: 3
02:30:17.119    Disk 3  \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP3T0L0-6
02:30:17.121    Disk 3 Vendor: ST3000DM001-1CH166 CC24 Size: 2861588MB BusType: 3
02:30:17.128    Disk 4  \Device\Harddisk4\DR4 -> \Device\Ide\IdeDeviceP5T0L0-9
02:30:17.130    Disk 4 Vendor: WDC_WD2002FAEX-007BA0 05.01D05 Size: 1907729MB BusType: 3
02:30:17.134    Disk 7  \Device\Harddisk7\DR7 -> \Device\Scsi\JRAID1Port0Path0Target0Lun0
02:30:17.136    Disk 7 Vendor: WDC_____ 050. Size: 1907729MB BusType: 8
02:30:17.139    Disk 8  \Device\Harddisk8\DR8 -> \Device\Scsi\JRAID1Port0Path0Target1Lun0
02:30:17.143    Disk 8 Vendor: SAMSUNG_ A11Q Size: 1907729MB BusType: 8
02:30:17.147    Disk 9  \Device\Harddisk9\DR9 -> \Device\Scsi\JRAID1Port0Path0Target2Lun0
02:30:17.150    Disk 9 Vendor: SAMSUNG_ A11Q Size: 1907729MB BusType: 8
02:30:17.154    Disk 10  \Device\Harddisk10\DR10 -> \Device\Scsi\JRAID1Port0Path0Target3Lun0
02:30:17.157    Disk 10 Vendor: ST2000DL A11Q Size: 1907729MB BusType: 8
02:30:17.194    Disk 0 MBR read successfully
02:30:17.197    Disk 0 MBR scan
02:30:17.201    Disk 0 Windows 7 default MBR code
02:30:17.204    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
02:30:17.214    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       414303 MB offset 206848
02:30:17.233    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       539461 MB offset 848700720
02:30:17.256    Disk 0 scanning C:\Windows\system32\drivers
02:30:26.219    Service scanning
02:30:36.416    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
02:30:39.908    Modules scanning
02:30:39.913    Disk 0 trace - called modules:
02:30:39.924    ntoskrnl.exe fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys vsflt67.sys >>UNKNOWN [0xfffffa80131742c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
02:30:39.927    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8013b41060]
02:30:39.930    3 CLASSPNP.SYS[fffff880017a243f] -> nt!IofCallDriver -> [0xfffffa801383cb30]
02:30:39.933    5 vsflt67.sys[fffff88000fb57cd] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80136b3060]
02:30:39.936    \Driver\atapi[0xfffffa80136775c0] -> IRP_MJ_CREATE -> 0xfffffa80131742c0
02:30:40.721    AVAST engine scan C:\Windows
02:30:43.193    AVAST engine scan C:\Windows\system32
02:32:16.351    AVAST engine scan C:\Windows\system32\drivers
02:32:37.195    AVAST engine scan C:\Users\skysi
02:39:23.660    AVAST engine scan C:\ProgramData
02:41:30.204    Scan finished successfully
02:42:17.861    Disk 0 MBR has been saved successfully to "C:\MBR.dat"
02:42:17.864    The log file has been saved successfully to "C:\aswMBR.txt"

 

Attached Files

  • Attached File  MBR.zip   574bytes   0 downloads


#10 skysis

skysis
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 13 June 2013 - 02:51 AM

Unfortunately, RootRepeal does not support 64 bit.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:00 PM

Posted 13 June 2013 - 08:18 AM

Please run the TDSSKILLER tool and post the log for my review.
===

Download the Sophos Virus Removal Tool and save it to your desktop:
  • Be sure to view the 3 short How-to videos on that page.
  • Double-click Sophos Virus Removal Tool.exe. The installation files will extract and the installer will automatically run.
  • Follow the prompts to accept the license agreement, and accept the default location.
  • A message will appear "InstallShield Wizard Completed".
  • Click 'Finish' to start the program.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug you Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • A log will be in the following location:
    • Vista and above: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
      --for 64-bit C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
    • 2000/XP/Server 2003: C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
  • Please post the log in your next reply.


#12 skysis

skysis
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 13 June 2013 - 09:35 PM

Hi nasdaq,

 

I'll be very busy till Monday. Can I get back to you with the results on Monday?

Again, thanks a lot for taking time to help!!!



#13 skysis

skysis
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 16 June 2013 - 06:50 PM

18:46:22.0499 1780  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:46:23.0046 1780  ============================================================
18:46:23.0046 1780  Current date / time: 2013/06/16 18:46:23.0046
18:46:23.0046 1780  SystemInfo:
18:46:23.0046 1780  
18:46:23.0046 1780  OS Version: 6.1.7601 ServicePack: 1.0
18:46:23.0046 1780  Product type: Workstation
18:46:23.0046 1780  ComputerName: FARSCAPE1
18:46:23.0046 1780  UserName: skysi
18:46:23.0046 1780  Windows directory: C:\Windows
18:46:23.0046 1780  System windows directory: C:\Windows
18:46:23.0046 1780  Running under WOW64
18:46:23.0046 1780  Processor architecture: Intel x64
18:46:23.0046 1780  Number of processors: 8
18:46:23.0046 1780  Page size: 0x1000
18:46:23.0046 1780  Boot type: Normal boot
18:46:23.0046 1780  ============================================================
18:46:23.0950 1780  Drive \Device\Harddisk0\DR0 - Size: 0xE8E09ADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
18:46:23.0967 1780  Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:46:24.0212 1780  Drive \Device\Harddisk2\DR2 - Size: 0x2BAA106DE00 (2794.52 Gb), SectorSize: 0x200, Cylinders: 0x59100, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:46:24.0216 1780  Drive \Device\Harddisk3\DR3 - Size: 0x2BAA1476000 (2794.52 Gb), SectorSize: 0x200, Cylinders: 0x59101, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:46:24.0230 1780  Drive \Device\Harddisk4\DR4 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:46:24.0234 1780  Drive \Device\Harddisk10\DR10 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:46:33.0255 1780  Drive \Device\Harddisk5\DR5 - Size: 0xF4FC8000 (3.83 Gb), SectorSize: 0x200, Cylinders: 0x1F3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:46:33.0269 1780  Drive \Device\Harddisk9\DR9 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:46:42.0119 1780  ============================================================
18:46:42.0119 1780  \Device\Harddisk0\DR0:
18:46:42.0119 1780  MBR partitions:
18:46:42.0119 1780  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:46:42.0119 1780  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3292FD30
18:46:42.0120 1780  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x32962530, BlocksNum 0x41DA2840
18:46:42.0120 1780  \Device\Harddisk1\DR1:
18:46:42.0120 1780  GPT partitions:
18:46:42.0120 1780  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {AAEE280A-69FB-1431-666C-98C9C70F9D2F}, Name: , StartLBA 0x22, BlocksNum 0x4A85826C
18:46:42.0120 1780  MBR partitions:
18:46:42.0120 1780  \Device\Harddisk2\DR2:
18:46:42.0120 1780  GPT partitions:
18:46:42.0120 1780  \Device\Harddisk2\DR2\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {291FFC3C-6A1A-4B90-84B7-334FD9D2C09A}, Name: Mi, StartLBA 0x22, BlocksNum 0x40000
18:46:42.0120 1780  \Device\Harddisk2\DR2\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {5FABE30C-2710-0000-B43E-806E6F6E6963}, Name: , StartLBA 0x40022, BlocksNum 0x5D4C832B
18:46:42.0120 1780  MBR partitions:
18:46:42.0120 1780  \Device\Harddisk3\DR3:
18:46:42.0120 1780  GPT partitions:
18:46:42.0122 1780  \Device\Harddisk3\DR3\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {D3B53EEA-0779-4AE2-9E4F-88A63809E5C3}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
18:46:42.0122 1780  \Device\Harddisk3\DR3\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {A3213B02-1FD5-4ADB-8882-5BD837FF97AD}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x5D4C9800
18:46:42.0122 1780  MBR partitions:
18:46:42.0122 1780  \Device\Harddisk4\DR4:
18:46:42.0122 1780  GPT partitions:
18:46:42.0122 1780  \Device\Harddisk4\DR4\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {A616C287-10A3-41D2-8F58-85423FB32FB1}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
18:46:42.0122 1780  \Device\Harddisk4\DR4\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {1D8A4873-61EC-4350-973E-A9B789C82190}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0xE8DC8000
18:46:42.0122 1780  MBR partitions:
18:46:42.0122 1780  \Device\Harddisk10\DR10:
18:46:42.0135 1780  MBR partitions:
18:46:42.0135 1780  \Device\Harddisk10\DR10\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
18:46:42.0135 1780  \Device\Harddisk5\DR5:
18:46:42.0139 1780  MBR partitions:
18:46:42.0139 1780  \Device\Harddisk5\DR5\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x7A7A11
18:46:42.0139 1780  \Device\Harddisk9\DR9:
18:46:42.0139 1780  GPT partitions:
18:46:42.0140 1780  \Device\Harddisk9\DR9\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {D51D64A0-E536-B416-75D0-96B14937F60E}, Name: , StartLBA 0x22, BlocksNum 0x74706D6C
18:46:42.0140 1780  MBR partitions:
18:46:42.0140 1780  ============================================================
18:46:42.0157 1780  C: <-> \Device\Harddisk0\DR0\Partition2
18:46:42.0205 1780  D: <-> \Device\Harddisk0\DR0\Partition3
18:46:42.0273 1780  E: <-> \Device\Harddisk1\DR1\Partition1
18:46:42.0329 1780  F: <-> \Device\Harddisk2\DR2\Partition2
18:46:42.0459 1780  G: <-> \Device\Harddisk3\DR3\Partition2
18:46:42.0512 1780  H: <-> \Device\Harddisk4\DR4\Partition2
18:46:42.0622 1780  Q: <-> \Device\Harddisk9\DR9\Partition1
18:46:42.0622 1780  ============================================================
18:46:42.0622 1780  Initialize success
18:46:42.0622 1780  ============================================================
18:46:56.0422 6076  ============================================================
18:46:56.0422 6076  Scan started
18:46:56.0422 6076  Mode: Manual; 
18:46:56.0423 6076  ============================================================
18:46:57.0677 6076  ================ Scan system memory ========================
18:46:57.0677 6076  System memory - ok
18:46:57.0677 6076  ================ Scan services =============================
18:46:57.0768 6076  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:46:57.0769 6076  1394ohci - ok
18:46:57.0791 6076  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:46:57.0793 6076  ACPI - ok
18:46:57.0806 6076  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:46:57.0806 6076  AcpiPmi - ok
18:46:57.0889 6076  [ 0B3601ECEA5D6D41CCAE143355892061 ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
18:46:57.0898 6076  AcrSch2Svc - ok
18:46:57.0964 6076  [ BF3818B441955E4D438EC72F06F1FE61 ] AdobeActiveFileMonitor11.0 C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
18:46:57.0966 6076  AdobeActiveFileMonitor11.0 - ok
18:46:58.0039 6076  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:46:58.0041 6076  AdobeFlashPlayerUpdateSvc - ok
18:46:58.0062 6076  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
18:46:58.0064 6076  adp94xx - ok
18:46:58.0078 6076  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
18:46:58.0081 6076  adpahci - ok
18:46:58.0091 6076  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
18:46:58.0092 6076  adpu320 - ok
18:46:58.0109 6076  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:46:58.0111 6076  AeLookupSvc - ok
18:46:58.0134 6076  [ B794DD8ACC5CC76177156463DAB4BEBB ] afcdp           C:\Windows\system32\DRIVERS\afcdp.sys
18:46:58.0137 6076  afcdp - ok
18:46:58.0189 6076  [ 5555E5CE43DE53FE4C2F19A1163C49A0 ] afcdpsrv        C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
18:46:58.0232 6076  afcdpsrv - ok
18:46:58.0257 6076  [ D5B031C308A409A0A576BFF4CF083D30 ] AFD             C:\Windows\system32\drivers\afd.sys
18:46:58.0261 6076  AFD - ok
18:46:58.0283 6076  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:46:58.0283 6076  agp440 - ok
18:46:58.0289 6076  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
18:46:58.0291 6076  ALG - ok
18:46:58.0313 6076  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:46:58.0313 6076  aliide - ok
18:46:58.0349 6076  ALSysIO - ok
18:46:58.0367 6076  [ F687D4976EFF550FB0BE45A5CB19F18F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:46:58.0368 6076  AMD External Events Utility - ok
18:46:58.0377 6076  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:46:58.0378 6076  amdide - ok
18:46:58.0388 6076  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:46:58.0388 6076  AmdK8 - ok
18:46:58.0476 6076  [ 74687C33C4AD25A975BBB1EA1E8B3884 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
18:46:58.0553 6076  amdkmdag - ok
18:46:58.0567 6076  [ C7F56ED86327A78E7F8A5CC503A98BD6 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
18:46:58.0568 6076  amdkmdap - ok
18:46:58.0577 6076  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:46:58.0577 6076  AmdPPM - ok
18:46:58.0602 6076  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:46:58.0603 6076  amdsata - ok
18:46:58.0611 6076  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:46:58.0612 6076  amdsbs - ok
18:46:58.0621 6076  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:46:58.0622 6076  amdxata - ok
18:46:58.0639 6076  [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
18:46:58.0639 6076  androidusb - ok
18:46:58.0653 6076  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
18:46:58.0654 6076  AppID - ok
18:46:58.0667 6076  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:46:58.0668 6076  AppIDSvc - ok
18:46:58.0691 6076  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
18:46:58.0692 6076  Appinfo - ok
18:46:58.0703 6076  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
18:46:58.0706 6076  AppMgmt - ok
18:46:58.0711 6076  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
18:46:58.0712 6076  arc - ok
18:46:58.0722 6076  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:46:58.0723 6076  arcsas - ok
18:46:58.0787 6076  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:46:58.0813 6076  aspnet_state - ok
18:46:58.0826 6076  [ F810E3EA3D1F3C3BA26F2F4719BDCA4F ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
18:46:58.0826 6076  aswFsBlk - ok
18:46:58.0847 6076  [ 696B534C07065512317529318DA79B80 ] aswFW           C:\Windows\system32\drivers\aswFW.sys
18:46:58.0847 6076  aswFW - ok
18:46:58.0867 6076  [ 3687FD9CEDF56D3B9F18923F4E14F3F9 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
18:46:58.0868 6076  aswMonFlt - ok
18:46:58.0879 6076  [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis         C:\Windows\system32\DRIVERS\aswNdis.sys
18:46:58.0879 6076  aswNdis - ok
18:46:58.0886 6076  [ B977CB4B919E6D47009B608A4E733B43 ] aswNdis2        C:\Windows\system32\drivers\aswNdis2.sys
18:46:58.0888 6076  aswNdis2 - ok
18:46:58.0896 6076  [ E99E48596B35E5D5240104BCD61B3471 ] aswRdr          C:\Windows\system32\drivers\aswRdr.sys
18:46:58.0896 6076  aswRdr - ok
18:46:58.0912 6076  [ 84AD8FB3FD2EFA52D8599A0028BBB6FE ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
18:46:58.0913 6076  aswSnx - ok
18:46:58.0922 6076  [ 8CBA6CC5DCA9E3829F1792BF98F06901 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
18:46:58.0923 6076  aswSP - ok
18:46:58.0931 6076  [ 184248F2DED7B1641C7F3B30381BAA2A ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
18:46:58.0932 6076  aswTdi - ok
18:46:58.0944 6076  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:46:58.0946 6076  AsyncMac - ok
18:46:58.0966 6076  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
18:46:58.0966 6076  atapi - ok
18:46:59.0009 6076  [ 36322190763845975E0D001E90687BF2 ] athur           C:\Windows\system32\DRIVERS\athurx.sys
18:46:59.0034 6076  athur - ok
18:46:59.0047 6076  [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
18:46:59.0047 6076  AtiHdmiService - ok
18:46:59.0076 6076  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:46:59.0082 6076  AudioEndpointBuilder - ok
18:46:59.0091 6076  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:46:59.0094 6076  AudioSrv - ok
18:46:59.0134 6076  [ 2695E3E9497BF72ABB44B5010EC5DA16 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:46:59.0136 6076  avast! Antivirus - ok
18:46:59.0154 6076  [ C439C2613175C9364A61DA708551381C ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
18:46:59.0154 6076  avast! Firewall - ok
18:46:59.0176 6076  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:46:59.0178 6076  AxInstSV - ok
18:46:59.0197 6076  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
18:46:59.0199 6076  b06bdrv - ok
18:46:59.0212 6076  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:46:59.0213 6076  b57nd60a - ok
18:46:59.0243 6076  [ F01759FA97126CC69DFA85CEDA0717A1 ] bcbtums         C:\Windows\system32\drivers\bcbtums.sys
18:46:59.0244 6076  bcbtums - ok
18:46:59.0247 6076  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:46:59.0248 6076  BDESVC - ok
18:46:59.0257 6076  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:46:59.0257 6076  Beep - ok
18:46:59.0288 6076  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
18:46:59.0294 6076  BFE - ok
18:46:59.0323 6076  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
18:46:59.0332 6076  BITS - ok
18:46:59.0339 6076  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:46:59.0339 6076  blbdrive - ok
18:46:59.0394 6076  [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
18:46:59.0397 6076  Bonjour Service - ok
18:46:59.0422 6076  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:46:59.0422 6076  bowser - ok
18:46:59.0429 6076  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:46:59.0429 6076  BrFiltLo - ok
18:46:59.0441 6076  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:46:59.0441 6076  BrFiltUp - ok
18:46:59.0462 6076  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
18:46:59.0462 6076  BridgeMP - ok
18:46:59.0477 6076  [ 8EF0D5C41EC907751B8429162B1239ED ] Browser         C:\Windows\System32\browser.dll
18:46:59.0479 6076  Browser - ok
18:46:59.0489 6076  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:46:59.0491 6076  Brserid - ok
18:46:59.0504 6076  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:46:59.0504 6076  BrSerWdm - ok
18:46:59.0511 6076  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:46:59.0511 6076  BrUsbMdm - ok
18:46:59.0518 6076  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:46:59.0519 6076  BrUsbSer - ok
18:46:59.0542 6076  [ 07DCB3C254D584E3949FE2C0EE3963F2 ] BthAudioHF      C:\Windows\system32\DRIVERS\BthAudioHF.sys
18:46:59.0543 6076  BthAudioHF - ok
18:46:59.0572 6076  [ 832B121E4532919CC49F2438F1DCAA21 ] BthAvrcp        C:\Windows\system32\DRIVERS\BthAvrcp.sys
18:46:59.0572 6076  BthAvrcp - ok
18:46:59.0594 6076  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
18:46:59.0596 6076  BthEnum - ok
18:46:59.0604 6076  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:46:59.0606 6076  BTHMODEM - ok
18:46:59.0624 6076  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
18:46:59.0626 6076  BthPan - ok
18:46:59.0646 6076  [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
18:46:59.0649 6076  BTHPORT - ok
18:46:59.0656 6076  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
18:46:59.0657 6076  bthserv - ok
18:46:59.0674 6076  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
18:46:59.0674 6076  BTHUSB - ok
18:46:59.0704 6076  [ 3AFF6DC496B8A8D12C867E3FC7C86FAC ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
18:46:59.0709 6076  btwampfl - ok
18:46:59.0724 6076  [ 336BBA0909B3636AB7D06A71D7B1C0DC ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
18:46:59.0726 6076  btwaudio - ok
18:46:59.0738 6076  [ 9FF58F76024D25784755B01F926B00BE ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
18:46:59.0739 6076  btwavdt - ok
18:46:59.0786 6076  [ 26A80D7ACA49E03A403806418B5FED46 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
18:46:59.0789 6076  btwdins - ok
18:46:59.0802 6076  [ B1ACFD00CDD13B48D86F46BFEC153BF9 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
18:46:59.0802 6076  btwl2cap - ok
18:46:59.0817 6076  [ EDD953D635F3AA89EF902E3F82D60D22 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
18:46:59.0818 6076  btwrchid - ok
18:46:59.0826 6076  catchme - ok
18:46:59.0836 6076  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:46:59.0837 6076  cdfs - ok
18:46:59.0857 6076  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:46:59.0858 6076  cdrom - ok
18:46:59.0884 6076  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:46:59.0886 6076  CertPropSvc - ok
18:46:59.0897 6076  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:46:59.0897 6076  circlass - ok
18:46:59.0911 6076  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
18:46:59.0913 6076  CLFS - ok
18:46:59.0953 6076  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:46:59.0956 6076  clr_optimization_v2.0.50727_32 - ok
18:46:59.0969 6076  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:46:59.0971 6076  clr_optimization_v2.0.50727_64 - ok
18:46:59.0998 6076  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:47:00.0074 6076  clr_optimization_v4.0.30319_32 - ok
18:47:00.0096 6076  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:47:00.0106 6076  clr_optimization_v4.0.30319_64 - ok
18:47:00.0112 6076  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:47:00.0112 6076  CmBatt - ok
18:47:00.0136 6076  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:47:00.0136 6076  cmdide - ok
18:47:00.0174 6076  [ 3CD27B6666D0A6A71A7B6834DD5C97F7 ] cmudaxp         C:\Windows\system32\drivers\cmudaxp.sys
18:47:00.0183 6076  cmudaxp - ok
18:47:00.0197 6076  [ D5FEA92400F12412B3922087C09DA6A5 ] CNG             C:\Windows\system32\Drivers\cng.sys
18:47:00.0201 6076  CNG - ok
18:47:00.0211 6076  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:47:00.0211 6076  Compbatt - ok
18:47:00.0237 6076  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:47:00.0237 6076  CompositeBus - ok
18:47:00.0239 6076  COMSysApp - ok
18:47:00.0248 6076  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
18:47:00.0248 6076  crcdisk - ok
18:47:00.0266 6076  [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:47:00.0267 6076  CryptSvc - ok
18:47:00.0281 6076  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
18:47:00.0284 6076  CSC - ok
18:47:00.0307 6076  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
18:47:00.0313 6076  CscService - ok
18:47:00.0322 6076  [ DF07C6D98BA7F81D0571E366B1CD6672 ] csr_a2dp        C:\Windows\system32\drivers\bthav.sys
18:47:00.0323 6076  csr_a2dp - ok
18:47:00.0363 6076  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:47:00.0369 6076  DcomLaunch - ok
18:47:00.0379 6076  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
18:47:00.0382 6076  defragsvc - ok
18:47:00.0422 6076  [ FDC0C5ADDE1CDE6EDB0BEF78F0699AF3 ] DES2 Service    C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
18:47:00.0423 6076  DES2 Service - ok
18:47:00.0444 6076  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:47:00.0444 6076  DfsC - ok
18:47:00.0481 6076  [ A64CC0B5D93F25BF5D052A1FEBE71E68 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
18:47:00.0482 6076  dg_ssudbus - ok
18:47:00.0511 6076  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:47:00.0513 6076  Dhcp - ok
18:47:00.0522 6076  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
18:47:00.0523 6076  discache - ok
18:47:00.0532 6076  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:47:00.0533 6076  Disk - ok
18:47:00.0623 6076  [ 6305F4AFB2492D188712D728BCF8A32C ] Diskeeper       C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
18:47:00.0662 6076  Diskeeper - ok
18:47:00.0678 6076  [ 20C394C80113D77406DF8F1ADC720B01 ] DKRtWrt         C:\Windows\system32\DRIVERS\DKRtWrt.sys
18:47:00.0679 6076  DKRtWrt - ok
18:47:00.0697 6076  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:47:00.0699 6076  Dnscache - ok
18:47:00.0719 6076  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:47:00.0722 6076  dot3svc - ok
18:47:00.0751 6076  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
18:47:00.0753 6076  DPS - ok
18:47:00.0787 6076  [ F7BDA38AFBDA04F0A89DEBA767EEDA79 ] DragonSvc       C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
18:47:00.0788 6076  DragonSvc - ok
18:47:00.0808 6076  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:47:00.0808 6076  drmkaud - ok
18:47:00.0828 6076  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:47:00.0831 6076  DXGKrnl - ok
18:47:00.0839 6076  [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
18:47:00.0841 6076  E1G60 - ok
18:47:00.0857 6076  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
18:47:00.0858 6076  EapHost - ok
18:47:00.0902 6076  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
18:47:00.0944 6076  ebdrv - ok
18:47:00.0981 6076  [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS             C:\Windows\System32\lsass.exe
18:47:00.0982 6076  EFS - ok
18:47:01.0009 6076  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:47:01.0014 6076  ehRecvr - ok
18:47:01.0028 6076  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
18:47:01.0029 6076  ehSched - ok
18:47:01.0044 6076  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
18:47:01.0048 6076  elxstor - ok
18:47:01.0076 6076  [ 2FD83A7CF6C75F3A288EAD94867A9AD6 ] emAudio         C:\Windows\system32\drivers\emAudio64.sys
18:47:01.0077 6076  emAudio - ok
18:47:01.0094 6076  [ 9EAFB3B3B60B8AD958985152A9309ACA ] epmntdrv        C:\Windows\system32\epmntdrv.sys
18:47:01.0096 6076  epmntdrv - ok
18:47:01.0118 6076  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:47:01.0118 6076  ErrDev - ok
18:47:01.0132 6076  [ 84486624268E078255BC7AA47F0960BC ] etdrv           C:\Windows\etdrv.sys
18:47:01.0133 6076  etdrv - ok
18:47:01.0144 6076  [ FB949ED2C93C878A189039F3D7730942 ] EuGdiDrv        C:\Windows\system32\EuGdiDrv.sys
18:47:01.0146 6076  EuGdiDrv - ok
18:47:01.0168 6076  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
18:47:01.0172 6076  EventSystem - ok
18:47:01.0187 6076  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
18:47:01.0188 6076  exfat - ok
18:47:01.0203 6076  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:47:01.0204 6076  fastfat - ok
18:47:01.0234 6076  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
18:47:01.0239 6076  Fax - ok
18:47:01.0252 6076  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:47:01.0252 6076  fdc - ok
18:47:01.0264 6076  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:47:01.0266 6076  fdPHost - ok
18:47:01.0278 6076  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:47:01.0279 6076  FDResPub - ok
18:47:01.0291 6076  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:47:01.0291 6076  FileInfo - ok
18:47:01.0302 6076  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:47:01.0303 6076  Filetrace - ok
18:47:01.0336 6076  [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:47:01.0341 6076  FLEXnet Licensing Service - ok
18:47:01.0352 6076  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:47:01.0352 6076  flpydisk - ok
18:47:01.0376 6076  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:47:01.0377 6076  FltMgr - ok
18:47:01.0401 6076  [ D4463A74E1BFBF3FB9B4FC6CF5390152 ] fltsrv          C:\Windows\system32\DRIVERS\fltsrv.sys
18:47:01.0402 6076  fltsrv - ok
18:47:01.0438 6076  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
18:47:01.0448 6076  FontCache - ok
18:47:01.0481 6076  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:47:01.0482 6076  FontCache3.0.0.0 - ok
18:47:01.0492 6076  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:47:01.0493 6076  FsDepends - ok
18:47:01.0504 6076  [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:47:01.0504 6076  Fs_Rec - ok
18:47:01.0531 6076  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:47:01.0532 6076  fvevol - ok
18:47:01.0539 6076  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:47:01.0539 6076  gagp30kx - ok
18:47:01.0558 6076  [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv            C:\Windows\gdrv.sys
18:47:01.0558 6076  gdrv - ok
18:47:01.0589 6076  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
18:47:01.0596 6076  gpsvc - ok
18:47:01.0662 6076  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:47:01.0662 6076  gupdate - ok
18:47:01.0666 6076  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:47:01.0666 6076  gupdatem - ok
18:47:01.0689 6076  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:47:01.0691 6076  gusvc - ok
18:47:01.0703 6076  [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64        C:\Windows\GVTDrv64.sys
18:47:01.0704 6076  GVTDrv64 - ok
18:47:01.0716 6076  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:47:01.0716 6076  hcw85cir - ok
18:47:01.0736 6076  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:47:01.0738 6076  HdAudAddService - ok
18:47:01.0764 6076  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:47:01.0766 6076  HDAudBus - ok
18:47:01.0787 6076  [ EE8C05F926521A0E24EDAF40F45D01E6 ] HFGService      C:\Windows\System32\HFGService.dll
18:47:01.0789 6076  HFGService - ok
18:47:01.0802 6076  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
18:47:01.0803 6076  HidBatt - ok
18:47:01.0826 6076  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:47:01.0826 6076  HidBth - ok
18:47:01.0833 6076  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
18:47:01.0834 6076  HidIr - ok
18:47:01.0837 6076  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
18:47:01.0838 6076  hidserv - ok
18:47:01.0866 6076  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:47:01.0866 6076  HidUsb - ok
18:47:01.0884 6076  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:47:01.0886 6076  hkmsvc - ok
18:47:01.0907 6076  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:47:01.0911 6076  HomeGroupListener - ok
18:47:01.0929 6076  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:47:01.0933 6076  HomeGroupProvider - ok
18:47:01.0953 6076  [ 15F37D0102A81BA8DB007C68483C1F91 ] hotcore3        C:\Windows\system32\DRIVERS\hotcore3.sys
18:47:01.0954 6076  hotcore3 - ok
18:47:01.0976 6076  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:47:01.0976 6076  HpSAMD - ok
18:47:02.0002 6076  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:47:02.0007 6076  HTTP - ok
18:47:02.0024 6076  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:47:02.0026 6076  hwpolicy - ok
18:47:02.0046 6076  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:47:02.0047 6076  i8042prt - ok
18:47:02.0094 6076  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
18:47:02.0097 6076  IAANTMON - ok
18:47:02.0108 6076  [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
18:47:02.0112 6076  iaStor - ok
18:47:02.0127 6076  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:47:02.0129 6076  iaStorV - ok
18:47:02.0187 6076  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:47:02.0188 6076  IDriverT - ok
18:47:02.0218 6076  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:47:02.0226 6076  idsvc - ok
18:47:02.0236 6076  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
18:47:02.0237 6076  iirsp - ok
18:47:02.0258 6076  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
18:47:02.0266 6076  IKEEXT - ok
18:47:02.0269 6076  IntcAzAudAddService - ok
18:47:02.0291 6076  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
18:47:02.0291 6076  intelide - ok
18:47:02.0299 6076  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:47:02.0301 6076  intelppm - ok
18:47:02.0346 6076  [ D9DA7B3117BF5EFF921C0CDED4D58050 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
18:47:02.0346 6076  IntuitUpdateServiceV4 - ok
18:47:02.0358 6076  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:47:02.0361 6076  IPBusEnum - ok
18:47:02.0394 6076  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:47:02.0396 6076  IpFilterDriver - ok
18:47:02.0426 6076  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:47:02.0432 6076  iphlpsvc - ok
18:47:02.0449 6076  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:47:02.0451 6076  IPMIDRV - ok
18:47:02.0463 6076  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:47:02.0463 6076  IPNAT - ok
18:47:02.0499 6076  [ 02DEF37AB75E0032C50724646F708DE8 ] iPodDrv         C:\Windows\system32\drivers\iPodDrv.sys
18:47:02.0501 6076  iPodDrv - ok
18:47:02.0511 6076  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:47:02.0512 6076  IRENUM - ok
18:47:02.0529 6076  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:47:02.0529 6076  isapnp - ok
18:47:02.0559 6076  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:47:02.0562 6076  iScsiPrt - ok
18:47:02.0579 6076  [ 9C6F3F69163133FB8E56AC4A6E163452 ] ISODrive        C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
18:47:02.0581 6076  ISODrive - ok
18:47:02.0622 6076  [ F3A41EC4C6506E76E07A219B3A1DF8D2 ] JMB36X          C:\Windows\SysWOW64\XSrvSetup.exe
18:47:02.0624 6076  JMB36X - ok
18:47:02.0644 6076  [ 50DE7DD7EDB1B512B13666588AEFBF6F ] JRAID           C:\Windows\system32\DRIVERS\jraid.sys
18:47:02.0646 6076  JRAID - ok
18:47:02.0696 6076  [ 8BBD13D7AE60C95258208153120B7D79 ] JumpDesktop     C:\Program Files (x86)\Jump Desktop\JumpService.exe
18:47:02.0697 6076  JumpDesktop - ok
18:47:02.0702 6076  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:47:02.0702 6076  kbdclass - ok
18:47:02.0711 6076  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:47:02.0711 6076  kbdhid - ok
18:47:02.0722 6076  [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso          C:\Windows\system32\lsass.exe
18:47:02.0723 6076  KeyIso - ok
18:47:02.0726 6076  KMService - ok
18:47:02.0751 6076  [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:47:02.0751 6076  KSecDD - ok
18:47:02.0776 6076  [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:47:02.0777 6076  KSecPkg - ok
18:47:02.0779 6076  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:47:02.0781 6076  ksthunk - ok
18:47:02.0796 6076  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:47:02.0801 6076  KtmRm - ok
18:47:02.0809 6076  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
18:47:02.0813 6076  LanmanServer - ok
18:47:02.0841 6076  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:47:02.0844 6076  LanmanWorkstation - ok
18:47:02.0857 6076  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:47:02.0857 6076  lltdio - ok
18:47:02.0869 6076  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:47:02.0873 6076  lltdsvc - ok
18:47:02.0881 6076  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:47:02.0882 6076  lmhosts - ok
18:47:02.0949 6076  [ D55A7D0553C7102F63872936C7A9D9DB ] LMIGuardianSvc  D:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
18:47:02.0951 6076  LMIGuardianSvc - ok
18:47:02.0957 6076  [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo         D:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
18:47:02.0957 6076  LMIInfo - ok
18:47:02.0979 6076  [ A7D256C8847DF6E88BDDB55F87E54F46 ] LMIMaint        D:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
18:47:02.0982 6076  LMIMaint - ok
18:47:03.0012 6076  [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr         C:\Windows\system32\DRIVERS\lmimirr.sys
18:47:03.0012 6076  lmimirr - ok
18:47:03.0021 6076  LMIRfsClientNP - ok
18:47:03.0036 6076  [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver    C:\Windows\system32\drivers\LMIRfsDriver.sys
18:47:03.0037 6076  LMIRfsDriver - ok
18:47:03.0057 6076  [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn         D:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
18:47:03.0059 6076  LogMeIn - ok
18:47:03.0076 6076  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
18:47:03.0077 6076  LSI_FC - ok
18:47:03.0084 6076  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
18:47:03.0086 6076  LSI_SAS - ok
18:47:03.0091 6076  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:47:03.0092 6076  LSI_SAS2 - ok
18:47:03.0101 6076  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:47:03.0101 6076  LSI_SCSI - ok
18:47:03.0113 6076  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:47:03.0113 6076  luafv - ok
18:47:03.0162 6076  [ 3BC261009BA66AAEE6E43067FE257D32 ] Marvell RAID    C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
18:47:03.0163 6076  Marvell RAID - ok
18:47:03.0194 6076  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
18:47:03.0196 6076  MBAMProtector - ok
18:47:03.0228 6076  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:47:03.0231 6076  MBAMScheduler - ok
18:47:03.0246 6076  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:47:03.0248 6076  MBAMService - ok
18:47:03.0271 6076  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:47:03.0273 6076  Mcx2Svc - ok
18:47:03.0287 6076  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
18:47:03.0287 6076  megasas - ok
18:47:03.0294 6076  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
18:47:03.0297 6076  MegaSR - ok
18:47:03.0327 6076  Microsoft SharePoint Workspace Audit Service - ok
18:47:03.0337 6076  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
18:47:03.0339 6076  MMCSS - ok
18:47:03.0348 6076  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
18:47:03.0349 6076  Modem - ok
18:47:03.0359 6076  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:47:03.0359 6076  monitor - ok
18:47:03.0384 6076  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:47:03.0384 6076  mouclass - ok
18:47:03.0388 6076  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:47:03.0388 6076  mouhid - ok
18:47:03.0413 6076  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:47:03.0414 6076  mountmgr - ok
18:47:03.0459 6076  [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:47:03.0461 6076  MozillaMaintenance - ok
18:47:03.0487 6076  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:47:03.0487 6076  mpio - ok
18:47:03.0491 6076  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:47:03.0492 6076  mpsdrv - ok
18:47:03.0532 6076  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:47:03.0539 6076  MpsSvc - ok
18:47:03.0589 6076  [ 8881574868E648689B7AA88A88716E17 ] MRUWebService   C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
18:47:03.0589 6076  MRUWebService - ok
18:47:03.0607 6076  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:47:03.0608 6076  MRxDAV - ok
18:47:03.0634 6076  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:47:03.0636 6076  mrxsmb - ok
18:47:03.0662 6076  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:47:03.0663 6076  mrxsmb10 - ok
18:47:03.0699 6076  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:47:03.0701 6076  mrxsmb20 - ok
18:47:03.0719 6076  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:47:03.0721 6076  msahci - ok
18:47:03.0743 6076  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:47:03.0743 6076  msdsm - ok
18:47:03.0756 6076  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
18:47:03.0758 6076  MSDTC - ok
18:47:03.0773 6076  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:47:03.0774 6076  Msfs - ok
18:47:03.0783 6076  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:47:03.0784 6076  mshidkmdf - ok
18:47:03.0803 6076  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:47:03.0803 6076  msisadrv - ok
18:47:03.0816 6076  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:47:03.0819 6076  MSiSCSI - ok
18:47:03.0822 6076  msiserver - ok
18:47:03.0831 6076  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:47:03.0832 6076  MSKSSRV - ok
18:47:03.0843 6076  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:47:03.0844 6076  MSPCLOCK - ok
18:47:03.0849 6076  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:47:03.0849 6076  MSPQM - ok
18:47:03.0873 6076  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:47:03.0876 6076  MsRPC - ok
18:47:03.0884 6076  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:47:03.0884 6076  mssmbios - ok
18:47:03.0893 6076  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:47:03.0893 6076  MSTEE - ok
18:47:03.0903 6076  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
18:47:03.0903 6076  MTConfig - ok
18:47:03.0914 6076  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:47:03.0914 6076  Mup - ok
18:47:03.0934 6076  [ 6AF2640B5D7202FA0D96467318D4592E ] mv91cons        C:\Windows\system32\DRIVERS\mv91cons.sys
18:47:03.0936 6076  mv91cons - ok
18:47:03.0962 6076  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
18:47:03.0967 6076  napagent - ok
18:47:03.0982 6076  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:47:03.0984 6076  NativeWifiP - ok
18:47:04.0014 6076  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:47:04.0021 6076  NDIS - ok
18:47:04.0027 6076  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:47:04.0027 6076  NdisCap - ok
18:47:04.0031 6076  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:47:04.0031 6076  NdisTapi - ok
18:47:04.0056 6076  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:47:04.0057 6076  Ndisuio - ok
18:47:04.0082 6076  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:47:04.0083 6076  NdisWan - ok
18:47:04.0104 6076  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:47:04.0106 6076  NDProxy - ok
18:47:04.0113 6076  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:47:04.0113 6076  NetBIOS - ok
18:47:04.0137 6076  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:47:04.0139 6076  NetBT - ok
18:47:04.0143 6076  [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon        C:\Windows\system32\lsass.exe
18:47:04.0144 6076  Netlogon - ok
18:47:04.0162 6076  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
18:47:04.0166 6076  Netman - ok
18:47:04.0207 6076  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:47:04.0218 6076  NetMsmqActivator - ok
18:47:04.0221 6076  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:47:04.0222 6076  NetPipeActivator - ok
18:47:04.0234 6076  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
18:47:04.0239 6076  netprofm - ok
18:47:04.0326 6076  [ 5EB01F698C4E2C11598934D4540047CA ] netr28ux        C:\Windows\system32\DRIVERS\netr28ux.sys
18:47:04.0334 6076  netr28ux - ok
18:47:04.0367 6076  [ 81B8D0C1CE44A7FDBD596B693783950C ] netr7364        C:\Windows\system32\DRIVERS\netr7364.sys
18:47:04.0373 6076  netr7364 - ok
18:47:04.0377 6076  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:47:04.0377 6076  NetTcpActivator - ok
18:47:04.0381 6076  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:47:04.0382 6076  NetTcpPortSharing - ok
18:47:04.0388 6076  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
18:47:04.0389 6076  nfrd960 - ok
18:47:04.0416 6076  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:47:04.0419 6076  NlaSvc - ok
18:47:04.0446 6076  [ B1EF4686961986DFFB7FE8F18E6FCB5B ] nlsX86cc        C:\Windows\SysWOW64\nlssrv32.exe
18:47:04.0447 6076  nlsX86cc - ok
18:47:04.0472 6076  [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF             C:\Windows\system32\drivers\npf.sys
18:47:04.0472 6076  NPF - ok
18:47:04.0482 6076  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:47:04.0483 6076  Npfs - ok
18:47:04.0491 6076  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
18:47:04.0492 6076  nsi - ok
18:47:04.0498 6076  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:47:04.0498 6076  nsiproxy - ok
18:47:04.0537 6076  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:47:04.0558 6076  Ntfs - ok
18:47:04.0576 6076  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
18:47:04.0577 6076  Null - ok
18:47:04.0606 6076  [ 785298579B5F9B4032152DFBB992FDB6 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
18:47:04.0607 6076  nusb3hub - ok
18:47:04.0644 6076  [ DF2750481B4964814467C974F2B0EEF1 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:47:04.0647 6076  nusb3xhc - ok
18:47:04.0667 6076  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:47:04.0668 6076  nvraid - ok
18:47:04.0692 6076  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:47:04.0693 6076  nvstor - ok
18:47:04.0719 6076  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:47:04.0721 6076  nv_agp - ok
18:47:04.0748 6076  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
18:47:04.0749 6076  ohci1394 - ok
18:47:04.0788 6076  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:47:04.0789 6076  ose - ok
18:47:04.0883 6076  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:47:04.0901 6076  osppsvc - ok
18:47:04.0931 6076  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:47:04.0934 6076  p2pimsvc - ok
18:47:04.0951 6076  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:47:04.0957 6076  p2psvc - ok
18:47:04.0972 6076  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:47:04.0973 6076  Parport - ok
18:47:04.0983 6076  [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:47:04.0983 6076  partmgr - ok
18:47:04.0991 6076  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:47:04.0994 6076  PcaSvc - ok
18:47:05.0019 6076  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
18:47:05.0021 6076  pci - ok
18:47:05.0039 6076  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
18:47:05.0041 6076  pciide - ok
18:47:05.0046 6076  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:47:05.0047 6076  pcmcia - ok
18:47:05.0053 6076  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:47:05.0053 6076  pcw - ok
18:47:05.0072 6076  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:47:05.0076 6076  PEAUTH - ok
18:47:05.0089 6076  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
18:47:05.0099 6076  PeerDistSvc - ok
18:47:05.0122 6076  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:47:05.0124 6076  PerfHost - ok
18:47:05.0192 6076  [ 25367AFF274D7DF637B7D5336246773E ] PhoneMyPC_Helper D:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe
18:47:05.0192 6076  PhoneMyPC_Helper - ok
18:47:05.0231 6076  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
18:47:05.0243 6076  pla - ok
18:47:05.0268 6076  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:47:05.0273 6076  PlugPlay - ok
18:47:05.0284 6076  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:47:05.0287 6076  PNRPAutoReg - ok
18:47:05.0292 6076  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:47:05.0294 6076  PNRPsvc - ok
18:47:05.0328 6076  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:47:05.0333 6076  PolicyAgent - ok
18:47:05.0364 6076  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
18:47:05.0368 6076  Power - ok
18:47:05.0389 6076  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:47:05.0391 6076  PptpMiniport - ok
18:47:05.0393 6076  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
18:47:05.0394 6076  Processor - ok
18:47:05.0409 6076  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\Windows\system32\profsvc.dll
18:47:05.0412 6076  ProfSvc - ok
18:47:05.0416 6076  [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
18:47:05.0418 6076  ProtectedStorage - ok
18:47:05.0434 6076  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:47:05.0436 6076  Psched - ok
18:47:05.0471 6076  [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2       c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
18:47:05.0472 6076  PSI_SVC_2 - ok
18:47:05.0501 6076  [ 07D57B890DD5693A6AB660CBAE8F91B4 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
18:47:05.0502 6076  PxHlpa64 - ok
18:47:05.0504 6076  PzWDM - ok
18:47:05.0529 6076  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
18:47:05.0539 6076  ql2300 - ok
18:47:05.0549 6076  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
18:47:05.0551 6076  ql40xx - ok
18:47:05.0573 6076  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
18:47:05.0578 6076  QWAVE - ok
18:47:05.0587 6076  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:47:05.0588 6076  QWAVEdrv - ok
18:47:05.0598 6076  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:47:05.0599 6076  RasAcd - ok
18:47:05.0608 6076  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:47:05.0609 6076  RasAgileVpn - ok
18:47:05.0622 6076  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
18:47:05.0624 6076  RasAuto - ok
18:47:05.0642 6076  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:47:05.0642 6076  Rasl2tp - ok
18:47:05.0668 6076  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
18:47:05.0673 6076  RasMan - ok
18:47:05.0684 6076  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:47:05.0686 6076  RasPppoe - ok
18:47:05.0689 6076  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:47:05.0691 6076  RasSstp - ok
18:47:05.0703 6076  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:47:05.0706 6076  rdbss - ok
18:47:05.0712 6076  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:47:05.0713 6076  rdpbus - ok
18:47:05.0722 6076  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:47:05.0722 6076  RDPCDD - ok
18:47:05.0748 6076  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
18:47:05.0749 6076  RDPDR - ok
18:47:05.0763 6076  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:47:05.0764 6076  RDPENCDD - ok
18:47:05.0776 6076  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:47:05.0777 6076  RDPREFMP - ok
18:47:05.0807 6076  [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:47:05.0807 6076  RdpVideoMiniport - ok
18:47:05.0833 6076  [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:47:05.0834 6076  RDPWD - ok
18:47:05.0856 6076  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:47:05.0857 6076  rdyboost - ok
18:47:05.0909 6076  [ 8016345FC9A10A613591C5821CE33B9C ] ReflectService.exe C:\Program Files\Macrium\Reflect\ReflectService.exe
18:47:05.0911 6076  ReflectService.exe - ok
18:47:05.0936 6076  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:47:05.0938 6076  RemoteAccess - ok
18:47:05.0943 6076  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:47:05.0946 6076  RemoteRegistry - ok
18:47:05.0964 6076  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
18:47:05.0967 6076  RFCOMM - ok
18:47:05.0989 6076  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
18:47:05.0991 6076  rpcapd - ok
18:47:06.0004 6076  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:47:06.0007 6076  RpcEptMapper - ok
18:47:06.0027 6076  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
18:47:06.0029 6076  RpcLocator - ok
18:47:06.0063 6076  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\System32\rpcss.dll
18:47:06.0067 6076  RpcSs - ok
18:47:06.0077 6076  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:47:06.0078 6076  rspndr - ok
18:47:06.0109 6076  [ 0039DE6A0A1293889A3F21ECC473263D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
18:47:06.0111 6076  RTL8167 - ok
18:47:06.0134 6076  [ 2B38C905492F36FE42B59DA52D6B4EB7 ] RtNdPt60        C:\Windows\system32\DRIVERS\RtNdPt60.sys
18:47:06.0134 6076  RtNdPt60 - ok
18:47:06.0148 6076  [ 3183388DA27655085960A22B4B29CAA9 ] RTTEAMPT        C:\Windows\system32\DRIVERS\RtTeam60.sys
18:47:06.0148 6076  RTTEAMPT - ok
18:47:06.0171 6076  [ 8B6B42D782202363A562F82B0E13B1C0 ] RTVLANPT        C:\Windows\system32\DRIVERS\RtVlan60.sys
18:47:06.0171 6076  RTVLANPT - ok
18:47:06.0197 6076  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
18:47:06.0198 6076  s3cap - ok
18:47:06.0202 6076  [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs           C:\Windows\system32\lsass.exe
18:47:06.0203 6076  SamSs - ok
18:47:06.0253 6076  [ 328100AF2EFD951EAB657384EC361B6F ] SamsungAllShareV2.0 D:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
18:47:06.0253 6076  SamsungAllShareV2.0 - ok
18:47:06.0286 6076  [ 5EFBBFCC6ADAC121C8E2FE76641ED329 ] SANDRA          d:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2011\WNt500x64\Sandra.sys
18:47:06.0287 6076  SANDRA - ok
18:47:06.0296 6076  [ 46DDC984860A694D1CA838A773FF1974 ] SandraAgentSrv  d:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2011\RpcAgentSrv.exe
18:47:06.0297 6076  SandraAgentSrv - ok
18:47:06.0347 6076  [ E6C0EA194B4A98F6645502A52359E0AC ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
18:47:06.0348 6076  SbieDrv - ok
18:47:06.0358 6076  [ B435855D3A6B221574000792B615B8EA ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
18:47:06.0359 6076  SbieSvc - ok
18:47:06.0389 6076  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
18:47:06.0389 6076  sbp2port - ok
18:47:06.0394 6076  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:47:06.0398 6076  SCardSvr - ok
18:47:06.0419 6076  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:47:06.0419 6076  scfilter - ok
18:47:06.0453 6076  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
18:47:06.0462 6076  Schedule - ok
18:47:06.0484 6076  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:47:06.0484 6076  SCPolicySvc - ok
18:47:06.0534 6076  [ 958E956E119EB7B9ABA142AFED1B5FF4 ] ScsiAccess      c:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
18:47:06.0536 6076  ScsiAccess - ok
18:47:06.0563 6076  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:47:06.0567 6076  SDRSVC - ok
18:47:06.0578 6076  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:47:06.0578 6076  secdrv - ok
18:47:06.0608 6076  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
18:47:06.0611 6076  seclogon - ok
18:47:06.0621 6076  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
18:47:06.0623 6076  SENS - ok
18:47:06.0631 6076  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:47:06.0633 6076  SensrSvc - ok
18:47:06.0639 6076  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:47:06.0641 6076  Serenum - ok
18:47:06.0652 6076  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:47:06.0653 6076  Serial - ok
18:47:06.0674 6076  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
18:47:06.0676 6076  sermouse - ok
18:47:06.0702 6076  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:47:06.0706 6076  SessionEnv - ok
18:47:06.0734 6076  [ 18A4EB256E35A6DD233C4D005835879A ] SetupARService  C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe
18:47:06.0734 6076  SetupARService - ok
18:47:06.0756 6076  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:47:06.0756 6076  sffdisk - ok
18:47:06.0759 6076  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:47:06.0761 6076  sffp_mmc - ok
18:47:06.0772 6076  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:47:06.0773 6076  sffp_sd - ok
18:47:06.0786 6076  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
18:47:06.0786 6076  sfloppy - ok
18:47:06.0828 6076  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:47:06.0832 6076  SharedAccess - ok
18:47:06.0883 6076  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:47:06.0888 6076  ShellHWDetection - ok
18:47:06.0913 6076  [ 1980FE1F5A32067DAD1D8776B63C2669 ] SimpleSlideShowServer D:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
18:47:06.0914 6076  SimpleSlideShowServer - ok
18:47:06.0928 6076  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:47:06.0929 6076  SiSRaid2 - ok
18:47:06.0939 6076  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
18:47:06.0939 6076  SiSRaid4 - ok
18:47:07.0047 6076  [ EB17DF573B4423DF0B3B2EE3B268A6DE ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:47:07.0058 6076  Skype C2C Service - ok
18:47:07.0112 6076  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
18:47:07.0113 6076  SkypeUpdate - ok
18:47:07.0127 6076  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:47:07.0128 6076  Smb - ok
18:47:07.0154 6076  [ F26AAD9ADFC9B62AC59A004A913C92DA ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
18:47:07.0157 6076  snapman - ok
18:47:07.0172 6076  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:47:07.0174 6076  SNMPTRAP - ok
18:47:07.0237 6076  [ C94279F34B1F39ED2F6D2DDCB4E6CDCB ] SplashtopRemoteService C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
18:47:07.0239 6076  SplashtopRemoteService - ok
18:47:07.0257 6076  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:47:07.0258 6076  spldr - ok
18:47:07.0282 6076  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
18:47:07.0288 6076  Spooler - ok
18:47:07.0347 6076  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
18:47:07.0389 6076  sppsvc - ok
18:47:07.0414 6076  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:47:07.0417 6076  sppuinotify - ok
18:47:07.0421 6076  sptd - ok
18:47:07.0453 6076  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:47:07.0457 6076  srv - ok
18:47:07.0473 6076  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:47:07.0476 6076  srv2 - ok
18:47:07.0497 6076  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:47:07.0498 6076  srvnet - ok
18:47:07.0529 6076  [ D52282225D5BD73A9CBF420699D1A0FE ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
18:47:07.0531 6076  ssadbus - ok
18:47:07.0567 6076  [ F7936AC6E8437E10E1AE488CE21F3086 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
18:47:07.0568 6076  ssadmdfl - ok
18:47:07.0594 6076  [ 1FE033372A58C67B3ECCA903FC637B36 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
18:47:07.0596 6076  ssadmdm - ok
18:47:07.0608 6076  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:47:07.0612 6076  SSDPSRV - ok
18:47:07.0626 6076  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:47:07.0628 6076  SstpSvc - ok
18:47:07.0653 6076  [ A3DB02B3FE0884E9167E457D167C8A73 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
18:47:07.0655 6076  ssudmdm - ok
18:47:07.0747 6076  [ 6E6B9B863C5B894F3C6A60680C7317A4 ] SSUService      C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
18:47:07.0748 6076  SSUService - ok
18:47:07.0760 6076  Steam Client Service - ok
18:47:07.0771 6076  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
18:47:07.0771 6076  stexstor - ok
18:47:07.0801 6076  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
18:47:07.0801 6076  StillCam - ok
18:47:07.0835 6076  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
18:47:07.0841 6076  stisvc - ok
18:47:07.0858 6076  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
18:47:07.0860 6076  storflt - ok
18:47:07.0863 6076  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
18:47:07.0866 6076  StorSvc - ok
18:47:07.0886 6076  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
18:47:07.0886 6076  storvsc - ok
18:47:07.0902 6076  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
18:47:07.0902 6076  swenum - ok
18:47:08.0012 6076  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:47:08.0015 6076  SwitchBoard - ok
18:47:08.0035 6076  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
18:47:08.0040 6076  swprv - ok
18:47:08.0056 6076  Synth3dVsc - ok
18:47:08.0102 6076  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
18:47:08.0127 6076  SysMain - ok
18:47:08.0151 6076  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:47:08.0155 6076  TabletInputService - ok
18:47:08.0172 6076  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:47:08.0177 6076  TapiSrv - ok
18:47:08.0187 6076  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
18:47:08.0191 6076  TBS - ok
18:47:08.0231 6076  [ FC62769E7BFF2896035AEED399108162 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:47:08.0256 6076  Tcpip - ok
18:47:08.0276 6076  [ FC62769E7BFF2896035AEED399108162 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:47:08.0282 6076  TCPIP6 - ok
18:47:08.0315 6076  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:47:08.0315 6076  tcpipreg - ok
18:47:08.0333 6076  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:47:08.0335 6076  TDPIPE - ok
18:47:08.0367 6076  [ 7BC43335C778370FD0040D5224D8EDEB ] tdrpman         C:\Windows\system32\DRIVERS\tdrpman.sys
18:47:08.0376 6076  tdrpman - ok
18:47:08.0390 6076  [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:47:08.0391 6076  TDTCP - ok
18:47:08.0418 6076  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:47:08.0420 6076  tdx - ok
18:47:08.0431 6076  [ 3183388DA27655085960A22B4B29CAA9 ] TEAM            C:\Windows\system32\DRIVERS\RtTeam60.sys
18:47:08.0432 6076  TEAM - ok
18:47:08.0443 6076  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
18:47:08.0445 6076  TermDD - ok
18:47:08.0468 6076  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
18:47:08.0476 6076  TermService - ok
18:47:08.0487 6076  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
18:47:08.0490 6076  Themes - ok
18:47:08.0512 6076  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
18:47:08.0513 6076  THREADORDER - ok
18:47:08.0552 6076  [ 7D68EAB50DF8B71408B645BA8581800E ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
18:47:08.0560 6076  timounter - ok
18:47:08.0595 6076  [ EFEF22B9577E5051057FDE1AE381B50C ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
18:47:08.0596 6076  TomTomHOMEService - ok
18:47:08.0608 6076  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
18:47:08.0611 6076  TrkWks - ok
18:47:08.0645 6076  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:47:08.0646 6076  TrustedInstaller - ok
18:47:08.0667 6076  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:47:08.0667 6076  tssecsrv - ok
18:47:08.0680 6076  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:47:08.0680 6076  TsUsbFlt - ok
18:47:08.0685 6076  tsusbhub - ok
18:47:08.0700 6076  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:47:08.0701 6076  tunnel - ok
18:47:08.0713 6076  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
18:47:08.0715 6076  uagp35 - ok
18:47:08.0738 6076  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:47:08.0741 6076  udfs - ok
18:47:08.0760 6076  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:47:08.0762 6076  UI0Detect - ok
18:47:08.0776 6076  [ EF07F8743762F327D5326F2E3392E816 ] UimBus          C:\Windows\system32\DRIVERS\uimx64.sys
18:47:08.0776 6076  UimBus - ok
18:47:08.0795 6076  [ E97A8698A87586029F0CE950AEA506C1 ] Uim_IM          C:\Windows\system32\Drivers\Uim_IMx64.sys
18:47:08.0795 6076  Uim_IM - ok
18:47:08.0803 6076  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:47:08.0805 6076  uliagpkx - ok
18:47:08.0827 6076  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:47:08.0827 6076  umbus - ok
18:47:08.0836 6076  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
18:47:08.0836 6076  UmPass - ok
18:47:08.0851 6076  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
18:47:08.0855 6076  UmRdpService - ok
18:47:08.0872 6076  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
18:47:08.0877 6076  upnphost - ok
18:47:08.0913 6076  [ DD8064FF60ACB855552FF999CB6076CD ] USB28xxBGA      C:\Windows\system32\DRIVERS\emBDA64.sys
18:47:08.0918 6076  USB28xxBGA - ok
18:47:08.0945 6076  [ 19B65BEF83E549087633328C5EA338EE ] USB28xxOEM      C:\Windows\system32\DRIVERS\emOEM64.sys
18:47:08.0953 6076  USB28xxOEM - ok
18:47:08.0971 6076  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
18:47:08.0972 6076  usbaudio - ok
18:47:08.0997 6076  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:47:08.0998 6076  usbccgp - ok
18:47:09.0027 6076  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:47:09.0028 6076  usbcir - ok
18:47:09.0048 6076  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:47:09.0048 6076  usbehci - ok
18:47:09.0063 6076  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:47:09.0067 6076  usbhub - ok
18:47:09.0086 6076  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
18:47:09.0087 6076  usbohci - ok
18:47:09.0098 6076  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:47:09.0098 6076  usbprint - ok
18:47:09.0130 6076  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:47:09.0131 6076  USBSTOR - ok
18:47:09.0157 6076  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:47:09.0158 6076  usbuhci - ok
18:47:09.0181 6076  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
18:47:09.0182 6076  usbvideo - ok
18:47:09.0191 6076  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
18:47:09.0193 6076  UxSms - ok
18:47:09.0206 6076  [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc        C:\Windows\system32\lsass.exe
18:47:09.0207 6076  VaultSvc - ok
18:47:09.0345 6076  [ C83D714B7CA4286515B5954B8F8C3C1F ] VBoxDrv         d:\Program Files (x86)\YouWave Android\vb\VBoxDrv.sys
18:47:09.0346 6076  VBoxDrv - ok
18:47:09.0350 6076  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:47:09.0351 6076  vdrvroot - ok
18:47:09.0381 6076  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
18:47:09.0387 6076  vds - ok
18:47:09.0398 6076  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:47:09.0400 6076  vga - ok
18:47:09.0410 6076  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:47:09.0411 6076  VgaSave - ok
18:47:09.0415 6076  VGPU - ok
18:47:09.0436 6076  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:47:09.0437 6076  vhdmp - ok
18:47:09.0457 6076  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:47:09.0458 6076  viaide - ok
18:47:09.0501 6076  [ 905DD422D28A32FACE8AE695B3823843 ] vidsflt67       C:\Windows\system32\DRIVERS\vsflt67.sys
18:47:09.0502 6076  vidsflt67 - ok
18:47:09.0512 6076  [ 8B6B42D782202363A562F82B0E13B1C0 ] VLAN            C:\Windows\system32\DRIVERS\RtVLAN60.sys
18:47:09.0512 6076  VLAN - ok
18:47:09.0541 6076  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
18:47:09.0542 6076  vmbus - ok
18:47:09.0567 6076  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
18:47:09.0568 6076  VMBusHID - ok
18:47:09.0580 6076  [ 93F279A2C172562050700A18FA84BE2E ] vncmirror       C:\Windows\system32\DRIVERS\vncmirror.sys
18:47:09.0581 6076  vncmirror - ok
18:47:09.0673 6076  [ 2ADFBDEFBDB38ACFFA5F05827E7A3FD9 ] vncserver       C:\Program Files\RealVNC\VNC Server\vncserver.exe
18:47:09.0726 6076  vncserver - ok
18:47:09.0758 6076  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:47:09.0758 6076  volmgr - ok
18:47:09.0785 6076  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:47:09.0787 6076  volmgrx - ok
18:47:09.0815 6076  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:47:09.0817 6076  volsnap - ok
18:47:09.0831 6076  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
18:47:09.0832 6076  vsmraid - ok
18:47:09.0872 6076  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
18:47:09.0897 6076  VSS - ok
18:47:09.0902 6076  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:47:09.0903 6076  vwifibus - ok
18:47:09.0930 6076  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:47:09.0931 6076  vwififlt - ok
18:47:09.0947 6076  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
18:47:09.0947 6076  vwifimp - ok
18:47:09.0962 6076  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
18:47:09.0967 6076  W32Time - ok
18:47:09.0983 6076  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
18:47:09.0983 6076  WacomPen - ok
18:47:09.0993 6076  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:47:09.0995 6076  WANARP - ok
18:47:09.0998 6076  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:47:10.0000 6076  Wanarpv6 - ok
18:47:10.0031 6076  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:47:10.0041 6076  WatAdminSvc - ok
18:47:10.0078 6076  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
18:47:10.0103 6076  wbengine - ok
18:47:10.0110 6076  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:47:10.0113 6076  WbioSrvc - ok
18:47:10.0140 6076  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:47:10.0145 6076  wcncsvc - ok
18:47:10.0153 6076  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:47:10.0157 6076  WcsPlugInService - ok
18:47:10.0168 6076  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
18:47:10.0168 6076  Wd - ok
18:47:10.0196 6076  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
18:47:10.0197 6076  WDC_SAM - ok
18:47:10.0216 6076  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:47:10.0221 6076  Wdf01000 - ok
18:47:10.0232 6076  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:47:10.0236 6076  WdiServiceHost - ok
18:47:10.0241 6076  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:47:10.0243 6076  WdiSystemHost - ok
18:47:10.0271 6076  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
18:47:10.0275 6076  WebClient - ok
18:47:10.0281 6076  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:47:10.0286 6076  Wecsvc - ok
18:47:10.0301 6076  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:47:10.0305 6076  wercplsupport - ok
18:47:10.0315 6076  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:47:10.0318 6076  WerSvc - ok
18:47:10.0330 6076  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:47:10.0330 6076  WfpLwf - ok
18:47:10.0340 6076  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:47:10.0341 6076  WIMMount - ok
18:47:10.0358 6076  WinDefend - ok
18:47:10.0370 6076  WinHttpAutoProxySvc - ok
18:47:10.0406 6076  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:47:10.0408 6076  Winmgmt - ok
18:47:10.0437 6076  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
18:47:10.0460 6076  WinRM - ok
18:47:10.0492 6076  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:47:10.0492 6076  WinUsb - ok
18:47:10.0518 6076  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:47:10.0527 6076  Wlansvc - ok
18:47:10.0552 6076  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:47:10.0552 6076  WmiAcpi - ok
18:47:10.0562 6076  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:47:10.0563 6076  wmiApSrv - ok
18:47:10.0568 6076  WMPNetworkSvc - ok
18:47:10.0583 6076  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:47:10.0586 6076  WPCSvc - ok
18:47:10.0591 6076  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:47:10.0595 6076  WPDBusEnum - ok
18:47:10.0606 6076  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:47:10.0607 6076  ws2ifsl - ok
18:47:10.0612 6076  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
18:47:10.0616 6076  wscsvc - ok
18:47:10.0636 6076  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
18:47:10.0637 6076  WSDPrintDevice - ok
18:47:10.0641 6076  WSearch - ok
18:47:10.0700 6076  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:47:10.0732 6076  wuauserv - ok
18:47:10.0760 6076  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:47:10.0760 6076  WudfPf - ok
18:47:10.0775 6076  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:47:10.0776 6076  WUDFRd - ok
18:47:10.0790 6076  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:47:10.0792 6076  wudfsvc - ok
18:47:10.0798 6076  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:47:10.0803 6076  WwanSvc - ok
18:47:10.0868 6076  [ 7868F4758712393CB08A82917A8A9927 ] WysePocketCloud C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
18:47:10.0870 6076  WysePocketCloud - ok
18:47:10.0915 6076  ================ Scan global ===============================
18:47:10.0938 6076  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:47:10.0961 6076  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:47:10.0968 6076  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:47:10.0978 6076  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:47:11.0003 6076  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:47:11.0007 6076  [Global] - ok
18:47:11.0007 6076  ================ Scan MBR ==================================
18:47:11.0017 6076  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:47:11.0111 6076  \Device\Harddisk0\DR0 - ok
18:47:11.0113 6076  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
18:47:11.0117 6076  \Device\Harddisk1\DR1 - ok
18:47:11.0118 6076  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
18:47:11.0122 6076  \Device\Harddisk2\DR2 - ok
18:47:11.0123 6076  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
18:47:11.0145 6076  \Device\Harddisk3\DR3 - ok
18:47:11.0147 6076  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk4\DR4
18:47:11.0153 6076  \Device\Harddisk4\DR4 - ok
18:47:11.0170 6076  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk10\DR10
18:47:11.0173 6076  \Device\Harddisk10\DR10 - ok
18:47:11.0178 6076  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk5\DR5
18:47:11.0186 6076  \Device\Harddisk5\DR5 - ok
18:47:11.0188 6076  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk9\DR9
18:47:11.0191 6076  \Device\Harddisk9\DR9 - ok
18:47:11.0192 6076  ================ Scan VBR ==================================
18:47:11.0193 6076  [ A3A1CE1FE666C092C473BB8C153CE1B7 ] \Device\Harddisk0\DR0\Partition1
18:47:11.0193 6076  \Device\Harddisk0\DR0\Partition1 - ok
18:47:11.0198 6076  [ 9C79194A0A1C8DE9CB551FADEB45B81A ] \Device\Harddisk0\DR0\Partition2
18:47:11.0200 6076  \Device\Harddisk0\DR0\Partition2 - ok
18:47:11.0217 6076  [ 1332F9A6DEBE1ED5CD2E5EF1D6A33F17 ] \Device\Harddisk0\DR0\Partition3
18:47:11.0217 6076  \Device\Harddisk0\DR0\Partition3 - ok
18:47:11.0220 6076  [ B4250F2765E4AE59E3FAA88463BF4665 ] \Device\Harddisk1\DR1\Partition1
18:47:11.0220 6076  \Device\Harddisk1\DR1\Partition1 - ok
18:47:11.0221 6076  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk2\DR2\Partition1
18:47:11.0222 6076  \Device\Harddisk2\DR2\Partition1 - ok
18:47:11.0227 6076  [ 13844067411A748FBDD123FE5D846C2A ] \Device\Harddisk2\DR2\Partition2
18:47:11.0228 6076  \Device\Harddisk2\DR2\Partition2 - ok
18:47:11.0230 6076  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk3\DR3\Partition1
18:47:11.0230 6076  \Device\Harddisk3\DR3\Partition1 - ok
18:47:11.0232 6076  [ 0F8BFAE209AA6BBB350AF5060450C40A ] \Device\Harddisk3\DR3\Partition2
18:47:11.0232 6076  \Device\Harddisk3\DR3\Partition2 - ok
18:47:11.0235 6076  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk4\DR4\Partition1
18:47:11.0235 6076  \Device\Harddisk4\DR4\Partition1 - ok
18:47:11.0236 6076  [ 242C974E0505278377CA9924FA5454FF ] \Device\Harddisk4\DR4\Partition2
18:47:11.0237 6076  \Device\Harddisk4\DR4\Partition2 - ok
18:47:11.0238 6076  [ E4D42DCB4717B3D8D034C55CE34CDF76 ] \Device\Harddisk10\DR10\Partition1
18:47:11.0241 6076  \Device\Harddisk10\DR10\Partition1 - ok
18:47:11.0243 6076  [ F362BB3F71830DE6DF26817D930AFA73 ] \Device\Harddisk5\DR5\Partition1
18:47:11.0245 6076  \Device\Harddisk5\DR5\Partition1 - ok
18:47:11.0246 6076  [ 665705EA82BD4483D6E1E31371A6F5AA ] \Device\Harddisk9\DR9\Partition1
18:47:11.0247 6076  \Device\Harddisk9\DR9\Partition1 - ok
18:47:11.0248 6076  ============================================================
18:47:11.0248 6076  Scan finished
18:47:11.0248 6076  ============================================================
18:47:11.0252 1744  Detected object count: 0
18:47:11.0252 1744  Actual detected object count: 0


#14 skysis

skysis
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 17 June 2013 - 12:09 AM

When I ran Sophos, it removed something or disabled so I could easily remove that pesky folder with riaiccape.exe

Thanks a lot for your help!!!



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:00 PM

Posted 17 June 2013 - 07:35 AM

Looking good.

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users