Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keylogger detector


  • Please log in to reply
7 replies to this topic

#1 barrybro

barrybro

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 28 July 2013 - 07:10 PM

I suspect I have a keylogger on my laptop. any direction on how to verify would be greatly appreciated.



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:35 PM

Posted 28 July 2013 - 07:23 PM

Hello, I moved this from Vista to the Am I Infected forum as we need to scan for them.
 
Please boot into Safe Mode with Networking .

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Please Download TDSSkiller
    Launch it.
    Click on change parameters-Select TDLFS file system
    Click on "Scan".
    Please post the LOG report(log file should be in your C drive)

    Do not change the default options on scan results.



    Please download AdwCleaner by Xplode onto your desktop.
    Close all open programs and internet browsers.
    Double click on adwcleaner.exe to run the tool.
    Click on Delete.
    Confirm each time with Ok.
    You will be prompted to restart your computer. A text file will open after the restart.
    Please post the contents of that logfile with your next reply.
    You can find the logfile at C:\AdwCleaner[S1].txt as well.
     

     
     
    Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop. %5BLIST%5D
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions
  • for doing a Quick Scan in normal mode.
  • [/list] %5BLIST%5D
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues
  • [/list] Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes. %5BLIST%5D
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
  • [/list] Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware. -- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
     


    Reboot to Normal mode and run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 barrybro

barrybro
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 28 July 2013 - 09:54 PM

MiniToolBox by Farbar Version: 13-07-2013
Ran by AKB (administrator) on 28-07-2013 at 21:00:23
Running from "C:\Users\AKB\Desktop\bleeping"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros AR5007 802.11b/g WiFi Adapter = Wireless Network Connection (Connected)
NVIDIA nForce Networking Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : AKB-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Networking Controller
Physical Address. . . . . . . . . : 00-1F-16-D3-EE-0C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Atheros AR5007 802.11b/g WiFi Adapter
Physical Address. . . . . . . . . : 00-24-2C-99-CF-8F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a5ac:83a3:a629:aab8%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.66(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, July 28, 2013 8:59:14 PM
Lease Expires . . . . . . . . . . : Monday, July 29, 2013 8:59:13 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 218113068
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-AE-FA-C0-00-24-2C-99-CF-8F
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.gateway.2wire.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{2E1E0AB3-5200-4D42-A6ED-A60C56501080}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 29:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{16C743E7-3FAF-4B6C-B584-03A96BB941D5}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: home
Address: 192.168.1.254

Name: google.com
Addresses: 2607:f8b0:4004:803::1004
74.125.228.96
74.125.228.98
74.125.228.101
74.125.228.103
74.125.228.99
74.125.228.97
74.125.228.102
74.125.228.105
74.125.228.104
74.125.228.100
74.125.228.110



Pinging google.com [74.125.228.101] with 32 bytes of data:

Request timed out.

Request timed out.



Ping statistics for 74.125.228.101:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.183.24
98.138.253.109
206.190.36.45



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Request timed out.

Request timed out.



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 1f 16 d3 ee 0c ...... NVIDIA nForce 10/100/1000 Mbps Networking Controller
10 ...00 24 2c 99 cf 8f ...... Atheros AR5007 802.11b/g WiFi Adapter
1 ........................... Software Loopback Interface 1
15 ...00 00 00 00 00 00 00 e0 isatap.gateway.2wire.net
12 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
13 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
16 ...00 00 00 00 00 00 00 e0 isatap.{2E1E0AB3-5200-4D42-A6ED-A60C56501080}
33 ...00 00 00 00 00 00 00 e0 isatap.{16C743E7-3FAF-4B6C-B584-03A96BB941D5}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.66 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.66 281
192.168.1.66 255.255.255.255 On-link 192.168.1.66 281
192.168.1.255 255.255.255.255 On-link 192.168.1.66 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.66 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.66 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 281 fe80::/64 On-link
10 281 fe80::a5ac:83a3:a629:aab8/128
On-link
1 306 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/28/2013 08:59:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2013 08:59:03 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/28/2013 08:54:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2013 08:48:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2013 08:48:03 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/28/2013 06:49:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/28/2013 06:01:55 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/28/2013 05:45:27 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (07/28/2013 05:42:12 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/27/2013 11:36:16 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 0.0.0.0, time stamp 0x4e06cfe8, faulting module iexplore.exe, version 0.0.0.0, time stamp 0x4e06cfe8, exception code 0x40000015, fault offset 0x0008d1c0,
process id 0xb60, application start time 0xiexplore.exe0.


System errors:
=============
Error: (07/28/2013 08:59:27 PM) (Source: Service Control Manager) (User: )
Description: spldr
Wanarpv6

Error: (07/28/2013 08:59:27 PM) (Source: Service Control Manager) (User: )
Description: Internet Connection Sharing (ICS)Remote Access Connection Manager%%1058

Error: (07/28/2013 08:59:27 PM) (Source: Service Control Manager) (User: )
Description: tmrkbtmcomm

Error: (07/28/2013 08:59:27 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068

Error: (07/28/2013 08:59:03 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/28/2013 08:58:55 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (07/28/2013 08:54:29 PM) (Source: Service Control Manager) (User: )
Description: Superfetch%%197

Error: (07/28/2013 08:54:29 PM) (Source: Service Control Manager) (User: )
Description: Internet Connection Sharing (ICS)Remote Access Connection Manager%%1058

Error: (07/28/2013 08:54:29 PM) (Source: Service Control Manager) (User: )
Description: tmrkbtmcomm

Error: (07/28/2013 08:54:29 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-07-21 17:52:56.962
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-21 17:52:56.743
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-21 17:52:56.525
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-21 17:52:56.338
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-21 17:52:56.135
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-21 17:52:55.963
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-21 17:52:55.776
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-21 17:52:55.589
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-21 17:52:55.370
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-21 17:52:55.152
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
ActiveCheck component for HP Active Support Library (Version: 1.1.18.0)
Adobe Shockwave Player (Version: 11.0)
AMR to MP3 Converter 1.4
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
AST Android SMS Transfer 1.5
Atheros Driver Installation Program (Version: 5.2)
Audacity 2.0.3 (Version: 2.0.3)
CCleaner (Version: 4.00)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HD Audio (Version: 4.58.0.0)
CyberLink DVD Suite (Version: 6.0.2203)
Dynex mini card reader (Version: 2.01.04.02)
EasyCapture 1.0.0.0
EditPad Pro 7 DEMO 7.2.3 (Version: DEMO 7.2.3)
ESU for Microsoft Vista (Version: 1.0.0)
HDAUDIO Soft Data Fax Modem with SmartCP
HP Active Support Library (Version: 3.1.9.1)
HP Customer Experience Enhancements (Version: 5.7.0.2664)
HP Doc Viewer (Version: 1.03.0001)
HP DVD Play 3.7 (Version: 3.7.0.5723)
HP Help and Support (Version: 2.1.1.0)
HP Quick Launch Buttons 6.40 H2 (Version: 6.40 H2)
HP Total Care Advisor (Version: 2.4.4941.2798)
HP Total Care Setup (Version: 1.1.1983.2818)
HP Update (Version: 4.000.010.008)
HP User Guides 0118 (Version: 1.01.0000)
HP Wireless Assistant (Version: 3.00 K2)
HPAsset component for HP Active Support Library (Version: 2.0.64.3)
HPNetworkAssistant (Version: 1.1.70)
iTunes (Version: 11.0.1.12)
LabelPrint (Version: 2.5.0926)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Live Search Toolbar (Version: 3.0.541.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee Reveal (Version: 7.0.35.6951)
My HP Games (Version: 1.0.0.62)
NetWaiting (Version: 2.5.52)
NVIDIA Drivers (Version: 1.5)
OSForensics
Pod to PC 4.012
Power2Go (Version: 6.0.2202)
PowerDirector (Version: 7.0.2201)
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.69.80.9)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.2380.0)
SQLite ODBC Driver (remove only)
Synaptics Pointing Device Driver (Version: 11.1.3.0)
Ulead VideoStudio SE DVD (Version: 10.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
USB2.0 Capture Device (Version: 1.0.3.0)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
WinZip 15.0 (Version: 15.0.9411)
Yahoo! Detect
ZoneAlarm LTD Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 14%
Total physical RAM: 2813.69 MB
Available physical RAM: 2397.08 MB
Total Pagefile: 5837.84 MB
Available Pagefile: 5589.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.79 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:138.69 GB) (Free:65.48 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10.36 GB) (Free:1.22 GB) NTFS
4 Drive f: () (Removable) (Total:3.73 GB) (Free:3.02 GB) FAT32

========================= Users: ========================================

User accounts for \\AKB-PC

Administrator AKB Guest


**** End of log ****


-------------------------------------------------------------------------------------------------------------------------------

21:03:50.0195 0948 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
21:03:50.0507 0948 ============================================================
21:03:50.0507 0948 Current date / time: 2013/07/28 21:03:50.0507
21:03:50.0507 0948 SystemInfo:
21:03:50.0507 0948
21:03:50.0507 0948 OS Version: 6.0.6002 ServicePack: 2.0
21:03:50.0507 0948 Product type: Workstation
21:03:50.0507 0948 ComputerName: AKB-PC
21:03:50.0507 0948 UserName: AKB
21:03:50.0507 0948 Windows directory: C:\Windows
21:03:50.0507 0948 System windows directory: C:\Windows
21:03:50.0507 0948 Processor architecture: Intel x86
21:03:50.0507 0948 Number of processors: 1
21:03:50.0507 0948 Page size: 0x1000
21:03:50.0507 0948 Boot type: Safe boot with network
21:03:50.0507 0948 ============================================================
21:03:51.0645 0948 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:03:51.0645 0948 Drive \Device\Harddisk1\DR1 - Size: 0xEEB00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:03:51.0645 0948 ============================================================
21:03:51.0645 0948 \Device\Harddisk0\DR0:
21:03:51.0645 0948 MBR partitions:
21:03:51.0645 0948 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x11560800
21:03:51.0645 0948 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11561000, BlocksNum 0x14B7000
21:03:51.0645 0948 \Device\Harddisk1\DR1:
21:03:51.0645 0948 MBR partitions:
21:03:51.0645 0948 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7757E0
21:03:51.0645 0948 ============================================================
21:03:51.0692 0948 C: <-> \Device\Harddisk0\DR0\Partition1
21:03:51.0755 0948 D: <-> \Device\Harddisk0\DR0\Partition2
21:03:51.0755 0948 ============================================================
21:03:51.0755 0948 Initialize success
21:03:51.0755 0948 ============================================================
21:04:27.0323 1332 ============================================================
21:04:27.0323 1332 Scan started
21:04:27.0323 1332 Mode: Manual; TDLFS;
21:04:27.0323 1332 ============================================================
21:04:30.0926 1332 ================ Scan system memory ========================
21:04:30.0926 1332 System memory - ok
21:04:31.0207 1332 ================ Scan services =============================
21:04:32.0174 1332 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
21:04:32.0174 1332 ACPI - ok
21:04:32.0502 1332 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:04:32.0502 1332 adp94xx - ok
21:04:32.0798 1332 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:04:32.0798 1332 adpahci - ok
21:04:32.0814 1332 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
21:04:32.0829 1332 adpu160m - ok
21:04:33.0110 1332 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:04:33.0110 1332 adpu320 - ok
21:04:33.0438 1332 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:04:33.0438 1332 AeLookupSvc - ok
21:04:33.0765 1332 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
21:04:33.0781 1332 AFD - ok
21:04:34.0093 1332 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:04:34.0093 1332 agp440 - ok
21:04:34.0389 1332 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:04:34.0389 1332 aic78xx - ok
21:04:34.0421 1332 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
21:04:34.0421 1332 ALG - ok
21:04:34.0436 1332 [ 3D76FDA1A10ACC3DC84728F55C29B6D4 ] aliide C:\Windows\system32\drivers\aliide.sys
21:04:34.0436 1332 aliide - ok
21:04:34.0748 1332 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:04:34.0748 1332 amdagp - ok
21:04:34.0748 1332 [ 5B92E7839F5A1FBC1B39DE67758AD6F8 ] amdide C:\Windows\system32\drivers\amdide.sys
21:04:34.0748 1332 amdide - ok
21:04:35.0045 1332 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
21:04:35.0045 1332 AmdK7 - ok
21:04:35.0341 1332 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:04:35.0341 1332 AmdK8 - ok
21:04:35.0669 1332 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
21:04:35.0669 1332 Appinfo - ok
21:04:36.0043 1332 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:04:36.0043 1332 Apple Mobile Device - ok
21:04:36.0651 1332 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
21:04:36.0651 1332 arc - ok
21:04:36.0667 1332 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:04:36.0667 1332 arcsas - ok
21:04:36.0963 1332 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:04:36.0963 1332 AsyncMac - ok
21:04:36.0995 1332 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
21:04:36.0995 1332 atapi - ok
21:04:37.0603 1332 [ 02D34AC487DF3DA4E3F01874E61EB619 ] athr C:\Windows\system32\DRIVERS\athr.sys
21:04:37.0619 1332 athr - ok
21:04:37.0931 1332 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:04:37.0931 1332 AudioEndpointBuilder - ok
21:04:38.0227 1332 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:04:38.0243 1332 Audiosrv - ok
21:04:38.0586 1332 BBFBDJX - ok
21:04:38.0898 1332 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
21:04:38.0898 1332 Beep - ok
21:04:39.0225 1332 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
21:04:39.0225 1332 BFE - ok
21:04:39.0849 1332 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
21:04:39.0849 1332 BITS - ok
21:04:39.0865 1332 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:04:39.0865 1332 blbdrive - ok
21:04:40.0177 1332 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:04:40.0177 1332 bowser - ok
21:04:40.0473 1332 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
21:04:40.0473 1332 BrFiltLo - ok
21:04:40.0505 1332 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
21:04:40.0505 1332 BrFiltUp - ok
21:04:40.0801 1332 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
21:04:40.0801 1332 Browser - ok
21:04:40.0817 1332 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
21:04:40.0817 1332 Brserid - ok
21:04:40.0832 1332 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
21:04:40.0832 1332 BrSerWdm - ok
21:04:41.0144 1332 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
21:04:41.0144 1332 BrUsbMdm - ok
21:04:41.0160 1332 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
21:04:41.0160 1332 BrUsbSer - ok
21:04:41.0456 1332 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:04:41.0456 1332 BTHMODEM - ok
21:04:41.0768 1332 catchme - ok
21:04:41.0784 1332 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:04:41.0784 1332 cdfs - ok
21:04:42.0111 1332 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:04:42.0111 1332 cdrom - ok
21:04:42.0423 1332 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
21:04:42.0423 1332 CertPropSvc - ok
21:04:42.0439 1332 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
21:04:42.0439 1332 circlass - ok
21:04:43.0016 1332 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
21:04:43.0032 1332 CLFS - ok
21:04:43.0344 1332 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:04:43.0344 1332 clr_optimization_v2.0.50727_32 - ok
21:04:43.0391 1332 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:04:43.0391 1332 CmBatt - ok
21:04:43.0687 1332 [ D36372A6EA6805EFBE8884D10772313F ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:04:43.0687 1332 cmdide - ok
21:04:43.0999 1332 [ 1ADF6F4852E7D7E2E8AC481BDB970586 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
21:04:44.0015 1332 CnxtHdAudService - ok
21:04:44.0342 1332 [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
21:04:44.0342 1332 Com4QLBEx - ok
21:04:44.0639 1332 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:04:44.0639 1332 Compbatt - ok
21:04:44.0654 1332 COMSysApp - ok
21:04:44.0670 1332 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:04:44.0670 1332 crcdisk - ok
21:04:44.0966 1332 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
21:04:44.0966 1332 Crusoe - ok
21:04:45.0294 1332 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:04:45.0294 1332 CryptSvc - ok
21:04:45.0918 1332 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:04:45.0933 1332 DcomLaunch - ok
21:04:46.0230 1332 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:04:46.0245 1332 DfsC - ok
21:04:46.0869 1332 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
21:04:47.0213 1332 DFSR - ok
21:04:47.0540 1332 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
21:04:47.0540 1332 Dhcp - ok
21:04:47.0852 1332 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
21:04:47.0852 1332 disk - ok
21:04:48.0164 1332 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:04:48.0164 1332 Dnscache - ok
21:04:48.0476 1332 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:04:48.0476 1332 dot3svc - ok
21:04:48.0788 1332 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
21:04:48.0804 1332 DPS - ok
21:04:48.0835 1332 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:04:49.0412 1332 drmkaud - ok
21:04:49.0755 1332 [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:04:49.0771 1332 DXGKrnl - ok
21:04:50.0099 1332 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
21:04:50.0099 1332 E1G60 - ok
21:04:50.0395 1332 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
21:04:50.0411 1332 EapHost - ok
21:04:50.0707 1332 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
21:04:50.0723 1332 Ecache - ok
21:04:51.0035 1332 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:04:51.0050 1332 elxstor - ok
21:04:51.0347 1332 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
21:04:51.0362 1332 EMDMgmt - ok
21:04:51.0378 1332 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:04:51.0378 1332 ErrDev - ok
21:04:51.0690 1332 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
21:04:51.0986 1332 EventSystem - ok
21:04:52.0298 1332 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
21:04:52.0314 1332 exfat - ok
21:04:52.0329 1332 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:04:52.0345 1332 fastfat - ok
21:04:52.0657 1332 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:04:52.0657 1332 fdc - ok
21:04:52.0673 1332 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
21:04:52.0953 1332 fdPHost - ok
21:04:52.0969 1332 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
21:04:52.0969 1332 FDResPub - ok
21:04:53.0265 1332 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:04:53.0577 1332 FileInfo - ok
21:04:53.0609 1332 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:04:53.0609 1332 Filetrace - ok
21:04:53.0624 1332 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:04:53.0624 1332 flpydisk - ok
21:04:53.0936 1332 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:04:53.0936 1332 FltMgr - ok
21:04:54.0560 1332 [ 452FEAAB2A8DBB42ED751754CB2594F5 ] FontCache C:\Windows\system32\FntCache.dll
21:04:54.0872 1332 FontCache - ok
21:04:55.0184 1332 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:04:55.0200 1332 FontCache3.0.0.0 - ok
21:04:55.0231 1332 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:04:55.0231 1332 Fs_Rec - ok
21:04:55.0808 1332 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:04:55.0824 1332 gagp30kx - ok
21:04:56.0136 1332 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
21:04:56.0151 1332 GameConsoleService - ok
21:04:56.0463 1332 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:04:56.0463 1332 GEARAspiWDM - ok
21:04:56.0510 1332 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
21:04:56.0791 1332 gpsvc - ok
21:04:57.0119 1332 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:04:57.0134 1332 HdAudAddService - ok
21:04:57.0446 1332 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:04:57.0462 1332 HDAudBus - ok
21:04:57.0743 1332 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:04:57.0758 1332 HidBth - ok
21:04:57.0789 1332 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
21:04:57.0789 1332 HidIr - ok
21:04:58.0086 1332 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
21:04:58.0086 1332 hidserv - ok
21:04:58.0398 1332 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:04:58.0398 1332 HidUsb - ok
21:04:58.0710 1332 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:04:58.0710 1332 hkmsvc - ok
21:04:59.0022 1332 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
21:04:59.0037 1332 HP Health Check Service - ok
21:04:59.0069 1332 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
21:04:59.0069 1332 HpCISSs - ok
21:04:59.0365 1332 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:04:59.0365 1332 HpqKbFiltr - ok
21:04:59.0677 1332 [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
21:04:59.0677 1332 hpqwmiex - ok
21:05:00.0301 1332 [ CC267848CB3508E72762BE65734E764D ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:05:00.0348 1332 HSF_DPV - ok
21:05:00.0629 1332 [ A2882945CC4B6E3E4E9E825590438888 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:05:00.0644 1332 HSXHWAZL - ok
21:05:00.0972 1332 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:05:00.0972 1332 HTTP - ok
21:05:01.0299 1332 HVRAWXZHUTPT - ok
21:05:01.0596 1332 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
21:05:01.0611 1332 i2omp - ok
21:05:01.0923 1332 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:05:01.0923 1332 i8042prt - ok
21:05:02.0235 1332 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
21:05:02.0532 1332 iaStorV - ok
21:05:02.0875 1332 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:05:02.0875 1332 IDriverT - ok
21:05:03.0203 1332 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:05:03.0499 1332 idsvc - ok
21:05:03.0530 1332 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:05:03.0530 1332 iirsp - ok
21:05:03.0858 1332 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
21:05:04.0154 1332 IKEEXT - ok
21:05:04.0170 1332 IN - ok
21:05:04.0185 1332 [ DD512A049BD7B4BCE8A83554C5EFF2C1 ] intelide C:\Windows\system32\drivers\intelide.sys
21:05:04.0185 1332 intelide - ok
21:05:04.0482 1332 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:05:04.0763 1332 intelppm - ok
21:05:04.0794 1332 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:05:04.0809 1332 IPBusEnum - ok
21:05:05.0090 1332 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:05:05.0106 1332 IpFilterDriver - ok
21:05:05.0137 1332 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:05:05.0137 1332 iphlpsvc - ok
21:05:05.0433 1332 IpInIp - ok
21:05:05.0465 1332 IPLCJYOCV - ok
21:05:06.0042 1332 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
21:05:06.0057 1332 IPMIDRV - ok
21:05:06.0073 1332 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
21:05:06.0089 1332 IPNAT - ok
21:05:06.0416 1332 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:05:06.0416 1332 iPod Service - ok
21:05:06.0713 1332 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:05:06.0713 1332 IRENUM - ok
21:05:06.0744 1332 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:05:06.0744 1332 isapnp - ok
21:05:07.0040 1332 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:05:07.0040 1332 iScsiPrt - ok
21:05:07.0352 1332 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
21:05:07.0352 1332 iteatapi - ok
21:05:07.0368 1332 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
21:05:07.0368 1332 iteraid - ok
21:05:07.0680 1332 [ 67390C4565772D4BFA996C40D8319954 ] ivusb C:\Windows\system32\DRIVERS\ivusb.sys
21:05:07.0695 1332 ivusb - ok
21:05:07.0976 1332 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:05:07.0976 1332 kbdclass - ok
21:05:08.0007 1332 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:05:08.0007 1332 kbdhid - ok
21:05:08.0304 1332 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
21:05:08.0319 1332 KeyIso - ok
21:05:08.0631 1332 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:05:08.0631 1332 KSecDD - ok
21:05:08.0959 1332 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
21:05:08.0975 1332 KtmRm - ok
21:05:09.0287 1332 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
21:05:09.0583 1332 LanmanServer - ok
21:05:09.0895 1332 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:05:09.0911 1332 LanmanWorkstation - ok
21:05:10.0207 1332 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:05:10.0223 1332 lltdio - ok
21:05:10.0254 1332 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:05:10.0254 1332 lltdsvc - ok
21:05:10.0566 1332 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:05:10.0566 1332 lmhosts - ok
21:05:10.0862 1332 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:05:10.0878 1332 LSI_FC - ok
21:05:11.0174 1332 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:05:11.0205 1332 LSI_SAS - ok
21:05:11.0502 1332 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:05:11.0502 1332 LSI_SCSI - ok
21:05:11.0533 1332 LSVAOUHC - ok
21:05:11.0533 1332 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
21:05:11.0814 1332 luafv - ok
21:05:11.0861 1332 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:05:11.0861 1332 mdmxsdk - ok
21:05:12.0141 1332 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
21:05:12.0157 1332 megasas - ok
21:05:12.0469 1332 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
21:05:12.0765 1332 MegaSR - ok
21:05:12.0797 1332 MFE_RR - ok
21:05:13.0093 1332 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
21:05:13.0109 1332 MMCSS - ok
21:05:13.0124 1332 MMPSY - ok
21:05:13.0421 1332 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
21:05:13.0436 1332 Modem - ok
21:05:13.0748 1332 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:05:13.0748 1332 monitor - ok
21:05:14.0045 1332 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:05:14.0045 1332 mouclass - ok
21:05:14.0060 1332 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:05:14.0060 1332 mouhid - ok
21:05:14.0091 1332 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
21:05:14.0091 1332 MountMgr - ok
21:05:14.0388 1332 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
21:05:14.0403 1332 mpio - ok
21:05:14.0419 1332 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:05:14.0419 1332 mpsdrv - ok
21:05:15.0027 1332 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
21:05:15.0339 1332 MpsSvc - ok
21:05:15.0339 1332 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
21:05:15.0339 1332 Mraid35x - ok
21:05:15.0651 1332 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:05:15.0667 1332 MRxDAV - ok
21:05:15.0698 1332 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:05:15.0698 1332 mrxsmb - ok
21:05:16.0275 1332 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:05:16.0291 1332 mrxsmb10 - ok
21:05:16.0322 1332 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:05:16.0322 1332 mrxsmb20 - ok
21:05:16.0650 1332 [ AA305CFF241DA187BD5077DE4A2A043D ] msahci C:\Windows\system32\drivers\msahci.sys
21:05:16.0650 1332 msahci - ok
21:05:16.0946 1332 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:05:16.0946 1332 msdsm - ok
21:05:16.0977 1332 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
21:05:16.0977 1332 MSDTC - ok
21:05:17.0555 1332 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:05:17.0570 1332 Msfs - ok
21:05:17.0586 1332 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:05:17.0586 1332 msisadrv - ok
21:05:17.0882 1332 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:05:17.0898 1332 MSiSCSI - ok
21:05:17.0913 1332 msiserver - ok
21:05:18.0210 1332 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:05:18.0225 1332 MSKSSRV - ok
21:05:18.0241 1332 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:05:18.0241 1332 MSPCLOCK - ok
21:05:18.0537 1332 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:05:18.0553 1332 MSPQM - ok
21:05:18.0849 1332 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:05:18.0865 1332 MsRPC - ok
21:05:19.0161 1332 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:05:19.0161 1332 mssmbios - ok
21:05:19.0177 1332 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:05:19.0177 1332 MSTEE - ok
21:05:19.0208 1332 MT - ok
21:05:19.0505 1332 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
21:05:19.0505 1332 Mup - ok
21:05:19.0817 1332 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
21:05:19.0832 1332 napagent - ok
21:05:20.0144 1332 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:05:20.0441 1332 NativeWifiP - ok
21:05:20.0487 1332 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:05:20.0487 1332 NDIS - ok
21:05:20.0799 1332 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:05:20.0799 1332 NdisTapi - ok
21:05:21.0096 1332 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:05:21.0111 1332 Ndisuio - ok
21:05:21.0408 1332 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:05:21.0720 1332 NdisWan - ok
21:05:21.0751 1332 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:05:21.0751 1332 NDProxy - ok
21:05:21.0767 1332 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:05:21.0767 1332 NetBIOS - ok
21:05:22.0079 1332 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
21:05:22.0079 1332 netbt - ok
21:05:22.0094 1332 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
21:05:22.0094 1332 Netlogon - ok
21:05:22.0687 1332 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
21:05:22.0718 1332 Netman - ok
21:05:23.0030 1332 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
21:05:23.0030 1332 netprofm - ok
21:05:23.0327 1332 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:05:23.0342 1332 NetTcpPortSharing - ok
21:05:23.0966 1332 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
21:05:24.0294 1332 NETw3v32 - ok
21:05:24.0325 1332 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:05:24.0325 1332 nfrd960 - ok
21:05:24.0621 1332 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:05:24.0637 1332 NlaSvc - ok
21:05:24.0933 1332 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:05:24.0949 1332 Npfs - ok
21:05:25.0230 1332 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
21:05:25.0245 1332 nsi - ok
21:05:25.0261 1332 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:05:25.0261 1332 nsiproxy - ok
21:05:25.0573 1332 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:05:25.0604 1332 Ntfs - ok
21:05:25.0885 1332 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
21:05:25.0901 1332 ntrigdigi - ok
21:05:25.0916 1332 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
21:05:25.0916 1332 Null - ok
21:05:26.0525 1332 [ AE78A7285DF03A277415FC62F8CE8F24 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
21:05:26.0525 1332 NVENETFD - ok
21:05:26.0556 1332 [ B0DD52428BF564F5FC5EE331060BE2A6 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
21:05:26.0837 1332 NVHDA - ok
21:05:28.0147 1332 [ 9DAC05D828E56801FD6CE5FDFCED64AF ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:05:30.0066 1332 nvlddmkm - ok
21:05:30.0362 1332 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:05:30.0378 1332 nvraid - ok
21:05:30.0674 1332 [ 0FB6BF3AB170FC5BD403D25E134EAFDE ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
21:05:30.0674 1332 nvsmu - ok
21:05:30.0690 1332 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:05:30.0690 1332 nvstor - ok
21:05:30.0721 1332 [ 51E7F2C26B6ECE61C5241F1F731EAB2B ] nvsvc C:\Windows\system32\nvvsvc.exe
21:05:31.0017 1332 nvsvc - ok
21:05:31.0049 1332 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:05:31.0049 1332 nv_agp - ok
21:05:31.0329 1332 NwlnkFlt - ok
21:05:31.0345 1332 NwlnkFwd - ok
21:05:32.0000 1332 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:05:32.0297 1332 odserv - ok
21:05:32.0609 1332 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
21:05:32.0905 1332 ohci1394 - ok
21:05:32.0952 1332 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:05:32.0952 1332 ose - ok
21:05:33.0279 1332 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
21:05:33.0576 1332 p2pimsvc - ok
21:05:33.0607 1332 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
21:05:33.0888 1332 p2psvc - ok
21:05:34.0184 1332 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
21:05:34.0200 1332 Parport - ok
21:05:34.0512 1332 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:05:34.0527 1332 partmgr - ok
21:05:34.0559 1332 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
21:05:34.0559 1332 Parvdm - ok
21:05:34.0855 1332 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
21:05:34.0855 1332 PcaSvc - ok
21:05:34.0886 1332 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
21:05:34.0886 1332 pci - ok
21:05:35.0183 1332 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
21:05:35.0463 1332 pciide - ok
21:05:35.0495 1332 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:05:35.0510 1332 pcmcia - ok
21:05:35.0822 1332 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:05:36.0119 1332 PEAUTH - ok
21:05:36.0462 1332 PJVJS - ok
21:05:36.0774 1332 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
21:05:37.0086 1332 pla - ok
21:05:37.0398 1332 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:05:37.0413 1332 PlugPlay - ok
21:05:37.0445 1332 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
21:05:37.0725 1332 PNRPAutoReg - ok
21:05:38.0037 1332 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
21:05:38.0037 1332 PNRPsvc - ok
21:05:38.0349 1332 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:05:38.0365 1332 PolicyAgent - ok
21:05:38.0396 1332 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:05:38.0396 1332 PptpMiniport - ok
21:05:38.0693 1332 PRKZKZMIVRW - ok
21:05:38.0708 1332 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:05:38.0724 1332 Processor - ok
21:05:39.0332 1332 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
21:05:39.0348 1332 ProfSvc - ok
21:05:39.0644 1332 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
21:05:39.0644 1332 ProtectedStorage - ok
21:05:39.0675 1332 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
21:05:39.0675 1332 PSched - ok
21:05:40.0003 1332 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:05:40.0299 1332 ql2300 - ok
21:05:40.0611 1332 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:05:40.0611 1332 ql40xx - ok
21:05:40.0908 1332 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
21:05:40.0923 1332 QWAVE - ok
21:05:40.0939 1332 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:05:40.0939 1332 QWAVEdrv - ok
21:05:40.0955 1332 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:05:40.0955 1332 RasAcd - ok
21:05:41.0251 1332 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
21:05:41.0267 1332 RasAuto - ok
21:05:41.0563 1332 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:05:41.0579 1332 Rasl2tp - ok
21:05:41.0875 1332 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
21:05:41.0906 1332 RasMan - ok
21:05:42.0203 1332 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:05:42.0218 1332 RasPppoe - ok
21:05:42.0234 1332 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:05:42.0234 1332 RasSstp - ok
21:05:42.0546 1332 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:05:42.0546 1332 rdbss - ok
21:05:42.0842 1332 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:05:42.0858 1332 RDPCDD - ok
21:05:43.0170 1332 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
21:05:43.0185 1332 rdpdr - ok
21:05:43.0185 1332 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:05:43.0466 1332 RDPENCDD - ok
21:05:43.0513 1332 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:05:43.0513 1332 RDPWD - ok
21:05:44.0137 1332 [ 0D362785BEF9BDF5A6E1F4628D06716D ] Recovery Service for Windows C:\Program Files\SMINST\BLService.exe
21:05:44.0418 1332 Recovery Service for Windows - ok
21:05:44.0465 1332 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:05:44.0745 1332 RemoteAccess - ok
21:05:44.0777 1332 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:05:44.0777 1332 RemoteRegistry - ok
21:05:45.0120 1332 [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
21:05:45.0120 1332 RichVideo - ok
21:05:45.0713 1332 [ 616EAC1B0E48B236A5A9B8AE07FDB81C ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
21:05:45.0728 1332 RimUsb - ok
21:05:46.0025 1332 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
21:05:46.0040 1332 RimVSerPort - ok
21:05:46.0071 1332 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
21:05:46.0071 1332 ROOTMODEM - ok
21:05:46.0383 1332 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
21:05:46.0383 1332 RpcLocator - ok
21:05:46.0680 1332 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
21:05:46.0695 1332 RpcSs - ok
21:05:46.0992 1332 [ CE38E6283906D9F69903520562A484D7 ] rspMMFS C:\Windows\system32\DRIVERS\RspMmFs.sys
21:05:47.0007 1332 rspMMFS - ok
21:05:47.0023 1332 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:05:47.0319 1332 rspndr - ok
21:05:47.0631 1332 [ DDF98103B86550428B2051897188BBDB ] rspSanity C:\Windows\system32\DRIVERS\rspSanity32.sys
21:05:47.0647 1332 rspSanity - ok
21:05:47.0678 1332 [ 68880C3B3C23F828B2D3F4FA22483457 ] rspUndeluxe C:\Windows\system32\DRIVERS\rspUnd32.sys
21:05:47.0678 1332 rspUndeluxe - ok
21:05:48.0271 1332 [ A1D1D3A6C17A084F13C3A5ED253D42FA ] RTL8187 C:\Windows\system32\DRIVERS\RTL8187.sys
21:05:48.0302 1332 RTL8187 - ok
21:05:48.0599 1332 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
21:05:48.0599 1332 SamSs - ok
21:05:48.0926 1332 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:05:48.0942 1332 sbp2port - ok
21:05:49.0238 1332 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:05:49.0254 1332 SCardSvr - ok
21:05:49.0566 1332 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
21:05:49.0878 1332 Schedule - ok
21:05:49.0893 1332 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:05:49.0893 1332 SCPolicySvc - ok
21:05:50.0190 1332 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
21:05:50.0237 1332 sdbus - ok
21:05:50.0814 1332 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:05:50.0829 1332 SDRSVC - ok
21:05:50.0845 1332 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:05:50.0845 1332 secdrv - ok
21:05:51.0141 1332 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
21:05:51.0157 1332 seclogon - ok
21:05:51.0173 1332 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
21:05:51.0173 1332 SENS - ok
21:05:51.0188 1332 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
21:05:51.0188 1332 Serenum - ok
21:05:51.0485 1332 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
21:05:51.0500 1332 Serial - ok
21:05:51.0516 1332 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:05:51.0516 1332 sermouse - ok
21:05:52.0109 1332 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
21:05:52.0140 1332 SessionEnv - ok
21:05:52.0171 1332 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:05:52.0171 1332 sffdisk - ok
21:05:52.0202 1332 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:05:52.0202 1332 sffp_mmc - ok
21:05:52.0483 1332 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:05:52.0499 1332 sffp_sd - ok
21:05:52.0499 1332 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:05:52.0514 1332 sfloppy - ok
21:05:52.0826 1332 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:05:52.0842 1332 SharedAccess - ok
21:05:52.0857 1332 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:05:53.0154 1332 ShellHWDetection - ok
21:05:53.0185 1332 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:05:53.0185 1332 sisagp - ok
21:05:53.0481 1332 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
21:05:53.0481 1332 SiSRaid2 - ok
21:05:53.0497 1332 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:05:53.0497 1332 SiSRaid4 - ok
21:05:54.0417 1332 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
21:05:54.0776 1332 slsvc - ok
21:05:55.0088 1332 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
21:05:55.0088 1332 SLUINotify - ok
21:05:55.0119 1332 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:05:55.0119 1332 Smb - ok
21:05:55.0697 1332 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:05:55.0712 1332 SNMPTRAP - ok
21:05:55.0743 1332 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
21:05:55.0743 1332 spldr - ok
21:05:56.0071 1332 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
21:05:56.0071 1332 Spooler - ok
21:05:56.0399 1332 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:05:56.0679 1332 srv - ok
21:05:56.0991 1332 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:05:57.0007 1332 srv2 - ok
21:05:57.0319 1332 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:05:57.0335 1332 srvnet - ok
21:05:57.0631 1332 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:05:57.0647 1332 SSDPSRV - ok
21:05:57.0678 1332 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:05:57.0678 1332 SstpSvc - ok
21:05:58.0271 1332 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
21:05:58.0302 1332 stisvc - ok
21:05:58.0629 1332 [ 69A926DBCA12046633E3D6E6D46E7087 ] StkAMini C:\Windows\system32\Drivers\StkAMini.sys
21:05:58.0629 1332 StkAMini - ok
21:05:58.0941 1332 [ 5CCFE3B03F97005D221BA897C9A20B38 ] StkASSrv C:\Windows\System32\StkASv2K.exe
21:05:58.0941 1332 StkASSrv - ok
21:05:59.0238 1332 [ 83406FB18CB0ABFEC501ADD986D63572 ] StkScan C:\Windows\system32\Drivers\StkScan.sys
21:05:59.0253 1332 StkScan - ok
21:05:59.0534 1332 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:05:59.0534 1332 swenum - ok
21:05:59.0581 1332 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
21:05:59.0877 1332 swprv - ok
21:05:59.0893 1332 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
21:05:59.0893 1332 Symc8xx - ok
21:05:59.0909 1332 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
21:05:59.0909 1332 Sym_hi - ok
21:06:00.0221 1332 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
21:06:00.0221 1332 Sym_u3 - ok
21:06:00.0829 1332 [ 00B19F27858F56181EDB58B71A7C67A0 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:06:00.0829 1332 SynTP - ok
21:06:01.0157 1332 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
21:06:01.0172 1332 SysMain - ok
21:06:01.0484 1332 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:06:01.0484 1332 TabletInputService - ok
21:06:01.0796 1332 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:06:02.0093 1332 TapiSrv - ok
21:06:02.0108 1332 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
21:06:02.0108 1332 TBS - ok
21:06:02.0436 1332 [ 3535CD93F944C00F098E73E12EE7FEB6 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:06:02.0451 1332 Tcpip - ok
21:06:02.0779 1332 [ 3535CD93F944C00F098E73E12EE7FEB6 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
21:06:02.0779 1332 Tcpip6 - ok
21:06:03.0356 1332 [ CD21572F83F7EC6E2C20C465967BEDD9 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:06:03.0372 1332 tcpipreg - ok
21:06:03.0403 1332 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:06:03.0403 1332 TDPIPE - ok
21:06:03.0715 1332 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:06:03.0715 1332 TDTCP - ok
21:06:03.0731 1332 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:06:04.0011 1332 tdx - ok
21:06:04.0058 1332 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:06:04.0058 1332 TermDD - ok
21:06:04.0651 1332 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
21:06:04.0682 1332 TermService - ok
21:06:04.0994 1332 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
21:06:04.0994 1332 Themes - ok
21:06:05.0010 1332 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
21:06:05.0010 1332 THREADORDER - ok
21:06:05.0337 1332 [ 5BA5625C93E63B5CE6A0E2E256A12843 ] tmrkb C:\Windows\system32\DRIVERS\tmrkb.sys
21:06:05.0618 1332 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tmrkb.sys. Real md5: 5BA5625C93E63B5CE6A0E2E256A12843, Fake md5: 28F4E07081F486375713237B404BB830
21:06:05.0618 1332 tmrkb ( ForgedFile.Multi.Generic ) - warning
21:06:05.0634 1332 tmrkb - detected ForgedFile.Multi.Generic (1)
21:06:05.0930 1332 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
21:06:06.0242 1332 TrkWks - ok
21:06:06.0570 1332 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:06:06.0585 1332 TrustedInstaller - ok
21:06:06.0601 1332 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:06:06.0601 1332 tssecsrv - ok
21:06:06.0913 1332 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
21:06:07.0194 1332 tunmp - ok
21:06:07.0241 1332 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:06:07.0241 1332 tunnel - ok
21:06:07.0553 1332 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:06:07.0553 1332 uagp35 - ok
21:06:07.0568 1332 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:06:07.0849 1332 udfs - ok
21:06:07.0896 1332 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:06:07.0896 1332 UI0Detect - ok
21:06:08.0816 1332 [ F13DA74969897359A88F2A739F54A250 ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
21:06:08.0816 1332 UleadBurningHelper - ok
21:06:08.0847 1332 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:06:09.0144 1332 uliagpkx - ok
21:06:09.0175 1332 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
21:06:09.0175 1332 uliahci - ok
21:06:09.0471 1332 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
21:06:09.0471 1332 UlSata - ok
21:06:09.0768 1332 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
21:06:09.0783 1332 ulsata2 - ok
21:06:10.0080 1332 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:06:10.0095 1332 umbus - ok
21:06:10.0127 1332 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
21:06:10.0127 1332 upnphost - ok
21:06:10.0454 1332 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
21:06:10.0454 1332 USBAAPL - ok
21:06:11.0078 1332 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:06:11.0078 1332 usbaudio - ok
21:06:11.0390 1332 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:06:11.0390 1332 usbccgp - ok
21:06:11.0687 1332 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:06:11.0702 1332 usbcir - ok
21:06:12.0014 1332 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:06:12.0030 1332 usbehci - ok
21:06:12.0326 1332 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:06:12.0342 1332 usbhub - ok
21:06:12.0654 1332 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:06:12.0654 1332 usbohci - ok
21:06:12.0685 1332 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:06:12.0685 1332 usbprint - ok
21:06:12.0981 1332 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:06:12.0981 1332 USBSTOR - ok
21:06:13.0013 1332 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:06:13.0013 1332 usbuhci - ok
21:06:13.0605 1332 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:06:13.0621 1332 usbvideo - ok
21:06:13.0917 1332 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
21:06:13.0933 1332 UxSms - ok
21:06:14.0261 1332 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
21:06:14.0276 1332 vds - ok
21:06:14.0292 1332 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:06:14.0292 1332 vga - ok
21:06:14.0588 1332 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
21:06:14.0869 1332 VgaSave - ok
21:06:14.0900 1332 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:06:14.0900 1332 viaagp - ok
21:06:14.0916 1332 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
21:06:15.0197 1332 ViaC7 - ok
21:06:15.0228 1332 [ EA1AA6E3ABB3C194FEBA12A46DE8CF2C ] viaide C:\Windows\system32\drivers\viaide.sys
21:06:15.0524 1332 viaide - ok
21:06:15.0555 1332 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:06:15.0555 1332 volmgr - ok
21:06:15.0852 1332 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:06:16.0148 1332 volmgrx - ok
21:06:16.0476 1332 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:06:16.0491 1332 volsnap - ok
21:06:16.0523 1332 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:06:16.0523 1332 vsmraid - ok
21:06:17.0131 1332 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
21:06:17.0443 1332 VSS - ok
21:06:18.0083 1332 [ B5E9EEC0D4EB06C777E2DA34D79D73B9 ] VZWCTDVB C:\Users\AKB\AppData\Local\Temp\VZWCTDVB.exe
21:06:18.0114 1332 VZWCTDVB - ok
21:06:18.0410 1332 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
21:06:18.0722 1332 W32Time - ok
21:06:18.0753 1332 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:06:18.0753 1332 WacomPen - ok
21:06:19.0065 1332 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:06:19.0065 1332 Wanarp - ok
21:06:19.0065 1332 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:06:19.0065 1332 Wanarpv6 - ok
21:06:19.0377 1332 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:06:19.0393 1332 wcncsvc - ok
21:06:19.0689 1332 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:06:19.0705 1332 WcsPlugInService - ok
21:06:20.0001 1332 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
21:06:20.0001 1332 Wd - ok
21:06:20.0313 1332 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
21:06:20.0329 1332 WDC_SAM - ok
21:06:20.0657 1332 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:06:20.0672 1332 Wdf01000 - ok
21:06:20.0688 1332 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:06:20.0984 1332 WdiServiceHost - ok
21:06:21.0281 1332 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:06:21.0281 1332 WdiSystemHost - ok
21:06:21.0312 1332 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
21:06:21.0593 1332 WebClient - ok
21:06:21.0624 1332 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:06:21.0624 1332 Wecsvc - ok
21:06:21.0920 1332 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:06:21.0936 1332 wercplsupport - ok
21:06:21.0967 1332 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
21:06:21.0967 1332 WerSvc - ok
21:06:22.0560 1332 [ 0ACD399F5DB3DF1B58903CF4949AB5A8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:06:22.0887 1332 winachsf - ok
21:06:23.0199 1332 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:06:23.0215 1332 WinDefend - ok
21:06:23.0231 1332 WinHttpAutoProxySvc - ok
21:06:23.0839 1332 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:06:23.0870 1332 Winmgmt - ok
21:06:24.0182 1332 [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM C:\Windows\system32\WsmSvc.dll
21:06:24.0479 1332 WinRM - ok
21:06:24.0822 1332 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:06:25.0118 1332 Wlansvc - ok
21:06:25.0149 1332 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:06:25.0149 1332 WmiAcpi - ok
21:06:25.0477 1332 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:06:25.0477 1332 wmiApSrv - ok
21:06:25.0773 1332 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:06:25.0789 1332 WPCSvc - ok
21:06:25.0805 1332 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:06:25.0805 1332 WPDBusEnum - ok
21:06:26.0397 1332 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
21:06:26.0413 1332 WpdUsb - ok
21:06:26.0709 1332 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:06:26.0725 1332 ws2ifsl - ok
21:06:26.0756 1332 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
21:06:26.0756 1332 wscsvc - ok
21:06:27.0053 1332 WSearch - ok
21:06:27.0677 1332 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:06:27.0989 1332 wuauserv - ok
21:06:28.0020 1332 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:06:28.0020 1332 WUDFRd - ok
21:06:28.0332 1332 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:06:28.0332 1332 wudfsvc - ok
21:06:28.0347 1332 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
21:06:28.0363 1332 XAudio - ok
21:06:28.0659 1332 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
21:06:28.0956 1332 XAudioService - ok
21:06:28.0956 1332 XFEKPALZZSAPV - ok
21:06:29.0268 1332 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
21:06:29.0283 1332 yukonwlh - ok
21:06:29.0315 1332 ================ Scan global ===============================
21:06:29.0611 1332 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
21:06:29.0642 1332 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
21:06:29.0939 1332 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
21:06:30.0266 1332 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
21:06:30.0266 1332 [Global] - ok
21:06:30.0266 1332 ================ Scan MBR ==================================
21:06:30.0547 1332 [ 588AE8F0C685C02BA11F30D9CD7E61A0 ] \Device\Harddisk0\DR0
21:06:33.0121 1332 \Device\Harddisk0\DR0 - ok
21:06:33.0121 1332 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
21:06:34.0400 1332 \Device\Harddisk1\DR1 - ok
21:06:34.0416 1332 ================ Scan VBR ==================================
21:06:34.0416 1332 [ 14326105B2484A4B5BA5EBFD20DEB383 ] \Device\Harddisk0\DR0\Partition1
21:06:34.0416 1332 \Device\Harddisk0\DR0\Partition1 - ok
21:06:34.0712 1332 [ D42562B54F6E8E20678411DEBCF922CA ] \Device\Harddisk0\DR0\Partition2
21:06:34.0728 1332 \Device\Harddisk0\DR0\Partition2 - ok
21:06:34.0743 1332 [ 5A740639F7E4841E18BD16B814CABBFC ] \Device\Harddisk1\DR1\Partition1
21:06:34.0743 1332 \Device\Harddisk1\DR1\Partition1 - ok
21:06:34.0743 1332 ============================================================
21:06:34.0743 1332 Scan finished
21:06:34.0743 1332 ============================================================
21:06:34.0759 1752 Detected object count: 1
21:06:34.0759 1752 Actual detected object count: 1
21:09:16.0375 1752 tmrkb ( ForgedFile.Multi.Generic ) - skipped by user
21:09:16.0375 1752 tmrkb ( ForgedFile.Multi.Generic ) - User select action: Skip
21:09:20.0571 1336 Deinitialize success


--------------------------------------------------------------------------------------------------------------------------------



# AdwCleaner v2.306 - Logfile created 07/28/2013 at 21:10:22
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : AKB - AKB-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\AKB\Desktop\bleeping\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\user.js
File Deleted : C:\Users\Public\Desktop\Babylon.lnk
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Windows\system32\dmwu.exe
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\AKB\AppData\Local\Babylon
Folder Deleted : C:\Users\AKB\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\AKB\AppData\Roaming\Babylon
Folder Deleted : C:\Users\AKB\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\AKB\AppData\Roaming\DriverCure
Folder Deleted : C:\Windows\system32\ARFC
Folder Deleted : C:\Windows\system32\WNLT

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\pc optimizer pro
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={A54B8810-C8D8-11E2-B170-001F16D3EE0C} --> hxxp://www.google.com

-\\ Google Chrome v [Unable to get version]

File : C:\Users\AKB\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.



--------------------------------------------------------------------------------------------------------------------------------


Will start the MAlware scan now.

#4 barrybro

barrybro
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 28 July 2013 - 10:15 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.28.07

Windows Vista Service Pack 2 x86 FAT32
Internet Explorer 9.0.8112.16421
AKB :: AKB-PC [administrator]

7/28/2013 9:21:43 PM
MBAM-log-2013-07-28 (22-47-20).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 390312
Time elapsed: 1 hour(s), 25 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> Data: -> No action taken.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> Data: C:\Program Files\Updater By SweetPacks\Firefox -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by barrybro, 28 July 2013 - 10:28 PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:35 PM

Posted 29 July 2013 - 07:45 PM

MBAM shows

HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> Data: -> No action taken.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} (PUP.Optional.SweetPacks) -> Data: C:\Program Files\Updater By SweetPacks\Firefox -> No action taken.

NOTE" it says No action taken. Did you click Remove Selected?

How is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 barrybro

barrybro
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 29 July 2013 - 10:04 PM

Yes I removed the items. Is there anything to suggest a keylogger?

 

I have run GMER and got this report below.

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit quick scan 2013-07-21 17:15:32
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 ST9160310AS rev.HP07 149.05GB
Running: gmer.exe; Driver: C:\Users\AKB\AppData\Local\Temp\uwldrpow.sys

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                    unknown MBR code

---- Devices - GMER 2.1 ----

Device                                                   Ntfs.sys
Device                                                   fastfat.SYS

AttachedDevice                                           fltmgr.sys
AttachedDevice  \Driver\tdx \Device\Udp                  WRkrn.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0  Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1  Wdf01000.sys

---- EOF - GMER 2.1 ----


Edited by barrybro, 29 July 2013 - 10:08 PM.


#7 barrybro

barrybro
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 29 July 2013 - 10:18 PM

I


Edited by barrybro, 30 July 2013 - 04:45 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:35 PM

Posted 30 July 2013 - 06:56 PM

No Keyloggers shown I these logs.

Did you run ESET?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users