sean1604

Honorary Members

View Profile See their activity

Posts
51
Joined
September 25, 2012
Last visited
January 4, 2015

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by sean1604

4 Trojans and a Broken Open command.

sean1604 replied to sean1604's topic in Resolved Malware Removal Logs

have attempted to install this and run it twice now and its failed, computer has also started running a bit slow. Getting the following error: CRC failed in 4308167rar.exe Unexpected end of archive This is showing on the actual Kaspersky screen and a pop up that says: Some installation files are corrupt. Please download a fresh copy and retry the installation. As I said I downloaded it twice and got the same error..
- November 13, 2013
- 46 replies
4 Trojans and a Broken Open command.

sean1604 replied to sean1604's topic in Resolved Malware Removal Logs

As I mentioned earlier this computer currently has no internet access, I could attempt to move it next to the router but it would be time consuming, is there any way we could download this locally onto the flash drive I am using or use another scan?
- November 13, 2013
- 46 replies
4 Trojans and a Broken Open command.

sean1604 replied to sean1604's topic in Resolved Malware Removal Logs

Log is below, computer is still failing to boot on restart's, seems to be fine when shutting down and powering on but not restarts. ComboFix 13-11-11.01 - Gaitens 12/11/2013 19:17:33.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1425 [GMT 0:00] Running from: c:\documents and settings\Gaitens\Desktop\ComboFix.exe AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C} FW: Lavasoft Ad-Aware *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33} * Created a new restore point . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\Gaitens\LOCALS~1\Temp\IadHide5.dll c:\documents and settings\Gaitens\Local Settings\Temp\IadHide5.dll C:\restore c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2013-10-12 to 2013-11-12 ))))))))))))))))))))))))))))))) . . . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-23 18:33 . 2008-04-14 04:42 920064 ----a-w- c:\windows\system32\wininet.dll 2013-09-23 18:33 . 2008-04-14 04:42 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-09-23 18:33 . 2008-04-14 04:41 43520 ------w- c:\windows\system32\licmgr10.dll 2013-09-23 18:33 . 2008-04-14 04:41 18944 ----a-w- c:\windows\system32\corpol.dll 2013-09-23 18:06 . 2008-04-13 23:07 385024 ------w- c:\windows\system32\html.iec 2013-08-29 01:31 . 2008-04-14 00:00 1878656 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}] 2013-08-30 18:26 1423520 ----a-w- c:\program files\Microsoft\BingBar\7.3.107.0\BingExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2009-09-21 32768] "Spotify Web Helper"="c:\program files\Spotify\Data\SpotifyWebHelper.exe" [2007-12-10 1140736] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 94208] "btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2006-12-07 935936] "btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-09-14 1584640] "YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736] "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-01 634880] "RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552] "SkyTel"="SkyTel.EXE" [2007-10-11 1826816] "SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016] "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start [2009-9-21 450560] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-9-21 593920] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296] NETGEAR WNA1100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA1100\WNA1100.exe [2012-9-13 4545024] NETGEAR WNA3100 Genie.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2007-12-10 8364288] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service] @="Ad-Aware Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool10\\ENEasyApp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= . R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [29/08/2012 17:26 21240] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [26/10/2011 13:23 101112] R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [12/07/2012 17:32 1239952] R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.3.107.0\BBSvc.EXE [30/08/2013 18:26 193696] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [21/09/2009 15:57 3712] R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [15/09/2011 12:06 88576] R2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [19/12/2011 12:20 3289032] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [29/08/2012 17:26 77816] R2 WSWNA1100;WSWNA1100;c:\program files\NETGEAR\WNA1100\WifiSvc.exe [13/09/2012 19:44 266240] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [13/09/2012 19:44 57440] S2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [10/12/2007 03:04 303360] S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [13/09/2012 18:54 1759584] S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.3.107.0\SeaPort.EXE [30/08/2013 18:26 240288] S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [10/12/2007 03:36 1034240] S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\deltaII.sys --> c:\windows\system32\DRIVERS\deltaII.sys [?] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [10/02/2012 20:10 24576] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22/06/2010 18:01 21248] S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNA1100\jswpsapi.exe [13/09/2012 19:44 360529] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [06/09/2013 16:29 235216] S3 RDID1061;UA-4FX;c:\windows\system32\drivers\Rdwm1061.sys [05/08/2010 19:42 140672] . Contents of the 'Scheduled Tasks' folder . 2013-05-05 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job - c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-07-12 17:32] . 2013-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 23:02] . 2013-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-13 23:02] . 2013-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1303643608-1417001333-1003Core.job - c:\documents and settings\Gaitens\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-17 01:17] . 2013-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1303643608-1417001333-1003UA.job - c:\documents and settings\Gaitens\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-17 01:17] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = 127.0.0.1 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Gaitens\Start Menu\Programs\IMVU\Run IMVU.lnk Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKCU-Run-lime pro - c:\program files\Lime PRO\LimePro.exe HKLM-Run-DeltaIITaskbarApp - c:\windows\system32\DeltaIITray.exe HKLM-Run-jswtrayutil - c:\program files\NETGEAR\WNA1100\jswtrayutil.exe c:\documents and settings\Gaitens\Start Menu\Programs\Startup\IMVU.lnk - c:\documents and settings\Gaitens\Application Data\IMVUClient\IMVUQualityAgent.exe "--startup" c:\documents and settings\All Users\Start Menu\Programs\Startup\BT Broadband Desktop Help.lnk - c:\program files\BT Broadband Desktop Help\bin\matcli.exe -boot AddRemove-Steinberg Ultravoice v1.02 - c:\cakewa~1\VSTPLU~1\ULTRAV~1\UNWISE.EXE . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-11-12 19:30 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(900) c:\windows\system32\Ati2evxx.dll c:\windows\system32\athgina.dll . - - - - - - - > 'explorer.exe'(3500) c:\windows\system32\WININET.dll c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\acs.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Java\jre7\bin\jqs.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\HPZipm12.exe c:\windows\SOUNDMAN.EXE c:\progra~1\Yahoo!\browser\ycommon.exe c:\progra~1\AD-AWA~1\AdAware.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\OSK.exe c:\windows\system32\MSSWCHX.EXE c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.EXE c:\program files\McAfee Security Scan\3.8.130\McUicnt.exe . ************************************************************************** . Completion time: 2013-11-12 19:34:45 - machine was rebooted ComboFix-quarantined-files.txt 2013-11-12 19:34 . Pre-Run: 3,925,250,048 bytes free Post-Run: 6,674,944,000 bytes free . - - End Of File - - FA91ADBA5ABC5AD8F26D80C65E7C7DD3 8F558EB6672622401DA993E1E865C861
- November 12, 2013
- 46 replies
4 Trojans and a Broken Open command.

sean1604 replied to sean1604's topic in Resolved Malware Removal Logs

here's the log with the update.exe ran: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.26.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Gaitens :: GAITENS-PC [administrator] 12/12/2007 00:30:07 mbam-log-2007-12-12 (00-30-07).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 266919 Time elapsed: 14 minute(s), Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Documents and Settings\Gaitens\Local Settings\Temp\DM\Installer_for_free-youtube-downloader_035233\WStest.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. (end)
- November 11, 2013
- 46 replies
4 Trojans and a Broken Open command.

sean1604 replied to sean1604's topic in Resolved Malware Removal Logs

***PLEASE NOTE*** I had to reboot the pc twice on both restart attempts, unsure if this means anything (the message is "Reboot and select proper boot device or insert boot media in selected boot device and press a key). Also every time the pc starts now it is saying it has found new hardware and is asking to install Multimedia Audio Controller. This PC has no internet access so I am moving files over on a flash drive (therefore was not able to update malwarebytes, I did attempt this manually but it failed and said the database was corrupt, I downloaded the latest version so this is the best I could do). Logs requested are below: RKILL: Rkill 2.6.2 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2007 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 12/10/2007 08:37:10 PM in x86 mode. Windows Version: Microsoft Windows XP Service Pack 3 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\WINDOWS\system32\acs.exe (PID: 1780) [WD-HEUR] * C:\WINDOWS\system32\HPZipm12.exe (PID: 344) [WD-HEUR] * C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE (PID: 2536) [WD-HEUR] 3 proccesses terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. * HKLM\Software\Classes\.exe\shell found and deleted! Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * Cannot edit the HOSTS file. * Permissions Fixed. Administrators can now edit the HOSTS file. * HOSTS file entries found: 127.0.0.1 localhost ::1 localhost Program finished at: 12/10/2007 08:38:41 PM Execution time: 0 hours(s), 1 minute(s), and 31 seconds(s) Junkware Removal Tool log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.8 (11.05.2013:1) OS: Microsoft Windows XP x86 Ran by Gaitens on 10/12/2007 at 20:40:24.01 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] web assistant updater Successfully deleted: [service] web assistant updater ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\extension.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\web assistant Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\web assistant Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\extension.extensionhelperobject Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\extension.extensionhelperobject.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{336d0c35-8a85-403a-b9d2-65c292c39087}_is1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3061355 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\Gaitens\Local Settings\Application Data\conduit" Successfully deleted: [Folder] "C:\Program Files\conduit" Successfully deleted: [Folder] "C:\Program Files\web assistant" ~~~ Chrome Successfully deleted: [Folder] C:\Documents and Settings\Gaitens\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 10/12/2007 at 20:44:20.98 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner log: # AdwCleaner v3.011 - Report created 10/12/2007 at 20:46:36 # Updated 03/11/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Gaitens - GAITENS-PC # Running from : C:\Documents and Settings\Gaitens\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\Gaitens\Local Settings\Application Data\PackageAware ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] Key Deleted : HKCU\Software\wscontb Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Google Chrome v [ File : C:\Documents and Settings\Gaitens\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2839 octets] - [10/12/2007 20:45:19] AdwCleaner[s0].txt - [2802 octets] - [10/12/2007 20:46:36] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2862 octets] ########## Malwarebytes' Anti-Malware log: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.04.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Gaitens :: GAITENS-PC [administrator] 11/12/2007 02:39:19 mbam-log-2007-12-11 (02-39-19).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 256144 Time elapsed: 13 minute(s), 46 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
- November 10, 2013
- 46 replies
4 Trojans and a Broken Open command.

sean1604 posted a topic in Resolved Malware Removal Logs

I'm having a look at my girlfriends dad's pc to try and quicken it up a bit for him. This includes possibly doing some hardware upgrades but I thought whilst I was at it I would run a scan with MBAM and there were Trojans found. I'll post the normal logs and the MBAM log at the bottom, any help appreciated! (Please note I have no priory knowledge of the files on this pc but the owner isn't too pc literate so apologises if there is anything that is against site rules! I have backed up all the media files just incase as this is mainly used as a media pc.) DDS: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2 Run by Gaitens at 7:04:42 on 2007-12-10 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1214 [GMT 0:00] . AV: Lavasoft Ad-Aware *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C} FW: Lavasoft Ad-Aware *Disabled* . ============== Running Processes ================ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe C:\Program Files\Web Assistant\ExtensionUpdaterService.exe C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\btbb_wcm\McciTrayApp.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\M-AudioTaskBarIcon.exe C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE C:\Program Files\Spotify\Data\SpotifyWebHelper.exe C:\PROGRA~1\AD-AWA~1\AdAware.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe C:\Program Files\NETGEAR\WNA1100\WNA1100.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Microsoft\BingBar\7.3.107.0\SeaPort.exe C:\WINDOWS\system32\osk.exe C:\WINDOWS\system32\MSSWCHX.EXE C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\NETGEAR\WNA3100\WNA3100.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uProxyOverride = 127.0.0.1 BHO: Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.130\McAfeeMSS_IE.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.3.107.0\BingExt.dll BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\web assistant\Extension32.dll BHO: Yahoo! IE Services Button: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: SidebarAutoLaunch Class: {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - c:\program files\microsoft\bingbar\7.3.107.0\BingExt.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe uRun: [EPSON SX420W Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigce.exe /fu "c:\windows\temp\E_SFE.tmp" /EF "HKCU" uRun: [lime pro] "c:\program files\lime pro\LimePro.exe" -h uRun: [spotify Web Helper] "c:\program files\spotify\data\SpotifyWebHelper.exe" uRun: [Google Update] "c:\documents and settings\gaitens\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [DeltaIITaskbarApp] c:\windows\system32\DeltaIITray.exe mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE mRun: [btbb_wcm_McciTrayApp] c:\program files\btbb_wcm\McciTrayApp.exe mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe" mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup mRun: [RTHDCPL] RTHDCPL.EXE mRun: [skyTel] SkyTel.EXE mRun: [soundMan] SOUNDMAN.EXE mRun: [AlcWzrd] ALCWZRD.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe" mRun: [jswtrayutil] "c:\program files\netgear\wna1100\jswtrayutil.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent mRunOnce: [installShieldSetup] c:\progra~1\instal~1\{c2425~1\setup.exe -rebootc:\progra~1\instal~1\{c2425~1\reboot.ini -l0x0409 StartupFolder: c:\docume~1\gaitens\startm~1\programs\startup\imvu.lnk - c:\documents and settings\gaitens\application data\imvuclient\IMVUQualityAgent.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\btbroa~1.lnk - c:\program files\bt broadband desktop help\bin\matcli.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.130\SSScheduler.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna1100\WNA1100.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~2.lnk - c:\program files\netgear\wna3100\WNA3100.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\gaitens\start menu\programs\imvu\Run IMVU.lnk IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll TCP: Interfaces\{2F520D49-3007-41B0-A0FF-C4A39BFB6EE1} : DHCPNameServer = 192.168.0.1 Handler: bw+0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bw+0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bw-0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bw-0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bw00 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bw00s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bw10 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bw10s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bw20 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bw20s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bw30 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bw30s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bw40 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bw40s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bw50 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bw50s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bw60 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bw60s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bw70 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bw70s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bw80 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bw80s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bw90 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bw90s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwa0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwa0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwb0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwb0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwc0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwc0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwd0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwd0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwe0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwe0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwf0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwf0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: bwg0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwg0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwh0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwh0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwi0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwi0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwj0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwj0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwk0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwk0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwl0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwl0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwm0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwm0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwn0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwn0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwo0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwo0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwp0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwp0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwq0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwq0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwr0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwr0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bws0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bws0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwt0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwt0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwu0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwu0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwv0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwv0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bww0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bww0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwx0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwx0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwy0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwy0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwz0 - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: bwz0s - {461a0983-eca8-4bcd-ae42-7eaa2440940f} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Handler: offline-8876480 - {461A0983-ECA8-4BCD-AE42-7EAA2440940F} - c:\program files\logitech\desktop messenger\8876480\program\BWPlugProtocol-8876480.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-9-10 97008] R1 RapportCerberus_56758;RapportCerberus_56758;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_56758.sys [2013-10-10 330960] R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-9-10 148688] R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-9-10 222416] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2012-8-29 21240] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112] R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-7-12 1239952] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-10-28 54752] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-9-21 3712] R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576] R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-9-10 1435928] R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-8-29 77816] R2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-6-16 188760] R2 WSWNA1100;WSWNA1100;c:\program files\netgear\wna1100\WifiSvc.exe [2012-9-13 266240] R2 WSWNA3100;WSWNA3100;c:\program files\netgear\wna3100\WifiSvc.exe [2007-12-10 303360] R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.3.107.0\SeaPort.EXE [2013-8-30 240288] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2012-9-13 57440] S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.3.107.0\BBSvc.EXE [2013-8-30 193696] S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2012-9-13 1759584] S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2007-12-10 1034240] S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\deltaii.sys --> c:\windows\system32\drivers\deltaII.sys [?] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012-2-10 24576] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248] S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wna1100\jswpsapi.exe [2012-9-13 360529] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.130\McCHSvc.exe [2013-9-6 235216] S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2007-12-10 50704] S3 RDID1061;UA-4FX;c:\windows\system32\drivers\Rdwm1061.sys [2010-8-5 140672] . =============== Created Last 30 ================ . 2013-09-10 22:18:28 97008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2013-07-23 12:23:18 11695248 ----a-w- c:\program files\common files\microsoft shared\office11\MSO.DLL 2013-07-19 00:18:04 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-07-17 17:30:26 17325760 ----a-w- c:\program files\common files\microsoft shared\office12\MSO.DLL 2013-07-10 17:07:22 756888 ----a-w- c:\program files\common files\microsoft shared\office12\MSPTLS.DLL 2013-06-19 18:44:54 1366656 ----a-w- c:\program files\common files\microsoft shared\office11\msxml5.dll 2013-05-09 00:07:00 1618096 ----a-w- c:\program files\common files\microsoft shared\office12\OGL.DLL 2013-05-06 18:18:01 -------- d-----w- c:\program files\common files\Propellerhead Software 2013-05-06 17:53:07 -------- d-----w- C:\Cakewalk Content 2013-01-21 19:11:15 -------- dc-h--w- c:\windows\ie8 2012-11-08 11:29:12 1402312 ----a-w- c:\windows\system32\msxml4.dll 2012-09-13 18:55:51 -------- d--h--r- c:\documents and settings\all users\application data\Atheros 2012-09-13 18:54:34 1759584 ----a-w- c:\windows\system32\drivers\athuw.sys 2012-09-13 18:54:28 73800 ----a-w- c:\windows\system32\athgina.dll 2012-09-13 18:53:50 -------- d-----w- C:\temp 2012-08-29 17:26:55 -------- d-----w- c:\documents and settings\gaitens\local settings\application data\adaware 2012-08-29 17:26:54 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection 2012-08-29 17:26:47 77816 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2012-08-29 17:26:47 21240 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2012-08-29 17:26:41 -------- d-----w- c:\windows\system32\drivers\VDD 2012-08-29 17:26:41 -------- d-----w- c:\program files\Ad-Aware Antivirus 2012-08-29 17:25:04 -------- d-----w- c:\documents and settings\gaitens\application data\Ad-Aware Antivirus 2012-08-11 08:10:33 8281168 ----a-w- c:\documents and settings\all users\application data\microsoft\bingbar\bbsvc\7.1.391.0oemBingBarSetup-Partner.EXE 2012-06-16 14:04:50 -------- d-----w- c:\program files\Conduit 2012-06-16 14:04:48 -------- d-----w- c:\documents and settings\gaitens\local settings\application data\Conduit 2012-06-16 14:04:39 -------- d-----w- c:\program files\Web Assistant 2012-06-14 14:57:14 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2012-05-11 19:43:25 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll 2012-05-11 19:43:25 92160 ----a-w- c:\windows\system32\fuusd.dll 2012-05-11 19:43:25 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys 2012-05-11 19:43:25 6784 ----a-w- c:\windows\system32\drivers\serscan.sys 2012-05-11 19:43:23 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll 2012-05-11 19:43:23 71680 ----a-w- c:\windows\system32\fnfilter.dll 2012-05-02 11:17:12 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-05-01 09:41:13 0 ----a-w- c:\windows\ativpsrm.bin 2012-04-30 11:37:58 17152 -c--a-w- c:\windows\system32\dllcache\usbohci.sys 2012-04-30 11:37:58 17152 ----a-w- c:\windows\system32\drivers\usbohci.sys 2012-04-30 11:37:42 40960 -c--a-w- c:\windows\system32\dllcache\sisagp.sys 2012-04-30 11:37:42 40960 ----a-w- c:\windows\system32\drivers\SISAGP.SYS 2012-04-11 14:17:10 2594632 ----a-w- c:\program files\common files\microsoft shared\vba\vba6\VBE6.DLL 2012-04-11 14:10:39 -------- d--h--w- c:\windows\PIF 2012-04-04 07:50:59 -------- d-----w- c:\documents and settings\gaitens\local settings\application data\Trusteer 2012-04-04 07:50:49 -------- d-----w- c:\program files\Trusteer 2012-04-04 07:50:08 -------- d-----w- c:\documents and settings\all users\application data\Trusteer 2012-03-15 20:42:07 -------- d-----w- c:\documents and settings\gaitens\local settings\application data\MPlayer 2012-03-15 20:41:56 -------- d-----w- c:\documents and settings\gaitens\.3gpplayer 2012-03-15 20:40:03 -------- d-----w- c:\program files\3GPplayer2011 2012-03-15 19:49:11 -------- d-----w- c:\documents and settings\gaitens\application data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 2012-03-15 19:45:14 -------- d-----w- c:\documents and settings\gaitens\local settings\application data\Htc 2012-02-22 19:39:53 -------- d-----w- c:\program files\McAfee Security Scan 2012-02-22 19:39:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-22 18:50:59 -------- d-----w- c:\documents and settings\gaitens\application data\Outlook 2012-02-17 16:14:57 -------- d-----w- c:\program files\Windows Media Connect 2 2012-02-17 16:13:42 -------- d-----w- c:\windows\system32\LogFiles 2012-02-15 18:42:44 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2012-02-15 16:57:10 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-02-15 16:57:10 3072 ------w- c:\windows\system32\iacenc.dll 2012-02-10 20:28:32 12928 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys 2012-02-10 20:28:32 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys 2012-02-10 20:28:31 30592 -c--a-w- c:\windows\system32\dllcache\rndismpx.sys 2012-02-10 20:28:31 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys 2012-02-10 20:13:11 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll 2012-02-10 20:11:09 -------- d-----w- c:\documents and settings\gaitens\application data\HTC 2012-02-10 20:10:29 -------- d-----w- c:\documents and settings\gaitens\local settings\application data\Downloaded Installations 2012-02-10 20:10:15 24576 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys 2012-02-10 20:10:15 1122664 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2012-02-10 20:10:12 -------- d-----w- c:\program files\Spirent Communications 2012-02-10 20:10:01 -------- d-----w- c:\program files\HTC 2012-02-10 20:08:36 -------- d-----w- c:\program files\MSXML 4.0 2012-01-31 21:33:27 1177600 ----a-w- c:\windows\system32\SYNSOEMU.DLL 2012-01-31 21:33:18 -------- d-----w- c:\program files\common files\VST3 2012-01-31 21:31:58 -------- d-----w- c:\documents and settings\all users\application data\VST3 Presets 2012-01-31 21:29:05 -------- d-----w- c:\program files\common files\Steinberg 2012-01-31 21:27:14 -------- d-----w- c:\documents and settings\all users\application data\Steinberg 2012-01-31 17:45:36 -------- d-----w- c:\documents and settings\gaitens\application data\Steinberg 2012-01-31 17:45:35 -------- d-----w- c:\program files\Steinberg 2012-01-22 20:23:04 -------- d-----w- c:\documents and settings\gaitens\local settings\application data\Apple Computer 2012-01-22 20:22:57 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-01-22 20:22:57 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2012-01-22 20:22:01 -------- d-----w- c:\program files\iPod 2012-01-22 20:21:57 -------- d-----w- c:\program files\iTunes 2012-01-22 20:21:57 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2012-01-22 20:21:34 -------- d-----w- c:\documents and settings\gaitens\local settings\application data\Apple 2012-01-22 20:21:22 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-01-22 20:21:22 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2012-01-20 11:30:28 -------- d-----w- c:\documents and settings\gaitens\.frostwire5 2012-01-20 11:29:11 789416 ----a-w- c:\windows\system32\deployJava1.dll 2012-01-20 06:34:21 -------- d-----w- c:\documents and settings\all users\application data\15CB 2012-01-19 20:42:17 -------- d-----w- c:\documents and settings\gaitens\local settings\application data\Lime PRO 2012-01-19 20:40:34 -------- d-----w- c:\documents and settings\gaitens\local settings\application data\PackageAware 2012-01-12 00:40:59 221184 ----a-w- c:\windows\system32\wmpns.dll 2012-01-11 21:02:07 293376 ------w- c:\windows\system32\browserchoice.exe 2012-01-10 21:43:30 8192 ----a-w- c:\windows\system32\E_DCINST.DLL 2012-01-10 21:43:27 93696 ----a-w- c:\windows\system32\E_FLBGCE.DLL 2012-01-10 21:43:27 63488 ----a-w- c:\windows\system32\E_FD4BGCE.DLL 2012-01-10 20:52:47 20992 ----a-w- c:\windows\system32\dshowext.ax 2012-01-10 20:52:47 123008 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys 2012-01-10 20:52:47 123008 ----a-w- c:\windows\system32\drivers\usbvideo.sys 2011-12-19 12:21:22 11632 ----a-w- c:\windows\system32\drivers\vdd\apvdd.dll 2011-12-19 12:21:02 42864 ----a-w- c:\windows\system32\sbbd.exe 2011-10-26 13:23:40 101112 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-07-27 05:33:08 1064296 ----a-w- c:\program files\common files\microsoft shared\office12\RICHED20.DLL 2011-05-31 16:26:54 986000 ----a-w- c:\program files\common files\microsoft shared\office12\msoshext.dll 2011-05-17 11:30:52 1103784 ----a-w- c:\program files\common files\microsoft shared\office11\RICHED20.DLL 2011-05-13 21:11:54 641536 ----a-w- c:\program files\common files\microsoft shared\vc\msdia80.dll 2011-04-19 03:47:04 670032 ----a-w- c:\program files\common files\microsoft shared\vc\msdia90.dll 2011-02-19 22:03:12 799568 ----a-w- c:\program files\common files\microsoft shared\vc\msdia100.dll 2011-01-20 12:03:57 -------- d-----w- c:\documents and settings\gaitens\TruePianos Settings 2011-01-19 12:32:12 -------- d-----w- c:\program files\Outsim 2010-08-05 19:42:24 319488 ----a-w- c:\windows\system32\RDDP1061.DAT 2010-08-05 19:42:24 140672 ----a-w- c:\windows\system32\drivers\Rdwm1061.sys 2010-08-05 19:42:23 61440 ----a-w- c:\windows\system32\RDCP1061.CPL 2010-08-05 19:42:23 20480 ----a-w- c:\windows\system32\RdCi1061.dll 2010-08-05 19:42:23 102400 ----a-w- c:\windows\system32\rdas1061.dll 2010-08-05 19:42:23 -------- d-----w- c:\program files\RdDrv001 2010-08-05 19:00:45 -------- d-----w- c:\program files\common files\Native Instruments 2010-08-05 19:00:26 -------- d-----w- c:\program files\Native Instruments 2010-07-22 18:41:29 -------- d-----w- c:\documents and settings\gaitens\local settings\application data\WMTools Downloaded Files 2010-06-22 18:01:52 21248 ----a-w- c:\windows\system32\drivers\htcnprot.sys 2010-05-12 19:46:38 1294336 ----a-w- c:\windows\system32\vorbis.acm 2010-05-12 19:45:32 -------- d-----w- c:\program files\Image-Line 2010-05-12 18:30:21 -------- d-----w- c:\program files\common files\Autodesk Shared 2010-05-12 18:30:21 -------- d-----w- c:\program files\AutoCAD 2009 2010-05-12 18:30:21 -------- d-----w- c:\documents and settings\gaitens\local settings\application data\Autodesk 2010-05-12 18:30:21 -------- d-----w- c:\documents and settings\gaitens\application data\Autodesk 2010-05-12 18:15:38 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll 2010-04-18 20:14:09 5632 ----a-w- c:\windows\system32\ptpusb.dll 2010-04-18 20:14:08 159232 ----a-w- c:\windows\system32\ptpusd.dll 2010-04-16 09:49:08 503296 ----a-w- c:\program files\common files\microsoft shared\office11\USP10.DLL 2010-03-31 00:16:34 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-03-31 00:10:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-03-30 12:24:40 317440 -c----w- c:\windows\system32\dllcache\mp4sdecd.dll 2010-03-24 18:24:16 -------- d-sh--r- C:\RESTORE 2010-02-22 13:00:36 1430360 ----a-w- c:\program files\common files\system\msmapi\1033\MSMAPI32.DLL 2010-01-13 11:05:00 -------- d-----w- c:\program files\NCH Software 2010-01-13 11:03:58 -------- d-----w- c:\program files\NCH Swift Sound 2010-01-12 11:48:58 -------- d-----w- c:\program files\Audacity 2010-01-06 10:01:30 -------- d-----w- c:\documents and settings\all users\application data\MSScanAppDataDir 2010-01-05 15:35:45 -------- d-----w- c:\program files\AVG 2010-01-05 15:35:44 -------- d-----w- c:\documents and settings\all users\application data\avg8 2010-01-03 11:44:06 -------- d--h--w- c:\windows\msdownld.tmp 2010-01-03 11:39:19 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll 2010-01-03 11:39:19 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll 2010-01-03 11:39:19 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe 2010-01-03 11:39:18 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat 2009-12-28 19:20:21 -------- d-----w- c:\program files\DivX 2009-12-28 19:20:21 -------- d-----w- c:\program files\common files\DivX Shared 2009-12-15 22:17:49 24 ----a-w- c:\windows\system32\sysogg.dll 2009-12-15 22:15:34 233472 ----a-w- c:\windows\system32\lame_enc.dll 2009-12-15 22:15:34 1703936 ----a-w- c:\windows\system32\NCTAudioFile.dll 2009-12-15 22:15:34 -------- d-----w- c:\program files\MP3 Converter Simple 2009-11-16 19:21:08 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan 2009-11-16 19:20:58 -------- d-----w- c:\documents and settings\gaitens\local settings\application data\Adobe 2009-11-07 01:07:08 49488 ----a-w- c:\windows\system32\netfxperf.dll 2009-11-07 01:07:04 297808 ----a-w- c:\windows\system32\mscoree.dll 2009-11-07 01:06:46 1130824 ----a-w- c:\windows\system32\dfshim.dll 2009-11-03 01:34:00 -------- d-----w- c:\program files\MSECache 2009-11-03 00:54:49 -------- d-----w- c:\program files\common files\Hewlett-Packard 2009-11-03 00:53:12 14976 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2009-11-03 00:53:12 14976 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-11-03 00:51:48 61440 ----a-w- c:\windows\system32\HPZinw12.exe 2009-11-03 00:51:47 94208 ----a-w- c:\windows\system32\HPZipt12.dll 2009-11-03 00:51:47 69632 ----a-w- c:\windows\system32\HPZipm12.exe 2009-11-03 00:51:47 57344 ----a-w- c:\windows\system32\HPZisn12.dll 2009-11-03 00:51:47 278584 ----a-w- c:\windows\system32\HPZidr12.dll 2009-11-03 00:51:47 204800 ----a-w- c:\windows\system32\HPZipr12.dll 2009-11-03 00:51:05 306688 ----a-w- c:\windows\IsUninst.exe 2009-11-03 00:49:13 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys 2009-11-03 00:49:13 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys 2009-11-03 00:49:13 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys 2009-11-03 00:49:00 98304 ----a-w- c:\windows\system32\hpzjsn01.dll 2009-11-03 00:48:59 606208 ----a-w- c:\windows\system32\hpotscl.dll 2009-11-03 00:48:59 274432 ----a-w- c:\windows\system32\HPZc3212.dll 2009-11-03 00:48:59 258122 ----a-w- c:\windows\system32\hpovst08.dll 2009-11-03 00:48:58 278528 ----a-w- c:\windows\system32\hpgwiamd.dll 2009-11-03 00:48:34 180315 ----a-w- c:\windows\system32\hpzsnt12.dll 2009-11-03 00:48:31 393216 ----a-w- c:\windows\system32\hpzcon12.dll 2009-11-03 00:48:31 196608 ----a-w- c:\windows\system32\hpzcoi12.dll 2009-11-03 00:36:04 -------- d-----w- c:\program files\HP 2009-11-03 00:36:01 -------- d-----w- c:\windows\Downloaded Installations 2009-11-03 00:33:23 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2009-11-03 00:33:23 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2009-10-31 10:57:16 -------- d-----w- c:\windows\system32\XPSViewer 2009-10-31 10:56:44 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll 2009-10-31 10:56:30 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-10-31 10:56:30 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-10-31 10:56:30 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2009-10-31 10:56:30 117760 ------w- c:\windows\system32\prntvpt.dll 2009-10-31 10:56:29 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-10-31 10:56:29 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-10-31 10:56:29 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-10-31 10:56:29 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-10-28 23:30:52 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2009-10-28 23:30:39 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys 2009-10-28 23:26:38 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2009-10-28 23:26:29 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-10-28 23:24:55 -------- d-----w- c:\program files\Microsoft 2009-10-28 23:24:37 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-10-28 23:23:56 4927864 ----a-w- c:\program files\common files\windows live\.cache\b702ef1c1ca5825\Silverlight.2.0.exe 2009-10-28 23:23:33 23510720 ----a-w- c:\program files\common files\windows live\.cache\aa835b501ca5825\dotnetfx.exe 2009-10-28 23:23:04 74520 ----a-w- c:\program files\common files\windows live\.cache\994d61a01ca5825\DSETUP.dll 2009-10-28 23:23:04 484632 ----a-w- c:\program files\common files\windows live\.cache\994d61a01ca5825\DXSETUP.exe 2009-10-28 23:23:04 1670936 ----a-w- c:\program files\common files\windows live\.cache\994d61a01ca5825\dsetup32.dll 2009-10-28 23:22:59 1013800 ----a-w- c:\program files\common files\windows live\.cache\963f5e501ca5825\WindowsXP-KB954708-x86-ENU.exe 2009-10-28 23:22:15 141394760 ----a-w- c:\program files\common files\windows live\.cache\wlcA1.tmp 2009-10-28 22:19:02 -------- d-----w- c:\windows\SxsCaPendDel 2009-10-27 20:43:34 -------- d--h--w- c:\windows\system32\GroupPolicy 2009-10-22 16:44:54 732488 ----a-w- c:\program files\common files\system\msmapi\1033\MSPST32.DLL 2009-10-20 16:20:16 265728 -c----w- c:\windows\system32\dllcache\http.sys 2009-10-19 23:53:44 3070976 ----a-w- c:\windows\system32\SETD.tmp 2009-10-19 22:59:28 -------- d-----w- c:\windows\system32\appmgmt 2009-10-19 18:33:42 -------- d-----w- c:\documents and settings\gaitens\local settings\application data\Spotify 2009-10-19 18:33:42 -------- d-----w- c:\documents and settings\gaitens\application data\Spotify 2009-10-19 18:33:39 -------- d-----w- c:\program files\Spotify 2009-10-01 20:45:06 -------- d-----w- c:\documents and settings\gaitens\local settings\application data\Help 2009-09-29 19:31:31 -------- d-----w- C:\Plugins 2009-09-29 19:29:57 -------- d-----w- C:\Bonus file 2009-09-29 19:27:26 -------- d-----w- c:\windows\6000 sound fx 2009-09-29 18:58:34 -------- d-----w- c:\program files\Edirol 2009-09-23 22:28:31 -------- d-----w- c:\documents and settings\gaitens\local settings\application data\Identities 2009-09-23 22:22:44 -------- d-----w- c:\documents and settings\gaitens\local settings\application data\Temp 2009-09-23 22:17:18 -------- d-----w- c:\documents and settings\gaitens\local settings\application data\Google 2009-09-22 21:21:16 141402440 ----a-w- c:\program files\common files\windows live\.cache\wlc20.tmp 2009-09-22 19:54:25 214256 ----a-w- c:\windows\system32\muweb.dll 2009-09-22 19:54:24 275696 ----a-w- c:\windows\system32\mucltui.dll 2009-09-22 19:54:24 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2009-09-21 23:11:17 -------- d-----w- c:\program files\common files\Windows Live 2009-09-21 22:12:58 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys 2009-09-21 22:12:58 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys 2009-09-21 22:12:13 91136 ----a-w- c:\windows\system32\kswdmcap.ax 2009-09-21 22:12:13 28672 ----a-w- c:\windows\system32\vidcap.ax 2009-09-21 22:12:12 61952 ----a-w- c:\windows\system32\kstvtune.ax 2009-09-21 22:12:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll 2009-09-21 22:12:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll 2009-09-21 22:12:11 43008 ----a-w- c:\windows\system32\ksxbar.ax 2009-09-21 21:54:27 86016 ----a-w- c:\windows\system32\YPcservice.exe 2009-09-21 21:54:26 131072 ----a-w- c:\windows\system32\ypclsp.dll 2009-09-21 21:53:03 24576 ----a-w- c:\windows\system32\msxml3a.dll 2009-09-21 21:51:35 65536 ----a-w- c:\windows\system32\YCRWin32.dll 2009-09-21 21:51:28 89088 ----a-w- c:\windows\system32\ATL71.DLL 2009-09-21 21:51:28 84992 ----a-w- c:\windows\system32\ATL70.DLL 2009-09-21 21:50:29 -------- d-----w- c:\program files\Yahoo! 2009-09-21 21:49:58 -------- d-----w- c:\windows\Motive 2009-09-21 21:49:47 -------- d-----w- c:\program files\btbb_wcm 2009-09-21 21:49:33 -------- d-----w- c:\program files\common files\Motive 2009-09-21 21:48:51 -------- d-----w- c:\program files\Motive 2009-09-21 21:48:51 -------- d-----w- c:\program files\BT Broadband Desktop Help 2009-09-21 21:48:34 139536 ----a-w- c:\windows\system32\javaee.dll 2009-09-21 21:46:48 -------- d-----w- c:\program files\BTHomeHub 2009-09-21 20:24:38 28552 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll 2009-09-21 20:24:38 28040 ----a-w- c:\windows\system32\mdimon.dll 2009-09-21 20:23:38 -------- d-----w- c:\program files\common files\L&H 2009-09-21 20:22:59 -------- d-----w- c:\program files\Microsoft ActiveSync 2009-09-21 20:21:42 -------- d-----w- c:\windows\SHELLNEW 2009-09-21 15:58:28 118784 ------r- c:\windows\bwUnin-7.2.0.137-8876480SL.exe 2009-09-21 15:58:10 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\ctor.dll 2009-09-21 15:58:10 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe 2009-09-21 15:58:10 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iscript.dll 2009-09-21 15:58:10 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iuser.dll 2009-09-21 15:58:09 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iKernel.dll 2009-09-21 15:58:09 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\setup.dll 2009-09-21 15:58:09 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iGdi.dll 2009-09-21 15:57:49 13568 ----a-w- c:\windows\system32\drivers\L8042Kbd.SYS 2009-09-21 15:57:33 71680 ----a-w- c:\windows\system32\drivers\LMouKE.Sys 2009-09-21 15:57:33 56064 ----a-w- c:\windows\system32\drivers\L8042MOU.SYS 2009-09-21 15:57:26 3712 ----a-w- c:\windows\system32\drivers\LBeepKE.sys 2009-09-21 15:57:25 53248 ----a-w- c:\windows\system32\KemXML.dll 2009-09-21 15:57:25 155648 ----a-w- c:\windows\system32\kemutb.dll 2009-09-21 15:57:25 126976 ----a-w- c:\windows\system32\KemUtil.dll 2009-09-21 15:57:25 110592 ----a-w- c:\windows\system32\KemWnd.dll 2009-09-21 15:57:06 27264 ----a-w- c:\windows\system32\drivers\LHidKE.Sys 2009-09-21 15:57:05 94208 ----a-w- c:\windows\KHALMNPR.Exe 2009-09-21 15:57:02 -------- d-----w- c:\program files\common files\Logitech 2009-09-21 15:56:53 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll 2009-09-21 15:56:53 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll 2009-09-21 15:56:53 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe 2009-09-21 15:56:53 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll 2009-09-21 15:56:53 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll 2009-09-21 15:56:52 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll 2009-09-21 15:56:52 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll 2009-09-20 21:30:37 60160 ----a-w- c:\windows\system32\drivers\usbaudio.sys 2009-09-19 12:31:37 -------- d-sh--w- c:\documents and settings\gaitens\IECompatCache 2009-09-19 12:31:21 -------- d-sh--w- c:\documents and settings\gaitens\PrivacIE 2009-09-18 18:55:41 60160 -c--a-w- c:\windows\system32\dllcache\drmk.sys 2009-09-18 18:55:41 60160 ----a-w- c:\windows\system32\drivers\drmk.sys 2009-09-18 18:55:41 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll 2009-09-18 18:55:41 4096 ----a-w- c:\windows\system32\ksuser.dll 2009-09-18 18:55:41 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys 2009-09-18 18:55:41 146048 ----a-w- c:\windows\system32\drivers\portcls.sys 2009-09-18 18:55:41 129536 ----a-w- c:\windows\system32\ksproxy.ax 2009-09-18 18:50:13 26632 ----a-w- c:\windows\system32\DeltaII.cpl 2009-09-18 18:50:13 12296 ----a-w- c:\windows\system32\deltaIICoIn.dll 2009-09-18 18:46:20 -------- d-----w- c:\documents and settings\gaitens\application data\Cakewalk 2009-09-18 18:37:07 -------- d-sh--w- c:\documents and settings\gaitens\IETldCache 2009-09-18 18:32:06 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-09-18 18:31:43 -------- d-----w- c:\windows\ie8updates 2009-09-18 18:31:25 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-09-18 18:31:24 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-09-18 18:31:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-09-18 18:31:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-09-18 18:31:24 2006016 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-09-18 18:31:23 11113472 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-09-18 18:09:24 118784 ----a-w- c:\windows\dsdxirmv.exe 2009-09-18 18:06:08 233472 ----a-w- c:\windows\system32\REX Shared Library.dll 2009-09-18 18:06:05 368640 ----a-w- c:\windows\system32\ReWire.dll 2009-09-18 17:39:33 -------- d-----w- c:\documents and settings\all users\application data\BullGuard 2009-09-18 17:39:32 -------- d-----w- c:\documents and settings\gaitens\application data\BullGuard 2009-09-18 17:36:17 2193536 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-09-18 17:36:17 2149888 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-09-18 17:36:16 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-09-18 17:36:01 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-09-18 17:35:25 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-09-18 17:35:25 272128 ------w- c:\windows\system32\drivers\bthport.sys 2009-09-18 17:35:23 6144 ----a-w- c:\windows\system32\xpsp4res.dll 2009-09-18 17:30:54 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2009-09-18 17:30:54 -------- d-----w- c:\windows\system32\PreInstall 2009-09-18 17:30:53 -------- d--h--w- c:\windows\$hf_mig$ 2009-09-18 17:29:36 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2009-09-18 17:29:23 -------- d-----w- c:\windows\system32\SoftwareDistribution 2009-09-18 17:29:02 -------- d-sh--w- c:\documents and settings\gaitens\UserData 2009-09-18 17:24:30 520192 ----a-w- c:\windows\RtlExUpd.dll 2009-09-18 17:24:30 315392 ----a-w- c:\windows\HideWin.exe 2009-09-18 17:24:29 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll 2009-09-18 17:24:29 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll 2009-09-18 17:24:29 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe 2009-09-18 17:24:29 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll 2009-09-18 17:24:29 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll 2009-09-18 17:24:29 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll 2009-09-18 17:24:28 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll 2009-09-18 17:24:28 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll 2009-09-18 17:23:23 -------- d-----w- c:\windows\system32\ReinstallBackups 2009-09-18 17:23:00 103296 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys 2009-09-18 17:22:59 -------- d-----w- c:\windows\OPTIONS 2009-09-18 17:22:59 -------- d-----w- c:\program files\Realtek 2009-09-18 17:22:26 172032 ----a-w- c:\windows\system32\igfxres.dll 2009-09-18 12:21:04 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2009-09-18 11:05:57 3072 ----a-w- c:\windows\system32\drivers\audstub.sys 2009-09-18 11:05:55 -------- d-s---w- c:\windows\system32\Microsoft 2009-09-18 11:05:41 21504 ----a-w- c:\windows\system32\hidserv.dll 2009-09-18 11:05:13 57600 ----a-w- c:\windows\system32\drivers\redbook.sys 2009-09-18 11:04:41 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys 2009-09-18 11:04:39 88192 ----a-w- c:\windows\system32\drivers\irda.sys 2009-09-18 11:04:39 8192 ----a-w- c:\windows\system32\wshirda.dll 2009-09-18 11:04:39 28160 ----a-w- c:\windows\system32\irmon.dll 2009-09-18 11:04:39 151552 ----a-w- c:\windows\system32\irftp.exe 2009-09-18 11:04:35 18688 ----a-w- c:\windows\system32\drivers\irsir.sys 2009-09-18 11:04:16 74240 -c--a-w- c:\windows\system32\dllcache\usbui.dll 2009-09-18 11:04:16 74240 ----a-w- c:\windows\system32\usbui.dll 2009-09-18 11:02:59 19968 -c--a-w- c:\windows\system32\dllcache\agt040e.dll 2009-09-18 11:01:56 -------- d-----w- C:\Documents and Settings . ==================== Find3M ==================== . 2013-09-23 18:33:58 920064 ----a-w- c:\windows\system32\wininet.dll 2013-09-23 18:33:57 43520 ------w- c:\windows\system32\licmgr10.dll 2013-09-23 18:33:57 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-09-23 18:33:56 18944 ----a-w- c:\windows\system32\corpol.dll 2013-09-23 18:06:48 385024 ------w- c:\windows\system32\html.iec 2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys 2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll 2013-08-09 00:55:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-08-09 00:55:07 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-08-09 00:55:06 5376 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll 2013-08-03 14:18:38 1543680 ------w- c:\windows\system32\wmvdecod.dll 2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll 2013-07-04 03:03:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-07-04 02:08:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-07-03 02:12:52 25088 ----a-w- c:\windows\system32\drivers\hidparse.sys 2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll 2013-06-04 00:53:15 290816 ----a-w- c:\windows\system32\atmfd.dll 2013-05-28 01:59:37 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2013-04-04 14:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll 2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll 2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax 2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll 2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll 2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll 2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 14:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 14:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 14:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 14:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-01 16:50:06 601088 ----a-w- c:\windows\system32\crypt32.dll 2012-05-14 09:22:41 345600 ----a-w- c:\windows\system32\localspl.dll 2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll 2011-12-12 17:43:00 1034240 ----a-w- c:\windows\system32\drivers\bcmwlhigh5.sys 2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe 2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll 2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll 2011-10-14 14:47:29 23040 ----a-w- c:\windows\system32\mciseq.dll 2011-10-14 14:47:29 176128 ----a-w- c:\windows\system32\winmm.dll 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-26 11:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 11:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 11:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-08-30 13:39:48 457780 ----a-w- c:\windows\system32\ensppui.dll 2011-08-30 13:39:48 457780 ----a-w- c:\windows\system32\enppui.dll 2011-08-30 13:38:40 475496 ----a-w- c:\windows\system32\ensppmon.dll 2011-08-30 13:38:40 475496 ----a-w- c:\windows\system32\enppmon.dll 2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2011-08-01 18:24:06 249344 ----a-w- c:\windows\system32\enspres.dll 2011-08-01 18:24:06 249344 ----a-w- c:\windows\system32\enpres.dll 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-02-17 13:18:03 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll 2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll 2010-11-02 15:17:02 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys 2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll 2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-15 16:17:24 143422 ----a-w- c:\windows\system32\l3codecx.ax 2010-06-14 14:31:20 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-03-30 12:24:40 317440 ------w- c:\windows\system32\mp4sdecd.dll 2010-03-30 00:52:26 262416 ----a-w- c:\windows\system32\mpg4ds32.ax 2010-03-05 14:37:40 65536 ----a-w- c:\windows\system32\asycfilt.dll 2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02:15 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2010-02-03 11:21:58 499712 ----a-w- c:\windows\system32\msvcp71.DLL 2010-02-03 11:21:58 413696 ----a-w- c:\windows\system32\msvc2bd1.rra 2010-02-03 11:21:58 348160 ----a-w- c:\windows\system32\msvcr71.DLL 2010-02-03 11:21:58 1060864 ----a-w- c:\windows\system32\MFC71.DLL 2010-02-03 11:21:56 53299 ----a-w- c:\windows\system32\pthreadVC.dll 2010-02-03 11:21:56 50704 ----a-w- c:\windows\system32\drivers\npf.sys 2010-02-03 11:21:56 281104 ----a-w- c:\windows\system32\wpcap.dll 2010-02-03 11:21:56 100880 ----a-w- c:\windows\system32\Packet.dll 2010-01-29 14:43:39 307260 ----a-w- c:\windows\system32\l3codeca.acm 2010-01-13 14:01:25 86016 ----a-w- c:\windows\system32\cabview.dll . ============= FINISH: 7:06:19.75 =============== Attach Log: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 18/09/2009 11:59:21 System Uptime: 10/12/2007 00:01:00 (7 hours ago) . Motherboard: | | ConRoe1333-D667 Processor: Intel® Pentium® Dual CPU E2160 @ 1.80GHz | CPUSocket | 1795/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 84 GiB total, 3.663 GiB free. D: is FIXED (NTFS) - 192 GiB total, 93.531 GiB free. E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP593: 02/08/2013 19:44:16 - Software Distribution Service 3.0 RP594: 10/12/2007 01:29:46 - Software Distribution Service 3.0 RP595: 10/12/2007 00:19:40 - System Checkpoint RP596: 11/12/2007 20:05:07 - System Checkpoint RP597: 10/12/2007 00:21:14 - System Checkpoint RP598: 10/10/2013 19:49:25 - Software Distribution Service 3.0 RP599: 10/10/2013 20:30:40 - Installed Rapport RP600: 11/10/2013 20:44:39 - System Checkpoint RP601: 09/12/2007 23:27:44 - System Checkpoint RP602: 10/12/2007 03:00:22 - Software Distribution Service 3.0 RP603: 10/12/2007 00:20:11 - System Checkpoint RP604: 19/10/2013 19:55:56 - System Checkpoint RP605: 24/10/2013 20:41:15 - System Checkpoint RP606: 10/12/2007 00:29:33 - System Checkpoint RP607: 10/12/2007 00:23:24 - System Checkpoint RP608: 10/12/2007 03:04:31 - Installed NETGEAR WNA3100 wireless USB 2.0 adapter RP609: 10/12/2007 03:36:05 - Installed NETGEAR WNA3100 wireless USB 2.0 driver . ==== Installed Programs ====================== . 3GP Player 2011 Ad-Aware Antivirus Ad-Aware Browsing Protection Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 9.5.1 AiO_Scan Apple Application Support Apple Mobile Device Support Apple Software Update ATI Display Driver Audacity 1.2.4 AutoCAD 2009 - English Bing Bar BT Broadband Desktop Help BT Yahoo! Applications BTHomeHub Compatibility Pack for the 2007 Office system Delta DivX Plus Web Player DreamStation DXi2 Edirol HQ Orchestral v1.01 EPSON Scan EPSON SX420W Series Printer Uninstall EpsonNet Print EpsonNet Setup 3.3 FL Studio 6 Google Chrome Google Earth Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB954708) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976002-v5) Hotfix for Windows XP (KB976098-v2) HP Product Detection HP PSC & OfficeJet 5.3.B HTC BMP USB Driver HTC Driver Installer HTC Sync Intel® Graphics Media Accelerator Driver iTunes J2SE Runtime Environment 5.0 Update 17 Java 7 Update 25 Java Auto Updater Junk Mail filter update KhalSetup Logitech Desktop Messenger Logitech SetPoint Malwarebytes Anti-Malware version 1.75.0.1300 McAfee Security Scan Plus Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft National Language Support Downlevel APIs Microsoft Office File Validation Add-In Microsoft Office Live Add-in 1.5 Microsoft Office Outlook Connector Microsoft Office Professional Edition 2003 Microsoft Office Project Professional 2003 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MP3 Converter Simple MSVCRT MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) MSXML 4.0 SP3 Parser (KB973685) MSXML 6.0 Parser Native Instruments Guitar Rig 3 NETGEAR WNA1100 N150 Wireless USB Adapter NETGEAR WNA3100 wireless USB 2.0 adapter Nomad Factory Blue Tubes Bundle v2.0 NSIS Example2 (remove only) QFolder Rapport REALTEK GbE & FE Ethernet PCI-E NIC Driver Realtek High Definition Audio Driver Scan Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB2544521) Security Update for Windows Internet Explorer 7 (KB2618444) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2799329) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB2817183) Security Update for Windows Internet Explorer 8 (KB2829530) Security Update for Windows Internet Explorer 8 (KB2846071) Security Update for Windows Internet Explorer 8 (KB2847204) Security Update for Windows Internet Explorer 8 (KB2879017) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB2834904-v2) Security Update for Windows Media Player (KB2834904) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB2807986) Security Update for Windows XP (KB2808735) Security Update for Windows XP (KB2813170) Security Update for Windows XP (KB2813345) Security Update for Windows XP (KB2820197) Security Update for Windows XP (KB2820917) Security Update for Windows XP (KB2829361) Security Update for Windows XP (KB2834886) Security Update for Windows XP (KB2839229) Security Update for Windows XP (KB2845187) Security Update for Windows XP (KB2847311) Security Update for Windows XP (KB2849470) Security Update for Windows XP (KB2850851) Security Update for Windows XP (KB2850869) Security Update for Windows XP (KB2859537) Security Update for Windows XP (KB2862330) Security Update for Windows XP (KB2862335) Security Update for Windows XP (KB2864063) Security Update for Windows XP (KB2868038) Security Update for Windows XP (KB2876217) Security Update for Windows XP (KB2883150) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974455) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB976325) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982665) Segoe UI Sky Broadband Browser Branding SONAR 6 Producer Edition SONAR 7 Producer Edition SONAR 8.0 Producer Edition SONAR X2 Producer Trial Spotify Steinberg Cubase 5 Steinberg Drum Loop Expansion 01 Steinberg Groove Agent ONE Content Steinberg HALionOne Steinberg HALionOne Additional Content Set 01 Steinberg HALionOne Expression Set Steinberg HALionOne GM Drum Set Steinberg HALionOne GM Set Steinberg HALionOne Pro Set Steinberg HALionOne Studio Drum Set Steinberg HALionOne Studio Set Steinberg LoopMash Content Steinberg REVerence Content 01 Steinberg Ultravoice v1.02 Switch Sound File Converter Trusteer Endpoint Protection UA-4FX Driver Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB2863058) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB976749) VBA (2627.01) VC80CRTRedist - 8.0.50727.4053 Web Assistant version 2.0.0.612 WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer Windows Media Format 11 runtime Windows Media Player 11 Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 27/05/2013 18:00:57, error: W32Time [34] - The time service has detected that the system time needs to be changed by -86316 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.0.13:123->65.55.56.206:123) is working properly. 27/05/2013 18:00:39, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 03/05/2013 18:44:17, error: Dhcp [1002] - The IP address lease 192.168.0.12 for the Network Card with network address E0469A1B503E has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). . ==== End Of File =========================== MBAM Log: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.04.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Gaitens :: GAITENS-PC [administrator] 10/12/2007 02:49:19 MBAM-log-2007-12-10 (06-50-28).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 433863 Time elapsed: 2 hour(s), 15 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken. Folders Detected: 1 C:\RESTORE\k-1-3542-4232123213-7676767-8888886 (Trojan.Agent) -> No action taken. Files Detected: 3 C:\Documents and Settings\Gaitens\Application Data\Sun\Java\Deployment\cache\6.0\55\40f266b7-3548d26b (Trojan.FakeAlert.RO) -> No action taken. C:\Documents and Settings\Gaitens\Local Settings\Temp\D.tmp (Trojan.FakeAlert.RO) -> No action taken. C:\RESTORE\k-1-3542-4232123213-7676767-8888886\Desktop.ini (Trojan.Agent) -> No action taken. (end)
- November 10, 2013
- 46 replies
Slow Laptop/Large Memory Usage Spikes

sean1604 replied to sean1604's topic in Resolved Malware Removal Logs

I think we're all good, laptop seems to be running much better now! Thanks a lot for all your help
- November 7, 2013
- 18 replies
- - virus
  - memory
  - (and 2 more)
    Tagged with:
    
    virus
    
    memory
    
    slow
    
    high usage
Slow Laptop/Large Memory Usage Spikes

sean1604 replied to sean1604's topic in Resolved Malware Removal Logs

adw cleaner log: # AdwCleaner v3.010 - Report created 03/11/2013 at 16:38:11 # Updated 20/10/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Sean and Emma - DORY # Running from : C:\Users\Sean and Emma\Desktop\Virus Removal\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16537 -\\ Mozilla Firefox v23.0.1 (en-US) [ File : C:\Users\Sean and Emma\AppData\Roaming\Mozilla\Firefox\Profiles\ng6qswzi.default\prefs.js ] ************************* AdwCleaner[R0].txt - [1015 octets] - [03/11/2013 16:36:55] AdwCleaner[s0].txt - [944 octets] - [03/11/2013 16:38:11] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1003 octets] ########## Nothing found on malwarebytes scan and I managed to get avira re-installed so I think im all goog. Thanks for all your help with this, muchly appreciated!
- November 3, 2013
- 18 replies
- - virus
  - memory
  - (and 2 more)
    Tagged with:
    
    virus
    
    memory
    
    slow
    
    high usage
Slow Laptop/Large Memory Usage Spikes

sean1604 replied to sean1604's topic in Resolved Malware Removal Logs

Sorry mate been quite busy. Ill run the last scans today and report back. Its still concerning me though that I can't see avira running anywhere.
- November 2, 2013
- 18 replies
- - virus
  - memory
  - (and 2 more)
    Tagged with:
    
    virus
    
    memory
    
    slow
    
    high usage
Slow Laptop/Large Memory Usage Spikes

sean1604 replied to sean1604's topic in Resolved Malware Removal Logs

I ran fixdamage now, didn't appear it did anything according to the command line. The strange thing is that I don't see avira running on the hotbar on windows or in the processes and its not list in all programmes programmes or I go into uninstall a programme so I don't think its there. Combo fix log: ComboFix 13-10-28.01 - Sean and Emma 28/10/2013 18:11:06.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5926.3831 [GMT 0:00] Running from: c:\users\Sean and Emma\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-09-28 to 2013-10-28 ))))))))))))))))))))))))))))))) . . 2013-10-28 18:18 . 2013-10-28 18:18 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-10-28 18:18 . 2013-10-28 18:18 -------- d-----w- c:\users\Emma's Uni Account\AppData\Local\temp 2013-10-28 18:18 . 2013-10-28 18:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-10-27 12:03 . 2013-10-27 12:17 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-10-27 12:03 . 2013-10-27 12:03 116440 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2013-10-26 14:13 . 2013-10-27 12:02 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-10-23 15:42 . 2013-10-28 18:06 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{02A84D7F-CCDB-4DD6-960C-EED0ED26B21C}\offreg.dll 2013-10-23 15:40 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{02A84D7F-CCDB-4DD6-960C-EED0ED26B21C}\mpengine.dll 2013-10-08 10:19 . 2013-10-08 10:19 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2013-10-08 10:17 . 2013-10-08 10:17 -------- d-----w- c:\program files\Common Files\Adobe 2013-10-08 10:11 . 2012-08-10 02:01 56336 ------w- c:\windows\system32\drivers\PxHlpa64.sys 2013-10-08 10:11 . 2012-04-24 02:01 11376 ------w- c:\windows\system32\drivers\cdralw2k.sys 2013-10-08 10:11 . 2012-04-24 02:01 10864 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2013-10-08 10:10 . 2013-10-08 10:10 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine 2013-10-08 10:10 . 2013-10-08 10:10 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-28 17:56 . 2012-08-28 18:00 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-28 17:56 . 2012-08-28 18:00 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\users\Sean and Emma\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-06 138096] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "Spotify Web Helper"="c:\users\Sean and Emma\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-10-16 1140736] "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE" [2012-02-29 283232] "Spotify"="c:\users\Sean and Emma\AppData\Roaming\Spotify\spotify.exe" [2013-10-16 4752384] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "KNOWHOW APP CENTRE"="c:\program files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\ismagent.exe" [2012-06-05 152896] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "UacDisableNotify"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x] S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x] S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [x] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2013-10-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3178140741-1008856957-888535845-1002Core.job - c:\users\Sean and Emma\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-06 16:00] . 2013-10-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3178140741-1008856957-888535845-1002UA.job - c:\users\Sean and Emma\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-06 16:00] . 2013-10-28 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job - c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 04:41] . 2013-10-26 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job - c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 04:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-29 12460136] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-02-13 1020064] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-02-13 800416] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Sean and Emma\AppData\Roaming\Mozilla\Firefox\Profiles\ng6qswzi.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-10-28 18:23:07 ComboFix-quarantined-files.txt 2013-10-28 18:23 . Pre-Run: 650,168,893,440 bytes free Post-Run: 650,347,069,440 bytes free . - - End Of File - - 8B6EB085BF5B0FEFB533E40CF66641A0
- October 29, 2013
- 18 replies
- - virus
  - memory
  - (and 2 more)
    Tagged with:
    
    virus
    
    memory
    
    slow
    
    high usage
Slow Laptop/Large Memory Usage Spikes

sean1604 replied to sean1604's topic in Resolved Malware Removal Logs

No malware was found on the scan. Few other problems as computer seems to be running ok. I can't turn on Windows Security Centre Service or windows firewall. Plus I don't know if you can tell but I don't think there is a firewall or anti virus installed on it.
- October 27, 2013
- 18 replies
- - virus
  - memory
  - (and 2 more)
    Tagged with:
    
    virus
    
    memory
    
    slow
    
    high usage
Slow Laptop/Large Memory Usage Spikes

sean1604 replied to sean1604's topic in Resolved Malware Removal Logs

I got a message when starting the rootkit tool which says: Registry value "AppInit_Dlls" has been found, which may be caused by rootkit activity. It asks if I want to remove this value before I run the scan?
- October 26, 2013
- 18 replies
- - virus
  - memory
  - (and 2 more)
    Tagged with:
    
    virus
    
    memory
    
    slow
    
    high usage
Slow Laptop/Large Memory Usage Spikes

sean1604 replied to sean1604's topic in Resolved Malware Removal Logs

RougeKiller 64bit log: RogueKiller V8.7.5 _x64_ [Oct 22 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Sean and Emma [Admin rights] Mode : Scan -- Date : 10/24/2013 22:29:17 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost #[iPv6] 127.0.0.1 fr.a2dfp.net 127.0.0.1 m.fr.a2dfp.net 127.0.0.1 ad.a8.net 127.0.0.1 asy.a8ww.net 127.0.0.1 abcstats.com 127.0.0.1 a.abv.bg 127.0.0.1 adserver.abv.bg 127.0.0.1 adv.abv.bg 127.0.0.1 bimg.abv.bg 127.0.0.1 ca.abv.bg 127.0.0.1 www2.a-counter.kiev.ua 127.0.0.1 track.acclaimnetwork.com 127.0.0.1 accuserveadsystem.com 127.0.0.1 www.accuserveadsystem.com 127.0.0.1 achmedia.com 127.0.0.1 aconti.net 127.0.0.1 secure.aconti.net 127.0.0.1 www.aconti.net #[Dialer.Aconti] [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST750LM022 HN-M750MBB +++++ --- User --- [MBR] f8cb6d41857151d96c83fd1db7031311 [bSP] 6999a457c453a9ecd767a271bcda63c6 : KIWI Image system MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 690257 Mo 2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1413853184 | Size: 25046 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_10242013_222917.txt >>
- October 24, 2013
- 18 replies
- - virus
  - memory
  - (and 2 more)
    Tagged with:
    
    virus
    
    memory
    
    slow
    
    high usage
Slow Laptop/Large Memory Usage Spikes

sean1604 posted a topic in Resolved Malware Removal Logs

My Girlfriends laptop is getting error messages saying it is running low on virtual memory despite not many if any programmes being open. In general it is just running much slower than it should considering the spec of the laptop/memory available so i'm pretty sure there is a virus hogging resources. Any help is much appreciated! Two logs below: DDS DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.9.2 Run by Sean and Emma at 18:45:30 on 2013-10-24 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5926.3560 [GMT 1:00] . AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Bluetooth Suite\adminservice.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe C:\windows\system32\EscSvc64.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\windows\system32\svchost.exe -k bthsvcs C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Users\Sean and Emma\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Windows\System32\spool\drivers\x64\3\E_IATIIME.EXE C:\Users\Sean and Emma\AppData\Roaming\Spotify\spotify.exe C:\windows\system32\SearchIndexer.exe C:\Windows\System32\StikyNot.exe C:\windows\system32\taskeng.exe C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\ismagent.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\windows\system32\igfxext.exe C:\windows\system32\igfxsrvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe C:\Users\Sean and Emma\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\Sean and Emma\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\Sean and Emma\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\Sean and Emma\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\Sean and Emma\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe C:\windows\system32\hkcmd.exe C:\windows\system32\igfxtray.exe C:\windows\system32\igfxpers.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\windows\system32\calc.exe C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - <orphaned> BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - uRun: [Facebook Update] "C:\Users\Sean and Emma\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe uRun: [spotify Web Helper] "C:\Users\Sean and Emma\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [EPLTarget\P0000000000000000] C:\windows\System32\spool\DRIVERS\x64\3\E_IATIIME.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-202 203 206 Series" uRun: [spotify] "C:\Users\Sean and Emma\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart uRun: [RESTART_STICKY_NOTES] C:\windows\System32\StikyNot.exe uRunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe -update activex mRun: [KNOWHOW APP CENTRE] "C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.0.1 TCP: Interfaces\{ACBDF5AE-2F9D-4E2F-BCBA-6F7DCFACF490} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{ACBDF5AE-2F9D-4E2F-BCBA-6F7DCFACF490}\4514C4B44514C4B4D2541454739383 : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL Hosts: 127.0.0.1 ads.mcafee.com Hosts: 127.0.0.1 analytics.microsoft.com Hosts: 127.0.0.1 metrics.bitdefender.com Hosts: 127.0.0.1 metrics.mcafee.com Hosts: 127.0.0.1 om.symantec.com . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Sean and Emma\AppData\Roaming\Mozilla\Firefox\Profiles\ng6qswzi.default\ FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\KNOWHOW\KNOWHOWAPPCENTRE\bin\npAppUp.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Sean and Emma\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-4-25 28992] R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2013-10-8 56336] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2012-8-27 283200] R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2012-4-23 13824] R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048] R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-23 171600] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-2-13 106144] R2 EpsonScanSvc;Epson Scanner Service;C:\windows\System32\escsvc64.exe [2013-4-8 135824] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448] R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-4-23 128280] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-4-23 161560] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-25 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-28 701512] R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568] R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [2012-4-23 31624] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-23 363800] R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-2-13 158880] R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2012-2-13 30368] R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2012-2-16 31216] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-2-15 331264] R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-8-28 25928] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-4-23 648808] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-9-28 1153368] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2012-2-13 36000] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2012-2-13 339616] S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\windows\System32\drivers\btath_avdt.sys [2012-2-13 110752] S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2012-2-13 167584] S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2012-2-13 68256] S3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2012-2-13 280992] S3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2012-2-24 550560] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-8-28 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-10-23 15:42:08 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02A84D7F-CCDB-4DD6-960C-EED0ED26B21C}\offreg.dll 2013-10-23 15:40:13 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02A84D7F-CCDB-4DD6-960C-EED0ED26B21C}\mpengine.dll 2013-10-20 09:33:47 -------- d-----w- C:\Users\Sean and Emma\AppData\Local\{B8D495A4-EDDF-40D9-940D-649137E08D43} 2013-10-16 09:39:06 -------- d-----w- C:\Users\Sean and Emma\AppData\Local\{E6CCFF17-BC9E-46FA-8414-DB055A709E6A} 2013-10-08 10:19:06 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe 2013-10-08 10:11:20 56336 ------w- C:\windows\System32\drivers\PxHlpa64.sys 2013-10-08 10:11:20 11376 ------w- C:\windows\System32\drivers\cdralw2k.sys 2013-10-08 10:11:20 10864 ------w- C:\windows\System32\drivers\cdr4_xp.sys 2013-10-08 10:10:23 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared 2013-10-08 10:10:23 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine 2013-10-06 12:44:17 -------- d-----w- C:\Users\Sean and Emma\AppData\Local\{2259E11E-CA72-42FA-A417-1FF59A0EF1C7} 2013-09-26 22:49:39 -------- d-----w- C:\Users\Sean and Emma\AppData\Local\{40396362-AFC8-4F2A-B750-5462F4E9446A} . ==================== Find3M ==================== . 2013-09-08 16:21:37 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-09-08 16:21:37 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe . ============= FINISH: 18:46:07.18 =============== Attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 27/08/2012 14:12:57 System Uptime: 20/10/2013 00:38:43 (114 hours ago) . Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | SAMSUNG_NP1234567890 Processor: Intel® Core i5-3210M CPU @ 2.50GHz | CPU Socket - U3E1 | 1175/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 674 GiB total, 603.067 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP89: 29/09/2013 18:14:36 - Scheduled Checkpoint RP90: 06/10/2013 19:12:56 - Scheduled Checkpoint RP91: 08/10/2013 11:08:05 - Installed Adobe Photoshop Elements 11. RP92: 16/10/2013 08:34:09 - Scheduled Checkpoint RP93: 23/10/2013 16:48:36 - Scheduled Checkpoint . ==== Hosts File Hijack ====================== . Hosts: 127.0.0.1 ads.mcafee.com Hosts: 127.0.0.1 analytics.microsoft.com Hosts: 127.0.0.1 metrics.bitdefender.com Hosts: 127.0.0.1 metrics.mcafee.com Hosts: 127.0.0.1 om.symantec.com Hosts: 127.0.0.1 ads.bleepingcomputer.com Hosts: 127.0.0.1 wdcs.trendmicro.com . ==== Installed Programs ====================== . ???? ??? Windows Live ???? Windows Live ????? Windows Live ?????? ??????? ?? Windows Live ???????? ?????????? Windows Live ?????????? Windows Live ??????????? ?? Windows Live ABBYY FineReader 9.0 Sprint Adobe AIR Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop Elements 11 Adobe Reader X (10.1.7) Adobe Shockwave Player 11.6 Agatha Christie - Death on the Nile Atheros Bluetooth Suite (64) Atheros Client Installation Program „Windows Live Essentials“ „Windows Live Mail“ „Windows Live Messenger“ „Windows Live“ fotogalerija Bejeweled 2 Deluxe Bing Bar Build-a-lot CCleaner Chicken Invaders 4 (AppUp) Chuzzle Deluxe CyberLink Media Suite CyberLink Media+ Player10 CyberLink MediaShow CyberLink Power2Go CyberLink PowerDirector CyberLink YouCam D3DX10 DAEMON Tools Lite Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Diner Dash 2 Restaurant Rescue Download Navigator E-POP Easy File Share Easy Migration Easy Settings Easy Software Manager Easy Support Center Elements 11 Organizer Epson Easy Photo Print 2 Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) Epson Event Manager EPSON Scan EPSON XP-202 203 206 Series Printer Uninstall EpsonNet Print ERUNT 1.1j Facebook Video Calling 1.2.0.287 Farm Frenzy Fotogalerija Windows Live FruitNinja 1.6.1 Galeria de Fotografias do Windows Live Galeria fotografii uslugi Windows Live Galerie de photos Windows Live Galerie foto Windows Live Galería fotográfica de Windows Live Insaniquarium Deluxe Intel® Manageability Engine Firmware Recovery Agent Intel® Management Engine Components Intel® OpenCL CPU Runtime Intel® Processor Graphics Intel® Rapid Storage Technology Intel® Trusted Connect Service Client Java 7 Update 9 Java Auto Updater John Deere Drive Green Junk Mail filter update KNOWHOW APP CENTRE Malwarebytes Anti-Malware version 1.75.0.1300 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 23.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 Norton Online Backup NVIDIA Control Panel 296.01 NVIDIA Graphics Driver 296.01 NVIDIA Install Application NVIDIA Optimus 1.7.12 NVIDIA PhysX NVIDIA PhysX System Software 9.11.1111 NVIDIA Update Components Peggle Penguins! Plants vs. Zombies Poczta uslugi Windows Live Podstawowe programy Windows Live Polar Golfer Pošta Windows Live PSE11 STI Installer Raccolta foto di Windows Live Realtek Ethernet Controller Driver Realtek High Definition Audio Driver S?????? f?t???af??? t?? Windows Live Samsung Recovery Solution 5 Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2760762) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition SISShortcut Skype™ 5.10 Software Launcher Spotify Spybot - Search & Destroy SpywareBlaster 4.6 swMSM Synaptics Pointing Device Driver Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition User Guide VLC media player 2.0.3 WildTangent Games WildTangent ORB Game Console Windows Live Windows Live ?? Windows Live ?? ??? Windows Live ??? Windows Live ???? Windows Live Communications Platform Windows Live Essentials Windows Live Fotótár Windows Live Foto-galerija Windows Live fotoattelu galerija Windows Live Fotogalerie Windows Live Fotogalleri Windows Live Fotogaléria Windows Live Fotograf Galerisi Windows Live Galeria de Fotos Windows Live Galerija fotografija Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Pošta Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Temel Parçalar Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Liven asennustyökalu Windows Liven sähköposti Windows Liven valokuvavalikoima WinRAR 4.00 (64-bit) Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 20/10/2013 00:43:43, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10. 20/10/2013 00:41:23, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143. 20/10/2013 00:39:32, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 19/10/2013 17:18:12, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service. . ==== End Of File ===========================
- October 24, 2013
- 18 replies
- - virus
  - memory
  - (and 2 more)
    Tagged with:
    
    virus
    
    memory
    
    slow
    
    high usage
Undeletable .exe file, please help.

sean1604 replied to sean1604's topic in Resolved Malware Removal Logs

thanks again for all the help!
- January 12, 2013
- 11 replies
- - Undeletable file
  - .exe Undeletable
  - (and 1 more)
    Tagged with:
    
    Undeletable file
    
    .exe Undeletable
    
    help
Undeletable .exe file, please help.

sean1604 replied to sean1604's topic in Resolved Malware Removal Logs

Nothing found, system seems to be fine and I'm happy that the file is no longer there! Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.12.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Sean :: SEAN-PC [administrator] 12/01/2013 21:28:30 mbam-log-2013-01-12 (21-28-30).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 209951 Time elapsed: 50 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
- January 12, 2013
- 11 replies
- - Undeletable file
  - .exe Undeletable
  - (and 1 more)
    Tagged with:
    
    Undeletable file
    
    .exe Undeletable
    
    help
Undeletable .exe file, please help.

sean1604 replied to sean1604's topic in Resolved Malware Removal Logs

That managed to delete the file thanks and here is the log you asked for; # AdwCleaner v2.105 - Logfile created 01/12/2013 at 21:00:42 # Updated 08/01/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Sean - SEAN-PC # Boot Mode : Normal # Running from : C:\Users\Sean\Desktop\Virus Logs and Files\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\ProgramData\Premium Folder Deleted : C:\Users\Sean\AppData\Local\Conduit Folder Deleted : C:\Users\Sean\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Sean\AppData\LocalLow\wxDfast ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\7r92u0ic.default\prefs.js Deleted : user_pref("extensions.4fba2f0a1f1ed.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...] Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=[...] ************************* AdwCleaner[R1].txt - [2672 octets] - [12/01/2013 20:18:34] AdwCleaner[s1].txt - [2498 octets] - [12/01/2013 21:00:42] ########## EOF - C:\AdwCleaner[s1].txt - [2558 octets] ##########
- January 12, 2013
- 11 replies
- - Undeletable file
  - .exe Undeletable
  - (and 1 more)
    Tagged with:
    
    Undeletable file
    
    .exe Undeletable
    
    help
Undeletable .exe file, please help.

sean1604 replied to sean1604's topic in Resolved Malware Removal Logs

Have I posted on this topic for my reply? When I choose more post options I see my post with the logs; Posted Today, 08:32 PM sean1604 But when I click into my followed content I only have one reply and can't see mine, just concered if it has actually posted or not!
- January 12, 2013
- 11 replies
- - Undeletable file
  - .exe Undeletable
  - (and 1 more)
    Tagged with:
    
    Undeletable file
    
    .exe Undeletable
    
    help
Undeletable .exe file, please help.

sean1604 replied to sean1604's topic in Resolved Malware Removal Logs

Thought I would also post this picture of the file that keeps re-appearing, the icon for it has changed since I started this, it was just a basic windows icon and now its a picture. Here are the logs you asked for and thanks for the help! ADWCleaner log; # AdwCleaner v2.105 - Logfile created 01/12/2013 at 20:18:34 # Updated 08/01/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Sean - SEAN-PC # Boot Mode : Normal # Running from : C:\Users\Sean\Desktop\Virus Logs and Files\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com Folder Found : C:\ProgramData\InstallMate Folder Found : C:\ProgramData\Premium Folder Found : C:\Users\Sean\AppData\Local\Conduit Folder Found : C:\Users\Sean\AppData\LocalLow\Conduit Folder Found : C:\Users\Sean\AppData\LocalLow\wxDfast ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Found : HKU\S-1-5-21-3921608650-3821936656-1871749345-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\7r92u0ic.default\prefs.js Found : user_pref("extensions.4fba2f0a1f1ed.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...] Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=[...] ************************* AdwCleaner[R1].txt - [2549 octets] - [12/01/2013 20:18:34] ########## EOF - C:\AdwCleaner[R1].txt - [2609 octets] ########## TDSSKILLER Log; 20:19:40.0249 2752 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 20:19:42.0277 2752 ============================================================ 20:19:42.0277 2752 Current date / time: 2013/01/12 20:19:42.0277 20:19:42.0277 2752 SystemInfo: 20:19:42.0277 2752 20:19:42.0277 2752 OS Version: 6.1.7601 ServicePack: 1.0 20:19:42.0277 2752 Product type: Workstation 20:19:42.0277 2752 ComputerName: SEAN-PC 20:19:42.0277 2752 UserName: Sean 20:19:42.0277 2752 Windows directory: C:\Windows 20:19:42.0277 2752 System windows directory: C:\Windows 20:19:42.0277 2752 Running under WOW64 20:19:42.0277 2752 Processor architecture: Intel x64 20:19:42.0277 2752 Number of processors: 4 20:19:42.0277 2752 Page size: 0x1000 20:19:42.0277 2752 Boot type: Normal boot 20:19:42.0277 2752 ============================================================ 20:19:42.0527 2752 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:19:42.0527 2752 Drive \Device\Harddisk1\DR1 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x409B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 20:19:42.0542 2752 ============================================================ 20:19:42.0542 2752 \Device\Harddisk0\DR0: 20:19:42.0542 2752 MBR partitions: 20:19:42.0542 2752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x494572B0 20:19:42.0542 2752 \Device\Harddisk1\DR1: 20:19:42.0542 2752 MBR partitions: 20:19:42.0542 2752 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 20:19:42.0542 2752 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000 20:19:42.0542 2752 ============================================================ 20:19:42.0542 2752 C: <-> \Device\Harddisk1\DR1\Partition2 20:19:42.0558 2752 D: <-> \Device\Harddisk0\DR0\Partition1 20:19:42.0558 2752 ============================================================ 20:19:42.0558 2752 Initialize success 20:19:42.0558 2752 ============================================================ 20:19:48.0954 3580 ============================================================ 20:19:48.0954 3580 Scan started 20:19:48.0954 3580 Mode: Manual; 20:19:48.0954 3580 ============================================================ 20:19:49.0141 3580 ================ Scan system memory ======================== 20:19:49.0141 3580 System memory - ok 20:19:49.0141 3580 ================ Scan services ============================= 20:19:49.0172 3580 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 20:19:49.0172 3580 1394ohci - ok 20:19:49.0188 3580 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 20:19:49.0188 3580 ACPI - ok 20:19:49.0188 3580 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 20:19:49.0188 3580 AcpiPmi - ok 20:19:49.0203 3580 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 20:19:49.0203 3580 AdobeFlashPlayerUpdateSvc - ok 20:19:49.0219 3580 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 20:19:49.0219 3580 adp94xx - ok 20:19:49.0219 3580 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 20:19:49.0235 3580 adpahci - ok 20:19:49.0235 3580 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 20:19:49.0235 3580 adpu320 - ok 20:19:49.0235 3580 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 20:19:49.0235 3580 AeLookupSvc - ok 20:19:49.0235 3580 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 20:19:49.0250 3580 AFD - ok 20:19:49.0250 3580 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 20:19:49.0250 3580 agp440 - ok 20:19:49.0250 3580 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 20:19:49.0250 3580 ALG - ok 20:19:49.0250 3580 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 20:19:49.0250 3580 aliide - ok 20:19:49.0266 3580 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 20:19:49.0266 3580 AMD External Events Utility - ok 20:19:49.0266 3580 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 20:19:49.0266 3580 amdide - ok 20:19:49.0266 3580 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 20:19:49.0266 3580 AmdK8 - ok 20:19:49.0344 3580 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 20:19:49.0406 3580 amdkmdag - ok 20:19:49.0422 3580 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 20:19:49.0422 3580 amdkmdap - ok 20:19:49.0422 3580 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 20:19:49.0422 3580 AmdPPM - ok 20:19:49.0422 3580 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 20:19:49.0422 3580 amdsata - ok 20:19:49.0437 3580 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 20:19:49.0437 3580 amdsbs - ok 20:19:49.0437 3580 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 20:19:49.0437 3580 amdxata - ok 20:19:49.0437 3580 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 20:19:49.0437 3580 AntiVirSchedulerService - ok 20:19:49.0453 3580 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 20:19:49.0453 3580 AntiVirService - ok 20:19:49.0453 3580 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 20:19:49.0453 3580 AppID - ok 20:19:49.0453 3580 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 20:19:49.0453 3580 AppIDSvc - ok 20:19:49.0453 3580 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 20:19:49.0453 3580 Appinfo - ok 20:19:49.0453 3580 [ 6BE11AD81D4527D299F0CB5F3731AABC ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys 20:19:49.0453 3580 AppleCharger - ok 20:19:49.0453 3580 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe 20:19:49.0469 3580 AppleChargerSrv - ok 20:19:49.0469 3580 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 20:19:49.0469 3580 arc - ok 20:19:49.0469 3580 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 20:19:49.0469 3580 arcsas - ok 20:19:49.0484 3580 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 20:19:49.0484 3580 aspnet_state - ok 20:19:49.0484 3580 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 20:19:49.0484 3580 AsyncMac - ok 20:19:49.0484 3580 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 20:19:49.0484 3580 atapi - ok 20:19:49.0484 3580 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 20:19:49.0484 3580 AtiHDAudioService - ok 20:19:49.0500 3580 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 20:19:49.0500 3580 AudioEndpointBuilder - ok 20:19:49.0515 3580 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 20:19:49.0515 3580 AudioSrv - ok 20:19:49.0515 3580 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 20:19:49.0515 3580 avgntflt - ok 20:19:49.0515 3580 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 20:19:49.0515 3580 avipbb - ok 20:19:49.0515 3580 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 20:19:49.0531 3580 avkmgr - ok 20:19:49.0531 3580 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 20:19:49.0531 3580 AxInstSV - ok 20:19:49.0531 3580 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 20:19:49.0531 3580 b06bdrv - ok 20:19:49.0547 3580 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 20:19:49.0547 3580 b57nd60a - ok 20:19:49.0547 3580 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 20:19:49.0547 3580 BDESVC - ok 20:19:49.0547 3580 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 20:19:49.0547 3580 Beep - ok 20:19:49.0562 3580 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 20:19:49.0562 3580 BFE - ok 20:19:49.0578 3580 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 20:19:49.0578 3580 BITS - ok 20:19:49.0578 3580 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 20:19:49.0578 3580 blbdrive - ok 20:19:49.0593 3580 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 20:19:49.0593 3580 bowser - ok 20:19:49.0593 3580 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 20:19:49.0593 3580 BrFiltLo - ok 20:19:49.0593 3580 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 20:19:49.0593 3580 BrFiltUp - ok 20:19:49.0593 3580 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 20:19:49.0593 3580 Browser - ok 20:19:49.0609 3580 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 20:19:49.0609 3580 Brserid - ok 20:19:49.0609 3580 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 20:19:49.0609 3580 BrSerWdm - ok 20:19:49.0609 3580 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 20:19:49.0609 3580 BrUsbMdm - ok 20:19:49.0609 3580 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 20:19:49.0609 3580 BrUsbSer - ok 20:19:49.0609 3580 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 20:19:49.0625 3580 BTHMODEM - ok 20:19:49.0625 3580 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 20:19:49.0625 3580 bthserv - ok 20:19:49.0625 3580 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 20:19:49.0625 3580 cdfs - ok 20:19:49.0625 3580 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 20:19:49.0625 3580 cdrom - ok 20:19:49.0640 3580 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 20:19:49.0640 3580 CertPropSvc - ok 20:19:49.0640 3580 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 20:19:49.0640 3580 circlass - ok 20:19:49.0640 3580 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 20:19:49.0640 3580 CLFS - ok 20:19:49.0656 3580 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:19:49.0656 3580 clr_optimization_v2.0.50727_32 - ok 20:19:49.0656 3580 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:19:49.0656 3580 clr_optimization_v2.0.50727_64 - ok 20:19:49.0671 3580 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:19:49.0671 3580 clr_optimization_v4.0.30319_32 - ok 20:19:49.0671 3580 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 20:19:49.0687 3580 clr_optimization_v4.0.30319_64 - ok 20:19:49.0687 3580 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 20:19:49.0687 3580 CmBatt - ok 20:19:49.0703 3580 [ CEE48CCC4D561DDB19C72F9FB55D28D5 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe 20:19:49.0718 3580 cmdAgent - ok 20:19:49.0718 3580 [ 0599D5A458D4E0E37AB84E9D1C5C73E5 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys 20:19:49.0734 3580 cmdGuard - ok 20:19:49.0734 3580 [ 2D3E08C7106F748F9EFF3DEC14142D3E ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys 20:19:49.0734 3580 cmdHlp - ok 20:19:49.0734 3580 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 20:19:49.0734 3580 cmdide - ok 20:19:49.0734 3580 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 20:19:49.0734 3580 CNG - ok 20:19:49.0749 3580 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 20:19:49.0749 3580 Compbatt - ok 20:19:49.0749 3580 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 20:19:49.0749 3580 CompositeBus - ok 20:19:49.0749 3580 COMSysApp - ok 20:19:49.0749 3580 [ C08063F052308B6F5882482615387F30 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys 20:19:49.0749 3580 cpuz135 - ok 20:19:49.0749 3580 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 20:19:49.0749 3580 crcdisk - ok 20:19:49.0765 3580 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 20:19:49.0765 3580 CryptSvc - ok 20:19:49.0765 3580 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys 20:19:49.0765 3580 dc3d - ok 20:19:49.0765 3580 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 20:19:49.0781 3580 DcomLaunch - ok 20:19:49.0781 3580 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 20:19:49.0781 3580 defragsvc - ok 20:19:49.0781 3580 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 20:19:49.0781 3580 DfsC - ok 20:19:49.0796 3580 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 20:19:49.0796 3580 Dhcp - ok 20:19:49.0796 3580 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 20:19:49.0796 3580 discache - ok 20:19:49.0796 3580 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 20:19:49.0796 3580 Disk - ok 20:19:49.0796 3580 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 20:19:49.0812 3580 Dnscache - ok 20:19:49.0812 3580 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 20:19:49.0812 3580 dot3svc - ok 20:19:49.0812 3580 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 20:19:49.0812 3580 Dot4 - ok 20:19:49.0827 3580 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 20:19:49.0827 3580 Dot4Print - ok 20:19:49.0827 3580 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 20:19:49.0827 3580 dot4usb - ok 20:19:49.0827 3580 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 20:19:49.0827 3580 DPS - ok 20:19:49.0827 3580 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 20:19:49.0827 3580 drmkaud - ok 20:19:49.0827 3580 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 20:19:49.0843 3580 dtsoftbus01 - ok 20:19:49.0843 3580 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 20:19:49.0843 3580 DXGKrnl - ok 20:19:49.0859 3580 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 20:19:49.0859 3580 EapHost - ok 20:19:49.0874 3580 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 20:19:49.0905 3580 ebdrv - ok 20:19:49.0905 3580 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 20:19:49.0905 3580 EFS - ok 20:19:49.0921 3580 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 20:19:49.0921 3580 ehRecvr - ok 20:19:49.0921 3580 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 20:19:49.0937 3580 ehSched - ok 20:19:49.0937 3580 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 20:19:49.0937 3580 elxstor - ok 20:19:49.0937 3580 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 20:19:49.0937 3580 ErrDev - ok 20:19:49.0952 3580 [ 84486624268E078255BC7AA47F0960BC ] etdrv C:\Windows\etdrv.sys 20:19:49.0952 3580 etdrv - ok 20:19:49.0952 3580 EtronHub3 - ok 20:19:49.0952 3580 EtronXHCI - ok 20:19:49.0952 3580 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 20:19:49.0952 3580 EventSystem - ok 20:19:49.0968 3580 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 20:19:49.0968 3580 exfat - ok 20:19:49.0968 3580 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 20:19:49.0968 3580 fastfat - ok 20:19:49.0983 3580 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 20:19:49.0983 3580 Fax - ok 20:19:49.0983 3580 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 20:19:49.0983 3580 fdc - ok 20:19:49.0983 3580 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 20:19:49.0983 3580 fdPHost - ok 20:19:49.0999 3580 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 20:19:49.0999 3580 FDResPub - ok 20:19:49.0999 3580 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 20:19:49.0999 3580 FileInfo - ok 20:19:49.0999 3580 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 20:19:49.0999 3580 Filetrace - ok 20:19:49.0999 3580 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 20:19:49.0999 3580 flpydisk - ok 20:19:49.0999 3580 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 20:19:50.0015 3580 FltMgr - ok 20:19:50.0015 3580 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 20:19:50.0030 3580 FontCache - ok 20:19:50.0030 3580 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:19:50.0030 3580 FontCache3.0.0.0 - ok 20:19:50.0030 3580 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 20:19:50.0030 3580 FsDepends - ok 20:19:50.0030 3580 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 20:19:50.0030 3580 Fs_Rec - ok 20:19:50.0046 3580 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 20:19:50.0046 3580 fvevol - ok 20:19:50.0046 3580 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 20:19:50.0046 3580 gagp30kx - ok 20:19:50.0046 3580 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys 20:19:50.0046 3580 gdrv - ok 20:19:50.0061 3580 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 20:19:50.0061 3580 gpsvc - ok 20:19:50.0061 3580 [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64 C:\Windows\GVTDrv64.sys 20:19:50.0061 3580 GVTDrv64 - ok 20:19:50.0061 3580 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 20:19:50.0061 3580 hcw85cir - ok 20:19:50.0077 3580 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 20:19:50.0077 3580 HdAudAddService - ok 20:19:50.0077 3580 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 20:19:50.0077 3580 HDAudBus - ok 20:19:50.0077 3580 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 20:19:50.0077 3580 HidBatt - ok 20:19:50.0093 3580 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 20:19:50.0093 3580 HidBth - ok 20:19:50.0093 3580 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 20:19:50.0093 3580 HidIr - ok 20:19:50.0093 3580 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 20:19:50.0093 3580 hidserv - ok 20:19:50.0093 3580 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 20:19:50.0093 3580 HidUsb - ok 20:19:50.0093 3580 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 20:19:50.0093 3580 hkmsvc - ok 20:19:50.0108 3580 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 20:19:50.0108 3580 HomeGroupListener - ok 20:19:50.0108 3580 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 20:19:50.0108 3580 HomeGroupProvider - ok 20:19:50.0108 3580 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 20:19:50.0108 3580 HpSAMD - ok 20:19:50.0124 3580 [ D4F91CF4DE215D6F14A06087D46725E4 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL 20:19:50.0139 3580 HPSLPSVC - ok 20:19:50.0139 3580 [ A60C877E1CD3AA2E4E5CCD8AF305C0F1 ] HssDrv C:\Windows\system32\DRIVERS\HssDrv.sys 20:19:50.0139 3580 HssDrv - ok 20:19:50.0139 3580 [ 2CFEA9C337B699ACA38487E8A7438F35 ] HssSrv C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe 20:19:50.0139 3580 HssSrv - ok 20:19:50.0139 3580 HssWd - ok 20:19:50.0155 3580 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 20:19:50.0155 3580 HTTP - ok 20:19:50.0171 3580 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 20:19:50.0171 3580 hwpolicy - ok 20:19:50.0171 3580 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 20:19:50.0171 3580 i8042prt - ok 20:19:50.0171 3580 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 20:19:50.0171 3580 iaStorV - ok 20:19:50.0186 3580 [ C3FAB09DEF3FC44E4C20078A1E7C0808 ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys 20:19:50.0186 3580 IDMWFP - ok 20:19:50.0186 3580 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 20:19:50.0186 3580 IDriverT - ok 20:19:50.0202 3580 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:19:50.0202 3580 idsvc - ok 20:19:50.0202 3580 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 20:19:50.0202 3580 iirsp - ok 20:19:50.0217 3580 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 20:19:50.0217 3580 IKEEXT - ok 20:19:50.0233 3580 [ EFFF0AFD27CC97BF0E5E0BAB78419DE7 ] inspect C:\Windows\system32\DRIVERS\inspect.sys 20:19:50.0233 3580 inspect - ok 20:19:50.0249 3580 [ 2CC2F7C5990BB76767038F4B16D17A56 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 20:19:50.0264 3580 IntcAzAudAddService - ok 20:19:50.0264 3580 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 20:19:50.0264 3580 intelide - ok 20:19:50.0264 3580 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 20:19:50.0264 3580 intelppm - ok 20:19:50.0264 3580 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 20:19:50.0264 3580 IPBusEnum - ok 20:19:50.0280 3580 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:19:50.0280 3580 IpFilterDriver - ok 20:19:50.0280 3580 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 20:19:50.0280 3580 iphlpsvc - ok 20:19:50.0295 3580 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 20:19:50.0295 3580 IPMIDRV - ok 20:19:50.0295 3580 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 20:19:50.0295 3580 IPNAT - ok 20:19:50.0295 3580 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 20:19:50.0295 3580 IRENUM - ok 20:19:50.0295 3580 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 20:19:50.0295 3580 isapnp - ok 20:19:50.0295 3580 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 20:19:50.0311 3580 iScsiPrt - ok 20:19:50.0311 3580 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 20:19:50.0311 3580 kbdclass - ok 20:19:50.0311 3580 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 20:19:50.0311 3580 kbdhid - ok 20:19:50.0311 3580 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 20:19:50.0311 3580 KeyIso - ok 20:19:50.0311 3580 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 20:19:50.0311 3580 KSecDD - ok 20:19:50.0327 3580 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 20:19:50.0327 3580 KSecPkg - ok 20:19:50.0327 3580 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 20:19:50.0327 3580 ksthunk - ok 20:19:50.0327 3580 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 20:19:50.0342 3580 KtmRm - ok 20:19:50.0342 3580 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 20:19:50.0342 3580 LanmanServer - ok 20:19:50.0342 3580 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 20:19:50.0342 3580 LanmanWorkstation - ok 20:19:50.0358 3580 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 20:19:50.0358 3580 lltdio - ok 20:19:50.0358 3580 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 20:19:50.0358 3580 lltdsvc - ok 20:19:50.0358 3580 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 20:19:50.0358 3580 lmhosts - ok 20:19:50.0373 3580 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 20:19:50.0373 3580 LSI_FC - ok 20:19:50.0373 3580 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 20:19:50.0373 3580 LSI_SAS - ok 20:19:50.0373 3580 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 20:19:50.0373 3580 LSI_SAS2 - ok 20:19:50.0389 3580 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 20:19:50.0389 3580 LSI_SCSI - ok 20:19:50.0389 3580 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 20:19:50.0389 3580 luafv - ok 20:19:50.0389 3580 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 20:19:50.0389 3580 Mcx2Svc - ok 20:19:50.0389 3580 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 20:19:50.0389 3580 megasas - ok 20:19:50.0405 3580 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 20:19:50.0405 3580 MegaSR - ok 20:19:50.0405 3580 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 20:19:50.0405 3580 MEIx64 - ok 20:19:50.0405 3580 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 20:19:50.0405 3580 MMCSS - ok 20:19:50.0405 3580 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 20:19:50.0420 3580 Modem - ok 20:19:50.0420 3580 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 20:19:50.0420 3580 monitor - ok 20:19:50.0420 3580 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 20:19:50.0420 3580 mouclass - ok 20:19:50.0420 3580 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 20:19:50.0420 3580 mouhid - ok 20:19:50.0420 3580 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 20:19:50.0420 3580 mountmgr - ok 20:19:50.0420 3580 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 20:19:50.0436 3580 MozillaMaintenance - ok 20:19:50.0436 3580 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 20:19:50.0436 3580 mpio - ok 20:19:50.0436 3580 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 20:19:50.0436 3580 mpsdrv - ok 20:19:50.0451 3580 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 20:19:50.0451 3580 MpsSvc - ok 20:19:50.0451 3580 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 20:19:50.0451 3580 MRxDAV - ok 20:19:50.0467 3580 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 20:19:50.0467 3580 mrxsmb - ok 20:19:50.0467 3580 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:19:50.0467 3580 mrxsmb10 - ok 20:19:50.0467 3580 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:19:50.0467 3580 mrxsmb20 - ok 20:19:50.0483 3580 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 20:19:50.0483 3580 msahci - ok 20:19:50.0483 3580 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 20:19:50.0483 3580 msdsm - ok 20:19:50.0483 3580 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 20:19:50.0483 3580 MSDTC - ok 20:19:50.0483 3580 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 20:19:50.0483 3580 Msfs - ok 20:19:50.0498 3580 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 20:19:50.0498 3580 mshidkmdf - ok 20:19:50.0498 3580 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 20:19:50.0498 3580 msisadrv - ok 20:19:50.0498 3580 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 20:19:50.0498 3580 MSiSCSI - ok 20:19:50.0498 3580 msiserver - ok 20:19:50.0498 3580 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 20:19:50.0498 3580 MSKSSRV - ok 20:19:50.0498 3580 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 20:19:50.0514 3580 MSPCLOCK - ok 20:19:50.0514 3580 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 20:19:50.0514 3580 MSPQM - ok 20:19:50.0514 3580 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 20:19:50.0514 3580 MsRPC - ok 20:19:50.0514 3580 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 20:19:50.0514 3580 mssmbios - ok 20:19:50.0514 3580 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 20:19:50.0529 3580 MSTEE - ok 20:19:50.0529 3580 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 20:19:50.0529 3580 MTConfig - ok 20:19:50.0529 3580 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 20:19:50.0529 3580 Mup - ok 20:19:50.0529 3580 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 20:19:50.0529 3580 napagent - ok 20:19:50.0545 3580 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 20:19:50.0545 3580 NativeWifiP - ok 20:19:50.0561 3580 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 20:19:50.0561 3580 NDIS - ok 20:19:50.0561 3580 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 20:19:50.0561 3580 NdisCap - ok 20:19:50.0561 3580 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 20:19:50.0561 3580 NdisTapi - ok 20:19:50.0576 3580 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 20:19:50.0576 3580 Ndisuio - ok 20:19:50.0576 3580 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 20:19:50.0576 3580 NdisWan - ok 20:19:50.0576 3580 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 20:19:50.0576 3580 NDProxy - ok 20:19:50.0576 3580 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 20:19:50.0576 3580 Net Driver HPZ12 - ok 20:19:50.0576 3580 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 20:19:50.0592 3580 NetBIOS - ok 20:19:50.0592 3580 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 20:19:50.0592 3580 NetBT - ok 20:19:50.0592 3580 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 20:19:50.0592 3580 Netlogon - ok 20:19:50.0592 3580 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 20:19:50.0607 3580 Netman - ok 20:19:50.0607 3580 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:19:50.0607 3580 NetMsmqActivator - ok 20:19:50.0607 3580 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:19:50.0607 3580 NetPipeActivator - ok 20:19:50.0623 3580 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 20:19:50.0623 3580 netprofm - ok 20:19:50.0623 3580 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:19:50.0623 3580 NetTcpActivator - ok 20:19:50.0623 3580 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:19:50.0623 3580 NetTcpPortSharing - ok 20:19:50.0623 3580 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 20:19:50.0623 3580 nfrd960 - ok 20:19:50.0639 3580 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 20:19:50.0639 3580 NlaSvc - ok 20:19:50.0639 3580 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 20:19:50.0639 3580 Npfs - ok 20:19:50.0639 3580 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 20:19:50.0639 3580 nsi - ok 20:19:50.0639 3580 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 20:19:50.0639 3580 nsiproxy - ok 20:19:50.0654 3580 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 20:19:50.0670 3580 Ntfs - ok 20:19:50.0685 3580 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys 20:19:50.0685 3580 NuidFltr - ok 20:19:50.0685 3580 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 20:19:50.0685 3580 Null - ok 20:19:50.0685 3580 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 20:19:50.0685 3580 nvraid - ok 20:19:50.0685 3580 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 20:19:50.0685 3580 nvstor - ok 20:19:50.0701 3580 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 20:19:50.0701 3580 nv_agp - ok 20:19:50.0701 3580 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 20:19:50.0701 3580 odserv - ok 20:19:50.0717 3580 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 20:19:50.0717 3580 ohci1394 - ok 20:19:50.0717 3580 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:19:50.0717 3580 ose - ok 20:19:50.0717 3580 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 20:19:50.0717 3580 p2pimsvc - ok 20:19:50.0732 3580 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 20:19:50.0732 3580 p2psvc - ok 20:19:50.0732 3580 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 20:19:50.0732 3580 Parport - ok 20:19:50.0748 3580 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 20:19:50.0748 3580 partmgr - ok 20:19:50.0748 3580 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 20:19:50.0748 3580 PcaSvc - ok 20:19:50.0748 3580 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 20:19:50.0748 3580 pci - ok 20:19:50.0748 3580 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 20:19:50.0748 3580 pciide - ok 20:19:50.0763 3580 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 20:19:50.0763 3580 pcmcia - ok 20:19:50.0763 3580 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 20:19:50.0763 3580 pcw - ok 20:19:50.0763 3580 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 20:19:50.0779 3580 PEAUTH - ok 20:19:50.0795 3580 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 20:19:50.0795 3580 PerfHost - ok 20:19:50.0810 3580 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 20:19:50.0826 3580 pla - ok 20:19:50.0826 3580 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 20:19:50.0826 3580 PlugPlay - ok 20:19:50.0841 3580 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 20:19:50.0841 3580 Pml Driver HPZ12 - ok 20:19:50.0841 3580 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 20:19:50.0841 3580 PNRPAutoReg - ok 20:19:50.0841 3580 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 20:19:50.0841 3580 PNRPsvc - ok 20:19:50.0841 3580 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys 20:19:50.0841 3580 Point64 - ok 20:19:50.0857 3580 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 20:19:50.0857 3580 PolicyAgent - ok 20:19:50.0857 3580 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 20:19:50.0873 3580 Power - ok 20:19:50.0873 3580 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 20:19:50.0873 3580 PptpMiniport - ok 20:19:50.0873 3580 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 20:19:50.0873 3580 Processor - ok 20:19:50.0873 3580 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 20:19:50.0873 3580 ProfSvc - ok 20:19:50.0888 3580 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 20:19:50.0888 3580 ProtectedStorage - ok 20:19:50.0888 3580 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 20:19:50.0888 3580 Psched - ok 20:19:50.0904 3580 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 20:19:50.0919 3580 ql2300 - ok 20:19:50.0919 3580 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 20:19:50.0919 3580 ql40xx - ok 20:19:50.0919 3580 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 20:19:50.0919 3580 QWAVE - ok 20:19:50.0919 3580 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 20:19:50.0935 3580 QWAVEdrv - ok 20:19:50.0935 3580 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 20:19:50.0935 3580 RasAcd - ok 20:19:50.0935 3580 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 20:19:50.0935 3580 RasAgileVpn - ok 20:19:50.0935 3580 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 20:19:50.0935 3580 RasAuto - ok 20:19:50.0935 3580 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 20:19:50.0935 3580 Rasl2tp - ok 20:19:50.0951 3580 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 20:19:50.0951 3580 RasMan - ok 20:19:50.0951 3580 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 20:19:50.0951 3580 RasPppoe - ok 20:19:50.0951 3580 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 20:19:50.0951 3580 RasSstp - ok 20:19:50.0966 3580 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 20:19:50.0966 3580 rdbss - ok 20:19:50.0966 3580 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 20:19:50.0966 3580 rdpbus - ok 20:19:50.0966 3580 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 20:19:50.0966 3580 RDPCDD - ok 20:19:50.0966 3580 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 20:19:50.0966 3580 RDPENCDD - ok 20:19:50.0982 3580 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 20:19:50.0982 3580 RDPREFMP - ok 20:19:50.0982 3580 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 20:19:50.0982 3580 RDPWD - ok 20:19:50.0982 3580 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 20:19:50.0982 3580 rdyboost - ok 20:19:50.0997 3580 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 20:19:50.0997 3580 RemoteAccess - ok 20:19:50.0997 3580 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 20:19:50.0997 3580 RemoteRegistry - ok 20:19:50.0997 3580 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 20:19:50.0997 3580 RpcEptMapper - ok 20:19:50.0997 3580 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 20:19:50.0997 3580 RpcLocator - ok 20:19:51.0013 3580 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 20:19:51.0013 3580 RpcSs - ok 20:19:51.0013 3580 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 20:19:51.0013 3580 rspndr - ok 20:19:51.0029 3580 [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 20:19:51.0029 3580 RTL8167 - ok 20:19:51.0029 3580 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 20:19:51.0029 3580 SamSs - ok 20:19:51.0029 3580 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 20:19:51.0029 3580 sbp2port - ok 20:19:51.0029 3580 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 20:19:51.0044 3580 SCardSvr - ok 20:19:51.0044 3580 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 20:19:51.0044 3580 scfilter - ok 20:19:51.0044 3580 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 20:19:51.0060 3580 Schedule - ok 20:19:51.0060 3580 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 20:19:51.0060 3580 SCPolicySvc - ok 20:19:51.0060 3580 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 20:19:51.0075 3580 SDRSVC - ok 20:19:51.0075 3580 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 20:19:51.0075 3580 secdrv - ok 20:19:51.0075 3580 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 20:19:51.0075 3580 seclogon - ok 20:19:51.0075 3580 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 20:19:51.0075 3580 SENS - ok 20:19:51.0075 3580 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 20:19:51.0075 3580 SensrSvc - ok 20:19:51.0091 3580 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 20:19:51.0091 3580 Serenum - ok 20:19:51.0091 3580 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 20:19:51.0091 3580 Serial - ok 20:19:51.0091 3580 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 20:19:51.0091 3580 sermouse - ok 20:19:51.0091 3580 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 20:19:51.0107 3580 SessionEnv - ok 20:19:51.0107 3580 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 20:19:51.0107 3580 sffdisk - ok 20:19:51.0107 3580 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 20:19:51.0107 3580 sffp_mmc - ok 20:19:51.0107 3580 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 20:19:51.0107 3580 sffp_sd - ok 20:19:51.0107 3580 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 20:19:51.0107 3580 sfloppy - ok 20:19:51.0122 3580 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 20:19:51.0122 3580 SharedAccess - ok 20:19:51.0122 3580 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 20:19:51.0122 3580 ShellHWDetection - ok 20:19:51.0122 3580 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 20:19:51.0138 3580 SiSRaid2 - ok 20:19:51.0138 3580 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 20:19:51.0138 3580 SiSRaid4 - ok 20:19:51.0138 3580 [ 101556F6216E97F1258D87C38203695F ] Smart TimeLock C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe 20:19:51.0138 3580 Smart TimeLock - ok 20:19:51.0138 3580 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 20:19:51.0138 3580 Smb - ok 20:19:51.0153 3580 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 20:19:51.0153 3580 SNMPTRAP - ok 20:19:51.0153 3580 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 20:19:51.0153 3580 spldr - ok 20:19:51.0153 3580 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 20:19:51.0153 3580 Spooler - ok 20:19:51.0185 3580 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 20:19:51.0200 3580 sppsvc - ok 20:19:51.0200 3580 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 20:19:51.0216 3580 sppuinotify - ok 20:19:51.0216 3580 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 20:19:51.0216 3580 srv - ok 20:19:51.0216 3580 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 20:19:51.0231 3580 srv2 - ok 20:19:51.0231 3580 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 20:19:51.0231 3580 srvnet - ok 20:19:51.0231 3580 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 20:19:51.0231 3580 SSDPSRV - ok 20:19:51.0247 3580 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 20:19:51.0247 3580 SstpSvc - ok 20:19:51.0247 3580 Steam Client Service - ok 20:19:51.0247 3580 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 20:19:51.0247 3580 stexstor - ok 20:19:51.0247 3580 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 20:19:51.0263 3580 stisvc - ok 20:19:51.0263 3580 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 20:19:51.0263 3580 swenum - ok 20:19:51.0263 3580 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 20:19:51.0278 3580 swprv - ok 20:19:51.0294 3580 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 20:19:51.0309 3580 SysMain - ok 20:19:51.0309 3580 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 20:19:51.0309 3580 TabletInputService - ok 20:19:51.0309 3580 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 20:19:51.0309 3580 TapiSrv - ok 20:19:51.0325 3580 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 20:19:51.0325 3580 TBS - ok 20:19:51.0341 3580 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 20:19:51.0356 3580 Tcpip - ok 20:19:51.0372 3580 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 20:19:51.0372 3580 TCPIP6 - ok 20:19:51.0387 3580 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 20:19:51.0387 3580 tcpipreg - ok 20:19:51.0387 3580 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 20:19:51.0387 3580 TDPIPE - ok 20:19:51.0387 3580 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 20:19:51.0387 3580 TDTCP - ok 20:19:51.0387 3580 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 20:19:51.0387 3580 tdx - ok 20:19:51.0387 3580 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 20:19:51.0387 3580 TermDD - ok 20:19:51.0403 3580 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 20:19:51.0403 3580 TermService - ok 20:19:51.0419 3580 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 20:19:51.0419 3580 Themes - ok 20:19:51.0419 3580 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 20:19:51.0419 3580 THREADORDER - ok 20:19:51.0419 3580 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 20:19:51.0419 3580 TrkWks - ok 20:19:51.0419 3580 [ 370A6907DDF79532A39319492B1FA38A ] truecrypt C:\Windows\system32\drivers\truecrypt.sys 20:19:51.0419 3580 truecrypt - ok 20:19:51.0434 3580 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 20:19:51.0434 3580 TrustedInstaller - ok 20:19:51.0434 3580 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 20:19:51.0434 3580 tssecsrv - ok 20:19:51.0434 3580 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 20:19:51.0434 3580 TsUsbFlt - ok 20:19:51.0434 3580 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 20:19:51.0434 3580 TsUsbGD - ok 20:19:51.0450 3580 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 20:19:51.0450 3580 tunnel - ok 20:19:51.0450 3580 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 20:19:51.0450 3580 uagp35 - ok 20:19:51.0450 3580 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 20:19:51.0450 3580 udfs - ok 20:19:51.0465 3580 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 20:19:51.0465 3580 UI0Detect - ok 20:19:51.0465 3580 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 20:19:51.0465 3580 uliagpkx - ok 20:19:51.0465 3580 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 20:19:51.0465 3580 umbus - ok 20:19:51.0465 3580 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 20:19:51.0465 3580 UmPass - ok 20:19:51.0481 3580 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 20:19:51.0481 3580 upnphost - ok 20:19:51.0481 3580 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 20:19:51.0481 3580 usbaudio - ok 20:19:51.0481 3580 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 20:19:51.0497 3580 usbccgp - ok 20:19:51.0497 3580 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 20:19:51.0497 3580 usbcir - ok 20:19:51.0497 3580 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 20:19:51.0497 3580 usbehci - ok 20:19:51.0497 3580 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 20:19:51.0512 3580 usbhub - ok 20:19:51.0512 3580 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 20:19:51.0512 3580 usbohci - ok 20:19:51.0512 3580 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 20:19:51.0512 3580 usbprint - ok 20:19:51.0512 3580 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 20:19:51.0512 3580 usbscan - ok 20:19:51.0512 3580 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:19:51.0512 3580 USBSTOR - ok 20:19:51.0528 3580 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 20:19:51.0528 3580 usbuhci - ok 20:19:51.0528 3580 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 20:19:51.0528 3580 UxSms - ok 20:19:51.0528 3580 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 20:19:51.0528 3580 VaultSvc - ok 20:19:51.0528 3580 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 20:19:51.0528 3580 vdrvroot - ok 20:19:51.0543 3580 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 20:19:51.0543 3580 vds - ok 20:19:51.0543 3580 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 20:19:51.0543 3580 vga - ok 20:19:51.0543 3580 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 20:19:51.0543 3580 VgaSave - ok 20:19:51.0543 3580 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 20:19:51.0559 3580 vhdmp - ok 20:19:51.0559 3580 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 20:19:51.0559 3580 viaide - ok 20:19:51.0559 3580 [ FF7C6E015AA32FC6BE0AEF582B802332 ] VirtDiskBus C:\Windows\system32\DRIVERS\VirtDiskBus64.sys 20:19:51.0559 3580 VirtDiskBus - ok 20:19:51.0559 3580 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 20:19:51.0559 3580 volmgr - ok 20:19:51.0559 3580 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 20:19:51.0575 3580 volmgrx - ok 20:19:51.0575 3580 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 20:19:51.0575 3580 volsnap - ok 20:19:51.0575 3580 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 20:19:51.0575 3580 vsmraid - ok 20:19:51.0590 3580 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 20:19:51.0606 3580 VSS - ok 20:19:51.0606 3580 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 20:19:51.0606 3580 vwifibus - ok 20:19:51.0606 3580 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 20:19:51.0621 3580 W32Time - ok 20:19:51.0621 3580 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 20:19:51.0621 3580 WacomPen - ok 20:19:51.0621 3580 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 20:19:51.0621 3580 WANARP - ok 20:19:51.0621 3580 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 20:19:51.0621 3580 Wanarpv6 - ok 20:19:51.0637 3580 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 20:19:51.0653 3580 WatAdminSvc - ok 20:19:51.0668 3580 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 20:19:51.0668 3580 wbengine - ok 20:19:51.0684 3580 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 20:19:51.0684 3580 WbioSrvc - ok 20:19:51.0684 3580 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 20:19:51.0684 3580 wcncsvc - ok 20:19:51.0699 3580 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 20:19:51.0699 3580 WcsPlugInService - ok 20:19:51.0699 3580 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 20:19:51.0699 3580 Wd - ok 20:19:51.0699 3580 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 20:19:51.0715 3580 Wdf01000 - ok 20:19:51.0715 3580 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 20:19:51.0715 3580 WdiServiceHost - ok 20:19:51.0715 3580 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 20:19:51.0715 3580 WdiSystemHost - ok 20:19:51.0731 3580 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 20:19:51.0731 3580 WebClient - ok 20:19:51.0731 3580 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 20:19:51.0731 3580 Wecsvc - ok 20:19:51.0731 3580 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 20:19:51.0731 3580 wercplsupport - ok 20:19:51.0746 3580 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 20:19:51.0746 3580 WerSvc - ok 20:19:51.0746 3580 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 20:19:51.0746 3580 WfpLwf - ok 20:19:51.0746 3580 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 20:19:51.0746 3580 WIMMount - ok 20:19:51.0746 3580 WinDefend - ok 20:19:51.0746 3580 WinHttpAutoProxySvc - ok 20:19:51.0762 3580 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 20:19:51.0762 3580 Winmgmt - ok 20:19:51.0777 3580 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 20:19:51.0793 3580 WinRM - ok 20:19:51.0809 3580 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 20:19:51.0809 3580 WinUsb - ok 20:19:51.0809 3580 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 20:19:51.0824 3580 Wlansvc - ok 20:19:51.0840 3580 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 20:19:51.0855 3580 wlidsvc - ok 20:19:51.0855 3580 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 20:19:51.0855 3580 WmiAcpi - ok 20:19:51.0855 3580 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 20:19:51.0855 3580 wmiApSrv - ok 20:19:51.0855 3580 WMPNetworkSvc - ok 20:19:51.0855 3580 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 20:19:51.0871 3580 WPCSvc - ok 20:19:51.0871 3580 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 20:19:51.0871 3580 WPDBusEnum - ok 20:19:51.0871 3580 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 20:19:51.0871 3580 ws2ifsl - ok 20:19:51.0871 3580 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 20:19:51.0871 3580 wscsvc - ok 20:19:51.0871 3580 WSearch - ok 20:19:51.0902 3580 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 20:19:51.0918 3580 wuauserv - ok 20:19:51.0918 3580 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 20:19:51.0918 3580 WudfPf - ok 20:19:51.0933 3580 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 20:19:51.0933 3580 WUDFRd - ok 20:19:51.0933 3580 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 20:19:51.0933 3580 wudfsvc - ok 20:19:51.0933 3580 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 20:19:51.0949 3580 WwanSvc - ok 20:19:51.0949 3580 ================ Scan global =============================== 20:19:51.0949 3580 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 20:19:51.0949 3580 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll 20:19:51.0949 3580 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll 20:19:51.0965 3580 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 20:19:51.0965 3580 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 20:19:51.0965 3580 [Global] - ok 20:19:51.0965 3580 ================ Scan MBR ================================== 20:19:51.0980 3580 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 20:19:52.0136 3580 \Device\Harddisk0\DR0 - ok 20:19:52.0152 3580 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1 20:19:52.0199 3580 \Device\Harddisk1\DR1 - ok 20:19:52.0199 3580 ================ Scan VBR ================================== 20:19:52.0199 3580 [ 95CCE245BA855655051560A1100AE0FE ] \Device\Harddisk0\DR0\Partition1 20:19:52.0199 3580 \Device\Harddisk0\DR0\Partition1 - ok 20:19:52.0199 3580 [ DFDB005E4357F7A3C0B356464E703C66 ] \Device\Harddisk1\DR1\Partition1 20:19:52.0199 3580 \Device\Harddisk1\DR1\Partition1 - ok 20:19:52.0199 3580 [ 83F526B967BFBCCA83219F50074273F2 ] \Device\Harddisk1\DR1\Partition2 20:19:52.0199 3580 \Device\Harddisk1\DR1\Partition2 - ok 20:19:52.0199 3580 ============================================================ 20:19:52.0199 3580 Scan finished 20:19:52.0199 3580 ============================================================ 20:19:52.0199 3136 Detected object count: 0 20:19:52.0199 3136 Actual detected object count: 0 RKReport log; RogueKiller V8.4.3 [Jan 10 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : http://tigzy.geeksto...roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Sean [Admin rights] Mode : Scan -- Date : 01/12/2013 20:22:29 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [RUN][sUSP PATH] [ON_D:]HKLM\Software[...]\Wow6432Node\Run : US4Service (C:\ProgramData\Everstrike\US4Service.exe) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ -> D:\windows\system32\config\SOFTWARE -> D:\windows\system32\config\SYSTEM -> D:\Users\Default\NTUSER.DAT -> D:\Users\Default User\NTUSER.DAT -> D:\Users\Public\NTUSER.DAT -> D:\Users\Sean\NTUSER.DAT -> D:\Documents and Settings\Default\NTUSER.DAT -> D:\Documents and Settings\Default User\NTUSER.DAT ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD6400AAKS-22A7B0 ATA Device +++++ --- User --- [MBR] c70f5e1a578ce8eea8b7b962c2bc4d98 [bSP] a99b7c81c3f698579e9e68af56f252f4 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20973568 | Size: 600238 Mo User = LL1 ... OK!
- January 12, 2013
- 11 replies
- - Undeletable file
  - .exe Undeletable
  - (and 1 more)
    Tagged with:
    
    Undeletable file
    
    .exe Undeletable
    
    help
Undeletable .exe file, please help.

sean1604 posted a topic in Resolved Malware Removal Logs

I have been away from my computer for a period of time and it appears someone in my family has downloaded a file that I cannot delete. Avira has identified it as; ADWARE/InstallCore.Gen The file is microsoft powerpoint 2010 setup.exe, as I said I cannot be sure when/where this was downloaded. Although Malwarebytes did not detect anything wrong with the file I am sure its some sort of virus as everytime I delete it, it just re-appears on my desktop. I cannot run the file and have tried using fileassassin and lockhunter to delete it but I cannot open the file in these programmes as it requires admin permissions. I have attached the required files if someone could please look at them, thanks! DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.9.2 Run by Sean at 18:52:07 on 2013-01-11 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8175.6362 [GMT 0:00] . AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\spoolsv.exe C:\Windows\system32\atieclxx.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe C:\Windows\Explorer.EXE C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe C:\Windows\System32\svchost.exe -k swprv C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Users\Sean\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.co.uk/ uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup uRun: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot uRun: [spotify Web Helper] "C:\Users\Sean\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab TCP: Interfaces\{31345E57-AD61-40FE-9188-29223D592EA8} : NameServer = 192.168.1.1,192.168.1.15 AppInit_DLLs= C:\Windows\SysWOW64\guard32.dll SSODL: WebCheck - <orphaned> x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll x64-BHO: GBHO.BHO: {45d30484-7ded-43d9-957a-d2fd1f046511} - x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll x64-TB: Smart Recovery 2: {1d09c093-f71e-43c3-b948-19316cbd695e} - x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h x64-Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" x64-Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\7r92u0ic.default\ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q= FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-1-28 21104] R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-1-28 27760] R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-1-17 577824] R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2011-12-19 43248] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-9-1 283200] R1 VirtDiskBus;3TB+ Unlock;C:\Windows\System32\drivers\VirtDiskBus64.sys [2012-1-28 66160] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-3-9 203776] R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-1-28 86224] R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-1-28 110032] R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-1-28 98848] R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-1-28 21992] R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?] R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2012-1-26 148104] R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2012-1-28 114688] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-1-28 115216] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-28 413800] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-1-28 25640] S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-1-28 30528] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-28 1255736] . =============== Created Last 30 ================ . 2013-01-11 18:45:01 -------- d-----w- C:\Program Files\LockHunter 2013-01-11 18:40:00 -------- d-----w- C:\Program Files (x86)\FileASSASSIN 2013-01-11 18:16:56 -------- d-----w- C:\Users\Sean\AppData\Local\Programs 2013-01-09 02:25:45 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1502B8F7-AD4D-404C-A13D-94F47A4C1A4B}\offreg.dll 2013-01-06 16:57:47 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1502B8F7-AD4D-404C-A13D-94F47A4C1A4B}\mpengine.dll 2013-01-05 19:02:58 -------- d-----w- C:\Users\Sean\Green Street Hooligans (2005) 2013-01-01 19:03:31 -------- d-----w- C:\Users\Sean\The.Bourne.Legacy.2012.720p.BRRip.x264.AC3-JYK 2012-12-24 18:59:12 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-24 18:59:12 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-24 18:59:12 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-24 18:59:12 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll . ==================== Find3M ==================== . 2013-01-11 18:47:01 25640 ----a-w- C:\Windows\gdrv.sys 2013-01-08 22:43:35 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-08 22:43:35 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-12-14 16:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-12 12:28:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-12 11:52:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-10-27 06:26:55 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-27 05:51:21 1188864 ----a-w- C:\Windows\System32\wininet.dll 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll . ============= FINISH: 18:52:27.00 =============== attach.txt
- January 11, 2013
- 11 replies
- - Undeletable file
  - .exe Undeletable
  - (and 1 more)
    Tagged with:
    
    Undeletable file
    
    .exe Undeletable
    
    help
Slow new laptop, Tojan.LameShield Detected

sean1604 replied to sean1604's topic in Resolved Malware Removal Logs

Thanks for all your help with this!
- September 28, 2012
- 10 replies
Slow new laptop, Tojan.LameShield Detected

sean1604 replied to sean1604's topic in Resolved Malware Removal Logs

Sorry I couldn't edit my post, also could you post a list of anything I need to undo that you have asked me to do?
- September 28, 2012
- 10 replies
Slow new laptop, Tojan.LameShield Detected

sean1604 replied to sean1604's topic in Resolved Malware Removal Logs

I ran the scan, both express and complete scan (took a while) and it wouldn't let me save a report but there was no virus's reported in either. I guess that might be why. Am I all good now or is there anything else you want me to run mate?
- September 28, 2012
- 10 replies
Slow new laptop, Tojan.LameShield Detected

sean1604 replied to sean1604's topic in Resolved Malware Removal Logs

I thought one of them was a firewall but no neither of them were the paid version, windows firewall is now enabled which you can see in the last log you asked for, any tips on a good free firewall then? I have this set up on another computer so i'll need to look at this! Also should I delete the original trojan file from the quarantine on mbam or does this matter? Here are the logs; MBAM log and TFC was run Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.26.12 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sean and Emma :: DORRIE [administrator] 26/09/2012 21:29:56 mbam-log-2012-09-26 (21-29-56).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 238932 Time elapsed: 3 minute(s), 40 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Security check checkup Results of screen317's Security Check version 0.99.51 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 Adobe Flash Player 11.4.402.265 Adobe Reader X (10.1.4) Mozilla Firefox (15.0) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe Symantec Norton Online Backup NOBuAgent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
- September 26, 2012
- 10 replies
Slow new laptop, Tojan.LameShield Detected

sean1604 replied to sean1604's topic in Resolved Malware Removal Logs

Ok I deleted Vuze and Commodo, although I thought this was my firewall? I thought Avira was just an anti-virus.. When i go into avira internet protection is ticked but I can't click on firewall or web protection etc does this mean it is still active though? Is avira doing both my anti virus AND firewall? The fix button was not active when i ran the aswMBR scan. Here are the reports you asked for; aswMBR report: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-26 18:57:00 ----------------------------- 18:57:00.830 OS Version: Windows x64 6.1.7601 Service Pack 1 18:57:00.830 Number of processors: 4 586 0x3A09 18:57:00.830 ComputerName: DORRIE UserName: 18:57:03.778 Initialize success 18:59:12.198 AVAST engine defs: 12092600 18:59:24.444 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 18:59:24.444 Disk 0 Vendor: ST750LM0 2AR1 Size: 715404MB BusType: 3 18:59:24.476 Disk 0 MBR read successfully 18:59:24.476 Disk 0 MBR scan 18:59:24.491 Disk 0 unknown MBR code 18:59:24.522 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 18:59:24.585 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 690257 MB offset 206848 18:59:24.616 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 25046 MB offset 1413853184 18:59:24.663 Disk 0 scanning C:\windows\system32\drivers 18:59:39.545 Service scanning 19:00:13.600 Modules scanning 19:00:13.600 Scan finished successfully 19:00:41.976 Disk 0 MBR has been saved successfully to "C:\Users\Sean and Emma\Desktop\virus logs and programmes\MBR.dat" 19:00:41.976 The log file has been saved successfully to "C:\Users\Sean and Emma\Desktop\virus logs and programmes\aswMBR.txt" TDSSKILLER log: 19:01:22.0310 5432 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 19:01:22.0482 5432 ============================================================ 19:01:22.0482 5432 Current date / time: 2012/09/26 19:01:22.0482 19:01:22.0482 5432 SystemInfo: 19:01:22.0482 5432 19:01:22.0482 5432 OS Version: 6.1.7601 ServicePack: 1.0 19:01:22.0482 5432 Product type: Workstation 19:01:22.0482 5432 ComputerName: DORRIE 19:01:22.0482 5432 UserName: Sean and Emma 19:01:22.0482 5432 Windows directory: C:\windows 19:01:22.0482 5432 System windows directory: C:\windows 19:01:22.0482 5432 Running under WOW64 19:01:22.0482 5432 Processor architecture: Intel x64 19:01:22.0482 5432 Number of processors: 4 19:01:22.0482 5432 Page size: 0x1000 19:01:22.0482 5432 Boot type: Normal boot 19:01:22.0482 5432 ============================================================ 19:01:23.0106 5432 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:01:23.0121 5432 ============================================================ 19:01:23.0121 5432 \Device\Harddisk0\DR0: 19:01:23.0121 5432 MBR partitions: 19:01:23.0121 5432 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 19:01:23.0121 5432 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x54428800 19:01:23.0121 5432 ============================================================ 19:01:23.0137 5432 C: <-> \Device\Harddisk0\DR0\Partition2 19:01:23.0137 5432 ============================================================ 19:01:23.0137 5432 Initialize success 19:01:23.0137 5432 ============================================================ 19:01:34.0088 5832 ============================================================ 19:01:34.0088 5832 Scan started 19:01:34.0088 5832 Mode: Manual; 19:01:34.0088 5832 ============================================================ 19:01:34.0743 5832 ================ Scan system memory ======================== 19:01:34.0743 5832 System memory - ok 19:01:34.0743 5832 ================ Scan services ============================= 19:01:34.0931 5832 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys 19:01:34.0946 5832 1394ohci - ok 19:01:34.0977 5832 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys 19:01:34.0993 5832 ACPI - ok 19:01:35.0024 5832 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys 19:01:35.0024 5832 AcpiPmi - ok 19:01:35.0180 5832 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 19:01:35.0180 5832 AdobeARMservice - ok 19:01:35.0227 5832 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys 19:01:35.0243 5832 adp94xx - ok 19:01:35.0289 5832 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys 19:01:35.0289 5832 adpahci - ok 19:01:35.0305 5832 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys 19:01:35.0321 5832 adpu320 - ok 19:01:35.0383 5832 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll 19:01:35.0383 5832 AeLookupSvc - ok 19:01:35.0430 5832 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys 19:01:35.0430 5832 AFD - ok 19:01:35.0461 5832 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys 19:01:35.0461 5832 agp440 - ok 19:01:35.0492 5832 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe 19:01:35.0492 5832 ALG - ok 19:01:35.0523 5832 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys 19:01:35.0523 5832 aliide - ok 19:01:35.0539 5832 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys 19:01:35.0539 5832 amdide - ok 19:01:35.0539 5832 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys 19:01:35.0539 5832 AmdK8 - ok 19:01:35.0555 5832 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys 19:01:35.0555 5832 AmdPPM - ok 19:01:35.0601 5832 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys 19:01:35.0601 5832 amdsata - ok 19:01:35.0648 5832 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys 19:01:35.0648 5832 amdsbs - ok 19:01:35.0679 5832 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys 19:01:35.0679 5832 amdxata - ok 19:01:35.0820 5832 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 19:01:35.0820 5832 AntiVirSchedulerService - ok 19:01:35.0867 5832 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 19:01:35.0867 5832 AntiVirService - ok 19:01:35.0960 5832 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys 19:01:35.0960 5832 AppID - ok 19:01:35.0976 5832 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll 19:01:35.0976 5832 AppIDSvc - ok 19:01:35.0991 5832 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll 19:01:35.0991 5832 Appinfo - ok 19:01:36.0023 5832 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys 19:01:36.0023 5832 arc - ok 19:01:36.0054 5832 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys 19:01:36.0054 5832 arcsas - ok 19:01:36.0085 5832 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys 19:01:36.0085 5832 AsyncMac - ok 19:01:36.0147 5832 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys 19:01:36.0147 5832 atapi - ok 19:01:36.0194 5832 [ BCC09E0B0362741D0C084828A1B950F3 ] AthBTPort C:\windows\system32\DRIVERS\btath_flt.sys 19:01:36.0194 5832 AthBTPort - ok 19:01:36.0319 5832 [ 379A6AB7F2AD8FC61B1306767083D705 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe 19:01:36.0335 5832 AtherosSvc - ok 19:01:36.0444 5832 [ 3D68A1EEF77307142636AF5127990BCB ] athr C:\windows\system32\DRIVERS\athrx.sys 19:01:36.0491 5832 athr - ok 19:01:36.0537 5832 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll 19:01:36.0553 5832 AudioEndpointBuilder - ok 19:01:36.0569 5832 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll 19:01:36.0569 5832 AudioSrv - ok 19:01:36.0647 5832 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys 19:01:36.0647 5832 avgntflt - ok 19:01:36.0678 5832 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys 19:01:36.0678 5832 avipbb - ok 19:01:36.0725 5832 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys 19:01:36.0740 5832 avkmgr - ok 19:01:36.0771 5832 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll 19:01:36.0771 5832 AxInstSV - ok 19:01:36.0818 5832 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys 19:01:36.0834 5832 b06bdrv - ok 19:01:36.0865 5832 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys 19:01:36.0865 5832 b57nd60a - ok 19:01:36.0943 5832 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 19:01:36.0943 5832 BBSvc - ok 19:01:36.0974 5832 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll 19:01:36.0974 5832 BDESVC - ok 19:01:37.0021 5832 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys 19:01:37.0021 5832 Beep - ok 19:01:37.0068 5832 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll 19:01:37.0083 5832 BFE - ok 19:01:37.0115 5832 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll 19:01:37.0130 5832 BITS - ok 19:01:37.0146 5832 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys 19:01:37.0146 5832 blbdrive - ok 19:01:37.0193 5832 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys 19:01:37.0193 5832 bowser - ok 19:01:37.0224 5832 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys 19:01:37.0224 5832 BrFiltLo - ok 19:01:37.0224 5832 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys 19:01:37.0224 5832 BrFiltUp - ok 19:01:37.0255 5832 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll 19:01:37.0255 5832 Browser - ok 19:01:37.0302 5832 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys 19:01:37.0302 5832 Brserid - ok 19:01:37.0302 5832 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys 19:01:37.0302 5832 BrSerWdm - ok 19:01:37.0317 5832 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys 19:01:37.0317 5832 BrUsbMdm - ok 19:01:37.0317 5832 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys 19:01:37.0317 5832 BrUsbSer - ok 19:01:37.0364 5832 [ C05ED3246C06EC56F10D85B0304CD09E ] BTATH_A2DP C:\windows\system32\drivers\btath_a2dp.sys 19:01:37.0380 5832 BTATH_A2DP - ok 19:01:37.0380 5832 [ 2D27F7A831657D63AFC78E5E78DCA83F ] btath_avdt C:\windows\system32\drivers\btath_avdt.sys 19:01:37.0395 5832 btath_avdt - ok 19:01:37.0411 5832 [ E6B734A37ADE36FE1A77035F4E484C8C ] BTATH_BUS C:\windows\system32\DRIVERS\btath_bus.sys 19:01:37.0411 5832 BTATH_BUS - ok 19:01:37.0442 5832 [ FB3833E63FF602B69C2FF085846DCF43 ] BTATH_HCRP C:\windows\system32\DRIVERS\btath_hcrp.sys 19:01:37.0442 5832 BTATH_HCRP - ok 19:01:37.0473 5832 [ 371A11C1333BA526263A987A93ACDE3D ] BTATH_LWFLT C:\windows\system32\DRIVERS\btath_lwflt.sys 19:01:37.0473 5832 BTATH_LWFLT - ok 19:01:37.0489 5832 [ ABCD3C16CA850A7594CEB9AD5D966810 ] BTATH_RCP C:\windows\system32\DRIVERS\btath_rcp.sys 19:01:37.0489 5832 BTATH_RCP - ok 19:01:37.0567 5832 [ 13BDB661991ACF40ADCB09BD64A8CBEF ] BtFilter C:\windows\system32\DRIVERS\btfilter.sys 19:01:37.0567 5832 BtFilter - ok 19:01:37.0614 5832 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys 19:01:37.0614 5832 BthEnum - ok 19:01:37.0645 5832 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys 19:01:37.0645 5832 BTHMODEM - ok 19:01:37.0676 5832 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys 19:01:37.0676 5832 BthPan - ok 19:01:37.0692 5832 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys 19:01:37.0707 5832 BTHPORT - ok 19:01:37.0754 5832 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll 19:01:37.0754 5832 bthserv - ok 19:01:37.0785 5832 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys 19:01:37.0785 5832 BTHUSB - ok 19:01:37.0801 5832 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys 19:01:37.0817 5832 cdfs - ok 19:01:37.0848 5832 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys 19:01:37.0863 5832 cdrom - ok 19:01:37.0879 5832 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll 19:01:37.0879 5832 CertPropSvc - ok 19:01:37.0895 5832 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys 19:01:37.0895 5832 circlass - ok 19:01:37.0941 5832 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys 19:01:37.0941 5832 CLFS - ok 19:01:38.0019 5832 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:01:38.0019 5832 clr_optimization_v2.0.50727_32 - ok 19:01:38.0082 5832 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 19:01:38.0097 5832 clr_optimization_v2.0.50727_64 - ok 19:01:38.0191 5832 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:01:38.0191 5832 clr_optimization_v4.0.30319_32 - ok 19:01:38.0238 5832 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 19:01:38.0253 5832 clr_optimization_v4.0.30319_64 - ok 19:01:38.0300 5832 [ E13A438F9E51DD034730678E33B73290 ] clwvd C:\windows\system32\DRIVERS\clwvd.sys 19:01:38.0300 5832 clwvd - ok 19:01:38.0316 5832 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys 19:01:38.0316 5832 CmBatt - ok 19:01:38.0347 5832 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys 19:01:38.0347 5832 cmdide - ok 19:01:38.0409 5832 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys 19:01:38.0409 5832 CNG - ok 19:01:38.0425 5832 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys 19:01:38.0441 5832 Compbatt - ok 19:01:38.0456 5832 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys 19:01:38.0456 5832 CompositeBus - ok 19:01:38.0472 5832 COMSysApp - ok 19:01:38.0550 5832 [ C50FCA785F1AA611A7F49A84AB9C30FE ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe 19:01:38.0565 5832 cphs - ok 19:01:38.0597 5832 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys 19:01:38.0597 5832 crcdisk - ok 19:01:38.0675 5832 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll 19:01:38.0675 5832 CryptSvc - ok 19:01:38.0721 5832 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll 19:01:38.0737 5832 DcomLaunch - ok 19:01:38.0784 5832 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll 19:01:38.0784 5832 defragsvc - ok 19:01:38.0831 5832 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys 19:01:38.0831 5832 DfsC - ok 19:01:38.0862 5832 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll 19:01:38.0862 5832 Dhcp - ok 19:01:38.0877 5832 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys 19:01:38.0877 5832 discache - ok 19:01:38.0909 5832 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys 19:01:38.0909 5832 Disk - ok 19:01:38.0955 5832 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll 19:01:38.0955 5832 Dnscache - ok 19:01:38.0987 5832 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll 19:01:39.0002 5832 dot3svc - ok 19:01:39.0002 5832 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll 19:01:39.0002 5832 DPS - ok 19:01:39.0033 5832 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys 19:01:39.0033 5832 drmkaud - ok 19:01:39.0096 5832 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\windows\system32\DRIVERS\dtsoftbus01.sys 19:01:39.0096 5832 dtsoftbus01 - ok 19:01:39.0143 5832 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys 19:01:39.0158 5832 DXGKrnl - ok 19:01:39.0189 5832 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll 19:01:39.0189 5832 EapHost - ok 19:01:39.0283 5832 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys 19:01:39.0330 5832 ebdrv - ok 19:01:39.0361 5832 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe 19:01:39.0361 5832 EFS - ok 19:01:39.0439 5832 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe 19:01:39.0455 5832 ehRecvr - ok 19:01:39.0455 5832 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe 19:01:39.0455 5832 ehSched - ok 19:01:39.0486 5832 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys 19:01:39.0501 5832 elxstor - ok 19:01:39.0517 5832 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys 19:01:39.0517 5832 ErrDev - ok 19:01:39.0564 5832 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll 19:01:39.0564 5832 EventSystem - ok 19:01:39.0595 5832 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys 19:01:39.0595 5832 exfat - ok 19:01:39.0611 5832 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys 19:01:39.0611 5832 fastfat - ok 19:01:39.0642 5832 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe 19:01:39.0657 5832 Fax - ok 19:01:39.0673 5832 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys 19:01:39.0673 5832 fdc - ok 19:01:39.0704 5832 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll 19:01:39.0704 5832 fdPHost - ok 19:01:39.0704 5832 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll 19:01:39.0720 5832 FDResPub - ok 19:01:39.0735 5832 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys 19:01:39.0735 5832 FileInfo - ok 19:01:39.0751 5832 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys 19:01:39.0751 5832 Filetrace - ok 19:01:39.0767 5832 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys 19:01:39.0782 5832 flpydisk - ok 19:01:39.0782 5832 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys 19:01:39.0782 5832 FltMgr - ok 19:01:39.0845 5832 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll 19:01:39.0860 5832 FontCache - ok 19:01:39.0923 5832 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 19:01:39.0923 5832 FontCache3.0.0.0 - ok 19:01:39.0938 5832 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys 19:01:39.0938 5832 FsDepends - ok 19:01:39.0985 5832 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys 19:01:39.0985 5832 Fs_Rec - ok 19:01:40.0032 5832 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys 19:01:40.0032 5832 fvevol - ok 19:01:40.0063 5832 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys 19:01:40.0063 5832 gagp30kx - ok 19:01:40.0125 5832 [ 521A469CAF61F00E1DE081CC2099C1D6 ] GameConsoleService C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe 19:01:40.0141 5832 GameConsoleService - ok 19:01:40.0172 5832 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll 19:01:40.0188 5832 gpsvc - ok 19:01:40.0203 5832 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys 19:01:40.0203 5832 hcw85cir - ok 19:01:40.0235 5832 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys 19:01:40.0235 5832 HdAudAddService - ok 19:01:40.0266 5832 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys 19:01:40.0266 5832 HDAudBus - ok 19:01:40.0281 5832 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys 19:01:40.0281 5832 HidBatt - ok 19:01:40.0281 5832 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys 19:01:40.0297 5832 HidBth - ok 19:01:40.0313 5832 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys 19:01:40.0313 5832 HidIr - ok 19:01:40.0328 5832 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll 19:01:40.0328 5832 hidserv - ok 19:01:40.0375 5832 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys 19:01:40.0375 5832 HidUsb - ok 19:01:40.0406 5832 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll 19:01:40.0406 5832 hkmsvc - ok 19:01:40.0422 5832 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll 19:01:40.0422 5832 HomeGroupListener - ok 19:01:40.0453 5832 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll 19:01:40.0453 5832 HomeGroupProvider - ok 19:01:40.0484 5832 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys 19:01:40.0484 5832 HpSAMD - ok 19:01:40.0515 5832 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys 19:01:40.0515 5832 HTTP - ok 19:01:40.0547 5832 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys 19:01:40.0547 5832 hwpolicy - ok 19:01:40.0578 5832 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys 19:01:40.0578 5832 i8042prt - ok 19:01:40.0671 5832 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\windows\system32\DRIVERS\iaStor.sys 19:01:40.0671 5832 iaStor - ok 19:01:40.0718 5832 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys 19:01:40.0734 5832 iaStorV - ok 19:01:40.0796 5832 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 19:01:40.0827 5832 idsvc - ok 19:01:41.0155 5832 [ 54E37A4E66B2CA1C38E9728FAD5F9822 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys 19:01:41.0436 5832 igfx - ok 19:01:41.0483 5832 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys 19:01:41.0483 5832 iirsp - ok 19:01:41.0545 5832 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll 19:01:41.0545 5832 IKEEXT - ok 19:01:41.0685 5832 [ 6EF96DF5184DDB95A12107B8D7531FB7 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys 19:01:41.0763 5832 IntcAzAudAddService - ok 19:01:41.0810 5832 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys 19:01:41.0826 5832 IntcDAud - ok 19:01:41.0935 5832 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe 19:01:41.0935 5832 Intel® Capability Licensing Service Interface - ok 19:01:42.0013 5832 [ 9571D8BDB56EBC52280E8020574508E6 ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe 19:01:42.0013 5832 Intel® ME Service - ok 19:01:42.0029 5832 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys 19:01:42.0029 5832 intelide - ok 19:01:42.0075 5832 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys 19:01:42.0075 5832 intelppm - ok 19:01:42.0107 5832 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll 19:01:42.0107 5832 IPBusEnum - ok 19:01:42.0138 5832 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys 19:01:42.0138 5832 IpFilterDriver - ok 19:01:42.0169 5832 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll 19:01:42.0185 5832 iphlpsvc - ok 19:01:42.0185 5832 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys 19:01:42.0185 5832 IPMIDRV - ok 19:01:42.0200 5832 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys 19:01:42.0200 5832 IPNAT - ok 19:01:42.0231 5832 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys 19:01:42.0231 5832 IRENUM - ok 19:01:42.0263 5832 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys 19:01:42.0263 5832 isapnp - ok 19:01:42.0294 5832 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys 19:01:42.0294 5832 iScsiPrt - ok 19:01:42.0341 5832 [ DBD76BC1D498FE368F2C8CB76C3E00A4 ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe 19:01:42.0341 5832 jhi_service - ok 19:01:42.0372 5832 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys 19:01:42.0372 5832 kbdclass - ok 19:01:42.0403 5832 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys 19:01:42.0403 5832 kbdhid - ok 19:01:42.0434 5832 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe 19:01:42.0434 5832 KeyIso - ok 19:01:42.0465 5832 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys 19:01:42.0465 5832 KSecDD - ok 19:01:42.0481 5832 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys 19:01:42.0497 5832 KSecPkg - ok 19:01:42.0497 5832 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys 19:01:42.0497 5832 ksthunk - ok 19:01:42.0528 5832 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll 19:01:42.0559 5832 KtmRm - ok 19:01:42.0590 5832 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll 19:01:42.0590 5832 LanmanServer - ok 19:01:42.0621 5832 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll 19:01:42.0637 5832 LanmanWorkstation - ok 19:01:42.0668 5832 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys 19:01:42.0668 5832 lltdio - ok 19:01:42.0715 5832 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll 19:01:42.0731 5832 lltdsvc - ok 19:01:42.0746 5832 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll 19:01:42.0762 5832 lmhosts - ok 19:01:42.0824 5832 [ 86E4CC39C953D11EF57CF54C4DC78238 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 19:01:42.0824 5832 LMS - ok 19:01:42.0855 5832 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys 19:01:42.0855 5832 LSI_FC - ok 19:01:42.0887 5832 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys 19:01:42.0887 5832 LSI_SAS - ok 19:01:42.0902 5832 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys 19:01:42.0902 5832 LSI_SAS2 - ok 19:01:42.0918 5832 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys 19:01:42.0918 5832 LSI_SCSI - ok 19:01:42.0933 5832 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys 19:01:42.0949 5832 luafv - ok 19:01:42.0980 5832 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll 19:01:42.0980 5832 Mcx2Svc - ok 19:01:43.0011 5832 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys 19:01:43.0011 5832 megasas - ok 19:01:43.0043 5832 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys 19:01:43.0043 5832 MegaSR - ok 19:01:43.0089 5832 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys 19:01:43.0089 5832 MEIx64 - ok 19:01:43.0167 5832 Microsoft SharePoint Workspace Audit Service - ok 19:01:43.0183 5832 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll 19:01:43.0199 5832 MMCSS - ok 19:01:43.0214 5832 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys 19:01:43.0214 5832 Modem - ok 19:01:43.0245 5832 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys 19:01:43.0261 5832 monitor - ok 19:01:43.0277 5832 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys 19:01:43.0277 5832 mouclass - ok 19:01:43.0323 5832 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys 19:01:43.0339 5832 mouhid - ok 19:01:43.0339 5832 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys 19:01:43.0339 5832 mountmgr - ok 19:01:43.0401 5832 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 19:01:43.0401 5832 MozillaMaintenance - ok 19:01:43.0417 5832 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys 19:01:43.0433 5832 mpio - ok 19:01:43.0448 5832 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys 19:01:43.0448 5832 mpsdrv - ok 19:01:43.0495 5832 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll 19:01:43.0511 5832 MpsSvc - ok 19:01:43.0526 5832 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys 19:01:43.0526 5832 MRxDAV - ok 19:01:43.0557 5832 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys 19:01:43.0557 5832 mrxsmb - ok 19:01:43.0573 5832 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys 19:01:43.0573 5832 mrxsmb10 - ok 19:01:43.0589 5832 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys 19:01:43.0604 5832 mrxsmb20 - ok 19:01:43.0620 5832 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys 19:01:43.0620 5832 msahci - ok 19:01:43.0651 5832 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys 19:01:43.0651 5832 msdsm - ok 19:01:43.0667 5832 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe 19:01:43.0682 5832 MSDTC - ok 19:01:43.0698 5832 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys 19:01:43.0698 5832 Msfs - ok 19:01:43.0729 5832 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys 19:01:43.0729 5832 mshidkmdf - ok 19:01:43.0729 5832 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys 19:01:43.0729 5832 msisadrv - ok 19:01:43.0760 5832 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll 19:01:43.0776 5832 MSiSCSI - ok 19:01:43.0776 5832 msiserver - ok 19:01:43.0823 5832 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys 19:01:43.0823 5832 MSKSSRV - ok 19:01:43.0823 5832 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys 19:01:43.0823 5832 MSPCLOCK - ok 19:01:43.0838 5832 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys 19:01:43.0854 5832 MSPQM - ok 19:01:43.0869 5832 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys 19:01:43.0869 5832 MsRPC - ok 19:01:43.0885 5832 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys 19:01:43.0901 5832 mssmbios - ok 19:01:43.0916 5832 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys 19:01:43.0916 5832 MSTEE - ok 19:01:43.0932 5832 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys 19:01:43.0932 5832 MTConfig - ok 19:01:43.0932 5832 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys 19:01:43.0932 5832 Mup - ok 19:01:43.0979 5832 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll 19:01:43.0994 5832 napagent - ok 19:01:44.0025 5832 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys 19:01:44.0041 5832 NativeWifiP - ok 19:01:44.0103 5832 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys 19:01:44.0119 5832 NDIS - ok 19:01:44.0150 5832 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys 19:01:44.0150 5832 NdisCap - ok 19:01:44.0181 5832 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys 19:01:44.0181 5832 NdisTapi - ok 19:01:44.0197 5832 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys 19:01:44.0197 5832 Ndisuio - ok 19:01:44.0197 5832 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys 19:01:44.0197 5832 NdisWan - ok 19:01:44.0228 5832 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys 19:01:44.0228 5832 NDProxy - ok 19:01:44.0244 5832 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys 19:01:44.0244 5832 NetBIOS - ok 19:01:44.0259 5832 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys 19:01:44.0259 5832 NetBT - ok 19:01:44.0275 5832 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe 19:01:44.0291 5832 Netlogon - ok 19:01:44.0322 5832 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll 19:01:44.0322 5832 Netman - ok 19:01:44.0337 5832 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll 19:01:44.0353 5832 netprofm - ok 19:01:44.0384 5832 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 19:01:44.0400 5832 NetTcpPortSharing - ok 19:01:44.0431 5832 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys 19:01:44.0431 5832 nfrd960 - ok 19:01:44.0462 5832 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll 19:01:44.0462 5832 NlaSvc - ok 19:01:44.0571 5832 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe 19:01:44.0603 5832 NOBU - ok 19:01:44.0618 5832 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys 19:01:44.0618 5832 Npfs - ok 19:01:44.0649 5832 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll 19:01:44.0649 5832 nsi - ok 19:01:44.0665 5832 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys 19:01:44.0665 5832 nsiproxy - ok 19:01:44.0727 5832 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys 19:01:44.0743 5832 Ntfs - ok 19:01:44.0774 5832 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys 19:01:44.0774 5832 Null - ok 19:01:45.0133 5832 [ 62CFE4DB3B014D248B70D1076636B001 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys 19:01:45.0445 5832 nvlddmkm - ok 19:01:45.0492 5832 [ 9FD33B959A8FA8912D84589140D18AF5 ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys 19:01:45.0492 5832 nvpciflt - ok 19:01:45.0523 5832 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys 19:01:45.0523 5832 nvraid - ok 19:01:45.0539 5832 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys 19:01:45.0554 5832 nvstor - ok 19:01:45.0601 5832 [ 09EA4E7A5BB2F65DB0818CC5385E0A19 ] nvsvc C:\windows\system32\nvvsvc.exe 19:01:45.0617 5832 nvsvc - ok 19:01:45.0710 5832 [ 961A4BD1A239F032056CE5F9B61CAE6D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 19:01:45.0741 5832 nvUpdatusService - ok 19:01:45.0773 5832 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys 19:01:45.0788 5832 nv_agp - ok 19:01:45.0788 5832 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys 19:01:45.0804 5832 ohci1394 - ok 19:01:45.0866 5832 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 19:01:45.0866 5832 ose - ok 19:01:46.0069 5832 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 19:01:46.0163 5832 osppsvc - ok 19:01:46.0209 5832 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll 19:01:46.0209 5832 p2pimsvc - ok 19:01:46.0241 5832 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll 19:01:46.0256 5832 p2psvc - ok 19:01:46.0272 5832 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys 19:01:46.0272 5832 Parport - ok 19:01:46.0319 5832 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys 19:01:46.0319 5832 partmgr - ok 19:01:46.0334 5832 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll 19:01:46.0334 5832 PcaSvc - ok 19:01:46.0350 5832 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys 19:01:46.0365 5832 pci - ok 19:01:46.0381 5832 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys 19:01:46.0381 5832 pciide - ok 19:01:46.0397 5832 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys 19:01:46.0397 5832 pcmcia - ok 19:01:46.0412 5832 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys 19:01:46.0412 5832 pcw - ok 19:01:46.0428 5832 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys 19:01:46.0443 5832 PEAUTH - ok 19:01:46.0506 5832 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe 19:01:46.0521 5832 PerfHost - ok 19:01:46.0584 5832 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll 19:01:46.0599 5832 pla - ok 19:01:46.0662 5832 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll 19:01:46.0662 5832 PlugPlay - ok 19:01:46.0693 5832 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll 19:01:46.0693 5832 PNRPAutoReg - ok 19:01:46.0709 5832 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll 19:01:46.0709 5832 PNRPsvc - ok 19:01:46.0740 5832 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll 19:01:46.0755 5832 PolicyAgent - ok 19:01:46.0802 5832 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll 19:01:46.0802 5832 Power - ok 19:01:46.0833 5832 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys 19:01:46.0849 5832 PptpMiniport - ok 19:01:46.0849 5832 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys 19:01:46.0865 5832 Processor - ok 19:01:46.0896 5832 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll 19:01:46.0911 5832 ProfSvc - ok 19:01:46.0927 5832 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe 19:01:46.0927 5832 ProtectedStorage - ok 19:01:46.0958 5832 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys 19:01:46.0958 5832 Psched - ok 19:01:47.0005 5832 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys 19:01:47.0021 5832 ql2300 - ok 19:01:47.0036 5832 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys 19:01:47.0036 5832 ql40xx - ok 19:01:47.0067 5832 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll 19:01:47.0067 5832 QWAVE - ok 19:01:47.0083 5832 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys 19:01:47.0083 5832 QWAVEdrv - ok 19:01:47.0099 5832 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys 19:01:47.0099 5832 RasAcd - ok 19:01:47.0145 5832 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys 19:01:47.0145 5832 RasAgileVpn - ok 19:01:47.0161 5832 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll 19:01:47.0161 5832 RasAuto - ok 19:01:47.0177 5832 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys 19:01:47.0177 5832 Rasl2tp - ok 19:01:47.0192 5832 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll 19:01:47.0208 5832 RasMan - ok 19:01:47.0208 5832 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys 19:01:47.0208 5832 RasPppoe - ok 19:01:47.0208 5832 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys 19:01:47.0223 5832 RasSstp - ok 19:01:47.0239 5832 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys 19:01:47.0239 5832 rdbss - ok 19:01:47.0255 5832 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys 19:01:47.0255 5832 rdpbus - ok 19:01:47.0286 5832 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys 19:01:47.0286 5832 RDPCDD - ok 19:01:47.0317 5832 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys 19:01:47.0317 5832 RDPENCDD - ok 19:01:47.0333 5832 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys 19:01:47.0348 5832 RDPREFMP - ok 19:01:47.0379 5832 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys 19:01:47.0379 5832 RDPWD - ok 19:01:47.0395 5832 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys 19:01:47.0395 5832 rdyboost - ok 19:01:47.0426 5832 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll 19:01:47.0442 5832 RemoteAccess - ok 19:01:47.0457 5832 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll 19:01:47.0457 5832 RemoteRegistry - ok 19:01:47.0504 5832 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys 19:01:47.0504 5832 RFCOMM - ok 19:01:47.0567 5832 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 19:01:47.0582 5832 RichVideo - ok 19:01:47.0598 5832 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll 19:01:47.0598 5832 RpcEptMapper - ok 19:01:47.0645 5832 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe 19:01:47.0645 5832 RpcLocator - ok 19:01:47.0660 5832 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll 19:01:47.0676 5832 RpcSs - ok 19:01:47.0707 5832 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys 19:01:47.0707 5832 rspndr - ok 19:01:47.0785 5832 [ 6CF9DB101A75360E98659F823852E540 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys 19:01:47.0785 5832 RTL8167 - ok 19:01:47.0816 5832 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\windows\system32\Drivers\SABI.sys 19:01:47.0816 5832 SABI - ok 19:01:47.0847 5832 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe 19:01:47.0847 5832 SamSs - ok 19:01:47.0910 5832 [ 5E66ABD041D76C46CBF55AEF910FCA56 ] SamsungDeviceConfigurationWinService C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe 19:01:47.0910 5832 SamsungDeviceConfigurationWinService - ok 19:01:47.0925 5832 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys 19:01:47.0925 5832 sbp2port - ok 19:01:47.0957 5832 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll 19:01:47.0957 5832 SCardSvr - ok 19:01:47.0972 5832 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys 19:01:47.0972 5832 scfilter - ok 19:01:48.0019 5832 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll 19:01:48.0019 5832 Schedule - ok 19:01:48.0050 5832 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll 19:01:48.0066 5832 SCPolicySvc - ok 19:01:48.0081 5832 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll 19:01:48.0097 5832 SDRSVC - ok 19:01:48.0159 5832 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 19:01:48.0159 5832 SeaPort - ok 19:01:48.0206 5832 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys 19:01:48.0206 5832 secdrv - ok 19:01:48.0222 5832 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll 19:01:48.0222 5832 seclogon - ok 19:01:48.0237 5832 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll 19:01:48.0237 5832 SENS - ok 19:01:48.0269 5832 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll 19:01:48.0284 5832 SensrSvc - ok 19:01:48.0300 5832 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys 19:01:48.0300 5832 Serenum - ok 19:01:48.0331 5832 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys 19:01:48.0331 5832 Serial - ok 19:01:48.0347 5832 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys 19:01:48.0347 5832 sermouse - ok 19:01:48.0378 5832 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll 19:01:48.0378 5832 SessionEnv - ok 19:01:48.0393 5832 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys 19:01:48.0393 5832 sffdisk - ok 19:01:48.0393 5832 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys 19:01:48.0393 5832 sffp_mmc - ok 19:01:48.0393 5832 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys 19:01:48.0409 5832 sffp_sd - ok 19:01:48.0425 5832 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys 19:01:48.0425 5832 sfloppy - ok 19:01:48.0456 5832 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll 19:01:48.0456 5832 SharedAccess - ok 19:01:48.0503 5832 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll 19:01:48.0503 5832 ShellHWDetection - ok 19:01:48.0549 5832 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys 19:01:48.0549 5832 SiSRaid2 - ok 19:01:48.0565 5832 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys 19:01:48.0565 5832 SiSRaid4 - ok 19:01:48.0612 5832 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 19:01:48.0627 5832 SkypeUpdate - ok 19:01:48.0643 5832 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys 19:01:48.0643 5832 Smb - ok 19:01:48.0674 5832 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe 19:01:48.0674 5832 SNMPTRAP - ok 19:01:48.0690 5832 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys 19:01:48.0690 5832 spldr - ok 19:01:48.0737 5832 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe 19:01:48.0737 5832 Spooler - ok 19:01:48.0830 5832 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe 19:01:48.0877 5832 sppsvc - ok 19:01:48.0877 5832 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll 19:01:48.0893 5832 sppuinotify - ok 19:01:48.0908 5832 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys 19:01:48.0924 5832 srv - ok 19:01:48.0939 5832 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys 19:01:48.0939 5832 srv2 - ok 19:01:48.0955 5832 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys 19:01:48.0955 5832 srvnet - ok 19:01:49.0002 5832 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll 19:01:49.0002 5832 SSDPSRV - ok 19:01:49.0017 5832 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll 19:01:49.0033 5832 SstpSvc - ok 19:01:49.0049 5832 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys 19:01:49.0049 5832 stexstor - ok 19:01:49.0095 5832 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll 19:01:49.0095 5832 stisvc - ok 19:01:49.0127 5832 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys 19:01:49.0127 5832 swenum - ok 19:01:49.0142 5832 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll 19:01:49.0158 5832 swprv - ok 19:01:49.0205 5832 [ 7E488378004FF5F9DCD1711522B1241A ] SynTP C:\windows\system32\DRIVERS\SynTP.sys 19:01:49.0205 5832 SynTP - ok 19:01:49.0267 5832 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll 19:01:49.0283 5832 SysMain - ok 19:01:49.0314 5832 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll 19:01:49.0314 5832 TabletInputService - ok 19:01:49.0329 5832 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll 19:01:49.0345 5832 TapiSrv - ok 19:01:49.0361 5832 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll 19:01:49.0361 5832 TBS - ok 19:01:49.0454 5832 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys 19:01:49.0470 5832 Tcpip - ok 19:01:49.0517 5832 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys 19:01:49.0532 5832 TCPIP6 - ok 19:01:49.0579 5832 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys 19:01:49.0579 5832 tcpipreg - ok 19:01:49.0595 5832 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys 19:01:49.0595 5832 TDPIPE - ok 19:01:49.0626 5832 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys 19:01:49.0626 5832 TDTCP - ok 19:01:49.0641 5832 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys 19:01:49.0641 5832 tdx - ok 19:01:49.0657 5832 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys 19:01:49.0657 5832 TermDD - ok 19:01:49.0704 5832 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll 19:01:49.0704 5832 TermService - ok 19:01:49.0719 5832 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll 19:01:49.0719 5832 Themes - ok 19:01:49.0751 5832 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll 19:01:49.0766 5832 THREADORDER - ok 19:01:49.0782 5832 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll 19:01:49.0782 5832 TrkWks - ok 19:01:49.0829 5832 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe 19:01:49.0829 5832 TrustedInstaller - ok 19:01:49.0860 5832 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys 19:01:49.0860 5832 tssecsrv - ok 19:01:49.0891 5832 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys 19:01:49.0891 5832 TsUsbFlt - ok 19:01:49.0907 5832 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys 19:01:49.0907 5832 TsUsbGD - ok 19:01:49.0938 5832 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys 19:01:49.0953 5832 tunnel - ok 19:01:49.0969 5832 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys 19:01:49.0969 5832 uagp35 - ok 19:01:49.0985 5832 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys 19:01:49.0985 5832 udfs - ok 19:01:50.0031 5832 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe 19:01:50.0031 5832 UI0Detect - ok 19:01:50.0078 5832 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys 19:01:50.0078 5832 uliagpkx - ok 19:01:50.0094 5832 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys 19:01:50.0109 5832 umbus - ok 19:01:50.0141 5832 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys 19:01:50.0141 5832 UmPass - ok 19:01:50.0265 5832 [ D80B1075B69B57A3AB78F750CE463ECE ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 19:01:50.0265 5832 UNS - ok 19:01:50.0281 5832 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll 19:01:50.0297 5832 upnphost - ok 19:01:50.0328 5832 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys 19:01:50.0328 5832 usbccgp - ok 19:01:50.0343 5832 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys 19:01:50.0343 5832 usbcir - ok 19:01:50.0375 5832 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys 19:01:50.0375 5832 usbehci - ok 19:01:50.0406 5832 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys 19:01:50.0406 5832 usbhub - ok 19:01:50.0421 5832 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys 19:01:50.0421 5832 usbohci - ok 19:01:50.0437 5832 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys 19:01:50.0437 5832 usbprint - ok 19:01:50.0468 5832 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS 19:01:50.0468 5832 USBSTOR - ok 19:01:50.0499 5832 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys 19:01:50.0499 5832 usbuhci - ok 19:01:50.0546 5832 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys 19:01:50.0546 5832 usbvideo - ok 19:01:50.0593 5832 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll 19:01:50.0593 5832 UxSms - ok 19:01:50.0609 5832 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe 19:01:50.0624 5832 VaultSvc - ok 19:01:50.0655 5832 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys 19:01:50.0655 5832 vdrvroot - ok 19:01:50.0687 5832 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe 19:01:50.0687 5832 vds - ok 19:01:50.0718 5832 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys 19:01:50.0718 5832 vga - ok 19:01:50.0718 5832 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys 19:01:50.0718 5832 VgaSave - ok 19:01:50.0780 5832 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys 19:01:50.0796 5832 vhdmp - ok 19:01:50.0811 5832 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys 19:01:50.0811 5832 viaide - ok 19:01:50.0827 5832 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys 19:01:50.0827 5832 volmgr - ok 19:01:50.0843 5832 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys 19:01:50.0858 5832 volmgrx - ok 19:01:50.0874 5832 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys 19:01:50.0889 5832 volsnap - ok 19:01:50.0967 5832 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys 19:01:50.0967 5832 vsmraid - ok 19:01:51.0061 5832 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe 19:01:51.0077 5832 VSS - ok 19:01:51.0123 5832 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys 19:01:51.0123 5832 vwifibus - ok 19:01:51.0155 5832 [ 13A0DECD1794DE60A8427862C8669D27 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys 19:01:51.0155 5832 vwififlt - ok 19:01:51.0201 5832 [ 49003B357D101CDC474937437ECF5ABC ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys 19:01:51.0201 5832 vwifimp - ok 19:01:51.0248 5832 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll 19:01:51.0248 5832 W32Time - ok 19:01:51.0279 5832 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys 19:01:51.0279 5832 WacomPen - ok 19:01:51.0326 5832 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys 19:01:51.0326 5832 WANARP - ok 19:01:51.0326 5832 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys 19:01:51.0342 5832 Wanarpv6 - ok 19:01:51.0404 5832 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe 19:01:51.0451 5832 WatAdminSvc - ok 19:01:51.0513 5832 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe 19:01:51.0529 5832 wbengine - ok 19:01:51.0560 5832 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll 19:01:51.0560 5832 WbioSrvc - ok 19:01:51.0576 5832 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll 19:01:51.0576 5832 wcncsvc - ok 19:01:51.0607 5832 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll 19:01:51.0607 5832 WcsPlugInService - ok 19:01:51.0638 5832 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys 19:01:51.0638 5832 Wd - ok 19:01:51.0685 5832 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys 19:01:51.0685 5832 Wdf01000 - ok 19:01:51.0701 5832 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll 19:01:51.0701 5832 WdiServiceHost - ok 19:01:51.0701 5832 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll 19:01:51.0716 5832 WdiSystemHost - ok 19:01:51.0732 5832 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll 19:01:51.0732 5832 WebClient - ok 19:01:51.0763 5832 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll 19:01:51.0779 5832 Wecsvc - ok 19:01:51.0779 5832 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll 19:01:51.0794 5832 wercplsupport - ok 19:01:51.0810 5832 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll 19:01:51.0810 5832 WerSvc - ok 19:01:51.0825 5832 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys 19:01:51.0841 5832 WfpLwf - ok 19:01:51.0857 5832 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys 19:01:51.0857 5832 WIMMount - ok 19:01:51.0888 5832 WinDefend - ok 19:01:51.0888 5832 WinHttpAutoProxySvc - ok 19:01:51.0966 5832 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll 19:01:51.0981 5832 Winmgmt - ok 19:01:52.0028 5832 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll 19:01:52.0059 5832 WinRM - ok 19:01:52.0137 5832 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll 19:01:52.0153 5832 Wlansvc - ok 19:01:52.0215 5832 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 19:01:52.0215 5832 wlcrasvc - ok 19:01:52.0325 5832 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 19:01:52.0356 5832 wlidsvc - ok 19:01:52.0371 5832 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys 19:01:52.0371 5832 WmiAcpi - ok 19:01:52.0403 5832 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe 19:01:52.0403 5832 wmiApSrv - ok 19:01:52.0434 5832 WMPNetworkSvc - ok 19:01:52.0465 5832 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll 19:01:52.0465 5832 WPCSvc - ok 19:01:52.0481 5832 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll 19:01:52.0481 5832 WPDBusEnum - ok 19:01:52.0512 5832 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys 19:01:52.0512 5832 ws2ifsl - ok 19:01:52.0527 5832 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll 19:01:52.0527 5832 wscsvc - ok 19:01:52.0543 5832 WSearch - ok 19:01:52.0621 5832 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll 19:01:52.0652 5832 wuauserv - ok 19:01:52.0683 5832 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys 19:01:52.0683 5832 WudfPf - ok 19:01:52.0746 5832 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys 19:01:52.0746 5832 WUDFRd - ok 19:01:52.0777 5832 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll 19:01:52.0777 5832 wudfsvc - ok 19:01:52.0793 5832 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll 19:01:52.0808 5832 WwanSvc - ok 19:01:52.0886 5832 [ A5B25E310678175F4779499FFF7D0994 ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe 19:01:52.0886 5832 ZAtheros Bt&Wlan Coex Agent - ok 19:01:52.0933 5832 ================ Scan global =============================== 19:01:52.0964 5832 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll 19:01:52.0995 5832 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll 19:01:53.0011 5832 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll 19:01:53.0042 5832 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll 19:01:53.0089 5832 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe 19:01:53.0089 5832 [Global] - ok 19:01:53.0089 5832 ================ Scan MBR ================================== 19:01:53.0105 5832 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0 19:01:53.0339 5832 \Device\Harddisk0\DR0 - ok 19:01:53.0339 5832 ================ Scan VBR ================================== 19:01:53.0339 5832 [ 14EBED93A4EA68FE60406008EB0D8E85 ] \Device\Harddisk0\DR0\Partition1 19:01:53.0339 5832 \Device\Harddisk0\DR0\Partition1 - ok 19:01:53.0354 5832 [ 975A35D2D4DA727F4B1160760DE1F7AF ] \Device\Harddisk0\DR0\Partition2 19:01:53.0354 5832 \Device\Harddisk0\DR0\Partition2 - ok 19:01:53.0354 5832 ============================================================ 19:01:53.0354 5832 Scan finished 19:01:53.0354 5832 ============================================================ 19:01:53.0370 5664 Detected object count: 0 19:01:53.0370 5664 Actual detected object count: 0 19:03:01.0823 0736 Deinitialize success RKReport log RogueKiller V8.0.5 [09/23/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Sean and Emma [Admin rights] Mode : Scan -- Date : 09/26/2012 19:05:25 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST750LM022 HN-M750MBB +++++ --- User --- [MBR] f8cb6d41857151d96c83fd1db7031311 [bSP] 6999a457c453a9ecd767a271bcda63c6 : KIWI Image system MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 690257 Mo 2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1413853184 | Size: 25046 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt Thanks for the help!
- September 26, 2012
- 10 replies

Events

Profiles

Forums

Everything posted by sean1604

Important Information