Jump to content

Please help! random advertisement playing in background, possible malware =[


Recommended Posts

Hello~ I've been recently getting a random advertisement / music playing in the background coming from absolutely nothing. I've tried restarting numerous times, and even restored to an earlier point in time 3 times lol. It was proven no help and continued to make the random audio. I suspected it to be a virus/ malware so i ran numerous tests with spybot, malwarebytes, ccleaner and many more. I've also detected a babylon and managed to partially get rid of it. ( not quite sure if its fully removed because it is still in firefox about:config and some files continue to come back even after countless resets. And on IE i was able to disable babylon from search provider, but was unable to delete it). Im not quite sure if babylon has anything to do with this =/ , but if you could plz help me get to the bottom of this, itd rly help alot~ As you may already know, i dont know too much about computers =/ so a step by step direction would be greatly appreciated :D TY~

Also a system recovery is not responding and will not load for some reason =/

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

Run by Bugs Bunny at 13:23:32 on 2012-07-18

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4863.3004 [GMT -4:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\WUDFHost.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe

C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Premiumplay Codec-C: {11111111-1111-1111-1111-110011041135} - C:\Program Files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

mRun: [vptray] C:\PROGRA~2\SYMANT~1\VPTray.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\BUGSBU~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Bugs Bunny\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

Attach.txt .

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 9/24/2011 8:27:29 PM

System Uptime: 7/18/2012 12:46:48 PM (1 hours ago)

.

Motherboard: PEGATRON CORPORATION | | VIOLA

Processor: AMD Phenom™ 9550 Quad-Core Processor | CPU 1 | 1100/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 699 GiB total, 594.155 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is FIXED (NTFS) - 0 GiB total, 0.07 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP158: 7/17/2012 11:49:12 PM - Configured League of Legends

RP159: 7/17/2012 11:53:16 PM - Configured League of Legends

RP160: 7/18/2012 12:09:46 AM - Configured League of Legends

RP161: 7/18/2012 12:17:10 AM - Restore Operation

RP162: 7/18/2012 12:42:44 AM - Removed BabylonObjectInstaller

RP163: 7/18/2012 12:47:56 AM - Removed BabylonObjectInstaller

RP164: 7/18/2012 12:48:58 AM - Windows Update

RP165: 7/18/2012 1:26:12 AM - Restore Operation

RP166: 7/18/2012 1:47:28 AM - Windows Update

RP167: 7/18/2012 3:05:55 AM - Windows Update

RP168: 7/18/2012 7:16:44 AM - Installed SpyHunter

RP169: 7/18/2012 8:45:55 AM - Removed SpyHunter

RP170: 7/18/2012 8:47:01 AM - Removed SpyHunter

RP171: 7/18/2012 11:04:25 AM - Restore Operation

RP172: 7/18/2012 12:18:32 PM - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

Adobe Shockwave Player 11.6

Apple Application Support

Apple Software Update

Belkin Connect Wireless USB Adapter

Belkin Wireless G USB Adapter Driver

BufferChm

Copy

Counter-Strike: Condition Zero

Counter-Strike: Source

Destinations

DeviceDiscovery

Diablo III

Link to post
Share on other sites

I do not see any antivirus program installed on this system.

How long have you been without antivirus ?

IF it turns out this machine is compromised, there will be no alternative for you but to wipe the HDD and put on Windows as a new install, plus antivirus, plus all your application programs. That will lose all your personal files and documents unless you had earlier backed them up to offline backup media.

Three good antivirus programs free for non-commercial home use are Avast!, Avira Free Antivirus and Microsoft Security Essentials

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

I would suggest you get either MSE or Avira.

The sequence to use when switching antivirus is this:

1) Download AND SAVE the setup program of the new antivirus. (Have it handy).

2) Disconnect pc from internet

3) De-install the old antivirus (in your case with XP, use the Add-or-Remove program & then locate it & un-install (remove)

4) Make sure to Logoff and Restart Windows fresh.

5) Run setup of new antivirus

6) Logoff and Restart fresh

7) Reconnect to internet

7) start the new A-V, and do an Update run (to make sure it is all current)

Step 2

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 3

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 4

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and copy/paste into a reply

Step 5

Please read carefully and follow these steps.

  • Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
  • Download TDSSKiller and save it to your Desktop.
  • If on Windows 7 or Vista, RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
    If on Windows XP, double-click to start.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  • Then press Start Scan

When the scan is done, it will display a summary screen.

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 6

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into a reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Step 7

RE-Enable your antivirus program. excl.png

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSITx64.exe to run RSITx64.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
I will need the following logs:
  • the contents of aswMBR report;
  • the contents of TDSSKILLER log;
  • the contents of RKreport.txt log;
  • the contents of Log.txt;
  • the contents of Info.txt ; and
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Thank you soooo much for the reply! I have no idea wat i just did , but i have followed your directions step by step. Here are the logs you've asked for :

aswMBR report; aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-18 16:21:36

-----------------------------

16:21:36.153 OS Version: Windows x64 6.1.7600

16:21:36.153 Number of processors: 4 586 0x203

16:21:36.153 ComputerName: BUGSBUNNY-PC UserName: Bugs Bunny

16:21:37.676 Initialize success

16:23:09.918 AVAST engine defs: 12071800

16:24:40.254 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064

16:24:40.258 Disk 0 Vendor: NVIDIA__ Size: 715404MB BusType: 8

16:24:40.262 Device \Driver\nvraid -> MajorFunction fffffa8005fb15e8

16:24:40.266 Disk 0 MBR read successfully

16:24:40.270 Disk 0 MBR scan

16:24:40.279 Disk 0 Windows 7 default MBR code

16:24:40.291 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

16:24:40.309 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 715302 MB offset 206848

16:24:40.349 Disk 0 scanning C:\Windows\system32\drivers

16:24:58.318 Service scanning

16:25:25.452 Modules scanning

16:25:25.464 Disk 0 trace - called modules:

16:25:25.472 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8005fb15e8]<<

16:25:25.482 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800522d060]

16:25:25.487 3 CLASSPNP.SYS[fffff88000e0143f] -> nt!IofCallDriver -> \Device\00000064[0xfffffa8004fc5060]

16:25:25.492 \Driver\nvraid[0xfffffa8005ec4e70] -> IRP_MJ_CREATE -> 0xfffffa8005fb15e8

16:25:27.680 AVAST engine scan C:\Windows

16:25:34.511 AVAST engine scan C:\Windows\system32

16:32:02.488 AVAST engine scan C:\Windows\system32\drivers

16:32:23.087 AVAST engine scan C:\Users\Bugs Bunny

16:36:59.401 AVAST engine scan C:\ProgramData

16:38:06.886 Scan finished successfully

19:52:23.873 Disk 0 MBR has been saved successfully to "C:\Users\Bugs Bunny\Documents\MBR.dat"

19:52:23.878 The log file has been saved successfully to "C:\Users\Bugs Bunny\Documents\aswMBR.txt"

19:52:34.608 Disk 0 MBR has been saved successfully to "C:\Users\Bugs Bunny\Desktop\MBR.dat"

19:52:34.614 The log file has been saved successfully to "C:\Users\Bugs Bunny\Desktop\aswMBR.txt"

RKreport.txt log; RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User: Bugs Bunny [Admin rights]

Mode: Scan -- Date: 07/18/2012 20:06:38

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[sUSP PATH] ERUNT AutoBackup.lnk @Bugs Bunny : C:\desktop\AUTOBACK.EXE -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: NVIDIA STRIPE 698.63G +++++

--- User ---

[MBR] 8ddca4e5b1d54e3e1a7fffcd96ad90b0

[bSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 715302 Mo

Error reading LL1 MBR!

Error reading LL2 MBR!

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Log.txt; Logfile of random's system information tool 1.09 (written by random/random)

Run by Bugs Bunny at 2012-07-18 20:08:27

Microsoft Windows 7 Ultimate

System drive C: has 607 GB (85%) free of 715 GB

Total RAM: 4863 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:08:32 PM, on 7/18/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16447)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files\trend micro\Bugs Bunny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: CrossriderApp0000435 - {11111111-1111-1111-1111-110011041135} - C:\Program Files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-1389837607-2242571852-52406370-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-1389837607-2242571852-52406370-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Startup: Dropbox.lnk = Bugs Bunny\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: ERUNT AutoBackup.lnk = C:\desktop\AUTOBACK.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

O8 - Extra context menu item: Free YouTube Download - C:\Users\Bugs Bunny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bugs Bunny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: xsherlock - Wellbia.com Co., Ltd. - C:\Windows\system32\xsherlock.xem

--

End of file - 10994 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE 0x2cc

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"

C:\Windows\system32\nvvsvc.exe -session -first

C:\Windows\System32\spoolsv.exe

"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"

"taskhost.exe"

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe"

"C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe"

"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1

"C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_000007a0

\??\C:\Windows\system32\conhost.exe "-2090980931535698363983461302151267386-19194347817404423691752995279817890251

"C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE"

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-1b9fdd87-d60b-4528-a1f9-f2ea7ad5c16e -SystemEventPortName:HostProcess-831c850d-4b67-4a99-acb2-ccfa6e993cab -IoCancelEventPortName:HostProcess-d265817b-3eea-4f3e-b162-4482173d26a3 -NonStateChangingEventPortName:HostProcess-694b9c78-5b8b-43db-8489-ccfc1cf98c48 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:ad02dba2-aff8-4397-9a26-ee643ba71c81

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

"C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe"

"C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe"

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Deskjet F4200 series#1323038899" -Startup

"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding

"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding

"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"

C:\Windows\System32\svchost.exe -k secsvcs

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520

"C:\Windows\system32\wuauclt.exe"

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

"C:\Users\Bugs Bunny\Desktop\RSITx64.exe"

C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 5f957f63-c1a7-47b5-9bef-89507b8472fc.job

C:\Windows\tasks\SUPERAntiSpyware Scheduled Task d921bfdc-0aea-458e-9479-8d3b230d2d3a.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Bugs Bunny\AppData\Roaming\Mozilla\Firefox\Profiles\rdp52gji.default

prefs.js - "browser.search.useDBForOrder" - true

prefs.js - "browser.startup.homepage" - "http://www.ask.com?o=10148&l=dis&tb=AVR-3"

prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.3.300.265 Plugin

"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]

"Description"=Adobe Shockwave Player

"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]

"Description"=iTunes Detector Plug-in

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]

"Description"=

"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.4.1]

"Description"=

"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nexon.net/NxGame]

"Description"=Nexon Game Controller

"Path"=C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]

"Description"=NVIDIA stereo images plugin for Mozilla browsers

"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]

"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers

"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]

"Description"=This plugin detects and launches Pando Media Booster

"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.3.300.265 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\

{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

npijjiFFPlugin1.xpt

nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\

npijjiautoinstallpluginff.dll

npijjiFFPlugin1.dll

nppl3260.xpt

QuickTimePlugin.class

C:\Program Files (x86)\Mozilla Firefox\searchplugins\

amazondotcom.xml

babylon.xml

bing.xml

bing.xml.old

eBay.xml

google.xml

twitter.xml

wikipedia.xml

yahoo.xml

C:\Users\Bugs Bunny\AppData\Roaming\Mozilla\Firefox\Profiles\rdp52gji.default\searchplugins\

bing-zugo.xml

conduit.xml

s-amazon.xml

swagbuckscom.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]

HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011041135}]

Premiumplay Codec-C - C:\Program Files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll [2011-12-14 463872]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-04-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

DVDVideoSoftTB Toolbar - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-14 3843232]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-01-04 1514152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-04-04 157576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]

HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-01-04 1514152]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"MRT"=C:\Windows\system32\MRT.exe [2012-07-18 59701280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-07-09 5661056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

C:\Program Files (x86)\Steam\Steam.exe [2011-12-31 1242448]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2011-12-24 981680]

"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]

"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-02 59240]

"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-01-16 421736]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

""= []

"ApnUpdater"=C:\Program Files (x86)\Ask.com\Updater\Updater.exe [2012-01-04 1391272]

"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2012-05-02 348624]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

C:\Users\Bugs Bunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Dropbox.lnk - C:\Users\Bugs Bunny\AppData\Roaming\Dropbox\bin\Dropbox.exe

ERUNT AutoBackup.lnk - C:\desktop\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"PromptOnSecureDesktop"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-07-18 20:08:28 ----D---- C:\Program Files\trend micro

2012-07-18 20:08:27 ----D---- C:\rsit

2012-07-18 19:58:48 ----D---- C:\TDSSKiller_Quarantine

2012-07-18 19:54:13 ----A---- C:\TDSSKiller.2.7.46.0_18.07.2012_19.54.13_log.txt

2012-07-18 16:15:49 ----D---- C:\Users\Bugs Bunny\AppData\Roaming\Avira

2012-07-18 16:13:22 ----D---- C:\desktop

2012-07-18 16:02:36 ----D---- C:\Program Files (x86)\Ask.com

2012-07-18 16:02:03 ----A---- C:\Windows\system32\drivers\avkmgr.sys

2012-07-18 16:02:02 ----A---- C:\Windows\system32\drivers\avipbb.sys

2012-07-18 16:02:02 ----A---- C:\Windows\system32\drivers\avgntflt.sys

2012-07-18 16:01:55 ----D---- C:\ProgramData\Avira

2012-07-18 16:01:55 ----D---- C:\Program Files (x86)\Avira

2012-07-18 12:54:16 ----D---- C:\Program Files (x86)\GUMDB22.tmp

2012-07-18 12:24:40 ----A---- C:\Windows\system32\win32k.sys

2012-07-18 12:23:19 ----A---- C:\Windows\system32\MRT.INI

2012-07-18 12:19:54 ----A---- C:\Windows\SYSWOW64\mshtmled.dll

2012-07-18 12:19:54 ----A---- C:\Windows\system32\mshtmled.dll

2012-07-18 12:19:53 ----A---- C:\Windows\SYSWOW64\url.dll

2012-07-18 12:19:53 ----A---- C:\Windows\system32\url.dll

2012-07-18 12:19:52 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2012-07-18 12:19:52 ----A---- C:\Windows\SYSWOW64\ieui.dll

2012-07-18 12:19:52 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2012-07-18 12:19:52 ----A---- C:\Windows\system32\urlmon.dll

2012-07-18 12:19:52 ----A---- C:\Windows\system32\ieui.dll

2012-07-18 12:19:52 ----A---- C:\Windows\system32\iertutil.dll

2012-07-18 12:19:51 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe

2012-07-18 12:19:51 ----A---- C:\Windows\system32\ieUnatt.exe

2012-07-18 12:19:50 ----A---- C:\Windows\SYSWOW64\wininet.dll

2012-07-18 12:19:50 ----A---- C:\Windows\system32\wininet.dll

2012-07-18 12:19:50 ----A---- C:\Windows\system32\jsproxy.dll

2012-07-18 12:19:49 ----A---- C:\Windows\SYSWOW64\jscript9.dll

2012-07-18 12:19:49 ----A---- C:\Windows\SYSWOW64\jscript.dll

2012-07-18 12:19:49 ----A---- C:\Windows\system32\jscript9.dll

2012-07-18 12:19:49 ----A---- C:\Windows\system32\jscript.dll

2012-07-18 12:19:48 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2012-07-18 12:19:48 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2012-07-18 12:19:46 ----A---- C:\Windows\system32\mshtml.dll

2012-07-18 12:19:45 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2012-07-18 12:19:45 ----A---- C:\Windows\system32\ieframe.dll

2012-07-18 11:53:15 ----A---- C:\Windows\system32\FNTCACHE.DAT

2012-07-18 11:48:58 ----D---- C:\Users\Bugs Bunny\AppData\Roaming\SUPERAntiSpyware.com

2012-07-18 11:48:50 ----D---- C:\ProgramData\SUPERAntiSpyware.com

2012-07-18 11:48:50 ----D---- C:\Program Files\SUPERAntiSpyware

2012-07-18 11:29:48 ----D---- C:\Program Files (x86)\Trend Micro

2012-07-18 08:41:12 ----A---- C:\Windows\svchost.exe

2012-07-18 07:18:56 ----D---- C:\Program Files\Enigma Software Group

2012-07-18 07:16:40 ----D---- C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP

2012-07-18 07:14:42 ----D---- C:\Users\Bugs Bunny\AppData\Roaming\SpeedyPC Software

2012-07-18 07:14:42 ----D---- C:\Users\Bugs Bunny\AppData\Roaming\DriverCure

2012-07-18 07:14:15 ----D---- C:\ProgramData\SpeedyPC Software

2012-07-18 07:14:15 ----D---- C:\Program Files (x86)\SpeedyPC Software

2012-07-18 04:17:35 ----D---- C:\ProgramData\Spybot - Search & Destroy

2012-07-18 04:17:35 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy

2012-07-17 23:31:58 ----D---- C:\Windows\Minidump

2012-07-17 22:43:33 ----D---- C:\ProgramData\PMB Files

2012-07-17 22:01:00 ----A---- C:\Windows\SYSWOW64\msxml6.dll

2012-07-17 22:01:00 ----A---- C:\Windows\SYSWOW64\msxml3.dll

2012-07-17 22:01:00 ----A---- C:\Windows\system32\msxml6.dll

2012-07-17 22:00:33 ----A---- C:\Windows\system32\shell32.dll

2012-07-17 22:00:26 ----A---- C:\Windows\SYSWOW64\shell32.dll

2012-07-17 22:00:11 ----A---- C:\Windows\system32\schannel.dll

2012-07-17 22:00:10 ----A---- C:\Windows\SYSWOW64\schannel.dll

2012-07-17 22:00:10 ----A---- C:\Windows\SYSWOW64\ncrypt.dll

2012-07-17 22:00:10 ----A---- C:\Windows\system32\ncrypt.dll

2012-07-17 22:00:10 ----A---- C:\Windows\system32\drivers\ksecpkg.sys

2012-07-17 22:00:10 ----A---- C:\Windows\system32\drivers\ksecdd.sys

2012-07-17 22:00:10 ----A---- C:\Windows\system32\drivers\cng.sys

2012-07-17 22:00:09 ----A---- C:\Windows\SYSWOW64\sspicli.dll

2012-07-17 22:00:09 ----A---- C:\Windows\SYSWOW64\secur32.dll

2012-07-13 01:36:12 ----D---- C:\Program Files (x86)\PC Tools Registry Mechanic

2012-07-12 22:37:39 ----D---- C:\Users\Bugs Bunny\AppData\Roaming\DivX

2012-07-12 22:36:54 ----D---- C:\Program Files\DivX

2012-07-12 22:35:58 ----D---- C:\Program Files (x86)\DivX

2012-07-12 22:35:24 ----D---- C:\ProgramData\DivX

2012-07-12 22:26:21 ----D---- C:\Program Files (x86)\MediaPlayerLite

2012-07-12 22:26:20 ----D---- C:\Program Files (x86)\Giant Savings

2012-07-12 22:21:40 ----D---- C:\Program Files (x86)\GUM91D3.tmp

2012-07-12 22:19:56 ----D---- C:\Program Files (x86)\QuickTime

2012-07-12 22:17:24 ----D---- C:\Program Files (x86)\Real

2012-07-12 22:16:45 ----D---- C:\Users\Bugs Bunny\AppData\Roaming\Real

2012-07-12 22:16:00 ----D---- C:\Program Files (x86)\Google

2012-07-12 22:10:25 ----D---- C:\ProgramData\Real

2012-07-11 04:00:11 ----A---- C:\Windows\system32\msxml3.dll

2012-07-11 04:00:11 ----A---- C:\Windows\system32\msxml3(63).dll

2012-06-24 12:52:19 ----A---- C:\Windows\system32\wups2.dll

2012-06-24 12:52:19 ----A---- C:\Windows\system32\wuauclt.exe

2012-06-24 12:52:18 ----A---- C:\Windows\system32\wucltux.dll

2012-06-24 12:52:18 ----A---- C:\Windows\system32\wuaueng.dll

2012-06-24 12:51:47 ----A---- C:\Windows\system32\wups.dll

2012-06-24 12:51:47 ----A---- C:\Windows\system32\wudriver.dll

2012-06-24 12:51:47 ----A---- C:\Windows\system32\wuapi.dll

2012-06-24 12:51:16 ----A---- C:\Windows\system32\wuwebv.dll

2012-06-24 12:51:16 ----A---- C:\Windows\system32\wuapp.exe

======List of files/folders modified in the last 1 month======

2012-07-18 20:08:32 ----D---- C:\Windows\Prefetch

2012-07-18 20:08:31 ----D---- C:\Windows\Temp

2012-07-18 20:08:28 ----RD---- C:\Program Files

2012-07-18 20:07:21 ----D---- C:\Windows\System32

2012-07-18 20:07:21 ----D---- C:\Windows\inf

2012-07-18 20:07:21 ----A---- C:\Windows\system32\PerfStringBackup.INI

2012-07-18 20:04:39 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service

2012-07-18 20:04:28 ----D---- C:\Program Files (x86)\Mozilla Firefox

2012-07-18 20:03:08 ----D---- C:\Users\Bugs Bunny\AppData\Roaming\Dropbox

2012-07-18 20:02:19 ----D---- C:\ProgramData\NVIDIA

2012-07-18 20:00:39 ----D---- C:\Windows\system32\config

2012-07-18 19:57:17 ----SHD---- C:\System Volume Information

2012-07-18 19:54:15 ----D---- C:\Windows\system32\drivers

2012-07-18 18:00:01 ----D---- C:\Windows\system32\LogFiles

2012-07-18 16:04:35 ----SHD---- C:\$Recycle.Bin

2012-07-18 16:03:31 ----D---- C:\Windows\system32\catroot

2012-07-18 16:03:04 ----SHD---- C:\Windows\Installer

2012-07-18 16:02:39 ----HD---- C:\Config.Msi

2012-07-18 16:02:36 ----RD---- C:\Program Files (x86)

2012-07-18 16:01:55 ----HD---- C:\ProgramData

2012-07-18 16:00:13 ----D---- C:\Windows

2012-07-18 15:52:53 ----D---- C:\Program Files (x86)\Common Files

2012-07-18 15:52:42 ----D---- C:\Windows\SysWOW64

2012-07-18 12:49:09 ----D---- C:\Windows\winsxs

2012-07-18 12:44:55 ----D---- C:\Program Files (x86)\Internet Explorer

2012-07-18 12:44:54 ----D---- C:\Windows\SYSWOW64\migration

2012-07-18 12:44:50 ----D---- C:\Windows\system32\migration

2012-07-18 12:44:47 ----D---- C:\Program Files\Internet Explorer

2012-07-18 12:24:57 ----D---- C:\Windows\system32\catroot2

2012-07-18 12:20:56 ----D---- C:\Windows\debug

2012-07-18 12:20:54 ----A---- C:\Windows\system32\MRT.exe

2012-07-18 11:49:13 ----D---- C:\Windows\Tasks

2012-07-18 11:49:13 ----D---- C:\Windows\system32\Tasks

2012-07-18 11:37:14 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

2012-07-18 11:37:08 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe

2012-07-18 11:18:21 ----D---- C:\Windows\system32\wfp

2012-07-18 11:18:20 ----RSD---- C:\Windows\Media

2012-07-18 11:18:13 ----D---- C:\Windows\system32\wbem

2012-07-18 11:16:25 ----D---- C:\Windows\system32\DriverStore

2012-07-18 11:16:25 ----D---- C:\Windows\system32\drivers\etc

2012-07-18 11:16:01 ----D---- C:\Windows\system32\Macromed

2012-07-18 11:16:00 ----D---- C:\Windows\system32\CodeIntegrity

2012-07-18 11:15:40 ----D---- C:\ProgramData\McAfee Security Scan

2012-07-18 11:15:40 ----D---- C:\Program Files (x86)\Steam

2012-07-18 11:15:40 ----D---- C:\Program Files (x86)\Premiumplay Codec-C

2012-07-18 11:15:40 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-18 11:15:38 ----D---- C:\Program Files (x86)\CrossriderWebApps

2012-07-18 11:14:01 ----D---- C:\Windows\registration

2012-07-18 11:13:07 ----D---- C:\Windows\SYSWOW64\Macromed

2012-07-18 11:11:22 ----D---- C:\Windows\system32\sysprep

2012-07-18 11:10:50 ----RD---- C:\Users

2012-07-18 11:10:31 ----D---- C:\Users\Bugs Bunny\AppData\Roaming\Skype

2012-07-18 11:10:26 ----SD---- C:\Users\Bugs Bunny\AppData\Roaming\Microsoft

2012-07-18 11:10:25 ----D---- C:\Users\Bugs Bunny\AppData\Roaming\Malwarebytes

2012-07-18 11:08:44 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

2012-07-18 01:51:09 ----D---- C:\Windows\Logs

2012-07-17 21:52:04 ----D---- C:\Windows\SYSWOW64\wbem

2012-07-17 21:49:54 ----D---- C:\Windows\Downloaded Program Files

2012-07-13 19:03:07 ----AD---- C:\ProgramData\TEMP

2012-07-01 15:29:28 ----D---- C:\Windows\system32\FxsTmp

2012-06-25 14:00:36 ----D---- C:\Windows\rescache

2012-06-25 13:19:32 ----D---- C:\Windows\system32\en-US

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-13 214096]

R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2012-04-27 132832]

R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]

R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-13 514048]

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]

R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2012-04-25 98848]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]

R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-06-29 28704]

R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-01-06 676864]

R3 SrvHsfPCIe;SrvHsfPCIe; C:\Windows\system32\DRIVERS\VSTBS36.SYS [2009-06-10 287744]

R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-13 145920]

S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-13 19968]

S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-13 43008]

S3 dump_wmimmc;dump_wmimmc; \??\C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys []

S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []

S3 NPPTNT2;NPPTNT2; \??\C:\Windows\syswow64\npptNT2.sys [2004-12-31 4682]

S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-13 12352]

S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-13 165376]

S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-13 6656]

S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-13 34896]

S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2011-08-02 51712]

S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-13 41984]

S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-13 200272]

S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-13 21760]

S3 vtany;vtany; \??\C:\Windows\vtany.sys []

S3 xspirit;xspirit; \??\C:\Windows\xspirit.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224]

R2 AntiVirService;Avira Realtime Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-05-02 110032]

R2 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-02 465360]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 27136]

R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-13 27136]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-02-29 889664]

R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-13 27136]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-18 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 250056]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-18 136176]

S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]

S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2011-07-17 4390376]

S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 27136]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 27136]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-24 1255736]

S3 xsherlock;xsherlock; C:\Windows\syswow64\xsherlock.xem [2012-05-27 670816]

S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]

S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 27136]

S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]

S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-01-16 934760]

S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-03-15 489256]

-----------------EOF-----------------

Link to post
Share on other sites

Info.txt info.txt logfile of random's system information tool 1.09 2012-07-18 20:08:34

======Uninstall list======

-->MsiExec /X{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}

64 Bit HP CIO Components Installer-->MsiExec.exe /I{55D55008-E5F6-47D6-B16F-B2A40D4D145F}

Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{47FA2C44-D148-4DBC-AF60-B91934AA4842}

Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe -maintain plugin

Adobe Reader X (10.1.3)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}

Adobe Shockwave Player 11.6-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"

Apple Application Support-->MsiExec.exe /I{343666E2-A059-48AC-AD67-230BF74E2DB2}

Apple Mobile Device Support-->MsiExec.exe /I{75104836-CAC7-444E-A39E-3F54151942F5}

Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

Ask Toolbar-->MsiExec.exe /X{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Avira Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE

Belkin Connect Wireless USB Adapter-->"C:\Program Files (x86)\InstallShield Installation Information\{08B73C99-D071-488F-8861-5DDA897C510D}\setup.exe" -runfromtemp -l0x0409 -removeonly

Belkin Connect Wireless USB Adapter-->MsiExec.exe /X{08B73C99-D071-488F-8861-5DDA897C510D}

Belkin Wireless G USB Adapter Driver-->C:\Program Files (x86)\InstallShield Installation Information\{D593C72C-435B-4171-8106-9CA8AA34D716}\Install.exe -uninst -l0x9

Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Counter-Strike: Condition Zero-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/80

Counter-Strike: Source-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/240

Diablo III-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\Diablo III (2)\Uninstall.exe

DVDVideoSoftTB Toolbar-->C:\Program Files (x86)\DVDVideoSoftTB\uninstall.exe toolbar

ERUNT 1.1j-->C:\desktop\unins000.exe

Free Studio version 5.3.3-->C:\Program Files (x86)\Common Files\DVDVideoSoft\Uninstall.exe

Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\Installer\setup.exe" --uninstall --multi-install --chrome --system-level --verbose-logging

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Half-Life-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/70

HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall

HP Customer Participation Program 13.0-->C:\Program Files (x86)\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot

HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3-->C:\Program Files (x86)\HP\Digital Imaging\{A00C9114-40E6-4C70-A619-7DF264B23485}\setup\hpzscr40.exe -datfile hposcr28.dat -onestop -forcereboot

HP Imaging Device Functions 13.0-->C:\Program Files (x86)\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP Photosmart Essential 3.5-->C:\Program Files (x86)\HP\Digital Imaging\PhotosmartEssential\hpzscr01.exe -datfile hpqbud13.dat -forcereboot

HP Smart Web Printing 4.51-->C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat

HP Solution Center 13.0-->C:\Program Files (x86)\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot

HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}

ijji - Gunz-->C:\ijji\ENGLISH\Gunz\Uninstall.exe

iTunes-->MsiExec.exe /I{5E11C972-1E76-45FE-8F92-14E0D1140B1B}

Java 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216027FF}

Java 7 Update 4-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217004FF}

JavaFX 2.1.0-->MsiExec.exe /X{1111706F-666A-4037-7777-210328764D10}

League of Legends-->"C:\Program Files (x86)\InstallShield Installation Information\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\setup.exe" -runfromtemp -l0x0409 -removeonly

Malwarebytes Anti-Malware version 1.60.0.1800-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

McAfee Security Scan Plus-->"C:\Program Files (x86)\McAfee Security Scan\uninstall.exe"

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}

Mozilla Firefox 14.0.1 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

Nexon Game Manager-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:0 -locale:US -load_from_local

NVIDIA 3D Vision Controller Driver 296.10-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.NVIRUSB

NVIDIA 3D Vision Driver 296.10-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.3DVision

NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI

NVIDIA Graphics Driver 296.10-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver

NVIDIA PhysX System Software 9.12.0213-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.PhysX

NVIDIA PhysX-->MsiExec.exe /X{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}

NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask

NVIDIA Update 1.7.11-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Update

Premiumplay Codec-C-->C:\Program Files (x86)\Premiumplay Codec-C\Uninstall.exe

PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}

REACTOR-->"C:\Program Files (x86)\InstallShield Installation Information\{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}\setup.exe" -runfromtemp -l0x0009 -removeonly

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client

Shop for HP Supplies-->C:\Program Files (x86)\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat

Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}

Skype™ 5.6-->MsiExec.exe /X{AA59DDE4-B672-4621-A016-4C248204957A}

Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}

Stellar Phoenix Photo Recovery-->"C:\Program Files (x86)\Stellar Phoenix Photo Recovery\unins000.exe"

SuddenAttack-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -game:33583123 -locale:US

SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"

swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client

Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}

WinRAR 4.01 (32-bit)-->C:\Program Files (x86)\WinRAR\uninstall.exe

======System event log======

Computer Name: BugsBunny-PC

Event Code: 7023

Message: The IP Helper service terminated with the following error:

The specified module could not be found.

Record Number: 41259

Source Name: Service Control Manager

Time Written: 20120121185447.573400-000

Event Type: Error

User:

Computer Name: BugsBunny-PC

Event Code: 4001

Message: WLAN AutoConfig service has successfully stopped.

Record Number: 41159

Source Name: Microsoft-Windows-WLAN-AutoConfig

Time Written: 20120121183458.773200-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: BugsBunny-PC

Event Code: 7016

Message: The NVIDIA Display Driver Service service has reported an invalid current state 32.

Record Number: 41142

Source Name: Service Control Manager

Time Written: 20120121183457.915200-000

Event Type: Error

User:

Computer Name: BugsBunny-PC

Event Code: 1

Message: Unexpected failure. Error code: 490@01010004

Record Number: 41117

Source Name: VDS Basic Provider

Time Written: 20120121183043.000000-000

Event Type: Error

User:

Computer Name: BugsBunny-PC

Event Code: 4001

Message: WLAN AutoConfig service has successfully stopped.

Record Number: 41007

Source Name: Microsoft-Windows-WLAN-AutoConfig

Time Written: 20120121182429.345400-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: BugsBunny-PC

Event Code: 6005

Message: The winlogon notification subscriber <TrustedInstaller> is taking long time to handle the notification event (CreateSession).

Record Number: 306

Source Name: Microsoft-Windows-Winlogon

Time Written: 20110925021213.000000-000

Event Type: Warning

User:

Computer Name: BugsBunny-PC

Event Code: 1530

Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -

2 user registry handles leaked from \Registry\User\S-1-5-21-1389837607-2242571852-52406370-1001:

Process 496 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1389837607-2242571852-52406370-1001

Process 2764 (\Device\HarddiskVolume2\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe) has opened key \REGISTRY\USER\S-1-5-21-1389837607-2242571852-52406370-1001\Software\Intel\LANDesk\VirusProtect6\CurrentVersion\Custom Tasks

Record Number: 294

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20110925020542.807600-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: BugsBunny-PC

Event Code: 4621

Message: The COM+ Event System could not remove the EventSystem.EventSubscription object {4754316E-C139-4747-A79E-6771CEF63EF3}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.

Object name: SLSVC_LOGON

Object description:

The HRESULT was 80070005.

Record Number: 259

Source Name: Microsoft-Windows-EventSystem

Time Written: 20110925011757.000000-000

Event Type: Error

User:

Computer Name: BugsBunny-PC

Event Code: 1008

Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 168

Source Name: Microsoft-Windows-Search

Time Written: 20110925002723.000000-000

Event Type: Warning

User:

Computer Name: BugsBunny-PC

Event Code: 11

Message: Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 360) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application.

Record Number: 167

Source Name: Microsoft-Windows-RPC-Events

Time Written: 20110925002718.257000-000

Event Type: Warning

User: NT AUTHORITY\LOCAL SERVICE

=====Security event log=====

Computer Name: 37L4247E29-32

Event Code: 4735

Message: A security-enabled local group was changed.

Subject:

Security ID: S-1-5-18

Account Name: 37L4247E29-32$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Group:

Security ID: S-1-5-32-551

Group Name: Backup Operators

Group Domain: Builtin

Changed Attributes:

SAM Account Name: -

SID History: -

Additional Information:

Privileges: -

Record Number: 5

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110925031120.330000-000

Event Type: Audit Success

User:

Computer Name: 37L4247E29-32

Event Code: 4731

Message: A security-enabled local group was created.

Subject:

Security ID: S-1-5-18

Account Name: 37L4247E29-32$

Account Domain: WORKGROUP

Logon ID: 0x3e7

New Group:

Security ID: S-1-5-32-551

Group Name: Backup Operators

Group Domain: Builtin

Attributes:

SAM Account Name: Backup Operators

SID History: -

Additional Information:

Privileges: -

Record Number: 4

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110925031120.330000-000

Event Type: Audit Success

User:

Computer Name: 37L4247E29-32

Event Code: 4902

Message: The Per-user audit policy table was created.

Number of Elements: 0

Policy ID: 0x3138d

Record Number: 3

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110925031119.971200-000

Event Type: Audit Success

User:

Computer Name: 37L4247E29-32

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-0-0

Account Name: -

Account Domain: -

Logon ID: 0x0

Logon Type: 0

New Logon:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x4

Process Name:

Network Information:

Workstation Name: -

Source Network Address: -

Source Port: -

Detailed Authentication Information:

Logon Process: -

Authentication Package: -

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 2

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110925031117.600000-000

Event Type: Audit Success

User:

Computer Name: 37L4247E29-32

Event Code: 4608

Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.

Record Number: 1

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110925031117.522000-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=4

"PROCESSOR_LEVEL"=16

"PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 2 Stepping 3, AuthenticAMD

"PROCESSOR_REVISION"=0203

"asl.log"=Destination=file

checkup.txt Results of screen317's Security Check version 0.99.43

Windows 7 x64 (UAC is enabled)

Out of date service pack!!

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Avira Desktop

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Out of date HijackThis installed!

Malwarebytes Anti-Malware version 1.60.0.1800

HijackThis 2.0.2

JavaFX 2.1.0

Java 6 Update 29

Java 7 Update 4

Java version out of Date!

Adobe Reader X (10.1.3)

Mozilla Firefox (14.0.1)

Google Chrome 20.0.1132.57

````````Process Check: objlist.exe by Laurent````````

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

TDSSKILLER log; {\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Calibri;}}

{\colortbl ;\red0\green0\blue0;}

{\*\generator Msftedit 5.41.21.2509;}\viewkind4\uc1\pard\cf1\f0\fs18 19:54:13.0735 1568\tab TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11\par

19:54:14.0192 1568\tab ============================================================\par

19:54:14.0192 1568\tab Current date / time: 2012/07/18 19:54:14.0192\par

19:54:14.0193 1568\tab SystemInfo:\par

19:54:14.0193 1568\tab\par

19:54:14.0193 1568\tab OS Version: 6.1.7600 ServicePack: 0.0\par

19:54:14.0193 1568\tab Product type: Workstation\par

19:54:14.0193 1568\tab ComputerName: BUGSBUNNY-PC\par

19:54:14.0193 1568\tab UserName: Bugs Bunny\par

19:54:14.0193 1568\tab Windows directory: C:\\Windows\par

19:54:14.0193 1568\tab System windows directory: C:\\Windows\par

19:54:14.0193 1568\tab Running under WOW64\par

19:54:14.0193 1568\tab Processor architecture: Intel x64\par

19:54:14.0193 1568\tab Number of processors: 4\par

19:54:14.0193 1568\tab Page size: 0x1000\par

19:54:14.0193 1568\tab Boot type: Normal boot\par

19:54:14.0193 1568\tab ============================================================\par

19:54:16.0098 1568\tab Drive \\Device\\Harddisk0\\DR0 - Size: 0xAEA8CDDA00 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040\par

19:54:16.0117 1568\tab ============================================================\par

19:54:16.0117 1568\tab\\Device\\Harddisk0\\DR0:\par

19:54:16.0118 1568\tab MBR partitions:\par

19:54:16.0118 1568\tab\\Device\\Harddisk0\\DR0\\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000\par

19:54:16.0118 1568\tab\\Device\\Harddisk0\\DR0\\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x57513000\par

19:54:16.0118 1568\tab ============================================================\par

19:54:16.0148 1568\tab C: <-> \\Device\\Harddisk0\\DR0\\Partition1\par

19:54:16.0175 1568\tab I: <-> \\Device\\Harddisk0\\DR0\\Partition0\par

19:54:16.0175 1568\tab ============================================================\par

19:54:16.0175 1568\tab Initialize success\par

19:54:16.0175 1568\tab ============================================================\par

19:57:38.0298 2428\tab ============================================================\par

19:57:38.0298 2428\tab Scan started\par

19:57:38.0298 2428\tab Mode: Manual; \par

19:57:38.0298 2428\tab ============================================================\par

19:57:39.0447 2428\tab !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\\Program Files\\SUPERAntiSpyware\\SASCORE64.EXE\par

19:57:39.0460 2428\tab !SASCORE - ok\par

19:57:41.0255 2428\tab 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\\Windows\\system32\\DRIVERS\\1394ohci.sys\par

19:57:41.0278 2428\tab 1394ohci - ok\par

19:57:41.0535 2428\tab ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\\Windows\\system32\\DRIVERS\\ACPI.sys\par

19:57:41.0560 2428\tab ACPI - ok\par

19:57:41.0602 2428\tab AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\\Windows\\system32\\DRIVERS\\acpipmi.sys\par

19:57:41.0624 2428\tab AcpiPmi - ok\par

19:57:41.0838 2428\tab AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe\par

19:57:45.0803 2428\tab AdobeARMservice - ok\par

19:57:47.0250 2428\tab AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe\par

19:57:47.0254 2428\tab AdobeFlashPlayerUpdateSvc - ok\par

19:57:47.0319 2428\tab adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\\Windows\\system32\\DRIVERS\\adp94xx.sys\par

19:57:47.0337 2428\tab adp94xx - ok\par

19:57:47.0409 2428\tab adpahci (597f78224ee9224ea1a13d6350ced962) C:\\Windows\\system32\\DRIVERS\\adpahci.sys\par

19:57:47.0414 2428\tab adpahci - ok\par

19:57:47.0442 2428\tab adpu320 (e109549c90f62fb570b9540c4b148e54) C:\\Windows\\system32\\DRIVERS\\adpu320.sys\par

19:57:47.0446 2428\tab adpu320 - ok\par

19:57:47.0476 2428\tab AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\\Windows\\System32\\aelupsvc.dll\par

19:57:47.0478 2428\tab AeLookupSvc - ok\par

19:57:47.0532 2428\tab AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\\Windows\\system32\\drivers\\afd.sys\par

19:57:47.0551 2428\tab AFD - ok\par

19:57:47.0588 2428\tab agp440 (608c14dba7299d8cb6ed035a68a15799) C:\\Windows\\system32\\DRIVERS\\agp440.sys\par

19:57:47.0592 2428\tab agp440 - ok\par

19:57:47.0609 2428\tab ALG (3290d6946b5e30e70414990574883ddb) C:\\Windows\\System32\\alg.exe\par

19:57:47.0613 2428\tab ALG - ok\par

19:57:47.0658 2428\tab aliide (5812713a477a3ad7363c7438ca2ee038) C:\\Windows\\system32\\DRIVERS\\aliide.sys\par

19:57:47.0659 2428\tab aliide - ok\par

19:57:47.0673 2428\tab amdide (1ff8b4431c353ce385c875f194924c0c) C:\\Windows\\system32\\DRIVERS\\amdide.sys\par

19:57:47.0675 2428\tab amdide - ok\par

19:57:47.0703 2428\tab AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\\Windows\\system32\\DRIVERS\\amdk8.sys\par

19:57:47.0706 2428\tab AmdK8 - ok\par

19:57:47.0719 2428\tab AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\\Windows\\system32\\DRIVERS\\amdppm.sys\par

19:57:47.0721 2428\tab AmdPPM - ok\par

19:57:47.0740 2428\tab amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\\Windows\\system32\\drivers\\amdsata.sys\par

19:57:47.0743 2428\tab amdsata - ok\par

19:57:47.0767 2428\tab amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\\Windows\\system32\\DRIVERS\\amdsbs.sys\par

19:57:47.0772 2428\tab amdsbs - ok\par

19:57:47.0785 2428\tab amdxata (db27766102c7bf7e95140a2aa81d042e) C:\\Windows\\system32\\drivers\\amdxata.sys\par

19:57:47.0788 2428\tab amdxata - ok\par

19:57:48.0143 2428\tab AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\\Program Files (x86)\\Avira\\AntiVir Desktop\\sched.exe\par

19:57:48.0145 2428\tab AntiVirSchedulerService - ok\par

19:57:48.0190 2428\tab AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\\Program Files (x86)\\Avira\\AntiVir Desktop\\avguard.exe\par

19:57:48.0192 2428\tab AntiVirService - ok\par

19:57:48.0252 2428\tab AntiVirWebService (e38ba9fab3981a2115c53260b930fd3c) C:\\Program Files (x86)\\Avira\\AntiVir Desktop\\AVWEBGRD.EXE\par

19:57:48.0274 2428\tab AntiVirWebService - ok\par

19:57:48.0323 2428\tab AppID (42fd751b27fa0e9c69bb39f39e409594) C:\\Windows\\system32\\drivers\\appid.sys\par

19:57:48.0325 2428\tab AppID - ok\par

19:57:48.0346 2428\tab AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\\Windows\\System32\\appidsvc.dll\par

19:57:48.0349 2428\tab AppIDSvc - ok\par

19:57:48.0372 2428\tab Appinfo (d065be66822847b7f127d1f90158376e) C:\\Windows\\System32\\appinfo.dll\par

19:57:48.0375 2428\tab Appinfo - ok\par

19:57:48.0420 2428\tab Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\\Program Files (x86)\\Common Files\\Apple\\Mobile Device Support\\AppleMobileDeviceService.exe\par

19:57:48.0422 2428\tab Apple Mobile Device - ok\par

19:57:48.0473 2428\tab AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\\Windows\\System32\\appmgmts.dll\par

19:57:48.0477 2428\tab AppMgmt - ok\par

19:57:48.0500 2428\tab arc (c484f8ceb1717c540242531db7845c4e) C:\\Windows\\system32\\DRIVERS\\arc.sys\par

19:57:48.0503 2428\tab arc - ok\par

19:57:48.0515 2428\tab arcsas (019af6924aefe7839f61c830227fe79c) C:\\Windows\\system32\\DRIVERS\\arcsas.sys\par

19:57:48.0518 2428\tab arcsas - ok\par

19:57:48.0539 2428\tab AsyncMac (769765ce2cc62867468cea93969b2242) C:\\Windows\\system32\\DRIVERS\\asyncmac.sys\par

19:57:48.0541 2428\tab AsyncMac - ok\par

19:57:48.0556 2428\tab atapi (02062c0b390b7729edc9e69c680a6f3c) C:\\Windows\\system32\\DRIVERS\\atapi.sys\par

19:57:48.0559 2428\tab atapi - ok\par

19:57:48.0596 2428\tab AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\\Windows\\System32\\Audiosrv.dll\par

19:57:48.0601 2428\tab AudioEndpointBuilder - ok\par

19:57:48.0608 2428\tab AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\\Windows\\System32\\Audiosrv.dll\par

19:57:48.0613 2428\tab AudioSrv - ok\par

19:57:48.0701 2428\tab avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\\Windows\\system32\\DRIVERS\\avgntflt.sys\par

19:57:48.0704 2428\tab avgntflt - ok\par

19:57:48.0733 2428\tab avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\\Windows\\system32\\DRIVERS\\avipbb.sys\par

19:57:48.0736 2428\tab avipbb - ok\par

19:57:48.0771 2428\tab avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\\Windows\\system32\\DRIVERS\\avkmgr.sys\par

19:57:48.0773 2428\tab avkmgr - ok\par

19:57:48.0805 2428\tab AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\\Windows\\System32\\AxInstSV.dll\par

19:57:48.0810 2428\tab AxInstSV - ok\par

19:57:48.0843 2428\tab b06bdrv (3e5b191307609f7514148c6832bb0842) C:\\Windows\\system32\\DRIVERS\\bxvbda.sys\par

19:57:48.0863 2428\tab b06bdrv - ok\par

19:57:48.0901 2428\tab b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\\Windows\\system32\\DRIVERS\\b57nd60a.sys\par

19:57:48.0918 2428\tab b57nd60a - ok\par

19:57:48.0970 2428\tab BDESVC (fde360167101b4e45a96f939f388aeb0) C:\\Windows\\System32\\bdesvc.dll\par

19:57:48.0973 2428\tab BDESVC - ok\par

19:57:48.0994 2428\tab Beep (16a47ce2decc9b099349a5f840654746) C:\\Windows\\system32\\drivers\\Beep.sys\par

19:57:48.0996 2428\tab Beep - ok\par

19:57:49.0077 2428\tab BFE (4992c609a6315671463e30f6512bc022) C:\\Windows\\System32\\bfe.dll\par

19:57:49.0103 2428\tab BFE - ok\par

19:57:49.0298 2428\tab BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\\Windows\\System32\\qmgr.dll\par

19:57:49.0331 2428\tab BITS - ok\par

19:57:49.0378 2428\tab blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\\Windows\\system32\\DRIVERS\\blbdrive.sys\par

19:57:49.0381 2428\tab blbdrive - ok\par

19:57:49.0535 2428\tab Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\\Program Files\\Bonjour\\mDNSResponder.exe\par

19:57:49.0540 2428\tab Bonjour Service - ok\par

19:57:49.0572 2428\tab bowser (19d20159708e152267e53b66677a4995) C:\\Windows\\system32\\DRIVERS\\bowser.sys\par

19:57:49.0576 2428\tab bowser - ok\par

19:57:49.0601 2428\tab BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\\Windows\\system32\\DRIVERS\\BrFiltLo.sys\par

19:57:49.0603 2428\tab BrFiltLo - ok\par

19:57:49.0622 2428\tab BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\\Windows\\system32\\DRIVERS\\BrFiltUp.sys\par

19:57:49.0631 2428\tab BrFiltUp - ok\par

19:57:49.0660 2428\tab Browser (94fbc06f294d58d02361918418f996e3) C:\\Windows\\System32\\browser.dll\par

19:57:49.0662 2428\tab Browser - ok\par

19:57:49.0690 2428\tab Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\\Windows\\System32\\Drivers\\Brserid.sys\par

19:57:49.0703 2428\tab Brserid - ok\par

19:57:49.0713 2428\tab BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\\Windows\\System32\\Drivers\\BrSerWdm.sys\par

19:57:49.0715 2428\tab BrSerWdm - ok\par

19:57:49.0719 2428\tab BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\\Windows\\System32\\Drivers\\BrUsbMdm.sys\par

19:57:49.0720 2428\tab BrUsbMdm - ok\par

19:57:49.0733 2428\tab BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\\Windows\\System32\\Drivers\\BrUsbSer.sys\par

19:57:49.0735 2428\tab BrUsbSer - ok\par

19:57:49.0756 2428\tab BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\\Windows\\system32\\DRIVERS\\bthmodem.sys\par

19:57:49.0759 2428\tab BTHMODEM - ok\par

19:57:49.0794 2428\tab bthserv (95f9c2976059462cbbf227f7aab10de9) C:\\Windows\\system32\\bthserv.dll\par

19:57:49.0798 2428\tab bthserv - ok\par

19:57:49.0823 2428\tab cdfs (b8bd2bb284668c84865658c77574381a) C:\\Windows\\system32\\DRIVERS\\cdfs.sys\par

19:57:49.0826 2428\tab cdfs - ok\par

19:57:49.0848 2428\tab cdrom (83d2d75e1efb81b3450c18131443f7db) C:\\Windows\\system32\\DRIVERS\\cdrom.sys\par

19:57:49.0853 2428\tab cdrom - ok\par

19:57:49.0884 2428\tab CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\\Windows\\System32\\certprop.dll\par

19:57:49.0888 2428\tab CertPropSvc - ok\par

19:57:49.0916 2428\tab circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\\Windows\\system32\\DRIVERS\\circlass.sys\par

19:57:49.0918 2428\tab circlass - ok\par

19:57:49.0948 2428\tab CLFS (fe1ec06f2253f691fe36217c592a0206) C:\\Windows\\system32\\CLFS.sys\par

19:57:49.0964 2428\tab CLFS - ok\par

19:57:50.0024 2428\tab clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe\par

19:57:50.0028 2428\tab clr_optimization_v2.0.50727_32 - ok\par

19:57:50.0066 2428\tab clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe\par

19:57:50.0071 2428\tab clr_optimization_v2.0.50727_64 - ok\par

19:57:50.0139 2428\tab clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe\par

19:57:50.0165 2428\tab clr_optimization_v4.0.30319_32 - ok\par

19:57:50.0199 2428\tab clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscorsvw.exe\par

19:57:50.0203 2428\tab clr_optimization_v4.0.30319_64 - ok\par

19:57:50.0226 2428\tab CmBatt (0840155d0bddf1190f84a663c284bd33) C:\\Windows\\system32\\DRIVERS\\CmBatt.sys\par

19:57:50.0228 2428\tab CmBatt - ok\par

19:57:50.0249 2428\tab cmdide (e19d3f095812725d88f9001985b94edd) C:\\Windows\\system32\\DRIVERS\\cmdide.sys\par

19:57:50.0251 2428\tab cmdide - ok\par

19:57:50.0296 2428\tab CNG (ca7720b73446fddec5c69519c1174c98) C:\\Windows\\system32\\Drivers\\cng.sys\par

19:57:50.0311 2428\tab CNG - ok\par

19:57:50.0337 2428\tab Compbatt (102de219c3f61415f964c88e9085ad14) C:\\Windows\\system32\\DRIVERS\\compbatt.sys\par

19:57:50.0339 2428\tab Compbatt - ok\par

19:57:50.0370 2428\tab CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\\Windows\\system32\\DRIVERS\\CompositeBus.sys\par

19:57:50.0373 2428\tab CompositeBus - ok\par

19:57:50.0387 2428\tab COMSysApp - ok\par

19:57:50.0403 2428\tab crcdisk (1c827878a998c18847245fe1f34ee597) C:\\Windows\\system32\\DRIVERS\\crcdisk.sys\par

19:57:50.0405 2428\tab crcdisk - ok\par

19:57:50.0433 2428\tab CryptSvc (f02786b66375292e58c8777082d4396d) C:\\Windows\\system32\\cryptsvc.dll\par

19:57:50.0435 2428\tab CryptSvc - ok\par

19:57:50.0469 2428\tab CSC (4a6173c2279b498cd8f57cae504564cb) C:\\Windows\\system32\\drivers\\csc.sys\par

19:57:50.0488 2428\tab CSC - ok\par

19:57:50.0527 2428\tab CscService (873fbf927c06e5cee04dec617502f8fd) C:\\Windows\\System32\\cscsvc.dll\par

19:57:50.0546 2428\tab CscService - ok\par

19:57:50.0586 2428\tab DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\\Windows\\system32\\rpcss.dll\par

19:57:50.0605 2428\tab DcomLaunch - ok\par

19:57:50.0636 2428\tab defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\\Windows\\System32\\defragsvc.dll\par

19:57:50.0652 2428\tab defragsvc - ok\par

19:57:50.0699 2428\tab DfsC (9c253ce7311ca60fc11c774692a13208) C:\\Windows\\system32\\Drivers\\dfsc.sys\par

19:57:50.0702 2428\tab DfsC - ok\par

19:57:50.0738 2428\tab Dhcp (ce3b9562d997f69b330d181a8875960f) C:\\Windows\\system32\\dhcpcore.dll\par

19:57:50.0754 2428\tab Dhcp - ok\par

19:57:50.0774 2428\tab discache (13096b05847ec78f0977f2c0f79e9ab3) C:\\Windows\\system32\\drivers\\discache.sys\par

19:57:50.0777 2428\tab discache - ok\par

19:57:50.0801 2428\tab Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\\Windows\\system32\\DRIVERS\\disk.sys\par

19:57:50.0804 2428\tab Disk - ok\par

19:57:50.0836 2428\tab Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\\Windows\\System32\\dnsrslvr.dll\par

19:57:50.0837 2428\tab Dnscache - ok\par

19:57:50.0872 2428\tab dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\\Windows\\System32\\dot3svc.dll\par

19:57:50.0876 2428\tab dot3svc - ok\par

19:57:50.0916 2428\tab Dot4 (b42ed0320c6e41102fde0005154849bb) C:\\Windows\\system32\\DRIVERS\\Dot4.sys\par

19:57:50.0920 2428\tab Dot4 - ok\par

19:57:50.0938 2428\tab Dot4Print (85135ad27e79b689335c08167d917cde) C:\\Windows\\system32\\DRIVERS\\Dot4Prt.sys\par

19:57:50.0940 2428\tab Dot4Print - ok\par

19:57:50.0965 2428\tab dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\\Windows\\system32\\DRIVERS\\dot4usb.sys\par

19:57:50.0967 2428\tab dot4usb - ok\par

19:57:50.0999 2428\tab DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\\Windows\\system32\\dps.dll\par

19:57:51.0001 2428\tab DPS - ok\par

19:57:51.0035 2428\tab drmkaud (9b19f34400d24df84c858a421c205754) C:\\Windows\\system32\\drivers\\drmkaud.sys\par

19:57:51.0037 2428\tab drmkaud - ok\par

19:57:51.0105 2428\tab dump_wmimmc - ok\par

19:57:51.0163 2428\tab DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\\Windows\\System32\\drivers\\dxgkrnl.sys\par

19:57:51.0189 2428\tab DXGKrnl - ok\par

19:57:51.0221 2428\tab EagleX64 - ok\par

19:57:51.0255 2428\tab EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\\Windows\\System32\\eapsvc.dll\par

19:57:51.0257 2428\tab EapHost - ok\par

19:57:51.0376 2428\tab ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\\Windows\\system32\\DRIVERS\\evbda.sys\par

19:57:51.0443 2428\tab ebdrv - ok\par

19:57:51.0529 2428\tab EFS (156f6159457d0aa7e59b62681b56eb90) C:\\Windows\\System32\\lsass.exe\par

19:57:51.0531 2428\tab EFS - ok\par

19:57:51.0594 2428\tab ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\\Windows\\ehome\\ehRecvr.exe\par

19:57:51.0614 2428\tab ehRecvr - ok\par

19:57:51.0646 2428\tab ehSched (4705e8ef9934482c5bb488ce28afc681) C:\\Windows\\ehome\\ehsched.exe\par

19:57:51.0649 2428\tab ehSched - ok\par

19:57:51.0743 2428\tab elxstor (0e5da5369a0fcaea12456dd852545184) C:\\Windows\\system32\\DRIVERS\\elxstor.sys\par

19:57:51.0754 2428\tab elxstor - ok\par

19:57:51.0771 2428\tab ErrDev (34a3c54752046e79a126e15c51db409b) C:\\Windows\\system32\\DRIVERS\\errdev.sys\par

19:57:51.0773 2428\tab ErrDev - ok\par

19:57:51.0827 2428\tab EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\\Windows\\system32\\es.dll\par

19:57:51.0832 2428\tab EventSystem - ok\par

19:57:51.0852 2428\tab exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\\Windows\\system32\\drivers\\exfat.sys\par

19:57:51.0857 2428\tab exfat - ok\par

19:57:51.0877 2428\tab fastfat (0adc83218b66a6db380c330836f3e36d) C:\\Windows\\system32\\drivers\\fastfat.sys\par

19:57:51.0890 2428\tab fastfat - ok\par

19:57:51.0950 2428\tab Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\\Windows\\system32\\fxssvc.exe\par

19:57:51.0973 2428\tab Fax - ok\par

19:57:52.0011 2428\tab fdc (d765d19cd8ef61f650c384f62fac00ab) C:\\Windows\\system32\\DRIVERS\\fdc.sys\par

19:57:52.0050 2428\tab fdc - ok\par

19:57:52.0063 2428\tab fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\\Windows\\system32\\fdPHost.dll\par

19:57:52.0065 2428\tab fdPHost - ok\par

19:57:52.0082 2428\tab FDResPub (802496cb59a30349f9a6dd22d6947644) C:\\Windows\\system32\\fdrespub.dll\par

19:57:52.0086 2428\tab FDResPub - ok\par

19:57:52.0105 2428\tab FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\\Windows\\system32\\drivers\\fileinfo.sys\par

19:57:52.0119 2428\tab FileInfo - ok\par

19:57:52.0134 2428\tab Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\\Windows\\system32\\drivers\\filetrace.sys\par

19:57:52.0136 2428\tab Filetrace - ok\par

19:57:52.0150 2428\tab flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\\Windows\\system32\\DRIVERS\\flpydisk.sys\par

19:57:52.0153 2428\tab flpydisk - ok\par

19:57:52.0190 2428\tab FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\\Windows\\system32\\drivers\\fltmgr.sys\par

19:57:52.0207 2428\tab FltMgr - ok\par

19:57:52.0271 2428\tab FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\\Windows\\system32\\FntCache.dll\par

19:57:52.0300 2428\tab FontCache - ok\par

19:57:52.0372 2428\tab FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\\Windows\\Microsoft.Net\\Framework64\\v3.0\\WPF\\PresentationFontCache.exe\par

19:57:52.0374 2428\tab FontCache3.0.0.0 - ok\par

19:57:52.0401 2428\tab FsDepends (d43703496149971890703b4b1b723eac) C:\\Windows\\system32\\drivers\\FsDepends.sys\par

19:57:52.0404 2428\tab FsDepends - ok\par

19:57:52.0431 2428\tab Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\\Windows\\system32\\drivers\\Fs_Rec.sys\par

19:57:52.0434 2428\tab Fs_Rec - ok\par

19:57:52.0457 2428\tab fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\\Windows\\system32\\DRIVERS\\fvevol.sys\par

19:57:52.0474 2428\tab fvevol - ok\par

19:57:52.0491 2428\tab gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\\Windows\\system32\\DRIVERS\\gagp30kx.sys\par

19:57:52.0494 2428\tab gagp30kx - ok\par

19:57:52.0524 2428\tab GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\\Windows\\system32\\DRIVERS\\GEARAspiWDM.sys\par

19:57:52.0526 2428\tab GEARAspiWDM - ok\par

19:57:52.0571 2428\tab gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\\Windows\\System32\\gpsvc.dll\par

19:57:52.0591 2428\tab gpsvc - ok\par

19:57:52.0725 2428\tab gupdate (f02a533f517eb38333cb12a9e8963773) C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe\par

19:57:52.0730 2428\tab gupdate - ok\par

19:57:52.0751 2428\tab gupdatem (f02a533f517eb38333cb12a9e8963773) C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe\par

19:57:52.0753 2428\tab gupdatem - ok\par

19:57:52.0797 2428\tab hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\\Windows\\system32\\drivers\\hcw85cir.sys\par

19:57:52.0799 2428\tab hcw85cir - ok\par

19:57:52.0847 2428\tab HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\\Windows\\system32\\drivers\\HdAudio.sys\par

19:57:52.0865 2428\tab HdAudAddService - ok\par

19:57:52.0884 2428\tab HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\\Windows\\system32\\DRIVERS\\HDAudBus.sys\par

19:57:52.0887 2428\tab HDAudBus - ok\par

19:57:52.0901 2428\tab HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\\Windows\\system32\\DRIVERS\\HidBatt.sys\par

19:57:52.0903 2428\tab HidBatt - ok\par

19:57:52.0923 2428\tab HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\\Windows\\system32\\DRIVERS\\hidbth.sys\par

19:57:52.0936 2428\tab HidBth - ok\par

19:57:52.0955 2428\tab HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\\Windows\\system32\\DRIVERS\\hidir.sys\par

19:57:52.0957 2428\tab HidIr - ok\par

19:57:52.0981 2428\tab hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\\Windows\\system32\\hidserv.dll\par

19:57:52.0984 2428\tab hidserv - ok\par

19:57:53.0015 2428\tab HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\\Windows\\system32\\DRIVERS\\hidusb.sys\par

19:57:53.0018 2428\tab HidUsb - ok\par

19:57:53.0036 2428\tab hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\\Windows\\system32\\kmsvc.dll\par

19:57:53.0039 2428\tab hkmsvc - ok\par

19:57:53.0063 2428\tab HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\\Windows\\system32\\ListSvc.dll\par

19:57:53.0099 2428\tab HomeGroupListener - ok\par

19:57:53.0125 2428\tab HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\\Windows\\system32\\provsvc.dll\par

19:57:53.0145 2428\tab HomeGroupProvider - ok\par

19:57:53.0258 2428\tab hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\\Program Files (x86)\\HP\\Digital Imaging\\bin\\hpqcxs08.dll\par

19:57:53.0269 2428\tab hpqcxs08 - ok\par

19:57:53.0288 2428\tab hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\\Program Files (x86)\\HP\\Digital Imaging\\bin\\hpqddsvc.dll\par

19:57:53.0291 2428\tab hpqddsvc - ok\par

19:57:53.0308 2428\tab HpSAMD (0886d440058f203eba0e1825e4355914) C:\\Windows\\system32\\DRIVERS\\HpSAMD.sys\par

19:57:53.0311 2428\tab HpSAMD - ok\par

19:57:53.0370 2428\tab HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\\Windows\\system32\\drivers\\HTTP.sys\par

19:57:53.0397 2428\tab HTTP - ok\par

19:57:53.0414 2428\tab hwpolicy (f17766a19145f111856378df337a5d79) C:\\Windows\\system32\\drivers\\hwpolicy.sys\par

19:57:53.0417 2428\tab hwpolicy - ok\par

19:57:53.0456 2428\tab i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\\Windows\\system32\\DRIVERS\\i8042prt.sys\par

19:57:53.0459 2428\tab i8042prt - ok\par

19:57:53.0487 2428\tab iaStorV (b75e45c564e944a2657167d197ab29da) C:\\Windows\\system32\\drivers\\iaStorV.sys\par

19:57:53.0503 2428\tab iaStorV - ok\par

19:57:53.0588 2428\tab idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\\Windows\\Microsoft.NET\\Framework64\\v3.0\\Windows Communication Foundation\\infocard.exe\par

19:57:53.0615 2428\tab idsvc - ok\par

19:57:53.0796 2428\tab iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\\Windows\\system32\\DRIVERS\\iirsp.sys\par

19:57:53.0798 2428\tab iirsp - ok\par

19:57:53.0849 2428\tab IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\\Windows\\System32\\ikeext.dll\par

19:57:53.0876 2428\tab IKEEXT - ok\par

19:57:53.0909 2428\tab intelide (f00f20e70c6ec3aa366910083a0518aa) C:\\Windows\\system32\\DRIVERS\\intelide.sys\par

19:57:53.0911 2428\tab intelide - ok\par

19:57:53.0937 2428\tab intelppm (ada036632c664caa754079041cf1f8c1) C:\\Windows\\system32\\DRIVERS\\intelppm.sys\par

19:57:53.0939 2428\tab intelppm - ok\par

19:57:53.0964 2428\tab IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\\Windows\\system32\\ipbusenum.dll\par

19:57:53.0967 2428\tab IPBusEnum - ok\par

19:57:53.0982 2428\tab IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\\Windows\\system32\\DRIVERS\\ipfltdrv.sys\par

19:57:53.0985 2428\tab IpFilterDriver - ok\par

19:57:54.0026 2428\tab iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\\Windows\\System32\\iphlpsvc.dll\par

19:57:54.0046 2428\tab iphlpsvc - ok\par

19:57:54.0067 2428\tab IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\\Windows\\system32\\DRIVERS\\IPMIDrv.sys\par

19:57:54.0071 2428\tab IPMIDRV - ok\par

19:57:54.0090 2428\tab IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\\Windows\\system32\\drivers\\ipnat.sys\par

19:57:54.0094 2428\tab IPNAT - ok\par

19:57:54.0179 2428\tab iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\\Program Files\\iPod\\bin\\iPodService.exe\par

19:57:54.0205 2428\tab iPod Service - ok\par

19:57:54.0243 2428\tab IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\\Windows\\system32\\drivers\\irenum.sys\par

19:57:54.0246 2428\tab IRENUM - ok\par

19:57:54.0257 2428\tab isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\\Windows\\system32\\DRIVERS\\isapnp.sys\par

19:57:54.0259 2428\tab isapnp - ok\par

19:57:54.0285 2428\tab iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\\Windows\\system32\\DRIVERS\\msiscsi.sys\par

19:57:54.0298 2428\tab iScsiPrt - ok\par

19:57:54.0316 2428\tab kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\\Windows\\system32\\DRIVERS\\kbdclass.sys\par

19:57:54.0319 2428\tab kbdclass - ok\par

19:57:54.0336 2428\tab kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\\Windows\\system32\\DRIVERS\\kbdhid.sys\par

19:57:54.0345 2428\tab kbdhid - ok\par

19:57:54.0369 2428\tab KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\\Windows\\system32\\lsass.exe\par

19:57:54.0371 2428\tab KeyIso - ok\par

19:57:54.0404 2428\tab KSecDD (4f4b5fde429416877de7143044582eb5) C:\\Windows\\system32\\Drivers\\ksecdd.sys\par

19:57:54.0408 2428\tab KSecDD - ok\par

19:57:54.0430 2428\tab KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\\Windows\\system32\\Drivers\\ksecpkg.sys\par

19:57:54.0435 2428\tab KSecPkg - ok\par

19:57:54.0470 2428\tab ksthunk (6869281e78cb31a43e969f06b57347c4) C:\\Windows\\system32\\drivers\\ksthunk.sys\par

19:57:54.0473 2428\tab ksthunk - ok\par

19:57:54.0513 2428\tab KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\\Windows\\system32\\msdtckrm.dll\par

19:57:54.0530 2428\tab KtmRm - ok\par

19:57:54.0563 2428\tab LanmanServer (81f1d04d4d0e433099365127375fd501) C:\\Windows\\system32\\srvsvc.dll\par

19:57:54.0568 2428\tab LanmanServer - ok\par

19:57:54.0586 2428\tab LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\\Windows\\System32\\wkssvc.dll\par

19:57:54.0589 2428\tab LanmanWorkstation - ok\par

19:57:54.0611 2428\tab lltdio (1538831cf8ad2979a04c423779465827) C:\\Windows\\system32\\DRIVERS\\lltdio.sys\par

19:57:54.0613 2428\tab lltdio - ok\par

19:57:54.0631 2428\tab lltdsvc (c1185803384ab3feed115f79f109427f) C:\\Windows\\System32\\lltdsvc.dll\par

19:57:54.0668 2428\tab lltdsvc - ok\par

19:57:54.0679 2428\tab lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\\Windows\\System32\\lmhsvc.dll\par

19:57:54.0683 2428\tab lmhosts - ok\par

19:57:54.0706 2428\tab LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\\Windows\\system32\\DRIVERS\\lsi_fc.sys\par

19:57:54.0709 2428\tab LSI_FC - ok\par

19:57:54.0747 2428\tab LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\\Windows\\system32\\DRIVERS\\lsi_sas.sys\par

19:57:54.0749 2428\tab LSI_SAS - ok\par

19:57:54.0767 2428\tab LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\\Windows\\system32\\DRIVERS\\lsi_sas2.sys\par

19:57:54.0770 2428\tab LSI_SAS2 - ok\par

19:57:54.0787 2428\tab LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\\Windows\\system32\\DRIVERS\\lsi_scsi.sys\par

19:57:54.0791 2428\tab LSI_SCSI - ok\par

19:57:54.0806 2428\tab luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\\Windows\\system32\\drivers\\luafv.sys\par

19:57:54.0810 2428\tab luafv - ok\par

19:57:54.0924 2428\tab McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\\Program Files (x86)\\McAfee Security Scan\\3.0.207\\McCHSvc.exe\par

19:57:54.0936 2428\tab McComponentHostService - ok\par

19:57:54.0961 2428\tab Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\\Windows\\system32\\Mcx2Svc.dll\par

19:57:54.0964 2428\tab Mcx2Svc - ok\par

19:57:54.0979 2428\tab megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\\Windows\\system32\\DRIVERS\\megasas.sys\par

19:57:54.0982 2428\tab megasas - ok\par

19:57:55.0143 2428\tab MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\\Windows\\system32\\DRIVERS\\MegaSR.sys\par

19:57:55.0241 2428\tab MegaSR - ok\par

19:57:55.0371 2428\tab MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\\Windows\\system32\\mmcss.dll\par

19:57:55.0374 2428\tab MMCSS - ok\par

19:57:55.0439 2428\tab Modem (800ba92f7010378b09f9ed9270f07137) C:\\Windows\\system32\\drivers\\modem.sys\par

19:57:55.0443 2428\tab Modem - ok\par

19:57:55.0588 2428\tab monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\\Windows\\system32\\DRIVERS\\monitor.sys\par

19:57:55.0589 2428\tab monitor - ok\par

19:57:55.0719 2428\tab mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\\Windows\\system32\\DRIVERS\\mouclass.sys\par

19:57:55.0724 2428\tab mouclass - ok\par

19:57:55.0787 2428\tab mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\\Windows\\system32\\DRIVERS\\mouhid.sys\par

19:57:55.0790 2428\tab mouhid - ok\par

19:57:55.0810 2428\tab mountmgr (791af66c4d0e7c90a3646066386fb571) C:\\Windows\\system32\\drivers\\mountmgr.sys\par

19:57:55.0823 2428\tab mountmgr - ok\par

19:57:56.0760 2428\tab MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\\Program Files (x86)\\Mozilla Maintenance Service\\maintenanceservice.exe\par

19:57:56.0763 2428\tab MozillaMaintenance - ok\par

19:57:58.0196 2428\tab mpio (609d1d87649ecc19796f4d76d4c15cea) C:\\Windows\\system32\\DRIVERS\\mpio.sys\par

19:57:58.0265 2428\tab mpio - ok\par

19:57:58.0717 2428\tab mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\\Windows\\system32\\drivers\\mpsdrv.sys\par

19:57:58.0756 2428\tab mpsdrv - ok\par

19:57:59.0099 2428\tab MpsSvc (aecab449567d1846dad63ece49e893e3) C:\\Windows\\system32\\mpssvc.dll\par

19:57:59.0114 2428\tab MpsSvc - ok\par

19:57:59.0131 2428\tab MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\\Windows\\system32\\drivers\\mrxdav.sys\par

19:57:59.0136 2428\tab MRxDAV - ok\par

19:57:59.0158 2428\tab mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\\Windows\\system32\\DRIVERS\\mrxsmb.sys\par

19:57:59.0163 2428\tab mrxsmb - ok\par

19:57:59.0184 2428\tab mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\\Windows\\system32\\DRIVERS\\mrxsmb10.sys\par

19:57:59.0195 2428\tab mrxsmb10 - ok\par

19:57:59.0210 2428\tab mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\\Windows\\system32\\DRIVERS\\mrxsmb20.sys\par

19:57:59.0213 2428\tab mrxsmb20 - ok\par

19:57:59.0224 2428\tab msahci (5c37497276e3b3a5488b23a326a754b7) C:\\Windows\\system32\\DRIVERS\\msahci.sys\par

19:57:59.0225 2428\tab msahci - ok\par

19:57:59.0245 2428\tab msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\\Windows\\system32\\DRIVERS\\msdsm.sys\par

19:57:59.0259 2428\tab msdsm - ok\par

19:57:59.0286 2428\tab MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\\Windows\\System32\\msdtc.exe\par

19:57:59.0288 2428\tab MSDTC - ok\par

19:57:59.0313 2428\tab Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\\Windows\\system32\\drivers\\Msfs.sys\par

19:57:59.0314 2428\tab Msfs - ok\par

19:57:59.0333 2428\tab mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\\Windows\\System32\\drivers\\mshidkmdf.sys\par

19:57:59.0335 2428\tab mshidkmdf - ok\par

19:57:59.0353 2428\tab msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\\Windows\\system32\\DRIVERS\\msisadrv.sys\par

19:57:59.0353 2428\tab msisadrv - ok\par

19:57:59.0380 2428\tab MSiSCSI (808e98ff49b155c522e6400953177b08) C:\\Windows\\system32\\iscsiexe.dll\par

19:57:59.0382 2428\tab MSiSCSI - ok\par

19:57:59.0386 2428\tab msiserver - ok\par

19:57:59.0433 2428\tab MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\\Windows\\system32\\drivers\\MSKSSRV.sys\par

19:57:59.0434 2428\tab MSKSSRV - ok\par

19:57:59.0438 2428\tab MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\\Windows\\system32\\drivers\\MSPCLOCK.sys\par

19:57:59.0439 2428\tab MSPCLOCK - ok\par

19:57:59.0465 2428\tab MSPQM (4ed981241db27c3383d72092b618a1d0) C:\\Windows\\system32\\drivers\\MSPQM.sys\par

19:57:59.0488 2428\tab MSPQM - ok\par

19:57:59.0648 2428\tab MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\\Windows\\system32\\drivers\\MsRPC.sys\par

19:57:59.0667 2428\tab MsRPC - ok\par

19:58:00.0284 2428\tab mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\\Windows\\system32\\DRIVERS\\mssmbios.sys\par

19:58:00.0285 2428\tab mssmbios - ok\par

19:58:00.0499 2428\tab MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\\Windows\\system32\\drivers\\MSTEE.sys\par

19:58:00.0503 2428\tab MSTEE - ok\par

19:58:00.0536 2428\tab MTConfig (7ea404308934e675bffde8edf0757bcd) C:\\Windows\\system32\\DRIVERS\\MTConfig.sys\par

19:58:00.0538 2428\tab MTConfig - ok\par

19:58:00.0572 2428\tab Mup (f9a18612fd3526fe473c1bda678d61c8) C:\\Windows\\system32\\Drivers\\mup.sys\par

19:58:00.0580 2428\tab Mup - ok\par

19:58:00.0616 2428\tab napagent (4987e079a4530fa737a128be54b63b12) C:\\Windows\\system32\\qagentRT.dll\par

19:58:00.0632 2428\tab napagent - ok\par

19:58:00.0667 2428\tab NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\\Windows\\system32\\DRIVERS\\nwifi.sys\par

19:58:00.0680 2428\tab NativeWifiP - ok\par

19:58:02.0174 2428\tab NDIS (cad515dbd07d082bb317d9928ce8962c) C:\\Windows\\system32\\drivers\\ndis.sys\par

19:58:04.0767 2428\tab NDIS - ok\par

19:58:04.0861 2428\tab NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\\Windows\\system32\\DRIVERS\\ndiscap.sys\par

19:58:04.0867 2428\tab NdisCap - ok\par

19:58:04.0922 2428\tab NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\\Windows\\system32\\DRIVERS\\ndistapi.sys\par

19:58:04.0927 2428\tab NdisTapi - ok\par

19:58:04.0968 2428\tab Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\\Windows\\system32\\DRIVERS\\ndisuio.sys\par

19:58:05.0178 2428\tab Ndisuio - ok\par

19:58:05.0572 2428\tab NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\\Windows\\system32\\DRIVERS\\ndiswan.sys\par

19:58:05.0597 2428\tab NdisWan - ok\par

19:58:05.0617 2428\tab NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\\Windows\\system32\\drivers\\NDProxy.sys\par

19:58:05.0667 2428\tab NDProxy - ok\par

19:58:05.0722 2428\tab Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\\Windows\\system32\\HPZinw12.dll\par

19:58:05.0734 2428\tab Net Driver HPZ12 - ok\par

19:58:05.0766 2428\tab NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\\Windows\\system32\\DRIVERS\\netbios.sys\par

19:58:05.0773 2428\tab NetBIOS - ok\par

19:58:05.0809 2428\tab NetBT (9162b273a44ab9dce5b44362731d062a) C:\\Windows\\system32\\DRIVERS\\netbt.sys\par

19:58:06.0038 2428\tab NetBT - ok\par

19:58:06.0100 2428\tab Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\\Windows\\system32\\lsass.exe\par

19:58:06.0109 2428\tab Netlogon - ok\par

19:58:06.0240 2428\tab Netman (847d3ae376c0817161a14a82c8922a9e) C:\\Windows\\System32\\netman.dll\par

19:58:06.0280 2428\tab Netman - ok\par

19:58:06.0315 2428\tab netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\\Windows\\System32\\netprofm.dll\par

19:58:06.0341 2428\tab netprofm - ok\par

19:58:06.0413 2428\tab NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\\Windows\\Microsoft.NET\\Framework64\\v3.0\\Windows Communication Foundation\\SMSvcHost.exe\par

19:58:06.0553 2428\tab NetTcpPortSharing - ok\par

19:58:06.0912 2428\tab nfrd960 (77889813be4d166cdab78ddba990da92) C:\\Windows\\system32\\DRIVERS\\nfrd960.sys\par

19:58:06.0928 2428\tab nfrd960 - ok\par

19:58:06.0982 2428\tab NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\\Windows\\System32\\nlasvc.dll\par

19:58:07.0006 2428\tab NlaSvc - ok\par

19:58:07.0025 2428\tab Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\\Windows\\system32\\drivers\\Npfs.sys\par

19:58:07.0033 2428\tab Npfs - ok\par

19:58:07.0077 2428\tab npggsvc - ok\par

19:58:07.0113 2428\tab NPPTNT2 - ok\par

19:58:07.0136 2428\tab nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\\Windows\\system32\\nsisvc.dll\par

19:58:07.0143 2428\tab nsi - ok\par

19:58:07.0172 2428\tab nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\\Windows\\system32\\drivers\\nsiproxy.sys\par

19:58:07.0181 2428\tab nsiproxy - ok\par

19:58:07.0368 2428\tab Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\\Windows\\system32\\drivers\\Ntfs.sys\par

19:58:07.0468 2428\tab Ntfs - ok\par

19:58:07.0615 2428\tab Null (9899284589f75fa8724ff3d16aed75c1) C:\\Windows\\system32\\drivers\\Null.sys\par

19:58:07.0627 2428\tab Null - ok\par

19:58:07.0726 2428\tab NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\\Windows\\system32\\DRIVERS\\nvm62x64.sys\par

19:58:07.0756 2428\tab NVENETFD - ok\par

19:58:09.0026 2428\tab nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\\Windows\\system32\\DRIVERS\\nvlddmkm.sys\par

19:58:09.0383 2428\tab nvlddmkm - ok\par

19:58:09.0742 2428\tab nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\\Windows\\system32\\drivers\\nvraid.sys\par

19:58:09.0749 2428\tab nvraid - ok\par

19:58:09.0794 2428\tab nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\\Windows\\system32\\DRIVERS\\nvsmu.sys\par

19:58:09.0799 2428\tab nvsmu - ok\par

19:58:09.0830 2428\tab nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\\Windows\\system32\\drivers\\nvstor.sys\par

19:58:09.0869 2428\tab nvstor - ok\par

19:58:09.0970 2428\tab nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\\Windows\\system32\\nvvsvc.exe\par

19:58:10.0025 2428\tab nvsvc - ok\par

19:58:10.0346 2428\tab nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\\Program Files (x86)\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe\par

19:58:10.0436 2428\tab nvUpdatusService - ok\par

19:58:10.0566 2428\tab nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\\Windows\\system32\\DRIVERS\\nv_agp.sys\par

19:58:10.0580 2428\tab nv_agp - ok\par

19:58:10.0596 2428\tab ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\\Windows\\system32\\DRIVERS\\ohci1394.sys\par

19:58:10.0608 2428\tab ohci1394 - ok\par

19:58:10.0702 2428\tab p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\\Windows\\system32\\pnrpsvc.dll\par

19:58:10.0729 2428\tab p2pimsvc - ok\par

19:58:10.0767 2428\tab p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\\Windows\\system32\\p2psvc.dll\par

19:58:10.0796 2428\tab p2psvc - ok\par

19:58:10.0828 2428\tab Parport (0086431c29c35be1dbc43f52cc273887) C:\\Windows\\system32\\DRIVERS\\parport.sys\par

19:58:10.0885 2428\tab Parport - ok\par

19:58:10.0912 2428\tab partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\\Windows\\system32\\drivers\\partmgr.sys\par

19:58:10.0928 2428\tab partmgr - ok\par

19:58:10.0962 2428\tab PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\\Windows\\System32\\pcasvc.dll\par

19:58:10.0981 2428\tab PcaSvc - ok\par

19:58:11.0011 2428\tab pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\\Windows\\system32\\DRIVERS\\pci.sys\par

19:58:11.0040 2428\tab pci - ok\par

19:58:11.0056 2428\tab pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\\Windows\\system32\\DRIVERS\\pciide.sys\par

19:58:11.0063 2428\tab pciide - ok\par

19:58:11.0105 2428\tab pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\\Windows\\system32\\DRIVERS\\pcmcia.sys\par

19:58:11.0129 2428\tab pcmcia - ok\par

19:58:11.0148 2428\tab pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\\Windows\\system32\\drivers\\pcw.sys\par

19:58:11.0158 2428\tab pcw - ok\par

19:58:11.0238 2428\tab PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\\Windows\\system32\\drivers\\peauth.sys\par

19:58:11.0287 2428\tab PEAUTH - ok\par

19:58:11.0421 2428\tab PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\\Windows\\system32\\peerdistsvc.dll\par

19:58:11.0475 2428\tab PeerDistSvc - ok\par

19:58:11.0613 2428\tab PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\\Windows\\SysWow64\\perfhost.exe\par

19:58:11.0636 2428\tab PerfHost - ok\par

19:58:11.0821 2428\tab pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\\Windows\\system32\\pla.dll\par

19:58:11.0883 2428\tab pla - ok\par

19:58:12.0032 2428\tab PlugPlay (98b1721b8718164293b9701b98c52d77) C:\\Windows\\system32\\umpnpmgr.dll\par

19:58:12.0062 2428\tab PlugPlay - ok\par

19:58:12.0118 2428\tab Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\\Windows\\system32\\HPZipm12.dll\par

19:58:12.0139 2428\tab Pml Driver HPZ12 - ok\par

19:58:12.0167 2428\tab PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\\Windows\\system32\\pnrpauto.dll\par

19:58:12.0178 2428\tab PNRPAutoReg - ok\par

19:58:12.0227 2428\tab PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\\Windows\\system32\\pnrpsvc.dll\par

19:58:12.0233 2428\tab PNRPsvc - ok\par

19:58:12.0310 2428\tab PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\\Windows\\System32\\ipsecsvc.dll\par

19:58:12.0360 2428\tab PolicyAgent - ok\par

19:58:12.0403 2428\tab Power (6ba9d927dded70bd1a9caded45f8b184) C:\\Windows\\system32\\umpo.dll\par

19:58:12.0419 2428\tab Power - ok\par

19:58:12.0481 2428\tab PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\\Windows\\system32\\DRIVERS\\raspptp.sys\par

19:58:12.0503 2428\tab PptpMiniport - ok\par

19:58:12.0538 2428\tab Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\\Windows\\system32\\DRIVERS\\processr.sys\par

19:58:12.0550 2428\tab Processor - ok\par

19:58:12.0597 2428\tab ProfSvc (97293447431311c06703368ad0f6c4be) C:\\Windows\\system32\\profsvc.dll\par

19:58:12.0624 2428\tab ProfSvc - ok\par

19:58:12.0701 2428\tab ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\\Windows\\system32\\lsass.exe\par

19:58:12.0703 2428\tab ProtectedStorage - ok\par

19:58:12.0729 2428\tab Psched (ee992183bd8eaefd9973f352e587a299) C:\\Windows\\system32\\DRIVERS\\pacer.sys\par

19:58:12.0744 2428\tab Psched - ok\par

19:58:12.0819 2428\tab ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\\Windows\\system32\\DRIVERS\\ql2300.sys\par

19:58:12.0943 2428\tab ql2300 - ok\par

19:58:13.0121 2428\tab ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\\Windows\\system32\\DRIVERS\\ql40xx.sys\par

19:58:13.0142 2428\tab ql40xx - ok\par

19:58:13.0185 2428\tab QWAVE (906191634e99aea92c4816150bda3732) C:\\Windows\\system32\\qwave.dll\par

19:58:13.0215 2428\tab QWAVE - ok\par

19:58:13.0232 2428\tab QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\\Windows\\system32\\drivers\\qwavedrv.sys\par

19:58:13.0242 2428\tab QWAVEdrv - ok\par

19:58:13.0258 2428\tab RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\\Windows\\system32\\DRIVERS\\rasacd.sys\par

19:58:13.0263 2428\tab RasAcd - ok\par

19:58:13.0307 2428\tab RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\\Windows\\system32\\DRIVERS\\AgileVpn.sys\par

19:58:13.0319 2428\tab RasAgileVpn - ok\par

19:58:13.0344 2428\tab RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\\Windows\\System32\\rasauto.dll\par

19:58:13.0355 2428\tab RasAuto - ok\par

19:58:13.0391 2428\tab Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\\Windows\\system32\\DRIVERS\\rasl2tp.sys\par

19:58:13.0414 2428\tab Rasl2tp - ok\par

19:58:13.0465 2428\tab RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\\Windows\\System32\\rasmans.dll\par

19:58:13.0494 2428\tab RasMan - ok\par

19:58:13.0519 2428\tab RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\\Windows\\system32\\DRIVERS\\raspppoe.sys\par

19:58:13.0542 2428\tab RasPppoe - ok\par

19:58:13.0565 2428\tab RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\\Windows\\system32\\DRIVERS\\rassstp.sys\par

19:58:13.0577 2428\tab RasSstp - ok\par

19:58:13.0619 2428\tab rdbss (3bac8142102c15d59a87757c1d41dce5) C:\\Windows\\system32\\DRIVERS\\rdbss.sys\par

19:58:13.0700 2428\tab rdbss - ok\par

19:58:13.0718 2428\tab rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\\Windows\\system32\\DRIVERS\\rdpbus.sys\par

19:58:13.0726 2428\tab rdpbus - ok\par

19:58:13.0743 2428\tab RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\\Windows\\system32\\DRIVERS\\RDPCDD.sys\par

19:58:13.0748 2428\tab RDPCDD - ok\par

19:58:13.0775 2428\tab RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\\Windows\\system32\\drivers\\rdpdr.sys\par

19:58:13.0788 2428\tab RDPDR - ok\par

19:58:13.0804 2428\tab RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\\Windows\\system32\\drivers\\rdpencdd.sys\par

19:58:13.0808 2428\tab RDPENCDD - ok\par

19:58:13.0829 2428\tab RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\\Windows\\system32\\drivers\\rdprefmp.sys\par

19:58:13.0837 2428\tab RDPREFMP - ok\par

19:58:13.0894 2428\tab RDPWD (447de7e3dea39d422c1504f245b668b1) C:\\Windows\\system32\\drivers\\RDPWD.sys\par

19:58:13.0922 2428\tab RDPWD - ok\par

19:58:13.0957 2428\tab rdyboost (634b9a2181d98f15941236886164ec8b) C:\\Windows\\system32\\drivers\\rdyboost.sys\par

19:58:13.0983 2428\tab rdyboost - ok\par

19:58:14.0023 2428\tab RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\\Windows\\System32\\mprdim.dll\par

19:58:14.0035 2428\tab RemoteAccess - ok\par

19:58:14.0064 2428\tab RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\\Windows\\system32\\regsvc.dll\par

19:58:14.0080 2428\tab RemoteRegistry - ok\par

19:58:14.0103 2428\tab RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\\Windows\\System32\\RpcEpMap.dll\par

19:58:14.0113 2428\tab RpcEptMapper - ok\par

19:58:14.0128 2428\tab RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\\Windows\\system32\\locator.exe\par

19:58:14.0134 2428\tab RpcLocator - ok\par

19:58:14.0202 2428\tab RpcSs (7266972e86890e2b30c0c322e906b027) C:\\Windows\\system32\\rpcss.dll\par

19:58:14.0224 2428\tab RpcSs - ok\par

19:58:14.0251 2428\tab rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\\Windows\\system32\\DRIVERS\\rspndr.sys\par

19:58:14.0266 2428\tab rspndr - ok\par

19:58:14.0354 2428\tab RTL8192su (fc00c0de6dc83de1b2b01420e2195b21) C:\\Windows\\system32\\DRIVERS\\RTL8192su.sys\par

19:58:14.0396 2428\tab RTL8192su - ok\par

19:58:14.0416 2428\tab s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\\Windows\\system32\\DRIVERS\\vms3cap.sys\par

19:58:14.0423 2428\tab s3cap - ok\par

19:58:14.0448 2428\tab SamSs (156f6159457d0aa7e59b62681b56eb90) C:\\Windows\\system32\\lsass.exe\par

19:58:14.0451 2428\tab SamSs - ok\par

19:58:14.0557 2428\tab SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\\Program Files\\SUPERAntiSpyware\\SASDIFSV64.SYS\par

19:58:14.0564 2428\tab SASDIFSV - ok\par

19:58:14.0591 2428\tab SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\\Program Files\\SUPERAntiSpyware\\SASKUTIL64.SYS\par

19:58:14.0633 2428\tab SASKUTIL - ok\par

19:58:14.0876 2428\tab sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\\Windows\\system32\\DRIVERS\\sbp2port.sys\par

19:58:14.0885 2428\tab sbp2port - ok\par

19:58:14.0920 2428\tab SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\\Windows\\System32\\SCardSvr.dll\par

19:58:14.0932 2428\tab SCardSvr - ok\par

19:58:14.0950 2428\tab scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\\Windows\\system32\\DRIVERS\\scfilter.sys\par

19:58:14.0957 2428\tab scfilter - ok\par

19:58:15.0075 2428\tab Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\\Windows\\system32\\schedsvc.dll\par

19:58:15.0167 2428\tab Schedule - ok\par

19:58:15.0284 2428\tab SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\\Windows\\System32\\certprop.dll\par

19:58:15.0294 2428\tab SCPolicySvc - ok\par

19:58:15.0395 2428\tab SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\\Windows\\System32\\SDRSVC.dll\par

19:58:15.0416 2428\tab SDRSVC - ok\par

19:58:15.0495 2428\tab secdrv (3ea8a16169c26afbeb544e0e48421186) C:\\Windows\\system32\\drivers\\secdrv.sys\par

19:58:15.0503 2428\tab secdrv - ok\par

19:58:15.0520 2428\tab seclogon (463b386ebc70f98da5dff85f7e654346) C:\\Windows\\system32\\seclogon.dll\par

19:58:15.0531 2428\tab seclogon - ok\par

19:58:15.0545 2428\tab SENS (c32ab8fa018ef34c0f113bd501436d21) C:\\Windows\\System32\\sens.dll\par

19:58:15.0559 2428\tab SENS - ok\par

19:58:15.0577 2428\tab SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\\Windows\\system32\\sensrsvc.dll\par

19:58:15.0585 2428\tab SensrSvc - ok\par

19:58:15.0606 2428\tab Serenum (cb624c0035412af0debec78c41f5ca1b) C:\\Windows\\system32\\DRIVERS\\serenum.sys\par

19:58:15.0614 2428\tab Serenum - ok\par

19:58:15.0661 2428\tab Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\\Windows\\system32\\DRIVERS\\serial.sys\par

19:58:15.0675 2428\tab Serial - ok\par

19:58:15.0715 2428\tab sermouse (1c545a7d0691cc4a027396535691c3e3) C:\\Windows\\system32\\DRIVERS\\sermouse.sys\par

19:58:15.0723 2428\tab sermouse - ok\par

19:58:15.0752 2428\tab SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\\Windows\\system32\\sessenv.dll\par

19:58:15.0761 2428\tab SessionEnv - ok\par

19:58:15.0772 2428\tab sffdisk (a554811bcd09279536440c964ae35bbf) C:\\Windows\\system32\\DRIVERS\\sffdisk.sys\par

19:58:15.0778 2428\tab sffdisk - ok\par

19:58:15.0795 2428\tab sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\\Windows\\system32\\DRIVERS\\sffp_mmc.sys\par

19:58:15.0806 2428\tab sffp_mmc - ok\par

19:58:15.0823 2428\tab sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\\Windows\\system32\\DRIVERS\\sffp_sd.sys\par

19:58:15.0890 2428\tab sffp_sd - ok\par

19:58:15.0906 2428\tab sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\\Windows\\system32\\DRIVERS\\sfloppy.sys\par

19:58:15.0914 2428\tab sfloppy - ok\par

19:58:15.0963 2428\tab SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\\Windows\\System32\\ipnathlp.dll\par

19:58:15.0993 2428\tab SharedAccess - ok\par

19:58:16.0039 2428\tab ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\\Windows\\System32\\shsvcs.dll\par

19:58:16.0072 2428\tab ShellHWDetection - ok\par

19:58:16.0091 2428\tab SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\\Windows\\system32\\DRIVERS\\SiSRaid2.sys\par

19:58:16.0110 2428\tab SiSRaid2 - ok\par

19:58:16.0128 2428\tab SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\\Windows\\system32\\DRIVERS\\sisraid4.sys\par

19:58:16.0140 2428\tab SiSRaid4 - ok\par

19:58:16.0167 2428\tab Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\\Windows\\system32\\DRIVERS\\smb.sys\par

19:58:16.0179 2428\tab Smb - ok\par

19:58:16.0213 2428\tab SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\\Windows\\System32\\snmptrap.exe\par

19:58:16.0222 2428\tab SNMPTRAP - ok\par

19:58:16.0238 2428\tab spldr (b9e31e5cacdfe584f34f730a677803f9) C:\\Windows\\system32\\drivers\\spldr.sys\par

19:58:16.0246 2428\tab spldr - ok\par

19:58:16.0314 2428\tab Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\\Windows\\System32\\spoolsv.exe\par

19:58:16.0381 2428\tab Spooler - ok\par

19:58:16.0832 2428\tab sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\\Windows\\system32\\sppsvc.exe\par

19:58:17.0053 2428\tab sppsvc - ok\par

19:58:17.0206 2428\tab sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\\Windows\\system32\\sppuinotify.dll\par

19:58:17.0225 2428\tab sppuinotify - ok\par

19:58:17.0316 2428\tab srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\\Windows\\system32\\DRIVERS\\srv.sys\par

19:58:17.0371 2428\tab srv - ok\par

19:58:17.0418 2428\tab srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\\Windows\\system32\\DRIVERS\\srv2.sys\par

19:58:17.0475 2428\tab srv2 - ok\par

19:58:17.0539 2428\tab SrvHsfPCIe (a42b22601cc2754428b5f82e040fd1c7) C:\\Windows\\system32\\DRIVERS\\VSTBS36.SYS\par

19:58:17.0576 2428\tab SrvHsfPCIe - ok\par

19:58:17.0782 2428\tab SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\\Windows\\system32\\DRIVERS\\VSTDPV6.SYS\par

19:58:17.0913 2428\tab SrvHsfV92 - ok\par

19:58:18.0098 2428\tab SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\\Windows\\system32\\DRIVERS\\VSTCNXT6.SYS\par

19:58:18.0144 2428\tab SrvHsfWinac - ok\par

19:58:18.0180 2428\tab srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\\Windows\\system32\\DRIVERS\\srvnet.sys\par

19:58:18.0244 2428\tab srvnet - ok\par

19:58:18.0283 2428\tab SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\\Windows\\System32\\ssdpsrv.dll\par

19:58:18.0298 2428\tab SSDPSRV - ok\par

19:58:18.0314 2428\tab SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\\Windows\\system32\\sstpsvc.dll\par

19:58:18.0323 2428\tab SstpSvc - ok\par

19:58:18.0385 2428\tab Steam Client Service - ok\par

19:58:18.0474 2428\tab Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\nvSCPAPISvr.exe\par

19:58:18.0499 2428\tab Stereo Service - ok\par

19:58:18.0515 2428\tab stexstor (f3817967ed533d08327dc73bc4d5542a) C:\\Windows\\system32\\DRIVERS\\stexstor.sys\par

19:58:18.0523 2428\tab stexstor - ok\par

19:58:18.0614 2428\tab stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\\Windows\\System32\\wiaservc.dll\par

19:58:18.0661 2428\tab stisvc - ok\par

19:58:18.0782 2428\tab storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\\Windows\\system32\\DRIVERS\\vmstorfl.sys\par

19:58:18.0791 2428\tab storflt - ok\par

19:58:18.0811 2428\tab storvsc (8fccbefc5c440b3c23454656e551b09a) C:\\Windows\\system32\\DRIVERS\\storvsc.sys\par

19:58:18.0823 2428\tab storvsc - ok\par

19:58:18.0841 2428\tab swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\\Windows\\system32\\DRIVERS\\swenum.sys\par

19:58:18.0849 2428\tab swenum - ok\par

19:58:18.0898 2428\tab swprv (e08e46fdd841b7184194011ca1955a0b) C:\\Windows\\System32\\swprv.dll\par

19:58:18.0932 2428\tab swprv - ok\par

19:58:19.0082 2428\tab SysMain (3c1284516a62078fb68f768de4f1a7be) C:\\Windows\\system32\\sysmain.dll\par

19:58:19.0175 2428\tab SysMain - ok\par

19:58:19.0313 2428\tab TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\\Windows\\System32\\TabSvc.dll\par

19:58:19.0327 2428\tab TabletInputService - ok\par

19:58:19.0400 2428\tab TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\\Windows\\System32\\tapisrv.dll\par

19:58:19.0430 2428\tab TapiSrv - ok\par

19:58:19.0453 2428\tab TBS (1be03ac720f4d302ea01d40f588162f6) C:\\Windows\\System32\\tbssvc.dll\par

19:58:19.0465 2428\tab TBS - ok\par

19:58:19.0737 2428\tab Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\\Windows\\system32\\drivers\\tcpip.sys\par

19:58:19.0832 2428\tab Tcpip - ok\par

19:58:20.0208 2428\tab TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\\Windows\\system32\\DRIVERS\\tcpip.sys\par

19:58:20.0229 2428\tab TCPIP6 - ok\par

19:58:20.0372 2428\tab tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\\Windows\\system32\\drivers\\tcpipreg.sys\par

19:58:20.0382 2428\tab tcpipreg - ok\par

19:58:20.0413 2428\tab TDPIPE (3371d21011695b16333a3934340c4e7c) C:\\Windows\\system32\\drivers\\tdpipe.sys\par

19:58:20.0420 2428\tab TDPIPE - ok\par

19:58:20.0440 2428\tab TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\\Windows\\system32\\drivers\\tdtcp.sys\par

19:58:20.0448 2428\tab TDTCP - ok\par

19:58:20.0474 2428\tab tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\\Windows\\system32\\DRIVERS\\tdx.sys\par

19:58:20.0486 2428\tab tdx - ok\par

19:58:20.0510 2428\tab TermDD (c448651339196c0e869a355171875522) C:\\Windows\\system32\\DRIVERS\\termdd.sys\par

19:58:20.0530 2428\tab TermDD - ok\par

19:58:20.0622 2428\tab TermService (0f05ec2887bfe197ad82a13287d2f404) C:\\Windows\\System32\\termsrv.dll\par

19:58:20.0673 2428\tab TermService - ok\par

19:58:20.0700 2428\tab Themes (f0344071948d1a1fa732231785a0664c) C:\\Windows\\system32\\themeservice.dll\par

19:58:20.0712 2428\tab Themes - ok\par

19:58:20.0741 2428\tab THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\\Windows\\system32\\mmcss.dll\par

19:58:20.0752 2428\tab THREADORDER - ok\par

19:58:20.0779 2428\tab TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\\Windows\\System32\\trkwks.dll\par

19:58:20.0795 2428\tab TrkWks - ok\par

19:58:20.0870 2428\tab TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\\Windows\\servicing\\TrustedInstaller.exe\par

19:58:20.0892 2428\tab TrustedInstaller - ok\par

19:58:20.0929 2428\tab tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\\Windows\\system32\\DRIVERS\\tssecsrv.sys\par

19:58:20.0938 2428\tab tssecsrv - ok\par

19:58:20.0982 2428\tab tunnel (3836171a2cdf3af8ef10856db9835a70) C:\\Windows\\system32\\DRIVERS\\tunnel.sys\par

19:58:21.0005 2428\tab tunnel - ok\par

19:58:21.0031 2428\tab uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\\Windows\\system32\\DRIVERS\\uagp35.sys\par

19:58:21.0043 2428\tab uagp35 - ok\par

19:58:21.0078 2428\tab udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\\Windows\\system32\\DRIVERS\\udfs.sys\par

19:58:21.0122 2428\tab udfs - ok\par

19:58:21.0160 2428\tab UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\\Windows\\system32\\UI0Detect.exe\par

19:58:21.0173 2428\tab UI0Detect - ok\par

19:58:21.0192 2428\tab uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\\Windows\\system32\\DRIVERS\\uliagpkx.sys\par

19:58:21.0203 2428\tab uliagpkx - ok\par

19:58:21.0230 2428\tab umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\\Windows\\system32\\DRIVERS\\umbus.sys\par

19:58:21.0241 2428\tab umbus - ok\par

19:58:21.0252 2428\tab UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\\Windows\\system32\\DRIVERS\\umpass.sys\par

19:58:21.0258 2428\tab UmPass - ok\par

19:58:21.0302 2428\tab UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\\Windows\\System32\\umrdp.dll\par

19:58:21.0314 2428\tab UmRdpService - ok\par

19:58:21.0364 2428\tab upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\\Windows\\System32\\upnphost.dll\par

19:58:21.0382 2428\tab upnphost - ok\par

19:58:21.0423 2428\tab USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\\Windows\\system32\\Drivers\\usbaapl64.sys\par

19:58:21.0433 2428\tab USBAAPL64 - ok\par

19:58:21.0459 2428\tab usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\\Windows\\system32\\DRIVERS\\usbccgp.sys\par

19:58:21.0471 2428\tab usbccgp - ok\par

19:58:21.0506 2428\tab usbcir (af0892a803fdda7492f595368e3b68e7) C:\\Windows\\system32\\DRIVERS\\usbcir.sys\par

19:58:21.0533 2428\tab usbcir - ok\par

19:58:21.0555 2428\tab usbehci (92969ba5ac44e229c55a332864f79677) C:\\Windows\\system32\\DRIVERS\\usbehci.sys\par

19:58:21.0564 2428\tab usbehci - ok\par

19:58:21.0611 2428\tab usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\\Windows\\system32\\DRIVERS\\usbhub.sys\par

19:58:21.0666 2428\tab usbhub - ok\par

19:58:21.0687 2428\tab usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\\Windows\\system32\\DRIVERS\\usbohci.sys\par

19:58:21.0695 2428\tab usbohci - ok\par

19:58:21.0717 2428\tab usbprint (73188f58fb384e75c4063d29413cee3d) C:\\Windows\\system32\\DRIVERS\\usbprint.sys\par

19:58:21.0725 2428\tab usbprint - ok\par

19:58:21.0766 2428\tab usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\\Windows\\system32\\DRIVERS\\usbscan.sys\par

19:58:21.0775 2428\tab usbscan - ok\par

19:58:21.0801 2428\tab USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\\Windows\\system32\\DRIVERS\\USBSTOR.SYS\par

19:58:21.0825 2428\tab USBSTOR - ok\par

19:58:21.0840 2428\tab usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\\Windows\\system32\\drivers\\usbuhci.sys\par

19:58:21.0850 2428\tab usbuhci - ok\par

19:58:21.0891 2428\tab UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\\Windows\\System32\\uxsms.dll\par

19:58:21.0899 2428\tab UxSms - ok\par

19:58:21.0925 2428\tab VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\\Windows\\system32\\lsass.exe\par

19:58:21.0928 2428\tab VaultSvc - ok\par

19:58:21.0950 2428\tab vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\\Windows\\system32\\DRIVERS\\vdrvroot.sys\par

19:58:21.0958 2428\tab vdrvroot - ok\par

19:58:22.0032 2428\tab vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\\Windows\\System32\\vds.exe\par

19:58:22.0065 2428\tab vds - ok\par

19:58:22.0087 2428\tab vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\\Windows\\system32\\DRIVERS\\vgapnp.sys\par

19:58:22.0095 2428\tab vga - ok\par

19:58:22.0115 2428\tab VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\\Windows\\System32\\drivers\\vga.sys\par

19:58:22.0133 2428\tab VgaSave - ok\par

19:58:22.0160 2428\tab vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\\Windows\\system32\\DRIVERS\\vhdmp.sys\par

19:58:22.0190 2428\tab vhdmp - ok\par

19:58:22.0205 2428\tab viaide (e5689d93ffe4e5d66c0178761240dd54) C:\\Windows\\system32\\DRIVERS\\viaide.sys\par

19:58:22.0213 2428\tab viaide - ok\par

19:58:22.0237 2428\tab vmbus (1501699d7eda984abc4155a7da5738d1) C:\\Windows\\system32\\DRIVERS\\vmbus.sys\par

19:58:22.0249 2428\tab vmbus - ok\par

19:58:22.0267 2428\tab VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\\Windows\\system32\\DRIVERS\\VMBusHID.sys\par

19:58:22.0273 2428\tab VMBusHID - ok\par

19:58:22.0299 2428\tab volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\\Windows\\system32\\DRIVERS\\volmgr.sys\par

19:58:22.0308 2428\tab volmgr - ok\par

19:58:22.0351 2428\tab volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\\Windows\\system32\\drivers\\volmgrx.sys\par

19:58:22.0384 2428\tab volmgrx - ok\par

19:58:22.0430 2428\tab volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\\Windows\\system32\\DRIVERS\\volsnap.sys\par

19:58:22.0463 2428\tab volsnap - ok\par

19:58:22.0490 2428\tab vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\\Windows\\system32\\DRIVERS\\vsmraid.sys\par

19:58:22.0514 2428\tab vsmraid - ok\par

19:58:22.0723 2428\tab VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\\Windows\\system32\\vssvc.exe\par

19:58:22.0786 2428\tab VSS - ok\par

19:58:22.0826 2428\tab vtany - ok\par

19:58:22.0996 2428\tab vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\\Windows\\System32\\drivers\\vwifibus.sys\par

19:58:23.0006 2428\tab vwifibus - ok\par

19:58:23.0029 2428\tab vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\\Windows\\system32\\DRIVERS\\vwififlt.sys\par

19:58:23.0040 2428\tab vwififlt - ok\par

19:58:23.0091 2428\tab W32Time (1c9d80cc3849b3788048078c26486e1a) C:\\Windows\\system32\\w32time.dll\par

19:58:23.0123 2428\tab W32Time - ok\par

19:58:23.0140 2428\tab WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\\Windows\\system32\\DRIVERS\\wacompen.sys\par

19:58:23.0148 2428\tab WacomPen - ok\par

19:58:23.0190 2428\tab WANARP (47ca49400643effd3f1c9a27e1d69324) C:\\Windows\\system32\\DRIVERS\\wanarp.sys\par

19:58:23.0214 2428\tab WANARP - ok\par

19:58:23.0223 2428\tab Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\\Windows\\system32\\DRIVERS\\wanarp.sys\par

19:58:23.0225 2428\tab Wanarpv6 - ok\par

19:58:23.0394 2428\tab WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\\Windows\\system32\\Wat\\WatAdminSvc.exe\par

19:58:23.0504 2428\tab WatAdminSvc - ok\par

19:58:23.0692 2428\tab wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\\Windows\\system32\\wbengine.exe\par

19:58:23.0748 2428\tab wbengine - ok\par

19:58:23.0921 2428\tab WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\\Windows\\System32\\wbiosrvc.dll\par

19:58:23.0949 2428\tab WbioSrvc - ok\par

19:58:23.0982 2428\tab wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\\Windows\\System32\\wcncsvc.dll\par

19:58:24.0009 2428\tab wcncsvc - ok\par

19:58:24.0030 2428\tab WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\\Windows\\System32\\WcsPlugInService.dll\par

19:58:24.0039 2428\tab WcsPlugInService - ok\par

19:58:24.0077 2428\tab Wd (72889e16ff12ba0f235467d6091b17dc) C:\\Windows\\system32\\DRIVERS\\wd.sys\par

19:58:24.0089 2428\tab Wd - ok\par

19:58:24.0163 2428\tab Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\\Windows\\system32\\drivers\\Wdf01000.sys\par

19:58:24.0214 2428\tab Wdf01000 - ok\par

19:58:24.0244 2428\tab WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\\Windows\\system32\\wdi.dll\par

19:58:24.0258 2428\tab WdiServiceHost - ok\par

19:58:24.0263 2428\tab WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\\Windows\\system32\\wdi.dll\par

19:58:24.0268 2428\tab WdiSystemHost - ok\par

19:58:24.0308 2428\tab WebClient (733006127f235be7c35354ebee7b9a7b) C:\\Windows\\System32\\webclnt.dll\par

19:58:24.0337 2428\tab WebClient - ok\par

19:58:24.0371 2428\tab Wecsvc (c749025a679c5103e575e3b48e092c43) C:\\Windows\\system32\\wecsvc.dll\par

19:58:24.0394 2428\tab Wecsvc - ok\par

19:58:24.0408 2428\tab wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\\Windows\\System32\\wercplsupport.dll\par

19:58:24.0421 2428\tab wercplsupport - ok\par

19:58:24.0441 2428\tab WerSvc (6d137963730144698cbd10f202e9f251) C:\\Windows\\System32\\WerSvc.dll\par

19:58:24.0455 2428\tab WerSvc - ok\par

19:58:24.0488 2428\tab WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\\Windows\\system32\\DRIVERS\\wfplwf.sys\par

19:58:24.0499 2428\tab WfpLwf - ok\par

19:58:24.0515 2428\tab WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\\Windows\\system32\\drivers\\wimmount.sys\par

19:58:24.0526 2428\tab WIMMount - ok\par

19:58:24.0552 2428\tab WinDefend - ok\par

19:58:24.0565 2428\tab WinHttpAutoProxySvc - ok\par

19:58:24.0668 2428\tab Winmgmt (19b07e7e8915d701225da41cb3877306) C:\\Windows\\system32\\wbem\\WMIsvc.dll\par

19:58:24.0695 2428\tab Winmgmt - ok\par

19:58:24.0955 2428\tab WinRM (41fbb751936b387f9179e7f03a74fe29) C:\\Windows\\system32\\WsmSvc.dll\par

19:58:25.0032 2428\tab WinRM - ok\par

19:58:25.0389 2428\tab Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\\Windows\\System32\\wlansvc.dll\par

19:58:25.0437 2428\tab Wlansvc - ok\par

19:58:25.0491 2428\tab WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\\Windows\\system32\\DRIVERS\\wmiacpi.sys\par

19:58:25.0496 2428\tab WmiAcpi - ok\par

19:58:25.0571 2428\tab wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\\Windows\\system32\\wbem\\WmiApSrv.exe\par

19:58:25.0598 2428\tab wmiApSrv - ok\par

19:58:25.0668 2428\tab WMPNetworkSvc - ok\par

19:58:25.0731 2428\tab WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\\Windows\\System32\\wpcsvc.dll\par

19:58:25.0741 2428\tab WPCSvc - ok\par

19:58:25.0774 2428\tab WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\\Windows\\system32\\wpdbusenum.dll\par

19:58:25.0802 2428\tab WPDBusEnum - ok\par

19:58:25.0821 2428\tab ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\\Windows\\system32\\drivers\\ws2ifsl.sys\par

19:58:25.0850 2428\tab ws2ifsl - ok\par

19:58:25.0874 2428\tab wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\\Windows\\System32\\wscsvc.dll\par

19:58:25.0889 2428\tab wscsvc - ok\par

19:58:25.0895 2428\tab WSearch - ok\par

19:58:26.0026 2428\tab wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\\Windows\\system32\\wuaueng.dll\par

19:58:26.0127 2428\tab wuauserv - ok\par

19:58:26.0259 2428\tab WudfPf (7cadc74271dd6461c452c271b30bd378) C:\\Windows\\system32\\drivers\\WudfPf.sys\par

19:58:26.0281 2428\tab WudfPf - ok\par

19:58:26.0319 2428\tab WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\\Windows\\system32\\DRIVERS\\WUDFRd.sys\par

19:58:26.0343 2428\tab WUDFRd - ok\par

19:58:26.0377 2428\tab wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\\Windows\\System32\\WUDFSvc.dll\par

19:58:26.0399 2428\tab wudfsvc - ok\par

19:58:26.0443 2428\tab WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\\Windows\\System32\\wwansvc.dll\par

19:58:26.0469 2428\tab WwanSvc - ok\par

19:58:26.0497 2428\tab xsherlock - ok\par

19:58:26.0512 2428\tab xspirit - ok\par

19:58:26.0548 2428\tab MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \\Device\\Harddisk0\\DR0\par

19:58:26.0572 2428\tab\\Device\\Harddisk0\\DR0 ( Rootkit.Boot.Pihar.c ) - infected\par

19:58:26.0572 2428\tab\\Device\\Harddisk0\\DR0 - detected Rootkit.Boot.Pihar.c (0)\par

19:58:26.0598 2428\tab Boot (0x1200) (5f35d90b0ab8157488fa58d07b0bc982) \\Device\\Harddisk0\\DR0\\Partition0\par

19:58:26.0602 2428\tab\\Device\\Harddisk0\\DR0\\Partition0 - ok\par

19:58:26.0616 2428\tab Boot (0x1200) (338a0e5de7d59309f79e937f0ae3e543) \\Device\\Harddisk0\\DR0\\Partition1\par

19:58:26.0631 2428\tab\\Device\\Harddisk0\\DR0\\Partition1 - ok\par

19:58:26.0632 2428\tab ============================================================\par

19:58:26.0632 2428\tab Scan finished\par

19:58:26.0632 2428\tab ============================================================\par

19:58:26.0652 5784\tab Detected object count: 1\par

19:58:26.0652 5784\tab Actual detected object count: 1\par

19:58:49.0751 5784\tab\\Device\\Harddisk0\\DR0\\# - copied to quarantine\par

19:58:49.0752 5784\tab\\Device\\Harddisk0\\DR0 - copied to quarantine\par

19:58:49.0969 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\cmd.dll - copied to quarantine\par

19:58:49.0975 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\cmd64.dll - copied to quarantine\par

19:58:49.0987 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\sub.dll - copied to quarantine\par

19:58:49.0998 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\subx.dll - copied to quarantine\par

19:58:50.0034 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\drv32 - copied to quarantine\par

19:58:50.0055 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\drv64 - copied to quarantine\par

19:58:50.0058 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\servers.dat - copied to quarantine\par

19:58:50.0061 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\config.ini - copied to quarantine\par

19:58:50.0066 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\ldr16 - copied to quarantine\par

19:58:50.0076 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\ldr32 - copied to quarantine\par

19:58:50.0083 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\ldr64 - copied to quarantine\par

19:58:50.0087 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\s - copied to quarantine\par

19:58:50.0091 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\ldrm - copied to quarantine\par

19:58:50.0095 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\u - copied to quarantine\par

19:58:50.0122 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\ph.dll - copied to quarantine\par

19:58:50.0152 5784\tab\\Device\\Harddisk0\\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot\par

19:58:50.0243 5784\tab\\Device\\Harddisk0\\DR0 - ok\par

19:58:50.0263 5784\tab\\Device\\Harddisk0\\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure \par

\pard\sa200\sl276\slmult1\cf0\lang9\f1\fs22\par

}

Link to post
Share on other sites

Warning: This last run shows the system had TDL rootkit infection, which is very serious.

Do NOT do any websurfing, no shopping, no online transactions.

Logoff & Restart the system fresh.

Then Run TDSSKILLER one more time. Then copy & paste the new log for review.

Link to post
Share on other sites

Yessir~ ty once agn lol , heres the log u asked for :

22:53:30.0578 3788 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11

22:53:31.0186 3788 ============================================================

22:53:31.0186 3788 Current date / time: 2012/07/18 22:53:31.0186

22:53:31.0186 3788 SystemInfo:

22:53:31.0186 3788

22:53:31.0186 3788 OS Version: 6.1.7600 ServicePack: 0.0

22:53:31.0186 3788 Product type: Workstation

22:53:31.0186 3788 ComputerName: BUGSBUNNY-PC

22:53:31.0186 3788 UserName: Bugs Bunny

22:53:31.0186 3788 Windows directory: C:\Windows

22:53:31.0186 3788 System windows directory: C:\Windows

22:53:31.0186 3788 Running under WOW64

22:53:31.0186 3788 Processor architecture: Intel x64

22:53:31.0186 3788 Number of processors: 4

22:53:31.0186 3788 Page size: 0x1000

22:53:31.0186 3788 Boot type: Normal boot

22:53:31.0186 3788 ============================================================

22:53:35.0554 3788 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDDA00 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:53:35.0585 3788 ============================================================

22:53:35.0585 3788 \Device\Harddisk0\DR0:

22:53:35.0585 3788 MBR partitions:

22:53:35.0585 3788 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

22:53:35.0585 3788 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x57513000

22:53:35.0585 3788 ============================================================

22:53:35.0601 3788 C: <-> \Device\Harddisk0\DR0\Partition1

22:53:35.0632 3788 I: <-> \Device\Harddisk0\DR0\Partition0

22:53:35.0632 3788 ============================================================

22:53:35.0632 3788 Initialize success

22:53:35.0632 3788 ============================================================

22:53:39.0953 3916 ============================================================

22:53:39.0953 3916 Scan started

22:53:39.0953 3916 Mode: Manual;

22:53:39.0953 3916 ============================================================

22:53:42.0465 3916 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

22:53:42.0465 3916 !SASCORE - ok

22:53:42.0839 3916 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

22:53:42.0855 3916 1394ohci - ok

22:53:42.0948 3916 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

22:53:42.0964 3916 ACPI - ok

22:53:42.0995 3916 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

22:53:43.0011 3916 AcpiPmi - ok

22:53:43.0089 3916 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

22:53:43.0089 3916 AdobeARMservice - ok

22:53:43.0697 3916 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

22:53:43.0713 3916 AdobeFlashPlayerUpdateSvc - ok

22:53:44.0072 3916 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

22:53:44.0150 3916 adp94xx - ok

22:53:44.0321 3916 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

22:53:44.0352 3916 adpahci - ok

22:53:44.0399 3916 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

22:53:44.0430 3916 adpu320 - ok

22:53:44.0477 3916 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

22:53:44.0493 3916 AeLookupSvc - ok

22:53:44.0618 3916 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

22:53:44.0680 3916 AFD - ok

22:53:44.0727 3916 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

22:53:44.0742 3916 agp440 - ok

22:53:44.0789 3916 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

22:53:44.0820 3916 ALG - ok

22:53:44.0852 3916 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

22:53:44.0867 3916 aliide - ok

22:53:44.0883 3916 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

22:53:44.0898 3916 amdide - ok

22:53:44.0914 3916 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

22:53:44.0945 3916 AmdK8 - ok

22:53:44.0976 3916 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

22:53:44.0992 3916 AmdPPM - ok

22:53:45.0039 3916 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

22:53:45.0054 3916 amdsata - ok

22:53:45.0101 3916 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

22:53:45.0132 3916 amdsbs - ok

22:53:45.0148 3916 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

22:53:45.0164 3916 amdxata - ok

22:53:45.0507 3916 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

22:53:45.0507 3916 AntiVirSchedulerService - ok

22:53:45.0663 3916 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

22:53:45.0663 3916 AntiVirService - ok

22:53:45.0710 3916 AntiVirWebService (e38ba9fab3981a2115c53260b930fd3c) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

22:53:45.0710 3916 AntiVirWebService - ok

22:53:45.0772 3916 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

22:53:45.0772 3916 AppID - ok

22:53:45.0803 3916 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

22:53:45.0803 3916 AppIDSvc - ok

22:53:45.0834 3916 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll

22:53:45.0850 3916 Appinfo - ok

22:53:45.0928 3916 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

22:53:45.0944 3916 Apple Mobile Device - ok

22:53:46.0022 3916 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

22:53:46.0037 3916 AppMgmt - ok

22:53:46.0068 3916 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

22:53:46.0115 3916 arc - ok

22:53:46.0131 3916 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

22:53:46.0146 3916 arcsas - ok

22:53:46.0162 3916 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

22:53:46.0178 3916 AsyncMac - ok

22:53:46.0193 3916 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

22:53:46.0193 3916 atapi - ok

22:53:46.0334 3916 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

22:53:46.0334 3916 AudioEndpointBuilder - ok

22:53:46.0349 3916 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

22:53:46.0349 3916 AudioSrv - ok

22:53:46.0427 3916 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys

22:53:46.0443 3916 avgntflt - ok

22:53:46.0490 3916 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys

22:53:46.0490 3916 avipbb - ok

22:53:46.0521 3916 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

22:53:46.0521 3916 avkmgr - ok

22:53:46.0583 3916 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll

22:53:46.0599 3916 AxInstSV - ok

22:53:46.0755 3916 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

22:53:46.0817 3916 b06bdrv - ok

22:53:46.0973 3916 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

22:53:47.0004 3916 b57nd60a - ok

22:53:47.0036 3916 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

22:53:47.0082 3916 BDESVC - ok

22:53:47.0114 3916 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

22:53:47.0114 3916 Beep - ok

22:53:47.0223 3916 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll

22:53:47.0363 3916 BFE - ok

22:53:47.0675 3916 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll

22:53:47.0769 3916 BITS - ok

22:53:47.0878 3916 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

22:53:47.0878 3916 blbdrive - ok

22:53:48.0128 3916 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

22:53:48.0237 3916 Bonjour Service - ok

22:53:48.0362 3916 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

22:53:48.0393 3916 bowser - ok

22:53:48.0424 3916 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

22:53:48.0440 3916 BrFiltLo - ok

22:53:48.0440 3916 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

22:53:48.0455 3916 BrFiltUp - ok

22:53:48.0471 3916 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll

22:53:48.0471 3916 Browser - ok

22:53:48.0580 3916 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

22:53:48.0642 3916 Brserid - ok

22:53:48.0658 3916 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

22:53:48.0674 3916 BrSerWdm - ok

22:53:48.0674 3916 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

22:53:48.0674 3916 BrUsbMdm - ok

22:53:48.0705 3916 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

22:53:48.0705 3916 BrUsbSer - ok

22:53:48.0736 3916 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

22:53:48.0736 3916 BTHMODEM - ok

22:53:48.0783 3916 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

22:53:48.0783 3916 bthserv - ok

22:53:48.0814 3916 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

22:53:48.0861 3916 cdfs - ok

22:53:48.0876 3916 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

22:53:48.0892 3916 cdrom - ok

22:53:48.0970 3916 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

22:53:49.0001 3916 CertPropSvc - ok

22:53:49.0048 3916 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

22:53:49.0064 3916 circlass - ok

22:53:49.0110 3916 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

22:53:49.0173 3916 CLFS - ok

22:53:49.0251 3916 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:53:49.0282 3916 clr_optimization_v2.0.50727_32 - ok

22:53:49.0344 3916 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

22:53:49.0360 3916 clr_optimization_v2.0.50727_64 - ok

22:53:49.0438 3916 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:53:49.0547 3916 clr_optimization_v4.0.30319_32 - ok

22:53:49.0578 3916 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

22:53:49.0610 3916 clr_optimization_v4.0.30319_64 - ok

22:53:49.0625 3916 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

22:53:49.0641 3916 CmBatt - ok

22:53:49.0656 3916 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

22:53:49.0672 3916 cmdide - ok

22:53:49.0734 3916 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys

22:53:49.0797 3916 CNG - ok

22:53:49.0812 3916 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

22:53:49.0812 3916 Compbatt - ok

22:53:49.0844 3916 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

22:53:49.0859 3916 CompositeBus - ok

22:53:49.0875 3916 COMSysApp - ok

22:53:49.0890 3916 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

22:53:49.0890 3916 crcdisk - ok

22:53:49.0937 3916 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll

22:53:49.0968 3916 CryptSvc - ok

22:53:50.0031 3916 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys

22:53:50.0093 3916 CSC - ok

22:53:50.0265 3916 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll

22:53:50.0280 3916 CscService - ok

22:53:50.0358 3916 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

22:53:50.0358 3916 DcomLaunch - ok

22:53:50.0452 3916 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

22:53:50.0592 3916 defragsvc - ok

22:53:50.0686 3916 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

22:53:50.0702 3916 DfsC - ok

22:53:50.0780 3916 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll

22:53:50.0795 3916 Dhcp - ok

22:53:50.0811 3916 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

22:53:50.0826 3916 discache - ok

22:53:50.0889 3916 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

22:53:50.0904 3916 Disk - ok

22:53:50.0967 3916 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll

22:53:51.0029 3916 Dnscache - ok

22:53:51.0045 3916 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll

22:53:51.0060 3916 dot3svc - ok

22:53:51.0185 3916 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

22:53:51.0201 3916 Dot4 - ok

22:53:51.0216 3916 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys

22:53:51.0216 3916 Dot4Print - ok

22:53:51.0248 3916 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

22:53:51.0263 3916 dot4usb - ok

22:53:51.0279 3916 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll

22:53:51.0279 3916 DPS - ok

22:53:51.0310 3916 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

22:53:51.0326 3916 drmkaud - ok

22:53:51.0388 3916 dump_wmimmc - ok

22:53:51.0450 3916 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

22:53:51.0482 3916 DXGKrnl - ok

22:53:51.0513 3916 EagleX64 - ok

22:53:51.0544 3916 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

22:53:51.0544 3916 EapHost - ok

22:53:51.0684 3916 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

22:53:51.0809 3916 ebdrv - ok

22:53:51.0887 3916 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe

22:53:51.0887 3916 EFS - ok

22:53:51.0950 3916 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe

22:53:52.0012 3916 ehRecvr - ok

22:53:52.0043 3916 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

22:53:52.0059 3916 ehSched - ok

22:53:52.0137 3916 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

22:53:52.0168 3916 elxstor - ok

22:53:52.0184 3916 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

22:53:52.0199 3916 ErrDev - ok

22:53:52.0246 3916 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

22:53:52.0246 3916 EventSystem - ok

22:53:52.0277 3916 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

22:53:52.0277 3916 exfat - ok

22:53:52.0293 3916 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

22:53:52.0308 3916 fastfat - ok

22:53:52.0355 3916 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe

22:53:52.0371 3916 Fax - ok

22:53:52.0386 3916 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

22:53:52.0386 3916 fdc - ok

22:53:52.0418 3916 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

22:53:52.0418 3916 fdPHost - ok

22:53:52.0464 3916 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

22:53:52.0464 3916 FDResPub - ok

22:53:52.0480 3916 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

22:53:52.0496 3916 FileInfo - ok

22:53:52.0511 3916 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

22:53:52.0527 3916 Filetrace - ok

22:53:52.0527 3916 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

22:53:52.0542 3916 flpydisk - ok

22:53:52.0574 3916 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

22:53:52.0620 3916 FltMgr - ok

22:53:52.0730 3916 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll

22:53:52.0792 3916 FontCache - ok

22:53:52.0886 3916 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

22:53:52.0917 3916 FontCache3.0.0.0 - ok

22:53:52.0979 3916 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

22:53:53.0042 3916 FsDepends - ok

22:53:53.0104 3916 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys

22:53:53.0104 3916 Fs_Rec - ok

22:53:53.0151 3916 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

22:53:53.0229 3916 fvevol - ok

22:53:53.0244 3916 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

22:53:53.0260 3916 gagp30kx - ok

22:53:53.0291 3916 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

22:53:53.0291 3916 GEARAspiWDM - ok

22:53:53.0338 3916 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll

22:53:53.0354 3916 gpsvc - ok

22:53:53.0541 3916 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

22:53:53.0556 3916 gupdate - ok

22:53:53.0572 3916 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

22:53:53.0572 3916 gupdatem - ok

22:53:53.0603 3916 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

22:53:53.0619 3916 hcw85cir - ok

22:53:53.0666 3916 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

22:53:53.0697 3916 HdAudAddService - ok

22:53:53.0712 3916 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

22:53:53.0728 3916 HDAudBus - ok

22:53:53.0744 3916 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

22:53:53.0759 3916 HidBatt - ok

22:53:53.0775 3916 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

22:53:53.0775 3916 HidBth - ok

22:53:53.0790 3916 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

22:53:53.0790 3916 HidIr - ok

22:53:53.0806 3916 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

22:53:53.0822 3916 hidserv - ok

22:53:53.0853 3916 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

22:53:53.0853 3916 HidUsb - ok

22:53:53.0884 3916 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll

22:53:53.0884 3916 hkmsvc - ok

22:53:53.0915 3916 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll

22:53:53.0946 3916 HomeGroupListener - ok

22:53:53.0978 3916 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll

22:53:53.0993 3916 HomeGroupProvider - ok

22:53:54.0087 3916 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

22:53:54.0102 3916 hpqcxs08 - ok

22:53:54.0118 3916 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

22:53:54.0118 3916 hpqddsvc - ok

22:53:54.0149 3916 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

22:53:54.0165 3916 HpSAMD - ok

22:53:54.0274 3916 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

22:53:54.0368 3916 HTTP - ok

22:53:54.0368 3916 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

22:53:54.0383 3916 hwpolicy - ok

22:53:54.0414 3916 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

22:53:54.0430 3916 i8042prt - ok

22:53:54.0461 3916 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

22:53:54.0492 3916 iaStorV - ok

22:53:54.0570 3916 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

22:53:54.0664 3916 idsvc - ok

22:53:54.0851 3916 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

22:53:54.0867 3916 iirsp - ok

22:53:55.0023 3916 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll

22:53:55.0038 3916 IKEEXT - ok

22:53:55.0070 3916 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

22:53:55.0085 3916 intelide - ok

22:53:55.0148 3916 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

22:53:55.0148 3916 intelppm - ok

22:53:55.0226 3916 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

22:53:55.0226 3916 IPBusEnum - ok

22:53:55.0272 3916 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:53:55.0272 3916 IpFilterDriver - ok

22:53:55.0366 3916 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll

22:53:55.0428 3916 iphlpsvc - ok

22:53:55.0475 3916 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

22:53:55.0491 3916 IPMIDRV - ok

22:53:55.0522 3916 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

22:53:55.0538 3916 IPNAT - ok

22:53:55.0616 3916 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe

22:53:55.0647 3916 iPod Service - ok

22:53:55.0678 3916 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

22:53:55.0678 3916 IRENUM - ok

22:53:55.0709 3916 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

22:53:55.0709 3916 isapnp - ok

22:53:55.0756 3916 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

22:53:55.0787 3916 iScsiPrt - ok

22:53:55.0818 3916 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

22:53:55.0834 3916 kbdclass - ok

22:53:55.0850 3916 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

22:53:55.0850 3916 kbdhid - ok

22:53:55.0881 3916 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

22:53:55.0881 3916 KeyIso - ok

22:53:55.0912 3916 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys

22:53:55.0943 3916 KSecDD - ok

22:53:55.0974 3916 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys

22:53:56.0006 3916 KSecPkg - ok

22:53:56.0037 3916 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

22:53:56.0037 3916 ksthunk - ok

22:53:56.0099 3916 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

22:53:56.0146 3916 KtmRm - ok

22:53:56.0193 3916 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll

22:53:56.0193 3916 LanmanServer - ok

22:53:56.0240 3916 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll

22:53:56.0240 3916 LanmanWorkstation - ok

22:53:56.0318 3916 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

22:53:56.0318 3916 lltdio - ok

22:53:56.0380 3916 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

22:53:56.0411 3916 lltdsvc - ok

22:53:56.0427 3916 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

22:53:56.0427 3916 lmhosts - ok

22:53:56.0458 3916 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

22:53:56.0474 3916 LSI_FC - ok

22:53:56.0505 3916 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

22:53:56.0520 3916 LSI_SAS - ok

22:53:56.0552 3916 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

22:53:56.0567 3916 LSI_SAS2 - ok

22:53:56.0583 3916 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

22:53:56.0598 3916 LSI_SCSI - ok

22:53:56.0614 3916 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

22:53:56.0630 3916 luafv - ok

22:53:56.0801 3916 McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe

22:53:56.0848 3916 McComponentHostService - ok

22:53:56.0879 3916 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll

22:53:56.0910 3916 Mcx2Svc - ok

22:53:56.0957 3916 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

22:53:56.0957 3916 megasas - ok

22:53:57.0020 3916 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

22:53:57.0035 3916 MegaSR - ok

22:53:57.0066 3916 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

22:53:57.0082 3916 MMCSS - ok

22:53:57.0082 3916 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

22:53:57.0098 3916 Modem - ok

22:53:57.0129 3916 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

22:53:57.0144 3916 monitor - ok

22:53:57.0207 3916 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

22:53:57.0222 3916 mouclass - ok

22:53:57.0269 3916 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

22:53:57.0285 3916 mouhid - ok

22:53:57.0347 3916 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

22:53:57.0378 3916 mountmgr - ok

22:53:57.0472 3916 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

22:53:57.0488 3916 MozillaMaintenance - ok

22:53:57.0534 3916 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

22:53:57.0550 3916 mpio - ok

22:53:57.0566 3916 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

22:53:57.0597 3916 mpsdrv - ok

22:53:57.0706 3916 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll

22:53:57.0722 3916 MpsSvc - ok

22:53:57.0737 3916 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

22:53:57.0768 3916 MRxDAV - ok

22:53:57.0815 3916 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

22:53:57.0831 3916 mrxsmb - ok

22:53:57.0878 3916 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:53:57.0909 3916 mrxsmb10 - ok

22:53:57.0940 3916 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:53:57.0956 3916 mrxsmb20 - ok

22:53:57.0971 3916 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

22:53:57.0987 3916 msahci - ok

22:53:58.0018 3916 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

22:53:58.0049 3916 msdsm - ok

22:53:58.0080 3916 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

22:53:58.0112 3916 MSDTC - ok

22:53:58.0143 3916 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

22:53:58.0143 3916 Msfs - ok

22:53:58.0158 3916 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

22:53:58.0174 3916 mshidkmdf - ok

22:53:58.0190 3916 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

22:53:58.0205 3916 msisadrv - ok

22:53:58.0424 3916 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

22:53:58.0439 3916 MSiSCSI - ok

22:53:58.0455 3916 msiserver - ok

22:53:58.0517 3916 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

22:53:58.0533 3916 MSKSSRV - ok

22:53:58.0580 3916 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

22:53:58.0595 3916 MSPCLOCK - ok

22:53:58.0626 3916 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

22:53:58.0626 3916 MSPQM - ok

22:53:58.0751 3916 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

22:53:58.0798 3916 MsRPC - ok

22:53:58.0814 3916 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

22:53:58.0829 3916 mssmbios - ok

22:53:58.0860 3916 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

22:53:58.0876 3916 MSTEE - ok

22:53:58.0907 3916 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

22:53:58.0923 3916 MTConfig - ok

22:53:58.0985 3916 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

22:53:58.0985 3916 Mup - ok

22:53:59.0032 3916 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll

22:53:59.0094 3916 napagent - ok

22:53:59.0157 3916 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

22:53:59.0204 3916 NativeWifiP - ok

22:53:59.0469 3916 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

22:53:59.0578 3916 NDIS - ok

22:53:59.0625 3916 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

22:53:59.0625 3916 NdisCap - ok

22:53:59.0656 3916 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

22:53:59.0672 3916 NdisTapi - ok

22:53:59.0687 3916 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

22:53:59.0703 3916 Ndisuio - ok

22:53:59.0734 3916 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

22:53:59.0765 3916 NdisWan - ok

22:53:59.0781 3916 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

22:53:59.0796 3916 NDProxy - ok

22:53:59.0843 3916 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll

22:53:59.0859 3916 Net Driver HPZ12 - ok

22:53:59.0890 3916 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

22:53:59.0906 3916 NetBIOS - ok

22:53:59.0952 3916 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

22:53:59.0999 3916 NetBT - ok

22:54:00.0030 3916 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

22:54:00.0030 3916 Netlogon - ok

22:54:00.0093 3916 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

22:54:00.0093 3916 Netman - ok

22:54:00.0155 3916 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

22:54:00.0171 3916 netprofm - ok

22:54:00.0264 3916 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

22:54:00.0296 3916 NetTcpPortSharing - ok

22:54:00.0358 3916 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

22:54:00.0374 3916 nfrd960 - ok

22:54:00.0436 3916 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll

22:54:00.0452 3916 NlaSvc - ok

22:54:00.0467 3916 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

22:54:00.0467 3916 Npfs - ok

22:54:00.0514 3916 npggsvc - ok

22:54:00.0545 3916 NPPTNT2 - ok

22:54:00.0576 3916 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

22:54:00.0576 3916 nsi - ok

22:54:00.0592 3916 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

22:54:00.0608 3916 nsiproxy - ok

22:54:00.0701 3916 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

22:54:00.0779 3916 Ntfs - ok

22:54:00.0951 3916 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

22:54:00.0951 3916 Null - ok

22:54:01.0076 3916 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

22:54:01.0122 3916 NVENETFD - ok

22:54:02.0386 3916 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys

22:54:02.0495 3916 nvlddmkm - ok

22:54:02.0667 3916 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

22:54:02.0682 3916 nvraid - ok

22:54:02.0714 3916 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys

22:54:02.0729 3916 nvsmu - ok

22:54:02.0745 3916 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

22:54:02.0760 3916 nvstor - ok

22:54:02.0854 3916 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe

22:54:02.0870 3916 nvsvc - ok

22:54:03.0213 3916 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

22:54:03.0369 3916 nvUpdatusService - ok

22:54:03.0509 3916 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

22:54:03.0525 3916 nv_agp - ok

22:54:03.0540 3916 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

22:54:03.0556 3916 ohci1394 - ok

22:54:03.0618 3916 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

22:54:03.0650 3916 p2pimsvc - ok

22:54:03.0681 3916 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

22:54:03.0728 3916 p2psvc - ok

22:54:03.0759 3916 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

22:54:03.0774 3916 Parport - ok

22:54:03.0806 3916 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys

22:54:03.0821 3916 partmgr - ok

22:54:03.0837 3916 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

22:54:03.0852 3916 PcaSvc - ok

22:54:03.0868 3916 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

22:54:03.0899 3916 pci - ok

22:54:03.0915 3916 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

22:54:03.0930 3916 pciide - ok

22:54:03.0962 3916 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

22:54:03.0993 3916 pcmcia - ok

22:54:04.0008 3916 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

22:54:04.0024 3916 pcw - ok

22:54:04.0086 3916 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

22:54:04.0149 3916 PEAUTH - ok

22:54:04.0383 3916 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

22:54:04.0461 3916 PeerDistSvc - ok

22:54:04.0586 3916 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

22:54:04.0601 3916 PerfHost - ok

22:54:04.0788 3916 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll

22:54:04.0851 3916 pla - ok

22:54:05.0116 3916 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll

22:54:05.0116 3916 PlugPlay - ok

22:54:05.0241 3916 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll

22:54:05.0241 3916 Pml Driver HPZ12 - ok

22:54:05.0272 3916 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

22:54:05.0288 3916 PNRPAutoReg - ok

22:54:05.0319 3916 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

22:54:05.0319 3916 PNRPsvc - ok

22:54:05.0428 3916 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll

22:54:05.0475 3916 PolicyAgent - ok

22:54:05.0506 3916 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

22:54:05.0506 3916 Power - ok

22:54:05.0568 3916 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

22:54:05.0568 3916 PptpMiniport - ok

22:54:05.0600 3916 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

22:54:05.0615 3916 Processor - ok

22:54:05.0646 3916 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll

22:54:05.0662 3916 ProfSvc - ok

22:54:05.0678 3916 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

22:54:05.0678 3916 ProtectedStorage - ok

22:54:05.0693 3916 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

22:54:05.0709 3916 Psched - ok

22:54:05.0787 3916 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

22:54:05.0849 3916 ql2300 - ok

22:54:05.0943 3916 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

22:54:05.0958 3916 ql40xx - ok

22:54:06.0005 3916 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

22:54:06.0036 3916 QWAVE - ok

22:54:06.0052 3916 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

22:54:06.0052 3916 QWAVEdrv - ok

22:54:06.0068 3916 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

22:54:06.0083 3916 RasAcd - ok

22:54:06.0130 3916 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

22:54:06.0130 3916 RasAgileVpn - ok

22:54:06.0161 3916 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

22:54:06.0192 3916 RasAuto - ok

22:54:06.0239 3916 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

22:54:06.0302 3916 Rasl2tp - ok

22:54:06.0380 3916 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll

22:54:06.0411 3916 RasMan - ok

22:54:06.0442 3916 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

22:54:06.0473 3916 RasPppoe - ok

22:54:06.0489 3916 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

22:54:06.0504 3916 RasSstp - ok

22:54:06.0567 3916 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

22:54:06.0582 3916 rdbss - ok

22:54:06.0614 3916 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

22:54:06.0660 3916 rdpbus - ok

22:54:06.0676 3916 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

22:54:06.0692 3916 RDPCDD - ok

22:54:06.0723 3916 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys

22:54:06.0754 3916 RDPDR - ok

22:54:06.0770 3916 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

22:54:06.0770 3916 RDPENCDD - ok

22:54:06.0801 3916 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

22:54:06.0801 3916 RDPREFMP - ok

22:54:06.0832 3916 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys

22:54:06.0863 3916 RDPWD - ok

22:54:06.0910 3916 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

22:54:06.0926 3916 rdyboost - ok

22:54:06.0957 3916 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

22:54:06.0972 3916 RemoteAccess - ok

22:54:07.0004 3916 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

22:54:07.0035 3916 RemoteRegistry - ok

22:54:07.0050 3916 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

22:54:07.0066 3916 RpcEptMapper - ok

22:54:07.0082 3916 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

22:54:07.0113 3916 RpcLocator - ok

22:54:07.0206 3916 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

22:54:07.0206 3916 RpcSs - ok

22:54:07.0284 3916 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

22:54:07.0300 3916 rspndr - ok

22:54:07.0394 3916 RTL8192su (fc00c0de6dc83de1b2b01420e2195b21) C:\Windows\system32\DRIVERS\RTL8192su.sys

22:54:07.0440 3916 RTL8192su - ok

22:54:07.0456 3916 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys

22:54:07.0456 3916 s3cap - ok

22:54:07.0487 3916 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

22:54:07.0487 3916 SamSs - ok

22:54:07.0581 3916 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

22:54:07.0581 3916 SASDIFSV - ok

22:54:07.0628 3916 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

22:54:07.0628 3916 SASKUTIL - ok

22:54:07.0659 3916 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

22:54:07.0674 3916 sbp2port - ok

22:54:07.0830 3916 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

22:54:07.0862 3916 SCardSvr - ok

22:54:07.0955 3916 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

22:54:07.0971 3916 scfilter - ok

22:54:08.0033 3916 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll

22:54:08.0033 3916 Schedule - ok

22:54:08.0080 3916 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

22:54:08.0080 3916 SCPolicySvc - ok

22:54:08.0111 3916 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll

22:54:08.0174 3916 SDRSVC - ok

22:54:08.0236 3916 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

22:54:08.0236 3916 secdrv - ok

22:54:08.0298 3916 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll

22:54:08.0330 3916 seclogon - ok

22:54:08.0376 3916 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

22:54:08.0376 3916 SENS - ok

22:54:08.0392 3916 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

22:54:08.0408 3916 SensrSvc - ok

22:54:08.0439 3916 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

22:54:08.0439 3916 Serenum - ok

22:54:08.0470 3916 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

22:54:08.0486 3916 Serial - ok

22:54:08.0517 3916 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

22:54:08.0532 3916 sermouse - ok

22:54:08.0564 3916 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll

22:54:08.0595 3916 SessionEnv - ok

22:54:08.0626 3916 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

22:54:08.0657 3916 sffdisk - ok

22:54:08.0673 3916 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

22:54:08.0673 3916 sffp_mmc - ok

22:54:08.0688 3916 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

22:54:08.0704 3916 sffp_sd - ok

22:54:08.0720 3916 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

22:54:08.0735 3916 sfloppy - ok

22:54:08.0798 3916 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

22:54:08.0829 3916 SharedAccess - ok

22:54:08.0876 3916 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll

22:54:08.0876 3916 ShellHWDetection - ok

22:54:08.0907 3916 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

22:54:08.0922 3916 SiSRaid2 - ok

22:54:08.0938 3916 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

22:54:08.0954 3916 SiSRaid4 - ok

22:54:08.0969 3916 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

22:54:09.0000 3916 Smb - ok

22:54:09.0032 3916 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

22:54:09.0032 3916 SNMPTRAP - ok

22:54:09.0063 3916 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

22:54:09.0063 3916 spldr - ok

22:54:09.0125 3916 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe

22:54:09.0141 3916 Spooler - ok

22:54:09.0578 3916 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe

22:54:09.0749 3916 sppsvc - ok

22:54:09.0952 3916 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

22:54:09.0968 3916 sppuinotify - ok

22:54:10.0077 3916 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

22:54:10.0124 3916 srv - ok

22:54:10.0233 3916 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

22:54:10.0264 3916 srv2 - ok

22:54:10.0311 3916 SrvHsfPCIe (a42b22601cc2754428b5f82e040fd1c7) C:\Windows\system32\DRIVERS\VSTBS36.SYS

22:54:10.0358 3916 SrvHsfPCIe - ok

22:54:10.0404 3916 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

22:54:10.0498 3916 SrvHsfV92 - ok

22:54:10.0748 3916 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

22:54:10.0794 3916 SrvHsfWinac - ok

22:54:10.0841 3916 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

22:54:10.0857 3916 srvnet - ok

22:54:10.0904 3916 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

22:54:10.0935 3916 SSDPSRV - ok

22:54:10.0950 3916 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

22:54:10.0982 3916 SstpSvc - ok

22:54:11.0060 3916 Steam Client Service - ok

22:54:11.0153 3916 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

22:54:11.0153 3916 Stereo Service - ok

22:54:11.0169 3916 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

22:54:11.0184 3916 stexstor - ok

22:54:11.0356 3916 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll

22:54:11.0387 3916 stisvc - ok

22:54:11.0418 3916 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys

22:54:11.0418 3916 storflt - ok

22:54:11.0450 3916 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys

22:54:11.0465 3916 storvsc - ok

22:54:11.0481 3916 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

22:54:11.0481 3916 swenum - ok

22:54:11.0730 3916 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

22:54:11.0762 3916 swprv - ok

22:54:11.0949 3916 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll

22:54:11.0949 3916 SysMain - ok

22:54:12.0027 3916 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll

22:54:12.0042 3916 TabletInputService - ok

22:54:12.0074 3916 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll

22:54:12.0105 3916 TapiSrv - ok

22:54:12.0152 3916 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

22:54:12.0167 3916 TBS - ok

22:54:12.0370 3916 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys

22:54:12.0464 3916 Tcpip - ok

22:54:12.0807 3916 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys

22:54:12.0822 3916 TCPIP6 - ok

22:54:12.0947 3916 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

22:54:12.0963 3916 tcpipreg - ok

22:54:12.0994 3916 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

22:54:13.0010 3916 TDPIPE - ok

22:54:13.0025 3916 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys

22:54:13.0025 3916 TDTCP - ok

22:54:13.0056 3916 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

22:54:13.0088 3916 tdx - ok

22:54:13.0103 3916 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

22:54:13.0119 3916 TermDD - ok

22:54:13.0228 3916 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll

22:54:13.0290 3916 TermService - ok

22:54:13.0322 3916 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

22:54:13.0322 3916 Themes - ok

22:54:13.0353 3916 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

22:54:13.0353 3916 THREADORDER - ok

22:54:13.0384 3916 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

22:54:13.0384 3916 TrkWks - ok

22:54:13.0446 3916 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe

22:54:13.0478 3916 TrustedInstaller - ok

22:54:13.0509 3916 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

22:54:13.0509 3916 tssecsrv - ok

22:54:13.0556 3916 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

22:54:13.0556 3916 tunnel - ok

22:54:13.0587 3916 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

22:54:13.0602 3916 uagp35 - ok

22:54:13.0634 3916 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

22:54:13.0649 3916 udfs - ok

22:54:13.0680 3916 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

22:54:13.0696 3916 UI0Detect - ok

22:54:13.0712 3916 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

22:54:13.0727 3916 uliagpkx - ok

22:54:13.0758 3916 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

22:54:13.0758 3916 umbus - ok

22:54:13.0774 3916 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

22:54:13.0790 3916 UmPass - ok

22:54:13.0821 3916 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll

22:54:13.0852 3916 UmRdpService - ok

22:54:13.0883 3916 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

22:54:13.0946 3916 upnphost - ok

22:54:13.0992 3916 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

22:54:13.0992 3916 USBAAPL64 - ok

22:54:14.0008 3916 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys

22:54:14.0024 3916 usbccgp - ok

22:54:14.0055 3916 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

22:54:14.0070 3916 usbcir - ok

22:54:14.0086 3916 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys

22:54:14.0102 3916 usbehci - ok

22:54:14.0148 3916 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys

22:54:14.0180 3916 usbhub - ok

22:54:14.0180 3916 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys

22:54:14.0195 3916 usbohci - ok

22:54:14.0226 3916 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

22:54:14.0242 3916 usbprint - ok

22:54:14.0289 3916 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

22:54:14.0304 3916 usbscan - ok

22:54:14.0320 3916 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:54:14.0351 3916 USBSTOR - ok

22:54:14.0367 3916 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys

22:54:14.0367 3916 usbuhci - ok

22:54:14.0398 3916 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

22:54:14.0398 3916 UxSms - ok

22:54:14.0414 3916 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

22:54:14.0414 3916 VaultSvc - ok

22:54:14.0429 3916 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

22:54:14.0445 3916 vdrvroot - ok

22:54:14.0507 3916 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe

22:54:14.0554 3916 vds - ok

22:54:14.0570 3916 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

22:54:14.0585 3916 vga - ok

22:54:14.0601 3916 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

22:54:14.0601 3916 VgaSave - ok

22:54:14.0632 3916 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

22:54:14.0663 3916 vhdmp - ok

22:54:14.0663 3916 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

22:54:14.0679 3916 viaide - ok

22:54:14.0710 3916 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys

22:54:14.0710 3916 vmbus - ok

22:54:14.0726 3916 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys

22:54:14.0741 3916 VMBusHID - ok

22:54:14.0757 3916 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

22:54:14.0772 3916 volmgr - ok

22:54:14.0819 3916 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

22:54:14.0866 3916 volmgrx - ok

22:54:14.0913 3916 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

22:54:14.0944 3916 volsnap - ok

22:54:14.0991 3916 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

22:54:15.0022 3916 vsmraid - ok

22:54:15.0240 3916 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe

22:54:15.0381 3916 VSS - ok

22:54:15.0459 3916 vtany - ok

22:54:16.0535 3916 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

22:54:16.0832 3916 vwifibus - ok

22:54:17.0502 3916 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

22:54:17.0534 3916 vwififlt - ok

22:54:18.0111 3916 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

22:54:18.0173 3916 W32Time - ok

22:54:18.0204 3916 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

22:54:18.0236 3916 WacomPen - ok

22:54:18.0329 3916 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

22:54:18.0345 3916 WANARP - ok

22:54:18.0360 3916 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

22:54:18.0360 3916 Wanarpv6 - ok

22:54:18.0438 3916 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

22:54:18.0532 3916 WatAdminSvc - ok

22:54:18.0594 3916 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe

22:54:18.0672 3916 wbengine - ok

22:54:18.0828 3916 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

22:54:18.0844 3916 WbioSrvc - ok

22:54:18.0891 3916 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll

22:54:18.0922 3916 wcncsvc - ok

22:54:18.0938 3916 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

22:54:18.0953 3916 WcsPlugInService - ok

22:54:18.0984 3916 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

22:54:18.0984 3916 Wd - ok

22:54:19.0062 3916 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

22:54:19.0109 3916 Wdf01000 - ok

22:54:19.0125 3916 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

22:54:19.0140 3916 WdiServiceHost - ok

22:54:19.0140 3916 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

22:54:19.0140 3916 WdiSystemHost - ok

22:54:19.0187 3916 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll

22:54:19.0312 3916 WebClient - ok

22:54:19.0406 3916 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

22:54:19.0421 3916 Wecsvc - ok

22:54:19.0437 3916 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

22:54:19.0452 3916 wercplsupport - ok

22:54:19.0484 3916 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

22:54:19.0499 3916 WerSvc - ok

22:54:19.0530 3916 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

22:54:19.0546 3916 WfpLwf - ok

22:54:19.0562 3916 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

22:54:19.0577 3916 WIMMount - ok

22:54:19.0608 3916 WinDefend - ok

22:54:19.0624 3916 WinHttpAutoProxySvc - ok

22:54:19.0702 3916 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

22:54:19.0702 3916 Winmgmt - ok

22:54:19.0827 3916 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll

22:54:19.0920 3916 WinRM - ok

22:54:20.0154 3916 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

22:54:20.0170 3916 Wlansvc - ok

22:54:20.0248 3916 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

22:54:20.0248 3916 WmiAcpi - ok

22:54:20.0310 3916 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

22:54:20.0342 3916 wmiApSrv - ok

22:54:20.0373 3916 WMPNetworkSvc - ok

22:54:20.0404 3916 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

22:54:20.0420 3916 WPCSvc - ok

22:54:20.0451 3916 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll

22:54:20.0451 3916 WPDBusEnum - ok

22:54:20.0466 3916 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

22:54:20.0482 3916 ws2ifsl - ok

22:54:20.0498 3916 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll

22:54:20.0513 3916 wscsvc - ok

22:54:20.0529 3916 WSearch - ok

22:54:20.0654 3916 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

22:54:20.0763 3916 wuauserv - ok

22:54:20.0903 3916 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

22:54:20.0934 3916 WudfPf - ok

22:54:20.0966 3916 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

22:54:20.0981 3916 WUDFRd - ok

22:54:21.0012 3916 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll

22:54:21.0012 3916 wudfsvc - ok

22:54:21.0044 3916 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

22:54:21.0075 3916 WwanSvc - ok

22:54:21.0106 3916 xsherlock - ok

22:54:21.0122 3916 xspirit - ok

22:54:21.0153 3916 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

22:54:21.0387 3916 \Device\Harddisk0\DR0 - ok

22:54:21.0387 3916 Boot (0x1200) (5f35d90b0ab8157488fa58d07b0bc982) \Device\Harddisk0\DR0\Partition0

22:54:21.0402 3916 \Device\Harddisk0\DR0\Partition0 - ok

22:54:21.0418 3916 Boot (0x1200) (338a0e5de7d59309f79e937f0ae3e543) \Device\Harddisk0\DR0\Partition1

22:54:21.0418 3916 \Device\Harddisk0\DR0\Partition1 - ok

22:54:21.0418 3916 ============================================================

22:54:21.0418 3916 Scan finished

22:54:21.0418 3916 ============================================================

22:54:21.0434 3940 Detected object count: 0

22:54:21.0434 3940 Actual detected object count: 0

Link to post
Share on other sites

Your version of MBAM is woefully out-dated. Do the following steps, and at end copy & paste the new MBAM scan log.

Download and SAVE & then run mbam-clean.exe from >> here <<

It will ask to restart your computer, please allow it to do so very important

After the computer restarts, temporarily disable your Anti-Virus

If you need how-to guidance, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Next Download & SAVE the latest version of Malwarebytes' Anti-Malware from >> here <<

Run the mbam-setup.

Note: You will need to reactivate the program using the license you were sent via email if using the Pro version

Launch the program and set the Protection and Registration, if you have a license. Then go to the UPDATE tab if not done during installation and check for updates.

Next , click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the new MBAM log into a reply.

Re-enable the anti-virus application that you turned off before.

Link to post
Share on other sites

{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fnil\fcharset0 Calibri;}}

{\colortbl ;\red0\green0\blue255;}

{\*\generator Msftedit 5.41.21.2509;}\viewkind4\uc1\pard\sa200\sl276\slmult1\lang9\f0\fs22 Malwarebytes Anti-Malware (Trial) 1.62.0.1300\par

{\field{\*\fldinst{HYPERLINK "www.malwarebytes.org"}}{\fldrslt{\ul\cf1 www.malwarebytes.org}}}\f0\fs22\par

\par

Database version: v2012.07.19.11\par

\par

Windows 7 x64 NTFS\par

Internet Explorer 9.0.8112.16421\par

Bugs Bunny :: BUGSBUNNY-PC [administrator]\par

\par

Protection: Enabled\par

\par

7/19/2012 12:14:53 PM\par

mbam-log-2012-07-19 (12-14-53).txt\par

\par

Scan type: Quick scan\par

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM\par

Scan options disabled: P2P\par

Objects scanned: 227411\par

Time elapsed: 4 minute(s), 59 second(s)\par

\par

Memory Processes Detected: 0\par

(No malicious items detected)\par

\par

Memory Modules Detected: 0\par

(No malicious items detected)\par

\par

Registry Keys Detected: 13\par

HKCR\\CLSID\\\{11111111-1111-1111-1111-110011041135\} (PUP.Codec.PR) -> Quarantined and deleted successfully.\par

HKCR\\TypeLib\\\{44444444-4444-4444-4444-440044044435\} (PUP.Codec.PR) -> Quarantined and deleted successfully.\par

HKCR\\Interface\\\{55555555-5555-5555-5555-550055045535\} (PUP.Codec.PR) -> Quarantined and deleted successfully.\par

HKCR\\CrossriderApp0000435.BHO.1 (PUP.Codec.PR) -> Quarantined and deleted successfully.\par

HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\\{11111111-1111-1111-1111-110011041135\} (PUP.Codec.PR) -> Quarantined and deleted successfully.\par

HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\\{11111111-1111-1111-1111-110011041135\} (PUP.Codec.PR) -> Quarantined and deleted successfully.\par

HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\\{11111111-1111-1111-1111-110011041135\} (PUP.Codec.PR) -> Quarantined and deleted successfully.\par

HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\PreApproved\\\{11111111-1111-1111-1111-110011041135\} (PUP.Codec.PR) -> Quarantined and deleted successfully.\par

HKCR\\CrossriderApp0000435.BHO (PUP.Codec.PR) -> Quarantined and deleted successfully.\par

HKCR\\CrossriderApp0000435.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.\par

HKCR\\CrossriderApp0000435.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.\par

HKCR\\CrossriderApp0000435.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.\par

HKCR\\CrossriderApp0000435.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.\par

\par

Registry Values Detected: 0\par

(No malicious items detected)\par

\par

Registry Data Items Detected: 0\par

(No malicious items detected)\par

\par

Folders Detected: 0\par

(No malicious items detected)\par

\par

Files Detected: 2\par

C:\\Program Files (x86)\\Premiumplay Codec-C\\Premiumplay Codec-C.dll (PUP.Codec.PR) -> Quarantined and deleted successfully.\par

C:\\Windows\\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.\par

\par

(end)\par

}

Link to post
Share on other sites

Let me ask.... Are you using NOTEPAD to open these logs or what ?

Open NOTEPAD. Go to main menu. Select Format.

Make very sure "Word wrap" is not checkmarked.

Then re-open that last log >> Copy all lines >> Paste into a new reply.

That last post looks funky and squirely to have to read.

Link to post
Share on other sites

ooooohh sry bout that~ hope this is better

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.19.11

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Bugs Bunny :: BUGSBUNNY-PC [administrator]

Protection: Enabled

7/19/2012 12:14:53 PM

mbam-log-2012-07-19 (12-14-53).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 227411

Time elapsed: 4 minute(s), 59 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 13

HKCR\CLSID\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.

HKCR\TypeLib\{44444444-4444-4444-4444-440044044435} (PUP.Codec.PR) -> Quarantined and deleted successfully.

HKCR\Interface\{55555555-5555-5555-5555-550055045535} (PUP.Codec.PR) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0000435.BHO.1 (PUP.Codec.PR) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0000435.BHO (PUP.Codec.PR) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0000435.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0000435.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0000435.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0000435.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Program Files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll (PUP.Codec.PR) -> Quarantined and deleted successfully.

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member michael123 only. If you are a casual viewer, do NOT try this on your system!

If you are not michael123 and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now :excl:

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

Reply with a copy of the C:\Combofix.txt log

Re-enable your antivirus program.

Link to post
Share on other sites

ComboFix 12-07-19.02 - Bugs Bunny 07/19/2012 23:48:37.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4863.2710 [GMT -4:00]

Running from: c:\users\Bugs Bunny\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Bugs Bunny\AppData\Roaming\Mozilla\Firefox\Profiles\rdp52gji.default\searchplugins\bing-zugo.xml

.

.

((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))

.

.

2012-07-20 03:57 . 2012-07-20 03:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-07-20 03:57 . 2012-07-20 03:57 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-19 16:12 . 2012-07-19 16:12 -------- d-----w- c:\users\Bugs Bunny\AppData\Roaming\Malwarebytes

2012-07-19 16:12 . 2012-07-19 16:12 -------- d-----w- c:\programdata\Malwarebytes

2012-07-19 16:12 . 2012-07-19 16:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-19 16:12 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-19 07:59 . 2012-07-19 08:01 -------- d-----w- c:\program files (x86)\GUMB215.tmp

2012-07-19 03:23 . 2012-07-19 03:23 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR

2012-07-19 03:22 . 2012-07-19 20:37 -------- d-----w- c:\users\Bugs Bunny\AppData\Local\PMB Files

2012-07-19 03:22 . 2012-07-19 20:37 -------- d-----w- c:\programdata\PMB Files

2012-07-19 00:08 . 2012-07-19 00:08 -------- d-----w- c:\program files\trend micro

2012-07-19 00:08 . 2012-07-19 00:10 -------- d-----w- C:\rsit

2012-07-18 23:58 . 2012-07-18 23:58 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-18 20:15 . 2012-07-18 20:15 -------- d-----w- c:\users\Bugs Bunny\AppData\Roaming\Avira

2012-07-18 20:13 . 2012-07-18 20:13 -------- d-----w- C:\desktop

2012-07-18 20:02 . 2012-07-18 20:03 -------- d-----w- c:\program files (x86)\Ask.com

2012-07-18 20:02 . 2012-05-02 19:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-07-18 20:02 . 2012-04-27 14:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-07-18 20:02 . 2012-04-25 04:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-07-18 20:01 . 2012-07-18 20:03 -------- d-----w- c:\programdata\Avira

2012-07-18 20:01 . 2012-07-18 20:01 -------- d-----w- c:\program files (x86)\Avira

2012-07-18 16:54 . 2012-07-18 16:55 -------- d-----w- c:\program files (x86)\GUMDB22.tmp

2012-07-18 16:24 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys

2012-07-18 15:48 . 2012-07-18 15:48 -------- d-----w- c:\users\Bugs Bunny\AppData\Roaming\SUPERAntiSpyware.com

2012-07-18 15:48 . 2012-07-18 15:48 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-07-18 15:48 . 2012-07-18 15:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-07-18 15:29 . 2012-07-18 15:29 -------- d-----w- c:\program files (x86)\Trend Micro

2012-07-18 15:23 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FC24DD5-6FBD-4A5B-A5A9-BB684093A6E2}\mpengine.dll

2012-07-18 13:22 . 2012-07-18 15:18 -------- d-----w- c:\users\Guest

2012-07-18 11:18 . 2012-07-18 11:18 -------- d-----w- c:\program files\Enigma Software Group

2012-07-18 11:16 . 2012-07-18 15:15 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP

2012-07-18 11:14 . 2012-07-18 11:14 -------- d-----w- c:\users\Bugs Bunny\AppData\Roaming\SpeedyPC Software

2012-07-18 11:14 . 2012-07-18 11:14 -------- d-----w- c:\users\Bugs Bunny\AppData\Roaming\DriverCure

2012-07-18 11:14 . 2012-07-18 11:14 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software

2012-07-18 11:14 . 2012-07-18 12:53 -------- d-----w- c:\programdata\SpeedyPC Software

2012-07-18 11:14 . 2012-07-18 11:14 -------- d-----w- c:\program files (x86)\SpeedyPC Software

2012-07-18 08:17 . 2012-07-18 15:15 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-07-18 08:17 . 2012-07-18 15:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-07-18 02:01 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll

2012-07-18 02:01 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-07-18 02:01 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-07-18 02:00 . 2012-06-09 05:30 14165504 ----a-w- c:\windows\system32\shell32.dll

2012-07-18 02:00 . 2012-06-02 05:27 340992 ----a-w- c:\windows\system32\schannel.dll

2012-07-18 02:00 . 2012-06-02 05:38 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-18 02:00 . 2012-06-02 05:38 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-07-18 02:00 . 2012-06-02 05:37 459216 ----a-w- c:\windows\system32\drivers\cng.sys

2012-07-18 02:00 . 2012-06-02 05:27 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-18 02:00 . 2012-06-02 04:48 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-07-18 02:00 . 2012-06-02 04:47 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-07-18 02:00 . 2012-06-02 04:48 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-07-18 02:00 . 2012-06-02 04:42 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-07-18 01:59 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-18 01:59 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

2012-07-13 05:36 . 2012-07-18 04:20 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2012-07-13 05:36 . 2012-07-18 04:29 -------- d-----w- c:\program files (x86)\PC Tools Registry Mechanic

2012-07-13 02:37 . 2012-07-13 02:39 -------- d-----w- c:\users\Bugs Bunny\AppData\Roaming\DivX

2012-07-13 02:36 . 2012-07-18 07:05 -------- d-----w- c:\program files\DivX

2012-07-13 02:35 . 2012-07-18 15:15 -------- d-----w- c:\program files (x86)\DivX

2012-07-13 02:35 . 2012-07-18 07:05 -------- d-----w- c:\programdata\DivX

2012-07-13 02:26 . 2012-07-18 04:50 -------- d-----w- c:\program files (x86)\MediaPlayerLite

2012-07-13 02:26 . 2012-07-18 04:51 -------- d-----w- c:\program files (x86)\Giant Savings

2012-07-13 02:21 . 2012-07-13 02:21 -------- d-----w- c:\program files (x86)\GUM91D3.tmp

2012-07-13 02:19 . 2012-07-18 15:15 -------- d-----w- c:\program files (x86)\QuickTime

2012-07-13 02:18 . 2012-07-13 02:18 -------- d-----w- c:\users\Bugs Bunny\AppData\Local\Real

2012-07-13 02:17 . 2012-07-18 05:39 -------- d-----w- c:\program files (x86)\Real

2012-07-13 02:16 . 2012-07-18 15:09 -------- d-----w- c:\users\Bugs Bunny\AppData\Local\Google

2012-07-13 02:16 . 2012-07-18 15:50 -------- d-----w- c:\program files (x86)\Google

2012-07-11 08:00 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll

2012-07-11 08:00 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3(63).dll

2012-06-24 16:52 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-24 16:52 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-24 16:52 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-24 16:52 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-24 16:51 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-24 16:51 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-24 16:51 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-24 16:51 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-24 16:51 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-23 04:36 . 2012-06-23 04:36 -------- d-----w- c:\users\Bugs Bunny\AppData\Local\Macromedia

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-18 16:20 . 2011-09-25 01:20 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-18 15:37 . 2012-05-03 02:19 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-18 15:37 . 2011-09-25 00:54 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-18 15:37 . 2012-05-03 02:37 9822920 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-05-31 16:25 . 2011-09-25 13:46 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-27 08:17 . 2012-05-27 08:17 670816 ----a-w- c:\windows\SysWow64\xsherlock.xem

2012-05-04 10:52 . 2012-06-12 23:11 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 10:08 . 2012-06-12 23:11 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:08 . 2012-06-12 23:11 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-02 05:32 . 2012-06-12 23:12 208896 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:50 . 2012-06-12 23:10 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 05:34 . 2012-06-12 23:12 76288 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 05:34 . 2012-06-12 23:12 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 05:28 . 2012-06-12 23:12 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-04-24 05:59 . 2012-06-12 23:10 1460224 ----a-w- c:\windows\system32\crypt32.dll

2012-04-24 05:59 . 2012-06-12 23:10 182272 ----a-w- c:\windows\system32\cryptsvc.dll

2012-04-24 05:59 . 2012-06-12 23:10 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-04-24 04:47 . 2012-06-12 23:09 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-04-24 04:47 . 2012-06-12 23:09 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-04-24 04:47 . 2012-06-12 23:10 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[-] 2011-12-26 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll

.

[-] 2011-12-26 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll

[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2012-01-05 00:20 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-05 1514152]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 94208 ----a-w- c:\users\Bugs Bunny\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 94208 ----a-w- c:\users\Bugs Bunny\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 94208 ----a-w- c:\users\Bugs Bunny\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-05 1391272]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-02 348624]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\users\Bugs Bunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Bugs Bunny\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

ERUNT AutoBackup.lnk - c:\desktop\AUTOBACK.EXE [2005-10-20 38912]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-18 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-18 136176]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

R3 vtany;vtany;c:\windows\vtany.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-25 1255736]

R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]

R3 xspirit;xspirit;c:\windows\xspirit.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224]

S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-02 465360]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-06 676864]

S3 SrvHsfPCIe;SrvHsfPCIe;c:\windows\system32\DRIVERS\VSTBS36.SYS [2009-06-10 287744]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 01:37]

.

2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-18 15:48]

.

2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-18 15:48]

.

2012-07-19 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 5f957f63-c1a7-47b5-9bef-89507b8472fc.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2012-07-19 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d921bfdc-0aea-458e-9479-8d3b230d2d3a.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 97792 ----a-w- c:\users\Bugs Bunny\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 97792 ----a-w- c:\users\Bugs Bunny\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 97792 ----a-w- c:\users\Bugs Bunny\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-10-31 21:02 97792 ----a-w- c:\users\Bugs Bunny\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Free YouTube Download - c:\users\Bugs Bunny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\Bugs Bunny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Bugs Bunny\AppData\Roaming\Mozilla\Firefox\Profiles\rdp52gji.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=10148&l=dis&tb=AVR-3

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=

FF - user.js: extensions.BabylonToolbar_i.id - e880ced400000000000094445213b7f8

FF - user.js: extensions.BabylonToolbar_i.hardId - e880ced400000000000094445213b7f8

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15349

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:21

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100886

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]

"ImagePath"="c:\windows\system32\xsherlock.xem"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-07-20 00:08:52

ComboFix-quarantined-files.txt 2012-07-20 04:08

.

Pre-Run: 636,072,755,200 bytes free

Post-Run: 636,464,680,960 bytes free

.

- - End Of File - - 8C7C97BE12FBFF5E200CDEB9C00853E9

Link to post
Share on other sites

And i also had a question, after doing a scan with avira and sending the threats to the quarantine, does "deleting" mean deleting them from the quarantine or deleting the whole file?

You'll have to be a bit more clearer.

Are you referring to the scan mode & actions there?

Or are you referring to post-scan (after scans & actions are completed) while viewing the Quarantine in Administration module?

If the latter, the file is deleted off the system and deleted as well from quarantine.

Link to post
Share on other sites

Action items for you:

You need to remove some programs & add-ons using Programs and Features module of WIN7

Go to Control Panel >> Programs and Features

For each item I list below, select it and then do a right-click on it and select Un-install (remove)

ASK toolbar --- not advisable to have

Babylon toolbar --- adware conduit

Hijackthis vers 2.0.2 --- outdated

McAfee Security Scan plus ----- not needed

When finished, exit Programs & Features & Control panel.

Now, Logoff and Restart the system fresh.

NEXT:

javaicon.gifYour Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of >> Windows Offline << from here and save it to your desktop.
    You have Windows-7 64-bit, hence, download & saved both the 32-bit and the 64-bit Offline
  • Close any programs you may have running - especially your web browser(s).
  • Go to Control Panel, select Programs and Features and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Right-Click the line and select Uninstall.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed. :excl:
  • Then from your desktop double-click on jre-7u5-windows-i586.exe to install the newest version.
    When completed, then run jre-7u5-windows-x64.exe also.

  • After the install is complete, go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked

      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/...help/testvm.xml

When all is well, you should see Java Version: Java 7 Update 5 from Sun Microsystems Inc.

Lastly, tell me if the "random audio ads" are gone :excl:

Edited by Maurice Naggar
Link to post
Share on other sites

That covers the ads. Now, fill me in on the rest: Have you removed these

ASK toolbar

Hijackthis vers 2.0.2

McAfee Security Scan plus

Have you updated Java ?

I need confirmation that you've finished what I listed before.......then we may see what may be looked at next

Link to post
Share on other sites

Deleting temp files

Download TFC by OldTimer and SAVE it to your desktop

  • Double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin. :excl:
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

scan with DrwebCure-It

Download Dr.Web CureIt to the desktop.

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Right-click the drweb-cureit.exe file, & select Run as Administrator and allow to run
  • then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

security check report

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Copy and paste Checkup.txt in a reply AND

tell me, How is the system now :excl:

Link to post
Share on other sites

wow.. that took almost forever lol, and i seemed to have made a mistake =/ and accidently selected " delete incurable " instead of move incurable. ;[ Here are the logs ~

Drweb:

124e7f25.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Trojan.NtRootKit.13531;Deleted.;

5578dcbd.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Adware.InstallCore.19;Incurable.Deleted.;

57670667.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;BackDoor.Tdss.5231;Deleted.;

5578dcbd.qua;C:\Documents and Settings\All Users\Avira\AntiVir Desktop\INFECTED;Adware.InstallCore.19;Invalid path to file ;

5578dcbd.qua;C:\ProgramData\Avira\AntiVir Desktop\INFECTED;Adware.InstallCore.19;Invalid path to file ;

tsk0000.dta;C:\TDSSKiller_Quarantine\18.07.2012_19.54.14\mbr0000\mbr0000;Trojan.Tdlphaze.1;Incurable.Moved.;

tsk0003.dta;C:\TDSSKiller_Quarantine\18.07.2012_19.54.14\mbr0000\tdlfs0000;Trojan.DownLoad3.1188;Deleted.;

5578dcbd.qua;C:\Users\All Users\Avira\AntiVir Desktop\INFECTED;Adware.InstallCore.19;Invalid path to file ;

security check:

Results of screen317's Security Check version 0.99.43

Windows 7 x64 (UAC is enabled)

Out of date service pack!!

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Avira Desktop

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

Adobe Reader X (10.1.3)

Mozilla Firefox (14.0.1)

Google Chrome 20.0.1132.57

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 6%

````````````````````End of Log``````````````````````

And the system seems to be working fine , but still can notice the slight change in performance speeds since last week.

Link to post
Share on other sites

As long as the random ads are past history, count your blessings.

Any perceived "performance" change could well be due to non-malware issues.

Longer term {but soon after we finish malware removal}, you have to insure to get WIN7 Service Pack 1 :excl:

For now, let's do a online scan at ESET and get some additional reports.

Online scan at ESET

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://go.eset.com/us/online-scanner/faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

Re-enable the antivirus program.

Reply with copy of the Eset scan log

New DDS run

You have DDS tool. Do a fresh run. Copy & Paste the 2 logs ~ DDS.txt + Attach.txt

service report

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.