Google Redirect and http://206.161.121.3/d/

[chulocabra]

Hi, I have read through many help request and subsequent instructions but cant seem to remove this redirect virus (Click on a google link and takes you to another site) and once in a while I get malwarebytes saying they have blocked a site ( http://206.161.121.3 )

Having run diffrent antivirus and TDSSKiller (which said they caught and then removed some stuff) I still have issues.

Any help would be appreciated.

[Maurice Naggar]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

[chulocabra]

Thanks

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.09.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Laptop :: LAPTOP-HP [administrator]

Protection: Enabled

8/9/2012 9:49:05 AM

mbam-log-2012-08-09 (09-49-05).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 197190

Time elapsed: 8 minute(s), 50 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Protection log

2012/08/09 09:07:47 -0400 LAPTOP-HP Laptop MESSAGE Starting protection

2012/08/09 09:07:51 -0400 LAPTOP-HP Laptop MESSAGE Protection started successfully

2012/08/09 09:07:51 -0400 LAPTOP-HP Laptop MESSAGE Executing scheduled update: Daily

2012/08/09 09:07:54 -0400 LAPTOP-HP Laptop MESSAGE Starting IP protection

2012/08/09 09:07:59 -0400 LAPTOP-HP Laptop MESSAGE IP Protection started successfully

2012/08/09 09:08:06 -0400 LAPTOP-HP Laptop MESSAGE Starting database refresh

2012/08/09 09:08:06 -0400 LAPTOP-HP Laptop MESSAGE Scheduled update executed successfully: database updated from version v2012.08.08.06 to version v2012.08.09.07

2012/08/09 09:08:06 -0400 LAPTOP-HP Laptop MESSAGE Stopping IP protection

2012/08/09 09:13:58 -0400 LAPTOP-HP Laptop MESSAGE IP Protection stopped

2012/08/09 09:14:02 -0400 LAPTOP-HP Laptop MESSAGE Database refreshed successfully

2012/08/09 09:14:02 -0400 LAPTOP-HP Laptop MESSAGE Starting IP protection

2012/08/09 09:14:07 -0400 LAPTOP-HP Laptop MESSAGE IP Protection started successfully

DDS Log

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Laptop at 9:59:55 on 2012-08-09

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4859.2983 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\atibtmon.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

C:\Program Files\Prevx\prevx.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\lxeccoms.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Prevx\prevx.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe

C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Users\Laptop\AppData\Roaming\Google\Google Talk\googletalk.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Users\Laptop\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

C:\Program Files (x86)\Windows Sidebar\sidebar.exe

C:\Users\Laptop\AppData\Roaming\cubby\cubby.exe

C:\Program Files\Rainmeter\Rainmeter.exe

C:\Users\Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

uRun: [googletalk] C:\Users\Laptop\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

uRun: [skyDrive] "C:\Users\Laptop\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background

uRun: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun

uRun: [LogMeIn Cubby] "C:\Users\Laptop\AppData\Roaming\cubby\cubby.exe" -hidden

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\Laptop\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Laptop\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 72.215.157.116 72.215.157.117

TCP: Interfaces\{0D04A0FC-3742-4DD7-99AD-8C633B5A0934} : DhcpNameServer = 10.3.11.217 10.3.11.211

TCP: Interfaces\{F9E93DF1-BDCC-4DD8-9A3A-C0E76F026057} : DhcpNameServer = 72.215.157.116 72.215.157.117

TCP: Interfaces\{F9E93DF1-BDCC-4DD8-9A3A-C0E76F026057}\14E64627F696461405 : DhcpNameServer = 192.168.43.1

TCP: Interfaces\{F9E93DF1-BDCC-4DD8-9A3A-C0E76F026057}\14E64627F69646140503432393 : DhcpNameServer = 192.168.43.1

TCP: Interfaces\{F9E93DF1-BDCC-4DD8-9A3A-C0E76F026057}\E4564777F627B6 : DhcpNameServer = 192.168.0.1

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\2n5yldh4.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R0 pxscan;pxscan;C:\Windows\system32\drivers\pxscan.sys --> C:\Windows\system32\drivers\pxscan.sys [?]

R1 pxrts;pxrts;C:\Windows\system32\drivers\pxrts.sys --> C:\Windows\system32\drivers\pxrts.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-18 98208]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]

R2 CSIScanner;CSIScanner;C:\Program Files\Prevx\prevx.exe [2012-8-2 6746280]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]

R2 lxec_device;lxec_device;C:\Windows\system32\lxeccoms.exe -service --> C:\Windows\system32\lxeccoms.exe -service [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-31 655944]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 pxkbf;pxkbf;C:\Windows\system32\drivers\pxkbf.sys --> C:\Windows\system32\drivers\pxkbf.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-26 116648]

S2 lxecCATSCustConnectService;lxecCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxecserv.exe [2012-6-11 45736]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-24 250056]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-26 116648]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 113120]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== Created Last 30 ================

.

2012-08-09 13:52:58 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D8FF7073-E42C-4C31-BAB7-2B8DE33D4FC6}\offreg.dll

2012-08-08 23:01:54 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-08 13:45:24 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D8FF7073-E42C-4C31-BAB7-2B8DE33D4FC6}\mpengine.dll

2012-08-07 19:48:07 -------- d-----w- C:\ProgramData\Kaspersky Lab

2012-08-07 13:22:05 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-02 16:22:04 62976 ----a-w- C:\Windows\SysWow64\PxSecure.dll

2012-08-02 16:22:03 36384 ----a-w- C:\Windows\System32\drivers\pxscan.sys

2012-08-02 16:22:02 65736 ----a-w- C:\Windows\System32\drivers\pxrts.sys

2012-08-02 16:22:02 24024 ----a-w- C:\Windows\System32\drivers\pxkbf.sys

2012-08-02 16:22:01 -------- d-----w- C:\Program Files\Prevx

2012-08-02 16:21:21 -------- d-----w- C:\ProgramData\PrevxCSI

2012-07-31 15:04:28 -------- d-----w- C:\Users\Laptop\AppData\Roaming\Malwarebytes

2012-07-31 15:01:51 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-31 15:01:48 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-31 15:01:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-31 02:19:38 -------- d-----w- C:\Users\Laptop\AppData\Local\{2AEB1F0A-DAB6-11E1-8270-B8AC6F996F26}

2012-07-30 22:08:37 -------- d-----w- C:\ProgramData\Lexmark Pro800-Pro900 Series

2012-07-30 01:01:41 -------- d-----w- C:\Users\Laptop\AppData\Local\Microsoft Games

2012-07-17 16:22:39 -------- d-----r- C:\Program Files (x86)\Skype

2012-07-16 13:13:34 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 12:33:58 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2012-07-11 12:33:58 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2012-07-11 12:33:57 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll

2012-07-11 12:33:57 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll

2012-07-11 12:33:57 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2012-07-11 12:33:56 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2012-07-11 12:33:56 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll

2012-07-11 12:33:55 1133568 ----a-w- C:\Windows\System32\cdosys.dll

.

==================== Find3M ====================

.

2012-08-05 20:08:29 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-05 20:08:29 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-22 13:52:40 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-05-22 13:52:38 175616 ----a-w- C:\Windows\System32\msclmd.dll

.

============= FINISH: 10:01:10.82 ===============

Please do NOT put logs/reports in Quote or Code boxes. Just a plain Copy & Paste into the main body of reply. Thanks !

Edited August 9, 2012 by Maurice Naggar

[Maurice Naggar]

Please do NOT put logs/reports in Quote or Code boxes. Just a plain Copy & Paste into the main body of reply. Thanks !

You have used TDSSKILLER. Are you getting help from another malware-help forum ? if so, where ?

IF you are self-medicating, please stop !

[chulocabra]

Well i was trying to fix it myself and so read through a dozen forums. No so sure where I got theTDSSKiller. It did catch some stuff, however I am still getting the MBAM warning of a blocked redirect

[Maurice Naggar]

While I am helping you, please only do what I guide you to.

Do not do any websurfing, online games, online shopping, online banking, etc.

Just only this forum and the sites I guide you to.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

• Go to your Desktop
• Double-Click the Computer icon.
  
• From the menu options, Select Tools, then Folder Options.
  
• Next click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders and drives.
  
• Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 4

The TDSSKILLER log-report can be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

• Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
  >> from here <<
  
• Quit all programs that you may have started.
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  For Windows XP, double-click to start.
  
• Wait until Prescan has finished ...
  
• Then Click on Scan button at upper right of screen.
  
• Wait until the Status box shows "Scan Finished"
  
• Click on Report and copy/paste the content of the Notepad into your next reply.
  
• The log should be found in RKreport[1].txt on your Desktop
  
• Exit/Close RogueKiller

Step 6

RE-Enable your antivirus program.

Then copy/paste the following into your post (in order):

• the contents of aswMBR report;
  
• the contents of RKReport log;
  

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

[chulocabra]

ASWMBR Log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-09 11:03:51

-----------------------------

11:03:51.340 OS Version: Windows x64 6.1.7601 Service Pack 1

11:03:51.341 Number of processors: 1 586 0x603

11:03:51.342 ComputerName: LAPTOP-HP UserName: Laptop

11:03:52.834 Initialize success

11:05:16.646 AVAST engine defs: 12080900

11:05:39.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000053

11:05:39.362 Disk 0 Vendor: WDC_WD25 02.0 Size: 238475MB BusType: 11

11:05:39.380 Disk 0 MBR read successfully

11:05:39.383 Disk 0 MBR scan

11:05:39.388 Disk 0 unknown MBR code

11:05:39.402 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048

11:05:39.418 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 220533 MB offset 409600

11:05:39.456 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17638 MB offset 452061184

11:05:39.475 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808

11:05:39.521 Disk 0 scanning C:\Windows\system32\drivers

11:05:51.765 Service scanning

11:06:35.833 Modules scanning

11:06:35.843 Scan finished successfully

11:06:53.188 Disk 0 MBR has been saved successfully to "C:\Users\Laptop\Desktop\MBR.dat"

11:06:53.193 The log file has been saved successfully to "C:\Users\Laptop\Desktop\aswMBR.txt"

TDSSKILLER LOG

19:10:23.0787 1220 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

19:10:23.0818 1220 ============================================================

19:10:23.0818 1220 Current date / time: 2012/08/08 19:10:23.0818

19:10:23.0818 1220 SystemInfo:

19:10:23.0818 1220

19:10:23.0818 1220 OS Version: 6.1.7601 ServicePack: 1.0

19:10:23.0818 1220 Product type: Workstation

19:10:23.0818 1220 ComputerName: LAPTOP-HP

19:10:23.0818 1220 UserName: Laptop

19:10:23.0818 1220 Windows directory: C:\Windows

19:10:23.0818 1220 System windows directory: C:\Windows

19:10:23.0818 1220 Running under WOW64

19:10:23.0818 1220 Processor architecture: Intel x64

19:10:23.0818 1220 Number of processors: 1

19:10:23.0818 1220 Page size: 0x1000

19:10:23.0818 1220 Boot type: Safe boot

19:10:23.0818 1220 ============================================================

19:10:25.0176 1220 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:10:25.0176 1220 ============================================================

19:10:25.0176 1220 \Device\Harddisk0\DR0:

19:10:25.0176 1220 MBR partitions:

19:10:25.0176 1220 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

19:10:25.0176 1220 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1AEBA800

19:10:25.0176 1220 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1AF1E800, BlocksNum 0x2273000

19:10:25.0176 1220 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970

19:10:25.0176 1220 ============================================================

19:10:25.0222 1220 C: <-> \Device\Harddisk0\DR0\Partition1

19:10:25.0285 1220 D: <-> \Device\Harddisk0\DR0\Partition2

19:10:25.0285 1220 ============================================================

19:10:25.0285 1220 Initialize success

19:10:25.0285 1220 ============================================================

19:10:33.0506 1272 ============================================================

19:10:33.0506 1272 Scan started

19:10:33.0506 1272 Mode: Manual;

19:10:33.0506 1272 ============================================================

19:10:34.0504 1272 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

19:10:34.0520 1272 1394ohci - ok

19:10:34.0598 1272 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

19:10:34.0614 1272 ACPI - ok

19:10:34.0660 1272 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

19:10:34.0660 1272 AcpiPmi - ok

19:10:34.0848 1272 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

19:10:34.0879 1272 AdobeFlashPlayerUpdateSvc - ok

19:10:34.0957 1272 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

19:10:34.0972 1272 adp94xx - ok

19:10:35.0050 1272 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

19:10:35.0050 1272 adpahci - ok

19:10:35.0128 1272 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

19:10:35.0128 1272 adpu320 - ok

19:10:35.0206 1272 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

19:10:35.0206 1272 AeLookupSvc - ok

19:10:35.0316 1272 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

19:10:35.0331 1272 AERTFilters - ok

19:10:35.0440 1272 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

19:10:35.0440 1272 AFD - ok

19:10:35.0518 1272 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

19:10:35.0518 1272 agp440 - ok

19:10:35.0565 1272 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

19:10:35.0565 1272 ALG - ok

19:10:35.0612 1272 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

19:10:35.0612 1272 aliide - ok

19:10:35.0706 1272 AMD External Events Utility (29c151492510640343b00b63996e4070) C:\Windows\system32\atiesrxx.exe

19:10:35.0721 1272 AMD External Events Utility - ok

19:10:35.0752 1272 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

19:10:35.0752 1272 amdide - ok

19:10:35.0815 1272 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

19:10:35.0815 1272 AmdK8 - ok

19:10:36.0361 1272 amdkmdag (2c9c4824664c61351ff1e0169262d026) C:\Windows\system32\DRIVERS\atikmdag.sys

19:10:36.0517 1272 amdkmdag - ok

19:10:36.0704 1272 amdkmdap (ef7382689d3b17ac2983202e7a40ab45) C:\Windows\system32\DRIVERS\atikmpag.sys

19:10:36.0704 1272 amdkmdap - ok

19:10:36.0766 1272 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

19:10:36.0766 1272 AmdPPM - ok

19:10:36.0798 1272 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys

19:10:36.0798 1272 amdsata - ok

19:10:36.0876 1272 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

19:10:36.0876 1272 amdsbs - ok

19:10:36.0922 1272 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys

19:10:36.0922 1272 amdxata - ok

19:10:36.0985 1272 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

19:10:36.0985 1272 AppID - ok

19:10:37.0016 1272 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

19:10:37.0016 1272 AppIDSvc - ok

19:10:37.0094 1272 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

19:10:37.0094 1272 Appinfo - ok

19:10:37.0203 1272 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

19:10:37.0203 1272 arc - ok

19:10:37.0281 1272 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

19:10:37.0297 1272 arcsas - ok

19:10:37.0437 1272 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

19:10:37.0453 1272 aspnet_state - ok

19:10:37.0515 1272 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

19:10:37.0515 1272 AsyncMac - ok

19:10:37.0546 1272 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

19:10:37.0546 1272 atapi - ok

19:10:37.0734 1272 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys

19:10:37.0765 1272 athr - ok

19:10:37.0968 1272 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys

19:10:37.0968 1272 AtiPcie - ok

19:10:38.0092 1272 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

19:10:38.0108 1272 AudioEndpointBuilder - ok

19:10:38.0124 1272 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

19:10:38.0124 1272 AudioSrv - ok

19:10:38.0202 1272 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

19:10:38.0202 1272 AxInstSV - ok

19:10:38.0280 1272 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

19:10:38.0311 1272 b06bdrv - ok

19:10:38.0404 1272 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

19:10:38.0404 1272 b57nd60a - ok

19:10:38.0467 1272 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

19:10:38.0467 1272 BDESVC - ok

19:10:38.0514 1272 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

19:10:38.0514 1272 Beep - ok

19:10:38.0638 1272 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

19:10:38.0654 1272 BFE - ok

19:10:38.0748 1272 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

19:10:38.0763 1272 BITS - ok

19:10:38.0872 1272 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

19:10:38.0872 1272 blbdrive - ok

19:10:38.0919 1272 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

19:10:38.0919 1272 bowser - ok

19:10:38.0950 1272 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

19:10:38.0950 1272 BrFiltLo - ok

19:10:38.0997 1272 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

19:10:38.0997 1272 BrFiltUp - ok

19:10:39.0028 1272 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

19:10:39.0028 1272 Browser - ok

19:10:39.0091 1272 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

19:10:39.0106 1272 Brserid - ok

19:10:39.0169 1272 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

19:10:39.0169 1272 BrSerWdm - ok

19:10:39.0216 1272 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

19:10:39.0216 1272 BrUsbMdm - ok

19:10:39.0231 1272 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

19:10:39.0231 1272 BrUsbSer - ok

19:10:39.0247 1272 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

19:10:39.0247 1272 BTHMODEM - ok

19:10:39.0325 1272 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

19:10:39.0325 1272 bthserv - ok

19:10:39.0356 1272 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

19:10:39.0356 1272 cdfs - ok

19:10:39.0434 1272 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

19:10:39.0434 1272 cdrom - ok

19:10:39.0481 1272 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

19:10:39.0481 1272 CertPropSvc - ok

19:10:39.0621 1272 CinemaNow Service (533328a3d9a9c286682525842547540c) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

19:10:39.0621 1272 CinemaNow Service - ok

19:10:39.0684 1272 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

19:10:39.0684 1272 circlass - ok

19:10:39.0777 1272 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

19:10:39.0793 1272 CLFS - ok

19:10:39.0902 1272 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:10:39.0902 1272 clr_optimization_v2.0.50727_32 - ok

19:10:39.0964 1272 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

19:10:39.0980 1272 clr_optimization_v2.0.50727_64 - ok

19:10:40.0089 1272 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:10:40.0230 1272 clr_optimization_v4.0.30319_32 - ok

19:10:40.0308 1272 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

19:10:40.0386 1272 clr_optimization_v4.0.30319_64 - ok

19:10:40.0448 1272 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

19:10:40.0448 1272 CmBatt - ok

19:10:40.0479 1272 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

19:10:40.0479 1272 cmdide - ok

19:10:40.0557 1272 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

19:10:40.0588 1272 CNG - ok

19:10:40.0651 1272 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

19:10:40.0651 1272 Compbatt - ok

19:10:40.0698 1272 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

19:10:40.0698 1272 CompositeBus - ok

19:10:40.0729 1272 COMSysApp - ok

19:10:40.0760 1272 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

19:10:40.0760 1272 crcdisk - ok

19:10:40.0838 1272 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

19:10:40.0869 1272 CryptSvc - ok

19:10:41.0322 1272 CSIScanner (5131d2469b6b19dc20b446ebe43ebb79) C:\Program Files\Prevx\prevx.exe

19:10:41.0462 1272 CSIScanner - ok

19:10:41.0665 1272 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys

19:10:41.0665 1272 dc3d - ok

19:10:41.0758 1272 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

19:10:41.0758 1272 DcomLaunch - ok

19:10:41.0821 1272 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

19:10:41.0836 1272 defragsvc - ok

19:10:41.0899 1272 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

19:10:41.0899 1272 DfsC - ok

19:10:41.0992 1272 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

19:10:42.0024 1272 Dhcp - ok

19:10:42.0039 1272 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

19:10:42.0039 1272 discache - ok

19:10:42.0117 1272 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

19:10:42.0117 1272 Disk - ok

19:10:42.0164 1272 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

19:10:42.0180 1272 Dnscache - ok

19:10:42.0242 1272 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

19:10:42.0258 1272 dot3svc - ok

19:10:42.0320 1272 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

19:10:42.0320 1272 DPS - ok

19:10:42.0367 1272 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

19:10:42.0367 1272 drmkaud - ok

19:10:42.0492 1272 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

19:10:42.0507 1272 DXGKrnl - ok

19:10:42.0554 1272 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

19:10:42.0554 1272 EapHost - ok

19:10:42.0819 1272 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

19:10:42.0866 1272 ebdrv - ok

19:10:43.0022 1272 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

19:10:43.0022 1272 EFS - ok

19:10:43.0194 1272 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

19:10:43.0225 1272 ehRecvr - ok

19:10:43.0256 1272 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

19:10:43.0256 1272 ehSched - ok

19:10:43.0412 1272 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

19:10:43.0428 1272 elxstor - ok

19:10:43.0459 1272 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

19:10:43.0459 1272 ErrDev - ok

19:10:43.0552 1272 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

19:10:43.0584 1272 EventSystem - ok

19:10:43.0646 1272 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

19:10:43.0662 1272 exfat - ok

19:10:43.0693 1272 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

19:10:43.0693 1272 fastfat - ok

19:10:43.0833 1272 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

19:10:43.0864 1272 Fax - ok

19:10:43.0880 1272 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

19:10:43.0880 1272 fdc - ok

19:10:43.0942 1272 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

19:10:43.0942 1272 fdPHost - ok

19:10:43.0958 1272 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

19:10:43.0958 1272 FDResPub - ok

19:10:43.0974 1272 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

19:10:44.0005 1272 FileInfo - ok

19:10:44.0020 1272 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

19:10:44.0020 1272 Filetrace - ok

19:10:44.0083 1272 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

19:10:44.0083 1272 flpydisk - ok

19:10:44.0161 1272 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

19:10:44.0161 1272 FltMgr - ok

19:10:44.0348 1272 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

19:10:44.0379 1272 FontCache - ok

19:10:44.0473 1272 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

19:10:44.0473 1272 FontCache3.0.0.0 - ok

19:10:44.0582 1272 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

19:10:44.0598 1272 FsDepends - ok

19:10:44.0629 1272 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

19:10:44.0629 1272 Fs_Rec - ok

19:10:44.0722 1272 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

19:10:44.0722 1272 fvevol - ok

19:10:44.0754 1272 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

19:10:44.0754 1272 gagp30kx - ok

19:10:44.0878 1272 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

19:10:44.0878 1272 gpsvc - ok

19:10:44.0988 1272 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:10:44.0988 1272 gupdate - ok

19:10:45.0019 1272 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:10:45.0019 1272 gupdatem - ok

19:10:45.0050 1272 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

19:10:45.0050 1272 hcw85cir - ok

19:10:45.0144 1272 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

19:10:45.0175 1272 HdAudAddService - ok

19:10:45.0222 1272 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

19:10:45.0222 1272 HDAudBus - ok

19:10:45.0268 1272 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

19:10:45.0268 1272 HidBatt - ok

19:10:45.0315 1272 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

19:10:45.0315 1272 HidBth - ok

19:10:45.0378 1272 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

19:10:45.0378 1272 HidIr - ok

19:10:45.0409 1272 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

19:10:45.0440 1272 hidserv - ok

19:10:45.0471 1272 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

19:10:45.0471 1272 HidUsb - ok

19:10:45.0518 1272 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

19:10:45.0518 1272 hkmsvc - ok

19:10:45.0596 1272 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

19:10:45.0596 1272 HomeGroupListener - ok

19:10:45.0658 1272 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

19:10:45.0674 1272 HomeGroupProvider - ok

19:10:45.0830 1272 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

19:10:45.0830 1272 HP Support Assistant Service - ok

19:10:45.0955 1272 HP Wireless Assistant Service (3a09322a8aa8b0c79036686a0ebe7b4c) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

19:10:45.0970 1272 HP Wireless Assistant Service - ok

19:10:46.0048 1272 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

19:10:46.0048 1272 HPDrvMntSvc.exe - ok

19:10:46.0142 1272 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

19:10:46.0142 1272 hpqwmiex - ok

19:10:46.0267 1272 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

19:10:46.0282 1272 HpSAMD - ok

19:10:46.0376 1272 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

19:10:46.0376 1272 HPWMISVC - ok

19:10:46.0470 1272 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

19:10:46.0470 1272 HTTP - ok

19:10:46.0548 1272 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

19:10:46.0548 1272 hwpolicy - ok

19:10:46.0610 1272 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

19:10:46.0610 1272 i8042prt - ok

19:10:46.0672 1272 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

19:10:46.0688 1272 iaStorV - ok

19:10:46.0860 1272 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

19:10:46.0875 1272 idsvc - ok

19:10:47.0328 1272 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys

19:10:47.0452 1272 igfx - ok

19:10:47.0640 1272 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

19:10:47.0640 1272 iirsp - ok

19:10:47.0749 1272 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

19:10:47.0780 1272 IKEEXT - ok

19:10:47.0998 1272 IntcAzAudAddService (b88e24bd77a0ce2cffee2facf1151be0) C:\Windows\system32\drivers\RTKVHD64.sys

19:10:48.0045 1272 IntcAzAudAddService - ok

19:10:48.0201 1272 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

19:10:48.0201 1272 intelide - ok

19:10:48.0264 1272 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

19:10:48.0264 1272 intelppm - ok

19:10:48.0342 1272 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

19:10:48.0357 1272 IPBusEnum - ok

19:10:48.0404 1272 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:10:48.0404 1272 IpFilterDriver - ok

19:10:48.0498 1272 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

19:10:48.0513 1272 iphlpsvc - ok

19:10:48.0560 1272 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

19:10:48.0560 1272 IPMIDRV - ok

19:10:48.0622 1272 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

19:10:48.0622 1272 IPNAT - ok

19:10:48.0654 1272 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

19:10:48.0654 1272 IRENUM - ok

19:10:48.0700 1272 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

19:10:48.0700 1272 isapnp - ok

19:10:48.0732 1272 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

19:10:48.0763 1272 iScsiPrt - ok

19:10:48.0810 1272 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

19:10:48.0810 1272 kbdclass - ok

19:10:48.0841 1272 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

19:10:48.0841 1272 kbdhid - ok

19:10:48.0888 1272 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:10:48.0888 1272 KeyIso - ok

19:10:48.0934 1272 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

19:10:48.0934 1272 KSecDD - ok

19:10:48.0997 1272 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

19:10:48.0997 1272 KSecPkg - ok

19:10:49.0075 1272 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

19:10:49.0075 1272 ksthunk - ok

19:10:49.0137 1272 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

19:10:49.0153 1272 KtmRm - ok

19:10:49.0231 1272 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

19:10:49.0246 1272 LanmanServer - ok

19:10:49.0324 1272 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

19:10:49.0324 1272 LanmanWorkstation - ok

19:10:49.0387 1272 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

19:10:49.0387 1272 lltdio - ok

19:10:49.0449 1272 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

19:10:49.0465 1272 lltdsvc - ok

19:10:49.0512 1272 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

19:10:49.0512 1272 lmhosts - ok

19:10:49.0574 1272 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

19:10:49.0574 1272 LSI_FC - ok

19:10:49.0652 1272 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

19:10:49.0652 1272 LSI_SAS - ok

19:10:49.0683 1272 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

19:10:49.0683 1272 LSI_SAS2 - ok

19:10:49.0730 1272 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

19:10:49.0746 1272 LSI_SCSI - ok

19:10:49.0761 1272 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

19:10:49.0777 1272 luafv - ok

19:10:49.0855 1272 lxecCATSCustConnectService (1f02b554ddc4086d786537a3bf6488f1) C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe

19:10:49.0886 1272 lxecCATSCustConnectService - ok

19:10:49.0917 1272 lxec_device - ok

19:10:49.0964 1272 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys

19:10:49.0980 1272 MBAMProtector - ok

19:10:50.0120 1272 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

19:10:50.0136 1272 MBAMService - ok

19:10:50.0214 1272 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

19:10:50.0214 1272 Mcx2Svc - ok

19:10:50.0245 1272 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

19:10:50.0245 1272 megasas - ok

19:10:50.0323 1272 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

19:10:50.0354 1272 MegaSR - ok

19:10:50.0401 1272 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

19:10:50.0401 1272 MMCSS - ok

19:10:50.0448 1272 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

19:10:50.0448 1272 Modem - ok

19:10:50.0494 1272 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

19:10:50.0494 1272 monitor - ok

19:10:50.0557 1272 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

19:10:50.0557 1272 mouclass - ok

19:10:50.0619 1272 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

19:10:50.0619 1272 mouhid - ok

19:10:50.0650 1272 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

19:10:50.0650 1272 mountmgr - ok

19:10:50.0806 1272 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

19:10:50.0806 1272 MozillaMaintenance - ok

19:10:50.0884 1272 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys

19:10:50.0900 1272 MpFilter - ok

19:10:50.0962 1272 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

19:10:50.0978 1272 mpio - ok

19:10:51.0009 1272 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

19:10:51.0040 1272 mpsdrv - ok

19:10:51.0150 1272 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

19:10:51.0165 1272 MpsSvc - ok

19:10:51.0228 1272 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

19:10:51.0259 1272 MRxDAV - ok

19:10:51.0306 1272 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

19:10:51.0321 1272 mrxsmb - ok

19:10:51.0384 1272 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:10:51.0384 1272 mrxsmb10 - ok

19:10:51.0415 1272 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:10:51.0415 1272 mrxsmb20 - ok

19:10:51.0462 1272 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

19:10:51.0462 1272 msahci - ok

19:10:51.0508 1272 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

19:10:51.0508 1272 msdsm - ok

19:10:51.0571 1272 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

19:10:51.0571 1272 MSDTC - ok

19:10:51.0649 1272 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

19:10:51.0649 1272 Msfs - ok

19:10:51.0680 1272 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

19:10:51.0680 1272 mshidkmdf - ok

19:10:51.0711 1272 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

19:10:51.0742 1272 msisadrv - ok

19:10:51.0789 1272 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

19:10:51.0805 1272 MSiSCSI - ok

19:10:51.0805 1272 msiserver - ok

19:10:51.0883 1272 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

19:10:51.0883 1272 MSKSSRV - ok

19:10:51.0961 1272 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe

19:10:51.0961 1272 MsMpSvc - ok

19:10:51.0976 1272 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

19:10:51.0976 1272 MSPCLOCK - ok

19:10:51.0976 1272 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

19:10:51.0976 1272 MSPQM - ok

19:10:52.0054 1272 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

19:10:52.0070 1272 MsRPC - ok

19:10:52.0132 1272 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

19:10:52.0132 1272 mssmbios - ok

19:10:52.0210 1272 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

19:10:52.0210 1272 MSTEE - ok

19:10:52.0226 1272 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

19:10:52.0226 1272 MTConfig - ok

19:10:52.0257 1272 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

19:10:52.0257 1272 Mup - ok

19:10:52.0382 1272 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

19:10:52.0398 1272 napagent - ok

19:10:52.0460 1272 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

19:10:52.0460 1272 NativeWifiP - ok

19:10:52.0585 1272 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

19:10:52.0600 1272 NDIS - ok

19:10:52.0647 1272 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

19:10:52.0647 1272 NdisCap - ok

19:10:52.0678 1272 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

19:10:52.0678 1272 NdisTapi - ok

19:10:52.0756 1272 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

19:10:52.0756 1272 Ndisuio - ok

19:10:52.0834 1272 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

19:10:52.0834 1272 NdisWan - ok

19:10:52.0897 1272 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

19:10:52.0897 1272 NDProxy - ok

19:10:52.0959 1272 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

19:10:52.0959 1272 NetBIOS - ok

19:10:53.0037 1272 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

19:10:53.0037 1272 NetBT - ok

19:10:53.0068 1272 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:10:53.0068 1272 Netlogon - ok

19:10:53.0193 1272 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

19:10:53.0209 1272 Netman - ok

19:10:53.0349 1272 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:10:53.0396 1272 NetMsmqActivator - ok

19:10:53.0412 1272 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:10:53.0412 1272 NetPipeActivator - ok

19:10:53.0505 1272 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

19:10:53.0505 1272 netprofm - ok

19:10:53.0536 1272 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:10:53.0536 1272 NetTcpActivator - ok

19:10:53.0552 1272 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:10:53.0552 1272 NetTcpPortSharing - ok

19:10:53.0989 1272 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

19:10:54.0098 1272 netw5v64 - ok

19:10:54.0316 1272 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

19:10:54.0316 1272 nfrd960 - ok

19:10:54.0363 1272 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

19:10:54.0363 1272 NisDrv - ok

19:10:54.0488 1272 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe

19:10:54.0504 1272 NisSrv - ok

19:10:54.0582 1272 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

19:10:54.0597 1272 NlaSvc - ok

19:10:54.0644 1272 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

19:10:54.0644 1272 Npfs - ok

19:10:54.0675 1272 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

19:10:54.0675 1272 nsi - ok

19:10:54.0706 1272 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

19:10:54.0706 1272 nsiproxy - ok

19:10:54.0862 1272 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

19:10:54.0909 1272 Ntfs - ok

19:10:55.0096 1272 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

19:10:55.0096 1272 Null - ok

19:10:55.0159 1272 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

19:10:55.0174 1272 nvraid - ok

19:10:55.0221 1272 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

19:10:55.0221 1272 nvstor - ok

19:10:55.0299 1272 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

19:10:55.0299 1272 nv_agp - ok

19:10:55.0455 1272 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

19:10:55.0471 1272 odserv - ok

19:10:55.0502 1272 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

19:10:55.0502 1272 ohci1394 - ok

19:10:55.0596 1272 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:10:55.0596 1272 ose - ok

19:10:55.0674 1272 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

19:10:55.0689 1272 p2pimsvc - ok

19:10:55.0767 1272 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

19:10:55.0767 1272 p2psvc - ok

19:10:55.0830 1272 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

19:10:55.0830 1272 Parport - ok

19:10:55.0876 1272 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

19:10:55.0876 1272 partmgr - ok

19:10:55.0939 1272 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

19:10:55.0939 1272 PcaSvc - ok

19:10:55.0986 1272 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

19:10:56.0001 1272 pci - ok

19:10:56.0017 1272 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

19:10:56.0017 1272 pciide - ok

19:10:56.0095 1272 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

19:10:56.0095 1272 pcmcia - ok

19:10:56.0157 1272 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

19:10:56.0157 1272 pcw - ok

19:10:56.0235 1272 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

19:10:56.0266 1272 PEAUTH - ok

19:10:56.0391 1272 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

19:10:56.0391 1272 PerfHost - ok

19:10:56.0563 1272 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

19:10:56.0594 1272 pla - ok

19:10:56.0688 1272 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

19:10:56.0703 1272 PlugPlay - ok

19:10:56.0750 1272 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

19:10:56.0750 1272 PNRPAutoReg - ok

19:10:56.0797 1272 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

19:10:56.0797 1272 PNRPsvc - ok

19:10:56.0890 1272 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys

19:10:56.0890 1272 Point64 - ok

19:10:56.0984 1272 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

19:10:57.0000 1272 PolicyAgent - ok

19:10:57.0078 1272 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

19:10:57.0078 1272 Power - ok

19:10:57.0140 1272 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

19:10:57.0140 1272 PptpMiniport - ok

19:10:57.0171 1272 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

19:10:57.0202 1272 Processor - ok

19:10:57.0280 1272 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

19:10:57.0280 1272 ProfSvc - ok

19:10:57.0312 1272 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:10:57.0312 1272 ProtectedStorage - ok

19:10:57.0390 1272 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

19:10:57.0421 1272 Psched - ok

19:10:57.0468 1272 pxkbf (ba5f7c107eace67973b4b798832a74c7) C:\Windows\system32\drivers\pxkbf.sys

19:10:57.0468 1272 pxkbf - ok

19:10:57.0483 1272 pxrts (007e57428802f587d0d6737ae7a9d989) C:\Windows\system32\drivers\pxrts.sys

19:10:57.0483 1272 pxrts - ok

19:10:57.0514 1272 pxscan (66d4d00c8908888a68b749d91f1e6789) C:\Windows\system32\drivers\pxscan.sys

19:10:57.0514 1272 pxscan - ok

19:10:57.0702 1272 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

19:10:57.0733 1272 ql2300 - ok

19:10:57.0904 1272 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

19:10:57.0904 1272 ql40xx - ok

19:10:57.0982 1272 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

19:10:57.0982 1272 QWAVE - ok

19:10:57.0998 1272 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

19:10:57.0998 1272 QWAVEdrv - ok

19:10:58.0029 1272 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

19:10:58.0029 1272 RasAcd - ok

19:10:58.0092 1272 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

19:10:58.0092 1272 RasAgileVpn - ok

19:10:58.0138 1272 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

19:10:58.0138 1272 RasAuto - ok

19:10:58.0201 1272 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

19:10:58.0201 1272 Rasl2tp - ok

19:10:58.0294 1272 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

19:10:58.0310 1272 RasMan - ok

19:10:58.0357 1272 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

19:10:58.0357 1272 RasPppoe - ok

19:10:58.0419 1272 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

19:10:58.0419 1272 RasSstp - ok

19:10:58.0497 1272 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

19:10:58.0497 1272 rdbss - ok

19:10:58.0528 1272 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

19:10:58.0528 1272 rdpbus - ok

19:10:58.0544 1272 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

19:10:58.0544 1272 RDPCDD - ok

19:10:58.0606 1272 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

19:10:58.0606 1272 RDPENCDD - ok

19:10:58.0622 1272 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

19:10:58.0622 1272 RDPREFMP - ok

19:10:58.0716 1272 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

19:10:58.0731 1272 RDPWD - ok

19:10:58.0809 1272 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

19:10:58.0809 1272 rdyboost - ok

19:10:58.0872 1272 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

19:10:58.0872 1272 RemoteAccess - ok

19:10:58.0903 1272 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

19:10:58.0918 1272 RemoteRegistry - ok

19:10:58.0965 1272 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

19:10:58.0965 1272 RpcEptMapper - ok

19:10:58.0996 1272 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

19:10:58.0996 1272 RpcLocator - ok

19:10:59.0074 1272 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

19:10:59.0074 1272 RpcSs - ok

19:10:59.0137 1272 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

19:10:59.0137 1272 rspndr - ok

19:10:59.0246 1272 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys

19:10:59.0262 1272 RTL8167 - ok

19:10:59.0293 1272 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:10:59.0293 1272 SamSs - ok

19:10:59.0340 1272 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

19:10:59.0340 1272 sbp2port - ok

19:10:59.0402 1272 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

19:10:59.0433 1272 SCardSvr - ok

19:10:59.0496 1272 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

19:10:59.0496 1272 scfilter - ok

19:10:59.0636 1272 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

19:10:59.0667 1272 Schedule - ok

19:10:59.0714 1272 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

19:10:59.0714 1272 SCPolicySvc - ok

19:10:59.0776 1272 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

19:10:59.0792 1272 sdbus - ok

19:10:59.0823 1272 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

19:10:59.0854 1272 SDRSVC - ok

19:10:59.0886 1272 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

19:10:59.0886 1272 secdrv - ok

19:10:59.0948 1272 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

19:10:59.0948 1272 seclogon - ok

19:10:59.0979 1272 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

19:10:59.0979 1272 SENS - ok

19:11:00.0042 1272 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

19:11:00.0042 1272 SensrSvc - ok

19:11:00.0088 1272 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

19:11:00.0088 1272 Serenum - ok

19:11:00.0120 1272 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

19:11:00.0135 1272 Serial - ok

19:11:00.0182 1272 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

19:11:00.0182 1272 sermouse - ok

19:11:00.0244 1272 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

19:11:00.0244 1272 SessionEnv - ok

19:11:00.0276 1272 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

19:11:00.0276 1272 sffdisk - ok

19:11:00.0322 1272 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

19:11:00.0322 1272 sffp_mmc - ok

19:11:00.0354 1272 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

19:11:00.0354 1272 sffp_sd - ok

19:11:00.0416 1272 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

19:11:00.0416 1272 sfloppy - ok

19:11:00.0478 1272 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

19:11:00.0478 1272 SharedAccess - ok

19:11:00.0588 1272 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

19:11:00.0603 1272 ShellHWDetection - ok

19:11:00.0634 1272 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

19:11:00.0634 1272 SiSRaid2 - ok

19:11:00.0697 1272 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

19:11:00.0697 1272 SiSRaid4 - ok

19:11:00.0744 1272 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

19:11:00.0744 1272 Smb - ok

19:11:00.0806 1272 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

19:11:00.0806 1272 SNMPTRAP - ok

19:11:00.0837 1272 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

19:11:00.0837 1272 spldr - ok

19:11:00.0962 1272 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

19:11:00.0978 1272 Spooler - ok

19:11:01.0290 1272 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

19:11:01.0368 1272 sppsvc - ok

19:11:01.0508 1272 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

19:11:01.0508 1272 sppuinotify - ok

19:11:01.0664 1272 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

19:11:01.0664 1272 srv - ok

19:11:01.0742 1272 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

19:11:01.0742 1272 srv2 - ok

19:11:01.0820 1272 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

19:11:01.0836 1272 SrvHsfHDA - ok

19:11:01.0976 1272 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

19:11:02.0007 1272 SrvHsfV92 - ok

19:11:02.0226 1272 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

19:11:02.0257 1272 SrvHsfWinac - ok

19:11:02.0304 1272 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

19:11:02.0304 1272 srvnet - ok

19:11:02.0397 1272 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

19:11:02.0413 1272 SSDPSRV - ok

19:11:02.0444 1272 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

19:11:02.0444 1272 SstpSvc - ok

19:11:02.0475 1272 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

19:11:02.0475 1272 stexstor - ok

19:11:02.0616 1272 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

19:11:02.0631 1272 stisvc - ok

19:11:02.0678 1272 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

19:11:02.0678 1272 swenum - ok

19:11:02.0756 1272 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

19:11:02.0772 1272 swprv - ok

19:11:02.0896 1272 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys

19:11:02.0896 1272 SynTP - ok

19:11:03.0084 1272 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

19:11:03.0130 1272 SysMain - ok

19:11:03.0286 1272 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

19:11:03.0286 1272 TabletInputService - ok

19:11:03.0380 1272 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

19:11:03.0380 1272 TapiSrv - ok

19:11:03.0442 1272 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

19:11:03.0442 1272 TBS - ok

19:11:03.0676 1272 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

19:11:03.0723 1272 Tcpip - ok

19:11:04.0035 1272 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

19:11:04.0051 1272 TCPIP6 - ok

19:11:04.0191 1272 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

19:11:04.0191 1272 tcpipreg - ok

19:11:04.0254 1272 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

19:11:04.0254 1272 TDPIPE - ok

19:11:04.0285 1272 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

19:11:04.0285 1272 TDTCP - ok

19:11:04.0363 1272 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

19:11:04.0363 1272 tdx - ok

19:11:04.0425 1272 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

19:11:04.0425 1272 TermDD - ok

19:11:04.0519 1272 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

19:11:04.0519 1272 TermService - ok

19:11:04.0566 1272 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

19:11:04.0581 1272 Themes - ok

19:11:04.0628 1272 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

19:11:04.0628 1272 THREADORDER - ok

19:11:04.0659 1272 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

19:11:04.0659 1272 TrkWks - ok

19:11:04.0784 1272 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

19:11:04.0800 1272 TrustedInstaller - ok

19:11:04.0831 1272 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

19:11:04.0831 1272 tssecsrv - ok

19:11:04.0909 1272 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

19:11:04.0909 1272 TsUsbFlt - ok

19:11:05.0002 1272 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

19:11:05.0002 1272 tunnel - ok

19:11:05.0049 1272 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

19:11:05.0049 1272 uagp35 - ok

19:11:05.0112 1272 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

19:11:05.0127 1272 udfs - ok

19:11:05.0190 1272 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

19:11:05.0190 1272 UI0Detect - ok

19:11:05.0268 1272 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

19:11:05.0268 1272 uliagpkx - ok

19:11:05.0314 1272 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

19:11:05.0314 1272 umbus - ok

19:11:05.0361 1272 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

19:11:05.0361 1272 UmPass - ok

19:11:05.0439 1272 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

19:11:05.0455 1272 upnphost - ok

19:11:05.0502 1272 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

19:11:05.0502 1272 usbccgp - ok

19:11:05.0548 1272 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

19:11:05.0548 1272 usbcir - ok

19:11:05.0595 1272 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

19:11:05.0595 1272 usbehci - ok

19:11:05.0658 1272 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys

19:11:05.0658 1272 usbfilter - ok

19:11:05.0736 1272 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

19:11:05.0751 1272 usbhub - ok

19:11:05.0767 1272 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

19:11:05.0767 1272 usbohci - ok

19:11:05.0782 1272 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

19:11:05.0782 1272 usbprint - ok

19:11:05.0892 1272 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

19:11:05.0907 1272 usbscan - ok

19:11:05.0938 1272 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:11:05.0938 1272 USBSTOR - ok

19:11:05.0985 1272 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

19:11:05.0985 1272 usbuhci - ok

19:11:06.0048 1272 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

19:11:06.0048 1272 UxSms - ok

19:11:06.0079 1272 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:11:06.0079 1272 VaultSvc - ok

19:11:06.0141 1272 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

19:11:06.0141 1272 vdrvroot - ok

19:11:06.0219 1272 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

19:11:06.0235 1272 vds - ok

19:11:06.0282 1272 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

19:11:06.0282 1272 vga - ok

19:11:06.0297 1272 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

19:11:06.0313 1272 VgaSave - ok

19:11:06.0360 1272 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

19:11:06.0375 1272 vhdmp - ok

19:11:06.0391 1272 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

19:11:06.0406 1272 viaide - ok

19:11:06.0438 1272 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

19:11:06.0453 1272 volmgr - ok

19:11:06.0516 1272 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

19:11:06.0547 1272 volmgrx - ok

19:11:06.0594 1272 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

19:11:06.0625 1272 volsnap - ok

19:11:06.0672 1272 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

19:11:06.0703 1272 vsmraid - ok

19:11:06.0874 1272 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

19:11:06.0906 1272 VSS - ok

19:11:07.0062 1272 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

19:11:07.0062 1272 vwifibus - ok

19:11:07.0124 1272 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

19:11:07.0124 1272 vwififlt - ok

19:11:07.0202 1272 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

19:11:07.0218 1272 W32Time - ok

19:11:07.0264 1272 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

19:11:07.0264 1272 WacomPen - ok

19:11:07.0311 1272 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

19:11:07.0311 1272 WANARP - ok

19:11:07.0358 1272 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

19:11:07.0358 1272 Wanarpv6 - ok

19:11:07.0498 1272 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

19:11:07.0530 1272 WatAdminSvc - ok

19:11:07.0701 1272 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

19:11:07.0732 1272 wbengine - ok

19:11:07.0904 1272 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

19:11:07.0904 1272 WbioSrvc - ok

19:11:07.0982 1272 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

19:11:07.0998 1272 wcncsvc - ok

19:11:08.0013 1272 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

19:11:08.0013 1272 WcsPlugInService - ok

19:11:08.0091 1272 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

19:11:08.0107 1272 Wd - ok

19:11:08.0216 1272 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

19:11:08.0232 1272 Wdf01000 - ok

19:11:08.0247 1272 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

19:11:08.0247 1272 WdiServiceHost - ok

19:11:08.0278 1272 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

19:11:08.0278 1272 WdiSystemHost - ok

19:11:08.0356 1272 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

19:11:08.0372 1272 WebClient - ok

19:11:08.0434 1272 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

19:11:08.0434 1272 Wecsvc - ok

19:11:08.0450 1272 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

19:11:08.0466 1272 wercplsupport - ok

19:11:08.0512 1272 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

19:11:08.0512 1272 WerSvc - ok

19:11:08.0622 1272 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

19:11:08.0622 1272 WfpLwf - ok

19:11:08.0637 1272 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

19:11:08.0637 1272 WIMMount - ok

19:11:08.0684 1272 WinDefend - ok

19:11:08.0700 1272 WinHttpAutoProxySvc - ok

19:11:08.0793 1272 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

19:11:08.0824 1272 Winmgmt - ok

19:11:09.0058 1272 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

19:11:09.0105 1272 WinRM - ok

19:11:09.0339 1272 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

19:11:09.0355 1272 Wlansvc - ok

19:11:09.0636 1272 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

19:11:09.0698 1272 wlidsvc - ok

19:11:09.0885 1272 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

19:11:09.0885 1272 WmiAcpi - ok

19:11:09.0963 1272 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

19:11:09.0963 1272 wmiApSrv - ok

19:11:10.0026 1272 WMPNetworkSvc - ok

19:11:10.0057 1272 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

19:11:10.0057 1272 WPCSvc - ok

19:11:10.0104 1272 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

19:11:10.0104 1272 WPDBusEnum - ok

19:11:10.0150 1272 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

19:11:10.0150 1272 ws2ifsl - ok

19:11:10.0197 1272 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

19:11:10.0197 1272 wscsvc - ok

19:11:10.0197 1272 WSearch - ok

19:11:10.0400 1272 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

19:11:10.0462 1272 wuauserv - ok

19:11:10.0665 1272 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

19:11:10.0665 1272 WudfPf - ok

19:11:10.0712 1272 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

19:11:10.0743 1272 WUDFRd - ok

19:11:10.0790 1272 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

19:11:10.0790 1272 wudfsvc - ok

19:11:10.0852 1272 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

19:11:10.0868 1272 WwanSvc - ok

19:11:11.0055 1272 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

19:11:11.0071 1272 YahooAUService - ok

19:11:11.0149 1272 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

19:11:11.0180 1272 yukonw7 - ok

19:11:11.0196 1272 MBR (0x1B8) (4287d1c7c777c7cdd9ab892338678e65) \Device\Harddisk0\DR0

19:11:11.0523 1272 \Device\Harddisk0\DR0 - ok

19:11:11.0554 1272 Boot (0x1200) (a71c215f653bad850a396eca1607c630) \Device\Harddisk0\DR0\Partition0

19:11:11.0554 1272 \Device\Harddisk0\DR0\Partition0 - ok

19:11:11.0570 1272 Boot (0x1200) (07ef4458efa0038db2a13c78e83a9055) \Device\Harddisk0\DR0\Partition1

19:11:11.0570 1272 \Device\Harddisk0\DR0\Partition1 - ok

19:11:11.0617 1272 Boot (0x1200) (3951b66e9a987716b97c33db33223fe6) \Device\Harddisk0\DR0\Partition2

19:11:11.0617 1272 \Device\Harddisk0\DR0\Partition2 - ok

19:11:11.0664 1272 Boot (0x1200) (fa9ac4dade58f1927454b193254063a3) \Device\Harddisk0\DR0\Partition3

19:11:11.0664 1272 \Device\Harddisk0\DR0\Partition3 - ok

19:11:11.0664 1272 ============================================================

19:11:11.0664 1272 Scan finished

19:11:11.0664 1272 ============================================================

19:11:11.0679 1264 Detected object count: 0

19:11:11.0679 1264 Actual detected object count: 0

19:11:18.0996 1216 Deinitialize success

RKReport Log

RogueKiller V7.6.5 [08/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Laptop [Admin rights]

Mode: Scan -- Date: 08/09/2012 11:10:46

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 8 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : SkyDrive ("C:\Users\Laptop\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background) -> FOUND

[sUSP PATH] HKCU\[...]\Run : LogMeIn Cubby ("C:\Users\Laptop\AppData\Roaming\cubby\cubby.exe" -hidden) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-3703631627-3218618479-3953746154-1000[...]\Run : SkyDrive ("C:\Users\Laptop\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-3703631627-3218618479-3953746154-1000[...]\Run : LogMeIn Cubby ("C:\Users\Laptop\AppData\Roaming\cubby\cubby.exe" -hidden) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD25 00BEVT-60A23T0 SATA Disk Device +++++

--- User ---

[MBR] 16e2d66bec32eb89fe8c129beefc9791

[bSP] a3822365e81e0f01494ed47717fee0b3 : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 220533 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 452061184 | Size: 17638 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 488183808 | Size: 103 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[chulocabra]

Here is also an older (previous scan) of the TDSSKILLER LOG that shows something was found

19:00:14.0207 1268 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

19:00:14.0222 1268 ============================================================

19:00:14.0222 1268 Current date / time: 2012/08/08 19:00:14.0222

19:00:14.0222 1268 SystemInfo:

19:00:14.0222 1268

19:00:14.0222 1268 OS Version: 6.1.7601 ServicePack: 1.0

19:00:14.0222 1268 Product type: Workstation

19:00:14.0222 1268 ComputerName: LAPTOP-HP

19:00:14.0222 1268 UserName: Laptop

19:00:14.0222 1268 Windows directory: C:\Windows

19:00:14.0222 1268 System windows directory: C:\Windows

19:00:14.0222 1268 Running under WOW64

19:00:14.0222 1268 Processor architecture: Intel x64

19:00:14.0222 1268 Number of processors: 1

19:00:14.0222 1268 Page size: 0x1000

19:00:14.0222 1268 Boot type: Safe boot

19:00:14.0222 1268 ============================================================

19:00:15.0486 1268 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:00:15.0486 1268 ============================================================

19:00:15.0486 1268 \Device\Harddisk0\DR0:

19:00:15.0486 1268 MBR partitions:

19:00:15.0486 1268 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

19:00:15.0486 1268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1AEBA800

19:00:15.0486 1268 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1AF1E800, BlocksNum 0x2273000

19:00:15.0486 1268 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970

19:00:15.0486 1268 ============================================================

19:00:15.0548 1268 C: <-> \Device\Harddisk0\DR0\Partition1

19:00:15.0595 1268 D: <-> \Device\Harddisk0\DR0\Partition2

19:00:15.0595 1268 ============================================================

19:00:15.0595 1268 Initialize success

19:00:15.0595 1268 ============================================================

19:00:27.0950 1312 ============================================================

19:00:27.0950 1312 Scan started

19:00:27.0950 1312 Mode: Manual; SigCheck; TDLFS;

19:00:27.0950 1312 ============================================================

19:00:28.0808 1312 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

19:00:29.0495 1312 1394ohci - ok

19:00:29.0573 1312 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

19:00:29.0620 1312 ACPI - ok

19:00:29.0666 1312 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

19:00:29.0776 1312 AcpiPmi - ok

19:00:29.0947 1312 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

19:00:29.0978 1312 AdobeFlashPlayerUpdateSvc - ok

19:00:30.0072 1312 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

19:00:30.0103 1312 adp94xx - ok

19:00:30.0166 1312 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

19:00:30.0212 1312 adpahci - ok

19:00:30.0275 1312 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

19:00:30.0290 1312 adpu320 - ok

19:00:30.0353 1312 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

19:00:30.0509 1312 AeLookupSvc - ok

19:00:30.0649 1312 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

19:00:30.0665 1312 AERTFilters - ok

19:00:30.0758 1312 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

19:00:30.0821 1312 AFD - ok

19:00:30.0883 1312 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

19:00:30.0899 1312 agp440 - ok

19:00:30.0961 1312 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

19:00:31.0024 1312 ALG - ok

19:00:31.0070 1312 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

19:00:31.0070 1312 aliide - ok

19:00:31.0180 1312 AMD External Events Utility (29c151492510640343b00b63996e4070) C:\Windows\system32\atiesrxx.exe

19:00:31.0258 1312 AMD External Events Utility - ok

19:00:31.0304 1312 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

19:00:31.0320 1312 amdide - ok

19:00:31.0382 1312 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

19:00:31.0429 1312 AmdK8 - ok

19:00:31.0944 1312 amdkmdag (2c9c4824664c61351ff1e0169262d026) C:\Windows\system32\DRIVERS\atikmdag.sys

19:00:32.0162 1312 amdkmdag - ok

19:00:32.0412 1312 amdkmdap (ef7382689d3b17ac2983202e7a40ab45) C:\Windows\system32\DRIVERS\atikmpag.sys

19:00:32.0443 1312 amdkmdap - ok

19:00:32.0521 1312 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

19:00:32.0537 1312 AmdPPM - ok

19:00:32.0615 1312 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys

19:00:32.0662 1312 amdsata - ok

19:00:32.0755 1312 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

19:00:32.0771 1312 amdsbs - ok

19:00:32.0818 1312 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys

19:00:32.0818 1312 amdxata - ok

19:00:32.0880 1312 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

19:00:33.0098 1312 AppID - ok

19:00:33.0161 1312 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

19:00:33.0239 1312 AppIDSvc - ok

19:00:33.0317 1312 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

19:00:33.0395 1312 Appinfo - ok

19:00:33.0473 1312 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

19:00:33.0473 1312 arc - ok

19:00:33.0535 1312 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

19:00:33.0551 1312 arcsas - ok

19:00:33.0707 1312 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

19:00:33.0754 1312 aspnet_state - ok

19:00:33.0832 1312 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

19:00:33.0910 1312 AsyncMac - ok

19:00:33.0972 1312 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

19:00:33.0972 1312 atapi - ok

19:00:34.0175 1312 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys

19:00:34.0253 1312 athr - ok

19:00:34.0487 1312 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys

19:00:34.0487 1312 AtiPcie - ok

19:00:34.0596 1312 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

19:00:34.0643 1312 AudioEndpointBuilder - ok

19:00:34.0658 1312 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

19:00:34.0705 1312 AudioSrv - ok

19:00:34.0783 1312 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

19:00:34.0861 1312 AxInstSV - ok

19:00:34.0955 1312 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

19:00:35.0017 1312 b06bdrv - ok

19:00:35.0095 1312 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

19:00:35.0126 1312 b57nd60a - ok

19:00:35.0220 1312 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

19:00:35.0267 1312 BDESVC - ok

19:00:35.0314 1312 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

19:00:35.0392 1312 Beep - ok

19:00:35.0532 1312 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

19:00:35.0594 1312 BFE - ok

19:00:35.0704 1312 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

19:00:35.0797 1312 BITS - ok

19:00:35.0906 1312 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

19:00:35.0938 1312 blbdrive - ok

19:00:35.0984 1312 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

19:00:36.0016 1312 bowser - ok

19:00:36.0047 1312 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

19:00:36.0109 1312 BrFiltLo - ok

19:00:36.0140 1312 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

19:00:36.0156 1312 BrFiltUp - ok

19:00:36.0218 1312 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

19:00:36.0281 1312 Browser - ok

19:00:36.0343 1312 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

19:00:36.0374 1312 Brserid - ok

19:00:36.0421 1312 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

19:00:36.0452 1312 BrSerWdm - ok

19:00:36.0468 1312 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

19:00:36.0499 1312 BrUsbMdm - ok

19:00:36.0530 1312 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

19:00:36.0546 1312 BrUsbSer - ok

19:00:36.0593 1312 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

19:00:36.0624 1312 BTHMODEM - ok

19:00:36.0686 1312 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

19:00:36.0733 1312 bthserv - ok

19:00:36.0780 1312 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

19:00:36.0858 1312 cdfs - ok

19:00:36.0936 1312 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

19:00:36.0967 1312 cdrom - ok

19:00:37.0030 1312 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

19:00:37.0092 1312 CertPropSvc - ok

19:00:37.0201 1312 CinemaNow Service (533328a3d9a9c286682525842547540c) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

19:00:37.0217 1312 CinemaNow Service - ok

19:00:37.0279 1312 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

19:00:37.0295 1312 circlass - ok

19:00:37.0373 1312 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

19:00:37.0388 1312 CLFS - ok

19:00:37.0529 1312 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:00:37.0576 1312 clr_optimization_v2.0.50727_32 - ok

19:00:37.0654 1312 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

19:00:37.0669 1312 clr_optimization_v2.0.50727_64 - ok

19:00:37.0763 1312 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:00:37.0903 1312 clr_optimization_v4.0.30319_32 - ok

19:00:37.0997 1312 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

19:00:38.0075 1312 clr_optimization_v4.0.30319_64 - ok

19:00:38.0106 1312 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

19:00:38.0137 1312 CmBatt - ok

19:00:38.0184 1312 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

19:00:38.0215 1312 cmdide - ok

19:00:38.0293 1312 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

19:00:38.0324 1312 CNG - ok

19:00:38.0387 1312 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

19:00:38.0387 1312 Compbatt - ok

19:00:38.0449 1312 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

19:00:38.0480 1312 CompositeBus - ok

19:00:38.0512 1312 COMSysApp - ok

19:00:38.0543 1312 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

19:00:38.0543 1312 crcdisk - ok

19:00:38.0621 1312 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

19:00:38.0683 1312 CryptSvc - ok

19:00:39.0182 1312 CSIScanner (5131d2469b6b19dc20b446ebe43ebb79) C:\Program Files\Prevx\prevx.exe

19:00:39.0401 1312 CSIScanner - ok

19:00:39.0588 1312 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys

19:00:39.0604 1312 dc3d - ok

19:00:39.0697 1312 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

19:00:39.0775 1312 DcomLaunch - ok

19:00:39.0838 1312 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

19:00:39.0900 1312 defragsvc - ok

19:00:39.0962 1312 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

19:00:40.0009 1312 DfsC - ok

19:00:40.0103 1312 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

19:00:40.0165 1312 Dhcp - ok

19:00:40.0196 1312 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

19:00:40.0243 1312 discache - ok

19:00:40.0306 1312 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

19:00:40.0321 1312 Disk - ok

19:00:40.0384 1312 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

19:00:40.0462 1312 Dnscache - ok

19:00:40.0524 1312 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

19:00:40.0586 1312 dot3svc - ok

19:00:40.0633 1312 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

19:00:40.0680 1312 DPS - ok

19:00:40.0742 1312 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

19:00:40.0774 1312 drmkaud - ok

19:00:40.0898 1312 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

19:00:40.0930 1312 DXGKrnl - ok

19:00:40.0992 1312 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

19:00:41.0054 1312 EapHost - ok

19:00:41.0320 1312 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

19:00:41.0429 1312 ebdrv - ok

19:00:41.0554 1312 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

19:00:41.0616 1312 EFS - ok

19:00:41.0803 1312 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

19:00:41.0850 1312 ehRecvr - ok

19:00:41.0897 1312 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

19:00:41.0944 1312 ehSched - ok

19:00:42.0084 1312 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

19:00:42.0115 1312 elxstor - ok

19:00:42.0146 1312 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

19:00:42.0162 1312 ErrDev - ok

19:00:42.0287 1312 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

19:00:42.0349 1312 EventSystem - ok

19:00:42.0380 1312 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

19:00:42.0458 1312 exfat - ok

19:00:42.0505 1312 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

19:00:42.0536 1312 fastfat - ok

19:00:42.0661 1312 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

19:00:42.0739 1312 Fax - ok

19:00:42.0786 1312 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

19:00:42.0817 1312 fdc - ok

19:00:42.0864 1312 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

19:00:42.0911 1312 fdPHost - ok

19:00:42.0942 1312 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

19:00:42.0989 1312 FDResPub - ok

19:00:43.0036 1312 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

19:00:43.0051 1312 FileInfo - ok

19:00:43.0082 1312 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

19:00:43.0129 1312 Filetrace - ok

19:00:43.0192 1312 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

19:00:43.0223 1312 flpydisk - ok

19:00:43.0301 1312 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

19:00:43.0348 1312 FltMgr - ok

19:00:43.0488 1312 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

19:00:43.0582 1312 FontCache - ok

19:00:43.0675 1312 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

19:00:43.0706 1312 FontCache3.0.0.0 - ok

19:00:43.0784 1312 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

19:00:43.0800 1312 FsDepends - ok

19:00:43.0816 1312 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

19:00:43.0847 1312 Fs_Rec - ok

19:00:43.0940 1312 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

19:00:43.0956 1312 fvevol - ok

19:00:44.0003 1312 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

19:00:44.0018 1312 gagp30kx - ok

19:00:44.0143 1312 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

19:00:44.0190 1312 gpsvc - ok

19:00:44.0284 1312 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:00:44.0299 1312 gupdate - ok

19:00:44.0299 1312 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:00:44.0315 1312 gupdatem - ok

19:00:44.0362 1312 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

19:00:44.0424 1312 hcw85cir - ok

19:00:44.0518 1312 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

19:00:44.0564 1312 HdAudAddService - ok

19:00:44.0627 1312 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

19:00:44.0658 1312 HDAudBus - ok

19:00:44.0705 1312 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

19:00:44.0720 1312 HidBatt - ok

19:00:44.0783 1312 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

19:00:44.0814 1312 HidBth - ok

19:00:44.0876 1312 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

19:00:44.0908 1312 HidIr - ok

19:00:44.0954 1312 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

19:00:45.0017 1312 hidserv - ok

19:00:45.0064 1312 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

19:00:45.0095 1312 HidUsb - ok

19:00:45.0126 1312 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

19:00:45.0204 1312 hkmsvc - ok

19:00:45.0266 1312 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

19:00:45.0313 1312 HomeGroupListener - ok

19:00:45.0360 1312 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

19:00:45.0407 1312 HomeGroupProvider - ok

19:00:45.0563 1312 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

19:00:45.0563 1312 HP Support Assistant Service - ok

19:00:45.0688 1312 HP Wireless Assistant Service (3a09322a8aa8b0c79036686a0ebe7b4c) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

19:00:45.0703 1312 HP Wireless Assistant Service - ok

19:00:45.0766 1312 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

19:00:45.0781 1312 HPDrvMntSvc.exe - ok

19:00:45.0875 1312 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

19:00:45.0906 1312 hpqwmiex - ok

19:00:46.0000 1312 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

19:00:46.0015 1312 HpSAMD - ok

19:00:46.0109 1312 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

19:00:46.0109 1312 HPWMISVC - ok

19:00:46.0218 1312 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

19:00:46.0296 1312 HTTP - ok

19:00:46.0327 1312 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

19:00:46.0327 1312 hwpolicy - ok

19:00:46.0421 1312 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

19:00:46.0436 1312 i8042prt - ok

19:00:46.0514 1312 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

19:00:46.0530 1312 iaStorV - ok

19:00:46.0702 1312 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

19:00:46.0733 1312 idsvc - ok

19:00:47.0154 1312 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys

19:00:47.0326 1312 igfx - ok

19:00:47.0513 1312 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

19:00:47.0544 1312 iirsp - ok

19:00:47.0653 1312 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

19:00:47.0716 1312 IKEEXT - ok

19:00:47.0934 1312 IntcAzAudAddService (b88e24bd77a0ce2cffee2facf1151be0) C:\Windows\system32\drivers\RTKVHD64.sys

19:00:48.0012 1312 IntcAzAudAddService - ok

19:00:48.0199 1312 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

19:00:48.0199 1312 intelide - ok

19:00:48.0262 1312 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

19:00:48.0308 1312 intelppm - ok

19:00:48.0340 1312 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

19:00:48.0402 1312 IPBusEnum - ok

19:00:48.0464 1312 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:00:48.0511 1312 IpFilterDriver - ok

19:00:48.0620 1312 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

19:00:48.0698 1312 iphlpsvc - ok

19:00:48.0745 1312 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

19:00:48.0761 1312 IPMIDRV - ok

19:00:48.0823 1312 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

19:00:48.0886 1312 IPNAT - ok

19:00:48.0917 1312 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

19:00:48.0979 1312 IRENUM - ok

19:00:49.0026 1312 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

19:00:49.0026 1312 isapnp - ok

19:00:49.0104 1312 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

19:00:49.0120 1312 iScsiPrt - ok

19:00:49.0151 1312 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

19:00:49.0182 1312 kbdclass - ok

19:00:49.0244 1312 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

19:00:49.0260 1312 kbdhid - ok

19:00:49.0322 1312 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:00:49.0322 1312 KeyIso - ok

19:00:49.0354 1312 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

19:00:49.0369 1312 KSecDD - ok

19:00:49.0432 1312 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

19:00:49.0432 1312 KSecPkg - ok

19:00:49.0510 1312 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

19:00:49.0556 1312 ksthunk - ok

19:00:49.0619 1312 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

19:00:49.0666 1312 KtmRm - ok

19:00:49.0759 1312 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

19:00:49.0806 1312 LanmanServer - ok

19:00:49.0884 1312 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

19:00:49.0931 1312 LanmanWorkstation - ok

19:00:49.0993 1312 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

19:00:50.0040 1312 lltdio - ok

19:00:50.0118 1312 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

19:00:50.0180 1312 lltdsvc - ok

19:00:50.0227 1312 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

19:00:50.0258 1312 lmhosts - ok

19:00:50.0321 1312 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

19:00:50.0336 1312 LSI_FC - ok

19:00:50.0399 1312 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

19:00:50.0414 1312 LSI_SAS - ok

19:00:50.0461 1312 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

19:00:50.0461 1312 LSI_SAS2 - ok

19:00:50.0508 1312 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

19:00:50.0524 1312 LSI_SCSI - ok

19:00:50.0586 1312 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

19:00:50.0633 1312 luafv - ok

19:00:50.0758 1312 lxecCATSCustConnectService (1f02b554ddc4086d786537a3bf6488f1) C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe

19:00:50.0773 1312 lxecCATSCustConnectService - ok

19:00:50.0804 1312 lxec_device - ok

19:00:50.0867 1312 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys

19:00:50.0882 1312 MBAMProtector - ok

19:00:51.0023 1312 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

19:00:51.0070 1312 MBAMService - ok

19:00:51.0116 1312 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

19:00:51.0148 1312 Mcx2Svc - ok

19:00:51.0179 1312 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

19:00:51.0210 1312 megasas - ok

19:00:51.0257 1312 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

19:00:51.0304 1312 MegaSR - ok

19:00:51.0366 1312 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

19:00:51.0413 1312 MMCSS - ok

19:00:51.0460 1312 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

19:00:51.0491 1312 Modem - ok

19:00:51.0553 1312 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

19:00:51.0600 1312 monitor - ok

19:00:51.0662 1312 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

19:00:51.0662 1312 mouclass - ok

19:00:51.0740 1312 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

19:00:51.0772 1312 mouhid - ok

19:00:51.0818 1312 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

19:00:51.0834 1312 mountmgr - ok

19:00:51.0943 1312 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

19:00:51.0990 1312 MozillaMaintenance - ok

19:00:52.0052 1312 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys

19:00:52.0068 1312 MpFilter - ok

19:00:52.0130 1312 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

19:00:52.0146 1312 mpio - ok

19:00:52.0208 1312 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

19:00:52.0240 1312 mpsdrv - ok

19:00:52.0333 1312 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

19:00:52.0411 1312 MpsSvc - ok

19:00:52.0458 1312 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

19:00:52.0505 1312 MRxDAV - ok

19:00:52.0567 1312 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

19:00:52.0614 1312 mrxsmb - ok

19:00:52.0661 1312 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:00:52.0692 1312 mrxsmb10 - ok

19:00:52.0739 1312 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:00:52.0770 1312 mrxsmb20 - ok

19:00:52.0801 1312 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

19:00:52.0817 1312 msahci - ok

19:00:52.0879 1312 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

19:00:52.0895 1312 msdsm - ok

19:00:52.0957 1312 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

19:00:52.0988 1312 MSDTC - ok

19:00:53.0051 1312 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

19:00:53.0082 1312 Msfs - ok

19:00:53.0113 1312 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

19:00:53.0144 1312 mshidkmdf - ok

19:00:53.0191 1312 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

19:00:53.0207 1312 msisadrv - ok

19:00:53.0269 1312 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

19:00:53.0332 1312 MSiSCSI - ok

19:00:53.0332 1312 msiserver - ok

19:00:53.0394 1312 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

19:00:53.0456 1312 MSKSSRV - ok

19:00:53.0550 1312 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe

19:00:53.0550 1312 MsMpSvc - ok

19:00:53.0597 1312 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

19:00:53.0644 1312 MSPCLOCK - ok

19:00:53.0675 1312 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

19:00:53.0706 1312 MSPQM - ok

19:00:53.0768 1312 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

19:00:53.0800 1312 MsRPC - ok

19:00:53.0846 1312 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

19:00:53.0862 1312 mssmbios - ok

19:00:53.0893 1312 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

19:00:53.0956 1312 MSTEE - ok

19:00:53.0987 1312 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

19:00:54.0018 1312 MTConfig - ok

19:00:54.0034 1312 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

19:00:54.0049 1312 Mup - ok

19:00:54.0127 1312 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

19:00:54.0174 1312 napagent - ok

19:00:54.0252 1312 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

19:00:54.0283 1312 NativeWifiP - ok

19:00:54.0455 1312 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

19:00:54.0486 1312 NDIS - ok

19:00:54.0533 1312 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

19:00:54.0595 1312 NdisCap - ok

19:00:54.0626 1312 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

19:00:54.0673 1312 NdisTapi - ok

19:00:54.0751 1312 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

19:00:54.0798 1312 Ndisuio - ok

19:00:54.0860 1312 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

19:00:54.0907 1312 NdisWan - ok

19:00:54.0954 1312 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

19:00:54.0985 1312 NDProxy - ok

19:00:55.0063 1312 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

19:00:55.0126 1312 NetBIOS - ok

19:00:55.0188 1312 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

19:00:55.0235 1312 NetBT - ok

19:00:55.0266 1312 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:00:55.0282 1312 Netlogon - ok

19:00:55.0391 1312 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

19:00:55.0453 1312 Netman - ok

19:00:55.0594 1312 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:00:55.0625 1312 NetMsmqActivator - ok

19:00:55.0672 1312 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:00:55.0672 1312 NetPipeActivator - ok

19:00:55.0781 1312 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

19:00:55.0828 1312 netprofm - ok

19:00:55.0843 1312 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:00:55.0843 1312 NetTcpActivator - ok

19:00:55.0859 1312 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:00:55.0859 1312 NetTcpPortSharing - ok

19:00:56.0296 1312 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

19:00:56.0483 1312 netw5v64 - ok

19:00:56.0670 1312 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

19:00:56.0701 1312 nfrd960 - ok

19:00:56.0732 1312 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

19:00:56.0748 1312 NisDrv - ok

19:00:56.0857 1312 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe

19:00:56.0873 1312 NisSrv - ok

19:00:56.0966 1312 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

19:00:57.0029 1312 NlaSvc - ok

19:00:57.0091 1312 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

19:00:57.0122 1312 Npfs - ok

19:00:57.0154 1312 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

19:00:57.0232 1312 nsi - ok

19:00:57.0247 1312 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

19:00:57.0278 1312 nsiproxy - ok

19:00:57.0466 1312 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

19:00:57.0528 1312 Ntfs - ok

19:00:57.0715 1312 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

19:00:57.0793 1312 Null - ok

19:00:57.0856 1312 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

19:00:57.0871 1312 nvraid - ok

19:00:57.0902 1312 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

19:00:57.0934 1312 nvstor - ok

19:00:57.0980 1312 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

19:00:58.0012 1312 nv_agp - ok

19:00:58.0168 1312 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

19:00:58.0199 1312 odserv - ok

19:00:58.0246 1312 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

19:00:58.0277 1312 ohci1394 - ok

19:00:58.0355 1312 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:00:58.0386 1312 ose - ok

19:00:58.0464 1312 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

19:00:58.0511 1312 p2pimsvc - ok

19:00:58.0589 1312 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

19:00:58.0604 1312 p2psvc - ok

19:00:58.0667 1312 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

19:00:58.0682 1312 Parport - ok

19:00:58.0714 1312 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

19:00:58.0745 1312 partmgr - ok

19:00:58.0792 1312 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

19:00:58.0838 1312 PcaSvc - ok

19:00:58.0885 1312 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

19:00:58.0901 1312 pci - ok

19:00:58.0932 1312 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

19:00:58.0963 1312 pciide - ok

19:00:59.0010 1312 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

19:00:59.0041 1312 pcmcia - ok

19:00:59.0072 1312 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

19:00:59.0088 1312 pcw - ok

19:00:59.0197 1312 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

19:00:59.0228 1312 PEAUTH - ok

19:00:59.0353 1312 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

19:00:59.0384 1312 PerfHost - ok

19:00:59.0556 1312 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

19:00:59.0618 1312 pla - ok

19:00:59.0712 1312 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

19:00:59.0759 1312 PlugPlay - ok

19:00:59.0806 1312 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

19:00:59.0821 1312 PNRPAutoReg - ok

19:00:59.0899 1312 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

19:00:59.0899 1312 PNRPsvc - ok

19:01:00.0024 1312 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys

19:01:00.0024 1312 Point64 - ok

19:01:00.0133 1312 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

19:01:00.0211 1312 PolicyAgent - ok

19:01:00.0274 1312 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

19:01:00.0336 1312 Power - ok

19:01:00.0414 1312 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

19:01:00.0461 1312 PptpMiniport - ok

19:01:00.0492 1312 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

19:01:00.0539 1312 Processor - ok

19:01:00.0617 1312 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

19:01:00.0664 1312 ProfSvc - ok

19:01:00.0710 1312 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:01:00.0710 1312 ProtectedStorage - ok

19:01:00.0773 1312 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

19:01:00.0820 1312 Psched - ok

19:01:00.0882 1312 pxkbf (ba5f7c107eace67973b4b798832a74c7) C:\Windows\system32\drivers\pxkbf.sys

19:01:00.0882 1312 pxkbf - ok

19:01:00.0929 1312 pxrts (007e57428802f587d0d6737ae7a9d989) C:\Windows\system32\drivers\pxrts.sys

19:01:00.0929 1312 pxrts - ok

19:01:00.0960 1312 pxscan (66d4d00c8908888a68b749d91f1e6789) C:\Windows\system32\drivers\pxscan.sys

19:01:00.0960 1312 pxscan - ok

19:01:01.0147 1312 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

19:01:01.0194 1312 ql2300 - ok

19:01:01.0381 1312 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

19:01:01.0397 1312 ql40xx - ok

19:01:01.0459 1312 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

19:01:01.0506 1312 QWAVE - ok

19:01:01.0553 1312 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

19:01:01.0568 1312 QWAVEdrv - ok

19:01:01.0615 1312 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

19:01:01.0646 1312 RasAcd - ok

19:01:01.0724 1312 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

19:01:01.0771 1312 RasAgileVpn - ok

19:01:01.0802 1312 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

19:01:01.0865 1312 RasAuto - ok

19:01:01.0927 1312 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

19:01:01.0974 1312 Rasl2tp - ok

19:01:02.0036 1312 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

19:01:02.0099 1312 RasMan - ok

19:01:02.0161 1312 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

19:01:02.0208 1312 RasPppoe - ok

19:01:02.0255 1312 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

19:01:02.0317 1312 RasSstp - ok

19:01:02.0395 1312 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

19:01:02.0442 1312 rdbss - ok

19:01:02.0489 1312 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

19:01:02.0520 1312 rdpbus - ok

19:01:02.0551 1312 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

19:01:02.0598 1312 RDPCDD - ok

19:01:02.0629 1312 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

19:01:02.0707 1312 RDPENCDD - ok

19:01:02.0723 1312 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

19:01:02.0754 1312 RDPREFMP - ok

19:01:02.0848 1312 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

19:01:02.0926 1312 RDPWD - ok

19:01:03.0004 1312 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

19:01:03.0019 1312 rdyboost - ok

19:01:03.0082 1312 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

19:01:03.0128 1312 RemoteAccess - ok

19:01:03.0191 1312 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

19:01:03.0253 1312 RemoteRegistry - ok

19:01:03.0300 1312 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

19:01:03.0363 1312 RpcEptMapper - ok

19:01:03.0409 1312 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

19:01:03.0441 1312 RpcLocator - ok

19:01:03.0550 1312 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

19:01:03.0581 1312 RpcSs - ok

19:01:03.0643 1312 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

19:01:03.0675 1312 rspndr - ok

19:01:03.0768 1312 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys

19:01:03.0815 1312 RTL8167 - ok

19:01:03.0955 1312 RtVOsdService (5fff3e71b4724bb10918fd6dd7413d99) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe

19:01:03.0987 1312 RtVOsdService ( UnsignedFile.Multi.Generic ) - warning

19:01:03.0987 1312 RtVOsdService - detected UnsignedFile.Multi.Generic (1)

19:01:04.0049 1312 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:01:04.0065 1312 SamSs - ok

19:01:04.0111 1312 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

19:01:04.0127 1312 sbp2port - ok

19:01:04.0189 1312 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

19:01:04.0236 1312 SCardSvr - ok

19:01:04.0299 1312 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

19:01:04.0345 1312 scfilter - ok

19:01:04.0486 1312 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

19:01:04.0564 1312 Schedule - ok

19:01:04.0611 1312 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

19:01:04.0642 1312 SCPolicySvc - ok

19:01:04.0704 1312 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

19:01:04.0751 1312 sdbus - ok

19:01:04.0782 1312 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

19:01:04.0829 1312 SDRSVC - ok

19:01:04.0860 1312 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

19:01:04.0907 1312 secdrv - ok

19:01:04.0969 1312 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

19:01:05.0016 1312 seclogon - ok

19:01:05.0063 1312 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

19:01:05.0125 1312 SENS - ok

19:01:05.0172 1312 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

19:01:05.0203 1312 SensrSvc - ok

19:01:05.0235 1312 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

19:01:05.0281 1312 Serenum - ok

19:01:05.0313 1312 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

19:01:05.0359 1312 Serial - ok

19:01:05.0422 1312 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

19:01:05.0437 1312 sermouse - ok

19:01:05.0500 1312 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

19:01:05.0547 1312 SessionEnv - ok

19:01:05.0593 1312 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

19:01:05.0640 1312 sffdisk - ok

19:01:05.0656 1312 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

19:01:05.0687 1312 sffp_mmc - ok

19:01:05.0718 1312 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

19:01:05.0734 1312 sffp_sd - ok

19:01:05.0765 1312 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

19:01:05.0796 1312 sfloppy - ok

19:01:05.0874 1312 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

19:01:05.0937 1312 SharedAccess - ok

19:01:06.0015 1312 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

19:01:06.0077 1312 ShellHWDetection - ok

19:01:06.0108 1312 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

19:01:06.0124 1312 SiSRaid2 - ok

19:01:06.0171 1312 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

19:01:06.0186 1312 SiSRaid4 - ok

19:01:06.0233 1312 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

19:01:06.0280 1312 Smb - ok

19:01:06.0342 1312 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

19:01:06.0389 1312 SNMPTRAP - ok

19:01:06.0420 1312 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

19:01:06.0436 1312 spldr - ok

19:01:06.0545 1312 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

19:01:06.0592 1312 Spooler - ok

19:01:06.0873 1312 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

19:01:07.0013 1312 sppsvc - ok

19:01:07.0153 1312 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

19:01:07.0185 1312 sppuinotify - ok

19:01:07.0325 1312 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

19:01:07.0356 1312 srv - ok

19:01:07.0434 1312 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

19:01:07.0450 1312 srv2 - ok

19:01:07.0543 1312 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

19:01:07.0559 1312 SrvHsfHDA - ok

19:01:07.0746 1312 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

19:01:07.0809 1312 SrvHsfV92 - ok

19:01:08.0043 1312 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

19:01:08.0074 1312 SrvHsfWinac - ok

19:01:08.0152 1312 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

19:01:08.0183 1312 srvnet - ok

19:01:08.0261 1312 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

19:01:08.0308 1312 SSDPSRV - ok

19:01:08.0339 1312 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

19:01:08.0401 1312 SstpSvc - ok

19:01:08.0433 1312 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

19:01:08.0464 1312 stexstor - ok

19:01:08.0573 1312 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

19:01:08.0651 1312 stisvc - ok

19:01:08.0698 1312 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

19:01:08.0698 1312 swenum - ok

19:01:08.0791 1312 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

19:01:08.0854 1312 swprv - ok

19:01:08.0994 1312 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys

19:01:09.0010 1312 SynTP - ok

19:01:09.0213 1312 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

19:01:09.0275 1312 SysMain - ok

19:01:09.0431 1312 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

19:01:09.0447 1312 TabletInputService - ok

19:01:09.0525 1312 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

19:01:09.0603 1312 TapiSrv - ok

19:01:09.0649 1312 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

19:01:09.0681 1312 TBS - ok

19:01:09.0930 1312 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

19:01:10.0024 1312 Tcpip - ok

19:01:10.0351 1312 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

19:01:10.0398 1312 TCPIP6 - ok

19:01:10.0585 1312 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

19:01:10.0632 1312 tcpipreg - ok

19:01:10.0679 1312 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

19:01:10.0726 1312 TDPIPE - ok

19:01:10.0741 1312 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

19:01:10.0788 1312 TDTCP - ok

19:01:10.0851 1312 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

19:01:10.0882 1312 tdx - ok

19:01:10.0944 1312 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

19:01:10.0960 1312 TermDD - ok

19:01:11.0038 1312 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

19:01:11.0100 1312 TermService - ok

19:01:11.0131 1312 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

19:01:11.0194 1312 Themes - ok

19:01:11.0256 1312 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

19:01:11.0287 1312 THREADORDER - ok

19:01:11.0319 1312 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

19:01:11.0381 1312 TrkWks - ok

19:01:11.0459 1312 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

19:01:11.0506 1312 TrustedInstaller - ok

19:01:11.0553 1312 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

19:01:11.0615 1312 tssecsrv - ok

19:01:11.0693 1312 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

19:01:11.0740 1312 TsUsbFlt - ok

19:01:11.0818 1312 TunerFreeMCEService (d3e533cbbccc4f1ea1069edc30425469) C:\Program Files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe

19:01:11.0833 1312 TunerFreeMCEService ( UnsignedFile.Multi.Generic ) - warning

19:01:11.0833 1312 TunerFreeMCEService - detected UnsignedFile.Multi.Generic (1)

19:01:11.0896 1312 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

19:01:11.0958 1312 tunnel - ok

19:01:12.0005 1312 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

19:01:12.0036 1312 uagp35 - ok

19:01:12.0130 1312 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

19:01:12.0208 1312 udfs - ok

19:01:12.0239 1312 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

19:01:12.0270 1312 UI0Detect - ok

19:01:12.0317 1312 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

19:01:12.0348 1312 uliagpkx - ok

19:01:12.0426 1312 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

19:01:12.0426 1312 umbus - ok

19:01:12.0457 1312 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

19:01:12.0504 1312 UmPass - ok

19:01:12.0582 1312 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

19:01:12.0645 1312 upnphost - ok

19:01:12.0691 1312 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

19:01:12.0723 1312 usbccgp - ok

19:01:12.0754 1312 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

19:01:12.0785 1312 usbcir - ok

19:01:12.0816 1312 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

19:01:12.0863 1312 usbehci - ok

19:01:12.0941 1312 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys

19:01:12.0941 1312 usbfilter - ok

19:01:13.0019 1312 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

19:01:13.0050 1312 usbhub - ok

19:01:13.0081 1312 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

19:01:13.0097 1312 usbohci - ok

19:01:13.0128 1312 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

19:01:13.0159 1312 usbprint - ok

19:01:13.0237 1312 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

19:01:13.0253 1312 usbscan - ok

19:01:13.0315 1312 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:01:13.0347 1312 USBSTOR - ok

19:01:13.0393 1312 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

19:01:13.0409 1312 usbuhci - ok

19:01:13.0471 1312 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

19:01:13.0518 1312 UxSms - ok

19:01:13.0565 1312 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

19:01:13.0565 1312 VaultSvc - ok

19:01:13.0627 1312 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

19:01:13.0627 1312 vdrvroot - ok

19:01:13.0737 1312 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

19:01:13.0799 1312 vds - ok

19:01:13.0861 1312 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

19:01:13.0877 1312 vga - ok

19:01:13.0893 1312 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

19:01:13.0939 1312 VgaSave - ok

19:01:14.0033 1312 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

19:01:14.0049 1312 vhdmp - ok

19:01:14.0080 1312 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

19:01:14.0080 1312 viaide - ok

19:01:14.0111 1312 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

19:01:14.0127 1312 volmgr - ok

19:01:14.0189 1312 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

19:01:14.0205 1312 volmgrx - ok

19:01:14.0283 1312 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

19:01:14.0329 1312 volsnap - ok

19:01:14.0361 1312 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

19:01:14.0392 1312 vsmraid - ok

19:01:14.0563 1312 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

19:01:14.0657 1312 VSS - ok

19:01:14.0829 1312 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

19:01:14.0844 1312 vwifibus - ok

19:01:14.0907 1312 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

19:01:14.0938 1312 vwififlt - ok

19:01:15.0016 1312 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

19:01:15.0063 1312 W32Time - ok

19:01:15.0125 1312 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

19:01:15.0156 1312 WacomPen - ok

19:01:15.0234 1312 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

19:01:15.0297 1312 WANARP - ok

19:01:15.0312 1312 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

19:01:15.0359 1312 Wanarpv6 - ok

19:01:15.0499 1312 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

19:01:15.0546 1312 WatAdminSvc - ok

19:01:15.0718 1312 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

19:01:15.0780 1312 wbengine - ok

19:01:15.0952 1312 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

19:01:15.0967 1312 WbioSrvc - ok

19:01:16.0045 1312 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

19:01:16.0108 1312 wcncsvc - ok

19:01:16.0155 1312 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

19:01:16.0186 1312 WcsPlugInService - ok

19:01:16.0248 1312 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

19:01:16.0264 1312 Wd - ok

19:01:16.0389 1312 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

19:01:16.0420 1312 Wdf01000 - ok

19:01:16.0467 1312 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

19:01:16.0545 1312 WdiServiceHost - ok

19:01:16.0545 1312 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

19:01:16.0560 1312 WdiSystemHost - ok

19:01:16.0638 1312 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

19:01:16.0685 1312 WebClient - ok

19:01:16.0763 1312 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

19:01:16.0810 1312 Wecsvc - ok

19:01:16.0825 1312 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

19:01:16.0888 1312 wercplsupport - ok

19:01:16.0919 1312 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

19:01:16.0997 1312 WerSvc - ok

19:01:17.0106 1312 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

19:01:17.0137 1312 WfpLwf - ok

19:01:17.0153 1312 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

19:01:17.0184 1312 WIMMount - ok

19:01:17.0215 1312 WinDefend - ok

19:01:17.0231 1312 WinHttpAutoProxySvc - ok

19:01:17.0340 1312 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

19:01:17.0387 1312 Winmgmt - ok

19:01:17.0605 1312 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

19:01:17.0699 1312 WinRM - ok

19:01:17.0933 1312 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

19:01:17.0995 1312 Wlansvc - ok

19:01:18.0245 1312 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

19:01:18.0339 1312 wlidsvc - ok

19:01:18.0495 1312 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

19:01:18.0541 1312 WmiAcpi - ok

19:01:18.0619 1312 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

19:01:18.0682 1312 wmiApSrv - ok

19:01:18.0729 1312 WMPNetworkSvc - ok

19:01:18.0791 1312 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

19:01:18.0838 1312 WPCSvc - ok

19:01:18.0885 1312 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

19:01:18.0931 1312 WPDBusEnum - ok

19:01:18.0963 1312 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

19:01:19.0009 1312 ws2ifsl - ok

19:01:19.0072 1312 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

19:01:19.0103 1312 wscsvc - ok

19:01:19.0103 1312 WSearch - ok

19:01:19.0337 1312 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

19:01:19.0415 1312 wuauserv - ok

19:01:19.0602 1312 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

19:01:19.0680 1312 WudfPf - ok

19:01:19.0743 1312 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

19:01:19.0805 1312 WUDFRd - ok

19:01:19.0867 1312 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

19:01:19.0899 1312 wudfsvc - ok

19:01:19.0961 1312 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

19:01:19.0992 1312 WwanSvc - ok

19:01:20.0148 1312 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

19:01:20.0179 1312 YahooAUService - ok

19:01:20.0289 1312 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

19:01:20.0335 1312 yukonw7 - ok

19:01:20.0382 1312 MBR (0x1B8) (4287d1c7c777c7cdd9ab892338678e65) \Device\Harddisk0\DR0

19:01:20.0803 1312 \Device\Harddisk0\DR0 - ok

19:01:20.0803 1312 Boot (0x1200) (a71c215f653bad850a396eca1607c630) \Device\Harddisk0\DR0\Partition0

19:01:20.0803 1312 \Device\Harddisk0\DR0\Partition0 - ok

19:01:20.0850 1312 Boot (0x1200) (07ef4458efa0038db2a13c78e83a9055) \Device\Harddisk0\DR0\Partition1

19:01:20.0850 1312 \Device\Harddisk0\DR0\Partition1 - ok

19:01:20.0881 1312 Boot (0x1200) (3951b66e9a987716b97c33db33223fe6) \Device\Harddisk0\DR0\Partition2

19:01:20.0881 1312 \Device\Harddisk0\DR0\Partition2 - ok

19:01:20.0928 1312 Boot (0x1200) (fa9ac4dade58f1927454b193254063a3) \Device\Harddisk0\DR0\Partition3

19:01:20.0928 1312 \Device\Harddisk0\DR0\Partition3 - ok

19:01:20.0928 1312 ============================================================

19:01:20.0928 1312 Scan finished

19:01:20.0928 1312 ============================================================

19:01:20.0944 1304 Detected object count: 2

19:01:20.0944 1304 Actual detected object count: 2

19:01:54.0687 1304 C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe - copied to quarantine

19:01:54.0687 1304 HKLM\SYSTEM\ControlSet001\services\RtVOsdService - will be deleted on reboot

19:01:54.0780 1304 HKLM\SYSTEM\ControlSet002\services\RtVOsdService - will be deleted on reboot

19:01:55.0186 1304 C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe - will be deleted on reboot

19:01:55.0186 1304 RtVOsdService ( UnsignedFile.Multi.Generic ) - User select action: Delete

19:01:55.0264 1304 C:\Program Files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe - copied to quarantine

19:01:55.0264 1304 HKLM\SYSTEM\ControlSet001\services\TunerFreeMCEService - will be deleted on reboot

19:01:55.0264 1304 HKLM\SYSTEM\ControlSet002\services\TunerFreeMCEService - will be deleted on reboot

19:01:55.0279 1304 C:\Program Files (x86)\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe - will be deleted on reboot

19:01:55.0279 1304 TunerFreeMCEService ( UnsignedFile.Multi.Generic ) - User select action: Delete

19:02:22.0845 1264 Deinitialize success

[Maurice Naggar]

In one of your previous runs of TDSSKILLER, You may have taken out to quarantine some needed Realtek driver.

AS to Google redirects, you must provide plenty of detail:

a) Do you get to the actual Google website initially ? i.e., do I get there ok?

b) Which browser are you using at the time? Be very explicit. Internet Explorer, Firefox, Chrome, or what? List them.

c) If got to Google site ok, what are you clicking from the list of results ?

You must understand that not all search results are to legitimate or safe sites.

Provide details in a reply.

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the MBAM scan log into a reply.

[chulocabra]

AS to Google redirects, you must provide plenty of detail:

a) Do you get to the actual Google website initially ? i.e., do I get there ok? Yes, I can do a normal Google Search

b) Which browser are you using at the time? Be very explicit. Internet Explorer, Firefox, Chrome, or what? List them. Only Firefox 14.01

c) If got to Google site ok, what are you clicking from the list of results ? Normal search results, I will click on a link, and then sometimes (Not as frequent now) I will be taken to another website (used to be scour) I would click BACK, and then click the same link and be taken to the "right" site.

You must understand that not all search results are to legitimate or safe sites.

Will do a full scan and post results soon

[chulocabra]

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.09.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Laptop :: LAPTOP-HP [administrator]

Protection: Enabled

8/9/2012 12:06:50 PM

mbam-log-2012-08-09 (12-06-50).txt

Scan type: Full scan (C:\|D:\|E:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 367166

Time elapsed: 1 hour(s), 25 minute(s), 41 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[chulocabra]

Malwarebytes Protection log. Blocked several websites just recently

2012/08/09 09:07:47 -0400 LAPTOP-HP Laptop MESSAGE Starting protection

2012/08/09 09:07:51 -0400 LAPTOP-HP Laptop MESSAGE Protection started successfully

2012/08/09 09:07:51 -0400 LAPTOP-HP Laptop MESSAGE Executing scheduled update: Daily

2012/08/09 09:07:54 -0400 LAPTOP-HP Laptop MESSAGE Starting IP protection

2012/08/09 09:07:59 -0400 LAPTOP-HP Laptop MESSAGE IP Protection started successfully

2012/08/09 09:08:06 -0400 LAPTOP-HP Laptop MESSAGE Starting database refresh

2012/08/09 09:08:06 -0400 LAPTOP-HP Laptop MESSAGE Scheduled update executed successfully: database updated from version v2012.08.08.06 to version v2012.08.09.07

2012/08/09 09:08:06 -0400 LAPTOP-HP Laptop MESSAGE Stopping IP protection

2012/08/09 09:13:58 -0400 LAPTOP-HP Laptop MESSAGE IP Protection stopped

2012/08/09 09:14:02 -0400 LAPTOP-HP Laptop MESSAGE Database refreshed successfully

2012/08/09 09:14:02 -0400 LAPTOP-HP Laptop MESSAGE Starting IP protection

2012/08/09 09:14:07 -0400 LAPTOP-HP Laptop MESSAGE IP Protection started successfully

2012/08/09 12:05:54 -0400 LAPTOP-HP Laptop MESSAGE Starting database refresh

2012/08/09 12:05:54 -0400 LAPTOP-HP Laptop MESSAGE Stopping IP protection

2012/08/09 12:10:40 -0400 LAPTOP-HP Laptop MESSAGE IP Protection stopped

2012/08/09 12:11:14 -0400 LAPTOP-HP Laptop MESSAGE Database refreshed successfully

2012/08/09 12:11:14 -0400 LAPTOP-HP Laptop MESSAGE Starting IP protection

2012/08/09 12:11:19 -0400 LAPTOP-HP Laptop MESSAGE IP Protection started successfully

2012/08/09 13:51:03 -0400 LAPTOP-HP Laptop IP-BLOCK 195.68.160.103 (Type: outgoing, Port: 52550, Process: firefox.exe)

2012/08/09 13:51:03 -0400 LAPTOP-HP Laptop IP-BLOCK 195.68.160.103 (Type: outgoing, Port: 52551, Process: firefox.exe)

2012/08/09 13:51:03 -0400 LAPTOP-HP Laptop IP-BLOCK 195.68.160.103 (Type: outgoing, Port: 52552, Process: firefox.exe)

2012/08/09 13:51:03 -0400 LAPTOP-HP Laptop IP-BLOCK 195.68.160.103 (Type: outgoing, Port: 52553, Process: firefox.exe)

2012/08/09 13:51:03 -0400 LAPTOP-HP Laptop IP-BLOCK 195.68.160.103 (Type: outgoing, Port: 52554, Process: firefox.exe)

2012/08/09 13:51:03 -0400 LAPTOP-HP Laptop IP-BLOCK 195.68.160.103 (Type: outgoing, Port: 52555, Process: firefox.exe)

2012/08/09 13:52:16 -0400 LAPTOP-HP Laptop IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 52595, Process: firefox.exe)

[Maurice Naggar]

Excellent result from MBAM.

Uninstall Firefox. Restart system fresh.

Download and save the Firefox setup program from mozilla.org

Run Firefox setup.

Logoff and restart system fresh.

Get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm

Steps to follow for the MVP Hosts file:

1) Download and SAVE the zip file to a temporary folder

2) Unzip (extract the contents) in the same folder

3) Temporarily disable your antivirus program. Some antivirus apps will block changes to the Hosts file; so turn it off.

4) After extract is complete, run mvps.bat batch file. This copies your pre-existing Hosts file to Hosts.mvp in the folder where Windows' Hosts resides

typically, C:\WINDOWS\system32\drivers\etc

and after that copy is saved, it replaces the old Hosts with the new one.

And you should see (in the blue background command window) the following:

_________________________________________________

¦ +---+¦

¦ THE MVPS HOSTS FILE IS NOW UPDATED ¦ v ¦¦

¦ +---+¦

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Previous version saved and renamed to HOSTS.MVP

Press any key to continue . . .

Find the folder where you saved the original download. Delete hosts.zip and a file folder there named hosts

The latter is the same folder that had mvps.bat

5) Re-enable your antivirus app.

The MVP Hosts file is updated from time to time. See http://msmvps.com/blogs/hostsnews

for information. And you can also sign-up for email notice when Mike publishes updates.

Do a very careful test with Firefox.

P.s. I do not need the MBAM protection log.

[chulocabra]

I get redirected to this IP XXXX://63.209.69.107/ Which is Scour. Seems to happen less frequently (maybe 1 in 50 to 75 clicks)

[chulocabra]

Thanks, I'll uninstall Firefox and try it out

[chulocabra]

I have not tested it too much but looks good so far. Thank you!

[Maurice Naggar]

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files (x86)\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

Next, download my Security Check from here .

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

Edited August 11, 2012 by Maurice Naggar

[chulocabra]

ESET Scan

C:\Users\Laptop\AppData\Local\{2AEB1F0A-DAB6-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined

[chulocabra]

This is all the log has

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

[Maurice Naggar]

I need to know, from you, if the redirects are gone.

Further, you understand that once you get to a search engine site (whether Yahoo or Google or whatever) the results listed from a search cannot be assumed to be to safe sites, valid sites, trustworthy sites, etc.

The search engines just make a list of matches.

The Eset scan found 1 item in Chrome. Had you done an uninstall of Chrome and then follow that by new install of Chrome?

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

• Please double-click OTL.exe to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  
• Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  *****************************************************************
  :processes
  killallprocesses
  :files
  recycler /alldrives
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [EMPTYFLASH]
  [Reboot]
  *****************************************************************
  
• Return to OTL. Right click in the window (under the aqua-blue bar) and choose Paste.
  
• Close any browser(s) windows that may be open.
  
• Using your mouse, click on the red-lettered button .
  
• Once you see a message box "Fix complete! Click OK to open the fix log."
  Click the OK button
  
• The log will open in Notepad (your default text editor).
  
• Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Download and Save McAfee Stinger to your Desktop

http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Close all browsers before starting. Disable your antivirus program and anti-malware,if any.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 & Vista systems, Right Click and select Run as Administrator.

On XP, double-click to start it.

The GUI interface will look like this

The C drive is the default for scanning.

Press the Preferences button. In the top right-block "On virus detection", click Rename

In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.

When done, use the File menu and select Save report to file

Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.

RE-Enable your anti-virus program.

Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.

It is not intended as virus protection.

[chulocabra]

Thanks, I'll work on the scans

Further, you understand that once you get to a search engine site (whether Yahoo or Google or whatever) the results listed from a search cannot be assumed to be to safe sites, valid sites, trustworthy sites, etc.

The search engines just make a list of matches.

I understand what you mean, however, i used to get normal search results, I will click on a link, and then sometimes (None so far ) I will be taken to another website (used to be scour) I would click BACK, and then click the same link and be taken to the "right" site. Its not an issue of clicking an invalid site since the address on the google search result does not match the address of the resulting website and if I click on the same link again it goes to the valid site.

[chulocabra]

Oh yea, I dont have Chrome installed on this laptop. I dont know why Eset is showing that root dir.

[Maurice Naggar]

First, Have you done the OTL Fix?

Have you done the Stinger run ?

Please copy/paste those logs after you are done.

I do not understand what is meant by

why Eset is showing that root dir.

Kindly make that clearer.

[chulocabra]

All processes killed

========== PROCESSES ==========

========== FILES ==========

recycler not found in C:\

recycler not found in D:\

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Laptop

->Temp folder emptied: 1044031605 bytes

->Temporary Internet Files folder emptied: 268125144 bytes

->Java cache emptied: 1005523 bytes

->FireFox cache emptied: 1086645837 bytes

->Flash cache emptied: 64611 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 190505383 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46356671 bytes

RecycleBin emptied: 819115 bytes

Total Files Cleaned = 2,515.00 mb

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Laptop

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.57.0 log created on 08132012_112033

Files\Folders moved on Reboot...

C:\Users\Laptop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

File C:\Users\Laptop\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Malwarebytes has blocked an IP (scour.com) still

What I was saying is that ESTE scan showed this result " C:\Users\Laptop\AppData\Local\{2AEB1F0A-DAB6-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined"

Which you assumed I had Chrome installed in my computer, but I dont. So what I am saying is I dont know why there is a file labeled "Chrome" and looks like a browser.

Will be running stinger next

[chulocabra]

Stinger report McAfee® Labs Stinger Version 10.2.0.736 built on Aug 13 2012

Copyright © 2012 McAfee, Inc. All Rights Reserved.

Virus data file v1000.0000 created on Aug 13 2012.

Ready to scan for 4839 viruses, trojans and variants.

Scan initiated on Mon Aug 13 11:32:51 2012

Rootkit scan result : Not Scanned

No files scanned

Scan initiated on Mon Aug 13 11:33:46 2012

Rootkit scan result : Not Scanned

Master Boot Record(s):....1

Possibly Infected:.............0

Boot Sector(s):.................2

Possibly Infected: ............0

Number of clean files: 17773