Jump to content

sirefef conedex and agent


Recommended Posts

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35

Run by Brian at 8:09:52 on 2012-09-06

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4021.1591 [GMT -7:00]

.

AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\TurboBoost\TurboBoost.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\svchost.exe -k SDRSVC

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://yahoo.com/

uDefault_Page_URL = hxxp://asus.msn.com

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll

mURLSearchHooks: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll

BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

TB: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll

TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Google Update] "C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [updatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

dRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm

IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

LSP: mswsock.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7D1023C5-9348-4B5E-A57C-35E7B4BB26AA} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7D1023C5-9348-4B5E-A57C-35E7B4BB26AA}\130364850363035353835363 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7D1023C5-9348-4B5E-A57C-35E7B4BB26AA}\2456C6B696E6F5E4F575962756C6563737F5735423244353 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{7D1023C5-9348-4B5E-A57C-35E7B4BB26AA}\34944595F5F464F505F4D4F4E414F575946494 : DhcpNameServer = 10.100.160.1

TCP: Interfaces\{7D1023C5-9348-4B5E-A57C-35E7B4BB26AA}\8475537333 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7D1023C5-9348-4B5E-A57C-35E7B4BB26AA}\8496C6C647F6070264275656 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7D1023C5-9348-4B5E-A57C-35E7B4BB26AA}\86F6D656C6160747F607 : DhcpNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll

BHO-X64: Conduit Engine - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll

BHO-X64: vshare.tv Bar - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll

BHO-X64: MegaIEMn - No File

BHO-X64: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll

BHO-X64: WeCareReminder - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

TB-X64: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll

TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [updatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ata\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kb9jrt0j.default\\\\extensions\\\\DTToolbar@toolbarnet.com\,\mtime\:1305739308783},\fdm_ffext@freedownloadmanager.org\:{\descriptor\:\C:\\\\Program Files (x86)\\\\Free Download Manager\\\\Firefox\\\\Extension\,\mtime\:1316987691288},\firefox@ghostery.com\:{\descriptor\:\C:\\\\Users\\\\Brian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kb9jrt0j.default\\\\extensions\\\\firefox@ghostery.com\,\mtime\:1331796568192},\support@lastpass.com\:{\descriptor\:\C:\\\\Users\\\\Brian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kb9jrt0j.default\\\\extensions\\\\support@lastpass.com\,\mtime\:1332389759384},\toolbar@ask.com\:{\descriptor\:\C:\\\\Users\\\\Brian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kb9jrt0j.default\\\\extensions\\\\toolbar@ask.com\,\mtime\:1332389719887},\vshare@toolbar\:{\descriptor\:\C:\\\\Users\\\\Brian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kb9jrt0j.default\\\\extensions\\\\vshare@toolbar\,\mtime\:1303077062748},\{1fc895a6-2042-46ec-a61b-233165b4c218}\:{\descriptor\:\C:\\\\Users\\\\Brian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kb9jrt0j.default\\\\extensions\\\\{1fc895a6-2042-46ec-a61b-233165b4c218}.xpi\,\mtime\:1310709378991},\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}\:{\descriptor\:\C:\\\\Users\\\\Brian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kb9jrt0j.default\\\\extensions\\\\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}\,\mtime\:1305175452817},\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\:{\descriptor\:\C:\\\\Users\\\\Brian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kb9jrt0j.default\\\\extensions\\\\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\,\mtime\:1331131858954},\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\:{\descriptor\:\C:\\\\Users\\\\Brian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kb9jrt0j.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\,\mtime\:1325837968525}}}]

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll

FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll

FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Brian\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\plugins\np-mswmp.dll

FF - plugin: C:\Users\Brian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Brian\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]

R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-11-7 1620584]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-8-16 235624]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-7 2314240]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]

R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]

R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);C:\Windows\system32\DRIVERS\OXSDIDRV_x64.sys --> C:\Windows\system32\DRIVERS\OXSDIDRV_x64.sys [?]

R3 S6000KNT;S6000KNT_WebCam Driver;C:\Windows\system32\Drivers\S6000KNT.sys --> C:\Windows\system32\Drivers\S6000KNT.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 VCam_WDM;e2eSoft VCam;C:\Windows\system32\DRIVERS\VCam_WDM.sys --> C:\Windows\system32\DRIVERS\VCam_WDM.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-7 135664]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]

S3 AtiIrRcvr;ATI Remote Receiver Service;C:\Windows\system32\DRIVERS\aticir.sys --> C:\Windows\system32\DRIVERS\aticir.sys [?]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-7 135664]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-2 114144]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 OXUDIDRV;OXUDIDRV;\??\C:\Windows\system32\Drivers\OXUDIDRV_X64.sys --> C:\Windows\system32\Drivers\OXUDIDRV_X64.sys [?]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

.

=============== Created Last 30 ================

.

2012-09-05 22:08:20 -------- d-----w- C:\Program Files (x86)\ESET

2012-09-05 03:22:20 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys

2012-09-05 02:59:54 -------- d-----w- C:\Program Files\Enigma Software Group

2012-09-05 02:59:11 -------- d-----w- C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP

2012-09-05 02:59:07 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2012-09-05 02:29:58 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-05 02:29:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-09-04 23:49:19 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-09-04 21:17:53 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-09-04 21:10:03 -------- d-----w- C:\ProgramData\Windows Codecs

2012-09-04 21:10:00 -------- d-----w- C:\Program Files (x86)\Mega Codec Pack

2012-09-04 12:56:30 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E582FD7A-95B7-4412-9DF0-8BFB99224EDF}\mpengine.dll

2012-09-04 03:32:22 -------- d-----r- C:\Program Files (x86)\Skype

2012-08-31 14:10:24 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-08-17 01:31:53 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs

2012-08-15 10:03:37 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys

2012-08-15 06:54:24 503808 ----a-w- C:\Windows\System32\srcore.dll

2012-08-15 06:54:24 43008 ----a-w- C:\Windows\SysWow64\srclient.dll

2012-08-15 06:54:22 751104 ----a-w- C:\Windows\System32\win32spl.dll

2012-08-15 06:54:22 67072 ----a-w- C:\Windows\splwow64.exe

2012-08-15 06:54:22 559104 ----a-w- C:\Windows\System32\spoolsv.exe

2012-08-15 06:54:22 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2012-08-15 06:54:21 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-08-15 06:54:21 136704 ----a-w- C:\Windows\System32\browser.dll

2012-08-15 06:54:20 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-08-15 06:54:18 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-08-15 06:54:17 956928 ----a-w- C:\Windows\System32\localspl.dll

2012-08-12 07:05:14 -------- d-----w- C:\Users\Brian\AppData\Local\PokerStars.NET

2012-08-12 07:04:43 -------- d-----w- C:\Program Files (x86)\PokerStars.NET

2012-08-08 19:05:51 -------- d-----w- C:\Users\Brian\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2012-08-08 19:00:40 -------- d-----w- C:\Users\Brian\AppData\Local\Software Assist

2012-08-08 19:00:36 -------- d-----w- C:\Program Files (x86)\Software Assist

.

==================== Find3M ====================

.

2012-08-29 03:24:56 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-08-29 03:24:53 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-08-21 17:25:18 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-21 17:25:18 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-25 23:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll

.

============= FINISH: 8:10:47.96 ===============

Link to post
Share on other sites

Has your system been ever without an antivirus program ?

Backdoor trojan warning:ZeroAccess / Sirefef

This system has some serious backdoor trojans. ZeroAccess / Sirefef

This is a point where you need to decide about whether to make a clean start.

According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

You are strongly advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.

While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Rootkits: The Obscure Hacker Attack http://www.microsoft...tip/st1005.mspx

Help: I Got Hacked. Now What Do I Do? http://www.microsoft...gmt/sm0504.mspx

Help: I Got Hacked. Now What Do I Do? Part II http://www.microsoft...gmt/sm0704.mspx

Microsoft Says Recovery from Malware Becoming Impossible http://www.eweek.com...,1945808,00.asp

Let me know what you decide.

Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 2/24/2011 8:03:05 PM

System Uptime: 9/5/2012 5:32:21 PM (15 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | N53Jq

Processor: Intel® Core i7 CPU Q 740 @ 1.73GHz | Socket 989 | 919/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 116 GiB total, 15.361 GiB free.

D: is FIXED (NTFS) - 328 GiB total, 22.298 GiB free.

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP399: 9/6/2012 - Scheduled Checkpoint

.

==== Installed Programs ======================

.

µTorrent

AC3Filter 1.63b

Acrobat.com

Adobe AIR

Adobe Flash Media Live Encoder 3.2

Adobe Flash Player 11 Plugin

Adobe Reader 9.1 MUI

Alcor Micro USB Card Reader

Anti reCAPTCHA v2.06

Apple Application Support

Apple Software Update

ASUS AI Recovery

ASUS Video Magic

ASUS WebStorage

ASUS_N3_Series

ATI Hybrid TV Tuner Driver v6.14.10.389 64bit Win7

ATK Package

Avidemux 2.5

Bitrate Starter

Boingo Wi-Fi

Combined Community Codec Pack 2010-10-10

Conduit Engine

CWA Reminder by We-Care.com v4.0.16.3

CyberLink LabelPrint

CyberLink MediaShow Espresso

CyberLink PhotoNow

CyberLink Power2Go

CyberLink PowerDirector

CyberLink PowerDVD 9

DAEMON Tools Lite

DAEMON Tools Toolbar

DVD Flick 1.3.0.7

e2eSoft VCam v5.1

ESET Online Scanner v3

EVEREST Home Edition v2.20

FlvRecorder

foobar2000 v1.1.10

FormatFactory 2.70

Free Download Manager 3.0 - Prime Time Freeware Edition

GIMP 2.4.7

Google Chrome

Google Earth Plug-in

Google Talk Plugin

Google Update Helper

HandBrake 0.9.5

iLivid

Intel® Management Engine Components

Java Auto Updater

Java 6 Update 35

JDownloader

Junk Mail filter update

Malwarebytes Anti-Malware version 1.62.0.1300

ManyCam 2.4 (remove only)

Mega Manager

Microsoft Choice Guard

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 15.0 (x86 en-US)

Mozilla Maintenance Service

Mplayer 0.6.9

MSVCRT

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB973685)

MyPhoneExplorer

NVIDIA Stereoscopic 3D Driver

NVIDIA Updatus

OnLive

OpenMG Limited Patch 4.7-07-14-05-01

OpenMG Secure Module 4.7.00

PokerStars.net

Postal 2 Share The Pain

Privoxy (remove only)

QuickTime

Realtek High Definition Audio Driver

RemoteComms External Disk Access

Revo Uninstaller 1.91

Samsung PC Studio 3 USB Driver Installer

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype™ 5.10

Software Assist

SonicMaster

SonicStage 4.3

SopCast 3.3.2

SpeedFan (remove only)

StreamTorrent 1.0

Subtitle Workshop 2.51

System Requirements Lab CYRI

Tiny Media Player v1.0

Total Audio MP3 Converter v2.3 build 1037

Trillian

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

USB2.0 2.0M UVC WebCam

Veetle Broadcaster 0.9.18

Veetle TV

VirtualDubMOD 1.5.10.3 US

VLC media player 1.1.9

vshare.tv Bar Toolbar

vShare.tv plugin 1.3

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Media Player Firefox Plugin

WinFlash

WinPcap 4.1.1

Wireless Console 3

XSplit

.

==== Event Viewer Messages From Past Week ========

.

9/5/2012 5:33:52 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

9/5/2012 5:33:24 PM, Error: Service Control Manager [7001] -

9/5/2012 4:58:59 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.

9/5/2012 11:28:00 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

9/4/2012 4:17:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

9/4/2012 4:17:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

9/4/2012 4:17:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

9/4/2012 4:17:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

9/4/2012 4:17:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

9/4/2012 4:17:22 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

9/4/2012 4:17:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

9/4/2012 4:10:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service sdrsvc with arguments "" in order to run the server: {687E55CA-6621-4C41-B9F1-C0EDDC94BB05}

9/3/2012 2:36:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

9/1/2012 5:11:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

.

==== End Of File ===========================

Link to post
Share on other sites

Step 1:

Your logs showed some peer-to-peer filesharing apps: uTorrent. Uninstall it + any other peer-to-peer sharing app.

Confirm that you have removed all.

Filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Edited by Maurice Naggar
Link to post
Share on other sites

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Do not click any FIX button. We just need an initial report.

Step 4

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program. excl.png

Then copy/paste the following into your post (in order):

  • the contents of aswMBR report;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

i was able to get MBR and RKreport logs ... but TDSSKILLER wouldnt let me copy the files from the report.... also since it was just running and not an installed program there was no saved TDSSKILLER log

swMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-09-06 11:34:32

-----------------------------

11:34:32.564 OS Version: Windows x64 6.1.7601 Service Pack 1

11:34:32.564 Number of processors: 8 586 0x1E05

11:34:32.566 ComputerName: BRIAN-PC UserName: Brian

11:34:35.122 Initialize success

11:36:44.832 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

11:36:44.837 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3

11:36:44.852 Disk 0 MBR read successfully

11:36:44.858 Disk 0 MBR scan

11:36:44.864 Disk 0 Windows 7 default MBR code

11:36:44.872 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 22003 MB offset 63

11:36:44.886 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119231 MB offset 45062325

11:36:44.893 Disk 0 Partition - 00 0F Extended LBA 335704 MB offset 289249280

11:36:44.929 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 335703 MB offset 289251328

11:36:44.977 Disk 0 scanning C:\Windows\system32\drivers

11:36:53.162 Service scanning

11:37:07.561 Modules scanning

11:37:07.579 Scan finished successfully

11:38:00.104 Disk 0 MBR has been saved successfully to "C:\Users\Brian\Desktop\MBR.dat"

11:38:00.110 The log file has been saved successfully to "C:\Users\Brian\Desktop\aswMBR962012.txt"

Link to post
Share on other sites

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Brian [Admin rights]

Mode : Scan -- Date : 09/06/2012 12:11:53

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] tdsskiller.exe -- C:\Users\Brian\Desktop\tdsskiller.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤

[TASK][sUSP PATH] ASUS Patch 10430001 : C:\Windows\AsPatch10430001.exe -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\Windows\Installer\{02c5a83a-54c6-c68b-f1c6-8d0fc2d760dc}\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\Windows\Installer\{02c5a83a-54c6-c68b-f1c6-8d0fc2d760dc}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\Windows\Installer\{02c5a83a-54c6-c68b-f1c6-8d0fc2d760dc}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND

[sig - ZeroAccess][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS +++++

--- User ---

[MBR] 697fe5d5f8f6c594432ea117b4bfe546

[bSP] b8e681ec20f3f51e484d81d4ade624cc : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062325 | Size: 119231 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 289249280 | Size: 335704 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Do not do any websurfing, or anything online, except for going to this forum and the sites I guide you to for tools.

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab.
  • Then press the Delete button.
  • When done, logoff & Restart the system.
  • The log will be found as RKreport
    Copy & Paste the contents into next reply.

Link to post
Share on other sites

Take it slow. Yes close RogueKiller. Then start it fresh and then follow my write-up and when done post the new RKReport

also,

Please look in the root of your C drive C:\

for a TDDS log similar to this "TDSSKiller.[Version]_[Date]_[Time]_log.txt"

I need copy/paste of the contents

Link to post
Share on other sites

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Brian [Admin rights]

Mode : Remove -- Date : 09/06/2012 13:01:29

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤

[TASK][sUSP PATH] ASUS Patch 10430001 : C:\Windows\AsPatch10430001.exe -> DELETED

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)

[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\Windows\Installer\{02c5a83a-54c6-c68b-f1c6-8d0fc2d760dc}\@ --> REMOVED AT REBOOT

[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{02c5a83a-54c6-c68b-f1c6-8d0fc2d760dc}\U\00000004.@ --> REMOVED

[Del.Parent][FILE] 00000008.@ : C:\Windows\Installer\{02c5a83a-54c6-c68b-f1c6-8d0fc2d760dc}\U\00000008.@ --> REMOVED

[Del.Parent][FILE] 80000032.@ : C:\Windows\Installer\{02c5a83a-54c6-c68b-f1c6-8d0fc2d760dc}\U\80000032.@ --> REMOVED

[Del.Parent][FILE] 80000064.@ : C:\Windows\Installer\{02c5a83a-54c6-c68b-f1c6-8d0fc2d760dc}\U\80000064.@ --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{02c5a83a-54c6-c68b-f1c6-8d0fc2d760dc}\U --> REMOVED

[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{02c5a83a-54c6-c68b-f1c6-8d0fc2d760dc}\L\00000004.@ --> REMOVED

[Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{02c5a83a-54c6-c68b-f1c6-8d0fc2d760dc}\L\201d3dde --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{02c5a83a-54c6-c68b-f1c6-8d0fc2d760dc}\L --> REMOVED

[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED

[susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> REPLACED AT REBOOT (C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe)

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS +++++

--- User ---

[MBR] 697fe5d5f8f6c594432ea117b4bfe546

[bSP] b8e681ec20f3f51e484d81d4ade624cc : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062325 | Size: 119231 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 289249280 | Size: 335704 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[5].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

Link to post
Share on other sites

Here's the last log i have for TDSSKILLER... its earlier than the RK report by about 30 mins .... not sure if this is the one you're looking for

12:27:27.0709 5640 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

12:27:28.0241 5640 ============================================================

12:27:28.0241 5640 Current date / time: 2012/09/06 12:27:28.0241

12:27:28.0241 5640 SystemInfo:

12:27:28.0241 5640

12:27:28.0241 5640 OS Version: 6.1.7601 ServicePack: 1.0

12:27:28.0241 5640 Product type: Workstation

12:27:28.0242 5640 ComputerName: BRIAN-PC

12:27:28.0242 5640 UserName: Brian

12:27:28.0242 5640 Windows directory: C:\Windows

12:27:28.0242 5640 System windows directory: C:\Windows

12:27:28.0242 5640 Running under WOW64

12:27:28.0242 5640 Processor architecture: Intel x64

12:27:28.0242 5640 Number of processors: 8

12:27:28.0242 5640 Page size: 0x1000

12:27:28.0242 5640 Boot type: Normal boot

12:27:28.0242 5640 ============================================================

12:27:28.0484 5640 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

12:27:28.0493 5640 ============================================================

12:27:28.0493 5640 \Device\Harddisk0\DR0:

12:27:28.0494 5640 MBR partitions:

12:27:28.0494 5640 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2AF98B5, BlocksNum 0xE8DFF31

12:27:28.0510 5640 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x113DA000, BlocksNum 0x28FAB800

12:27:28.0510 5640 ============================================================

12:27:28.0544 5640 C: <-> \Device\Harddisk0\DR0\Partition1

12:27:28.0585 5640 D: <-> \Device\Harddisk0\DR0\Partition2

12:27:28.0586 5640 ============================================================

12:27:28.0586 5640 Initialize success

12:27:28.0586 5640 ============================================================

12:27:33.0364 5720 ============================================================

12:27:33.0364 5720 Scan started

12:27:33.0364 5720 Mode: Manual;

12:27:33.0364 5720 ============================================================

12:27:35.0356 5720 ================ Scan system memory ========================

12:27:35.0356 5720 System memory - ok

12:27:35.0357 5720 ================ Scan services =============================

12:27:35.0438 5720 [ 7D9D615201A483D6FA99491C2E655A5A ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

12:27:35.0441 5720 !SASCORE - ok

12:27:35.0670 5720 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

12:27:35.0672 5720 1394ohci - ok

12:27:35.0705 5720 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

12:27:35.0709 5720 ACPI - ok

12:27:35.0731 5720 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

12:27:35.0732 5720 AcpiPmi - ok

12:27:35.0765 5720 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

12:27:35.0771 5720 adp94xx - ok

12:27:35.0792 5720 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

12:27:35.0796 5720 adpahci - ok

12:27:35.0810 5720 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

12:27:35.0812 5720 adpu320 - ok

12:27:35.0838 5720 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

12:27:35.0839 5720 AeLookupSvc - ok

12:27:35.0884 5720 [ 734D1BA96BE6AD8D04E6AFEAD569EA8A ] AFBAgent C:\Windows\system32\FBAgent.exe

12:27:35.0890 5720 AFBAgent - ok

12:27:35.0938 5720 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

12:27:35.0944 5720 AFD - ok

12:27:35.0974 5720 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

12:27:35.0976 5720 agp440 - ok

12:27:35.0994 5720 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

12:27:35.0996 5720 ALG - ok

12:27:36.0026 5720 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

12:27:36.0027 5720 aliide - ok

12:27:36.0043 5720 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

12:27:36.0043 5720 amdide - ok

12:27:36.0081 5720 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

12:27:36.0083 5720 AmdK8 - ok

12:27:36.0093 5720 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

12:27:36.0095 5720 AmdPPM - ok

12:27:36.0128 5720 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

12:27:36.0129 5720 amdsata - ok

12:27:36.0151 5720 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

12:27:36.0153 5720 amdsbs - ok

12:27:36.0172 5720 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

12:27:36.0173 5720 amdxata - ok

12:27:36.0215 5720 [ 9C7F164B49CADC658D1B3C575782F346 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS

12:27:36.0216 5720 AmUStor - ok

12:27:36.0248 5720 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

12:27:36.0249 5720 AppID - ok

12:27:36.0266 5720 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

12:27:36.0267 5720 AppIDSvc - ok

12:27:36.0297 5720 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

12:27:36.0298 5720 Appinfo - ok

12:27:36.0392 5720 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

12:27:36.0395 5720 Apple Mobile Device - ok

12:27:36.0431 5720 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

12:27:36.0433 5720 arc - ok

12:27:36.0449 5720 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

12:27:36.0451 5720 arcsas - ok

12:27:36.0518 5720 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

12:27:36.0520 5720 ASLDRService - ok

12:27:36.0537 5720 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

12:27:36.0538 5720 ASMMAP64 - ok

12:27:36.0621 5720 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

12:27:36.0623 5720 aspnet_state - ok

12:27:36.0658 5720 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

12:27:36.0659 5720 AsyncMac - ok

12:27:36.0687 5720 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

12:27:36.0688 5720 atapi - ok

12:27:36.0765 5720 [ A5E770426D18F8EF332A593F3289DA91 ] athr C:\Windows\system32\DRIVERS\athrx.sys

12:27:36.0786 5720 athr - ok

12:27:36.0843 5720 [ B968B247478C78C4E9C9CFF1B7076498 ] ATIAVPCI C:\Windows\system32\DRIVERS\atinavrr.sys

12:27:36.0850 5720 ATIAVPCI - ok

12:27:36.0919 5720 [ 00F103CD49420C61457E897D3C71A2E6 ] AtiIrRcvr C:\Windows\system32\DRIVERS\aticir.sys

12:27:36.0920 5720 AtiIrRcvr - ok

12:27:36.0942 5720 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

12:27:36.0944 5720 ATKGFNEXSrv - ok

12:27:36.0982 5720 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

12:27:36.0990 5720 AudioEndpointBuilder - ok

12:27:37.0015 5720 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

12:27:37.0022 5720 AudioSrv - ok

12:27:37.0084 5720 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

12:27:37.0087 5720 AxInstSV - ok

12:27:37.0121 5720 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

12:27:37.0127 5720 b06bdrv - ok

12:27:37.0154 5720 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

12:27:37.0158 5720 b57nd60a - ok

12:27:37.0187 5720 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

12:27:37.0189 5720 BDESVC - ok

12:27:37.0201 5720 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

12:27:37.0201 5720 Beep - ok

12:27:37.0228 5720 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

12:27:37.0229 5720 blbdrive - ok

12:27:37.0273 5720 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

12:27:37.0279 5720 Bonjour Service - ok

12:27:37.0318 5720 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

12:27:37.0320 5720 bowser - ok

12:27:37.0333 5720 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

12:27:37.0334 5720 BrFiltLo - ok

12:27:37.0352 5720 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

12:27:37.0353 5720 BrFiltUp - ok

12:27:37.0380 5720 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

12:27:37.0382 5720 Browser - ok

12:27:37.0406 5720 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

12:27:37.0409 5720 Brserid - ok

12:27:37.0423 5720 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

12:27:37.0424 5720 BrSerWdm - ok

12:27:37.0449 5720 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

12:27:37.0450 5720 BrUsbMdm - ok

12:27:37.0461 5720 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

12:27:37.0463 5720 BrUsbSer - ok

12:27:37.0503 5720 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

12:27:37.0504 5720 BthEnum - ok

12:27:37.0523 5720 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

12:27:37.0524 5720 BTHMODEM - ok

12:27:37.0539 5720 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

12:27:37.0541 5720 BthPan - ok

12:27:37.0564 5720 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

12:27:37.0569 5720 BTHPORT - ok

12:27:37.0594 5720 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

12:27:37.0595 5720 bthserv - ok

12:27:37.0611 5720 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

12:27:37.0613 5720 BTHUSB - ok

12:27:37.0644 5720 [ 2641A3FE3D7B0646308F33B67F3B5300 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys

12:27:37.0645 5720 btusbflt - ok

12:27:37.0675 5720 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys

12:27:37.0676 5720 btwaudio - ok

12:27:37.0699 5720 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys

12:27:37.0700 5720 btwavdt - ok

12:27:37.0779 5720 [ 1E08DC82525282E34AD66FFBA0782565 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

12:27:37.0790 5720 btwdins - ok

12:27:37.0811 5720 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys

12:27:37.0811 5720 btwl2cap - ok

12:27:37.0830 5720 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys

12:27:37.0831 5720 btwrchid - ok

12:27:37.0858 5720 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

12:27:37.0860 5720 cdfs - ok

12:27:37.0896 5720 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

12:27:37.0897 5720 cdrom - ok

12:27:37.0922 5720 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

12:27:37.0924 5720 CertPropSvc - ok

12:27:37.0938 5720 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

12:27:37.0940 5720 circlass - ok

12:27:37.0968 5720 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

12:27:37.0972 5720 CLFS - ok

12:27:38.0025 5720 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:27:38.0028 5720 clr_optimization_v2.0.50727_32 - ok

12:27:38.0070 5720 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

12:27:38.0073 5720 clr_optimization_v2.0.50727_64 - ok

12:27:38.0159 5720 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:27:38.0162 5720 clr_optimization_v4.0.30319_32 - ok

12:27:38.0178 5720 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

12:27:38.0180 5720 clr_optimization_v4.0.30319_64 - ok

12:27:38.0213 5720 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

12:27:38.0215 5720 CmBatt - ok

12:27:38.0229 5720 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

12:27:38.0230 5720 cmdide - ok

12:27:38.0271 5720 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

12:27:38.0276 5720 CNG - ok

12:27:38.0299 5720 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

12:27:38.0301 5720 Compbatt - ok

12:27:38.0329 5720 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

12:27:38.0331 5720 CompositeBus - ok

12:27:38.0347 5720 COMSysApp - ok

12:27:38.0516 5720 cpuz134 - ok

12:27:38.0700 5720 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

12:27:38.0701 5720 crcdisk - ok

12:27:38.0745 5720 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

12:27:38.0748 5720 CryptSvc - ok

12:27:38.0894 5720 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

12:27:38.0905 5720 cvhsvc - ok

12:27:38.0988 5720 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

12:27:38.0997 5720 DcomLaunch - ok

12:27:39.0034 5720 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

12:27:39.0038 5720 defragsvc - ok

12:27:39.0072 5720 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

12:27:39.0074 5720 DfsC - ok

12:27:39.0103 5720 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

12:27:39.0108 5720 Dhcp - ok

12:27:39.0135 5720 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

12:27:39.0136 5720 discache - ok

12:27:39.0170 5720 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

12:27:39.0171 5720 Disk - ok

12:27:39.0198 5720 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

12:27:39.0202 5720 Dnscache - ok

12:27:39.0230 5720 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

12:27:39.0235 5720 dot3svc - ok

12:27:39.0255 5720 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

12:27:39.0259 5720 DPS - ok

12:27:39.0287 5720 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

12:27:39.0288 5720 drmkaud - ok

12:27:39.0334 5720 [ FB9BEF3401EE5ECC2603311B9C64F44A ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys

12:27:39.0338 5720 dtsoftbus01 - ok

12:27:39.0386 5720 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

12:27:39.0397 5720 DXGKrnl - ok

12:27:39.0458 5720 [ D00EAE9C735A7DEE8049E50D73D25434 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys

12:27:39.0461 5720 eamonm - ok

12:27:39.0494 5720 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

12:27:39.0498 5720 EapHost - ok

12:27:39.0582 5720 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

12:27:39.0620 5720 ebdrv - ok

12:27:39.0670 5720 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

12:27:39.0672 5720 EFS - ok

12:27:39.0698 5720 [ E5EDDE3C8158DD0CBC5812F201DCDED0 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys

12:27:39.0700 5720 ehdrv - ok

12:27:39.0759 5720 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

12:27:39.0768 5720 ehRecvr - ok

12:27:39.0808 5720 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

12:27:39.0810 5720 ehSched - ok

12:27:39.0939 5720 [ AD4FAADE819E0DA9933BEA7C01D2C763 ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

12:27:39.0950 5720 ekrn - ok

12:27:40.0001 5720 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

12:27:40.0005 5720 elxstor - ok

12:27:40.0023 5720 [ 587F0F4145A1536A6E37EFD769B7665F ] epfw C:\Windows\system32\DRIVERS\epfw.sys

12:27:40.0025 5720 epfw - ok

12:27:40.0044 5720 [ D2F812358EE8EE23CBB5C4DAFFB5B819 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys

12:27:40.0046 5720 EpfwLWF - ok

12:27:40.0079 5720 [ 34BF55D69AB74D14C7E7A17259CB7DF8 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys

12:27:40.0080 5720 epfwwfp - ok

12:27:40.0103 5720 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

12:27:40.0104 5720 ErrDev - ok

12:27:40.0132 5720 [ 38B0A3E42DE9B36AA56F72A5ECB62331 ] ETD C:\Windows\system32\DRIVERS\ETD.sys

12:27:40.0133 5720 ETD - ok

12:27:40.0163 5720 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

12:27:40.0167 5720 EventSystem - ok

12:27:40.0337 5720 EverestDriver - ok

12:27:40.0576 5720 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

12:27:40.0580 5720 exfat - ok

12:27:40.0600 5720 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

12:27:40.0603 5720 fastfat - ok

12:27:40.0644 5720 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

12:27:40.0653 5720 Fax - ok

12:27:40.0674 5720 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

12:27:40.0675 5720 fdc - ok

12:27:40.0701 5720 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

12:27:40.0703 5720 fdPHost - ok

12:27:40.0713 5720 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

12:27:40.0715 5720 FDResPub - ok

12:27:40.0742 5720 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

12:27:40.0743 5720 FileInfo - ok

12:27:40.0750 5720 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

12:27:40.0751 5720 Filetrace - ok

12:27:40.0763 5720 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

12:27:40.0764 5720 flpydisk - ok

12:27:40.0793 5720 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

12:27:40.0797 5720 FltMgr - ok

12:27:40.0830 5720 [ 480E31B064E6F7B4EAAB8B00437298B6 ] FLxHCIc C:\Windows\system32\DRIVERS\FLxHCIc.sys

12:27:40.0834 5720 FLxHCIc - ok

12:27:40.0845 5720 [ E9CF4C5A0C31197351F89A1DF4522B96 ] FLxHCIh C:\Windows\system32\DRIVERS\FLxHCIh.sys

12:27:40.0847 5720 FLxHCIh - ok

12:27:40.0900 5720 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

12:27:40.0913 5720 FontCache - ok

12:27:40.0971 5720 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

12:27:40.0973 5720 FontCache3.0.0.0 - ok

12:27:41.0000 5720 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

12:27:41.0002 5720 FsDepends - ok

12:27:41.0038 5720 [ 2BF3B36B96D015AF666B6AA63AE2E38F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

12:27:41.0040 5720 fssfltr - ok

12:27:41.0130 5720 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

12:27:41.0136 5720 fsssvc - ok

12:27:41.0170 5720 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

12:27:41.0171 5720 Fs_Rec - ok

12:27:41.0214 5720 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

12:27:41.0217 5720 fvevol - ok

12:27:41.0247 5720 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

12:27:41.0248 5720 gagp30kx - ok

12:27:41.0302 5720 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

12:27:41.0303 5720 GEARAspiWDM - ok

12:27:41.0336 5720 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

12:27:41.0348 5720 gpsvc - ok

12:27:41.0418 5720 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

12:27:41.0420 5720 gupdate - ok

12:27:41.0436 5720 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

12:27:41.0438 5720 gupdatem - ok

12:27:41.0461 5720 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

12:27:41.0464 5720 gusvc - ok

12:27:41.0497 5720 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

12:27:41.0499 5720 hcw85cir - ok

12:27:41.0538 5720 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

12:27:41.0543 5720 HdAudAddService - ok

12:27:41.0574 5720 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

12:27:41.0576 5720 HDAudBus - ok

12:27:41.0599 5720 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

12:27:41.0601 5720 HECIx64 - ok

12:27:41.0618 5720 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

12:27:41.0619 5720 HidBatt - ok

12:27:41.0635 5720 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

12:27:41.0637 5720 HidBth - ok

12:27:41.0658 5720 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

12:27:41.0660 5720 HidIr - ok

12:27:41.0687 5720 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

12:27:41.0689 5720 hidserv - ok

12:27:41.0708 5720 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

12:27:41.0709 5720 HidUsb - ok

12:27:41.0735 5720 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

12:27:41.0739 5720 hkmsvc - ok

12:27:41.0764 5720 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

12:27:41.0769 5720 HomeGroupListener - ok

12:27:41.0798 5720 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

12:27:41.0802 5720 HomeGroupProvider - ok

12:27:41.0826 5720 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

12:27:41.0828 5720 HpSAMD - ok

12:27:41.0865 5720 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

12:27:41.0875 5720 HTTP - ok

12:27:41.0924 5720 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

12:27:41.0926 5720 hwpolicy - ok

12:27:41.0941 5720 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

12:27:41.0944 5720 i8042prt - ok

12:27:42.0007 5720 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

12:27:42.0014 5720 iaStor - ok

12:27:42.0058 5720 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

12:27:42.0063 5720 iaStorV - ok

12:27:42.0123 5720 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

12:27:42.0126 5720 IDriverT - ok

12:27:42.0182 5720 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

12:27:42.0193 5720 idsvc - ok

12:27:42.0238 5720 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

12:27:42.0239 5720 iirsp - ok

12:27:42.0279 5720 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

12:27:42.0290 5720 IKEEXT - ok

12:27:42.0386 5720 [ E02A55F45EDB35641CB470A2CD56E74E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

12:27:42.0399 5720 IntcAzAudAddService - ok

12:27:42.0417 5720 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

12:27:42.0418 5720 intelide - ok

12:27:42.0443 5720 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

12:27:42.0444 5720 intelppm - ok

12:27:42.0481 5720 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

12:27:42.0485 5720 IPBusEnum - ok

12:27:42.0506 5720 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

12:27:42.0508 5720 IpFilterDriver - ok

12:27:42.0534 5720 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

12:27:42.0535 5720 IPMIDRV - ok

12:27:42.0552 5720 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

12:27:42.0554 5720 IPNAT - ok

12:27:42.0624 5720 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

12:27:42.0635 5720 iPod Service - ok

12:27:42.0663 5720 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

12:27:42.0664 5720 IRENUM - ok

12:27:42.0676 5720 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

12:27:42.0678 5720 isapnp - ok

12:27:42.0700 5720 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

12:27:42.0704 5720 iScsiPrt - ok

12:27:42.0726 5720 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

12:27:42.0727 5720 kbdclass - ok

12:27:42.0752 5720 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

12:27:42.0753 5720 kbdhid - ok

12:27:42.0780 5720 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys

12:27:42.0782 5720 kbfiltr - ok

12:27:42.0797 5720 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

12:27:42.0799 5720 KeyIso - ok

12:27:42.0825 5720 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

12:27:42.0827 5720 KSecDD - ok

12:27:42.0854 5720 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

12:27:42.0856 5720 KSecPkg - ok

12:27:42.0880 5720 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

12:27:42.0881 5720 ksthunk - ok

12:27:42.0915 5720 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

12:27:42.0921 5720 KtmRm - ok

12:27:42.0949 5720 [ 48686C29856F46443952A831424F8D6F ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys

12:27:42.0950 5720 L1C - ok

12:27:42.0993 5720 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

12:27:42.0999 5720 LanmanServer - ok

12:27:43.0038 5720 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

12:27:43.0043 5720 LanmanWorkstation - ok

12:27:43.0075 5720 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

12:27:43.0076 5720 lltdio - ok

12:27:43.0107 5720 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

12:27:43.0112 5720 lltdsvc - ok

12:27:43.0129 5720 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

12:27:43.0131 5720 lmhosts - ok

12:27:43.0173 5720 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

12:27:43.0177 5720 LMS - ok

12:27:43.0213 5720 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

12:27:43.0215 5720 LSI_FC - ok

12:27:43.0232 5720 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

12:27:43.0234 5720 LSI_SAS - ok

12:27:43.0253 5720 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

12:27:43.0255 5720 LSI_SAS2 - ok

12:27:43.0270 5720 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

12:27:43.0272 5720 LSI_SCSI - ok

12:27:43.0285 5720 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

12:27:43.0287 5720 luafv - ok

12:27:43.0303 5720 lvpopf64 - ok

12:27:43.0310 5720 LVPr2M64 - ok

12:27:43.0324 5720 LVRS64 - ok

12:27:43.0331 5720 LVUVC64 - ok

12:27:43.0371 5720 [ D33E2B74CF8B3A652BF0A9FBD068E87A ] ManyCam C:\Windows\system32\DRIVERS\ManyCam_x64.sys

12:27:43.0372 5720 ManyCam - ok

12:27:43.0405 5720 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

12:27:43.0409 5720 Mcx2Svc - ok

12:27:43.0426 5720 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

12:27:43.0427 5720 megasas - ok

12:27:43.0449 5720 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

12:27:43.0452 5720 MegaSR - ok

12:27:43.0482 5720 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

12:27:43.0486 5720 MMCSS - ok

12:27:43.0502 5720 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

12:27:43.0503 5720 Modem - ok

12:27:43.0524 5720 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

12:27:43.0525 5720 monitor - ok

12:27:43.0549 5720 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

12:27:43.0550 5720 mouclass - ok

12:27:43.0580 5720 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

12:27:43.0582 5720 mouhid - ok

12:27:43.0614 5720 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

12:27:43.0615 5720 mountmgr - ok

12:27:43.0678 5720 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

12:27:43.0680 5720 MozillaMaintenance - ok

12:27:43.0707 5720 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

12:27:43.0709 5720 mpio - ok

12:27:43.0724 5720 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

12:27:43.0726 5720 mpsdrv - ok

12:27:43.0760 5720 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

12:27:43.0762 5720 MRxDAV - ok

12:27:43.0788 5720 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

12:27:43.0791 5720 mrxsmb - ok

12:27:43.0822 5720 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

12:27:43.0826 5720 mrxsmb10 - ok

12:27:43.0843 5720 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

12:27:43.0845 5720 mrxsmb20 - ok

12:27:43.0879 5720 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

12:27:43.0880 5720 msahci - ok

12:27:43.0946 5720 [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

12:27:43.0948 5720 MSCSPTISRV - ok

12:27:43.0966 5720 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

12:27:43.0968 5720 msdsm - ok

12:27:43.0983 5720 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

12:27:43.0988 5720 MSDTC - ok

12:27:44.0019 5720 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

12:27:44.0020 5720 Msfs - ok

12:27:44.0039 5720 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

12:27:44.0040 5720 mshidkmdf - ok

12:27:44.0068 5720 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

12:27:44.0069 5720 msisadrv - ok

12:27:44.0099 5720 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

12:27:44.0104 5720 MSiSCSI - ok

12:27:44.0110 5720 msiserver - ok

12:27:44.0133 5720 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

12:27:44.0134 5720 MSKSSRV - ok

12:27:44.0143 5720 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

12:27:44.0144 5720 MSPCLOCK - ok

12:27:44.0147 5720 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

12:27:44.0149 5720 MSPQM - ok

12:27:44.0172 5720 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

12:27:44.0174 5720 MsRPC - ok

12:27:44.0188 5720 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

12:27:44.0189 5720 mssmbios - ok

12:27:44.0193 5720 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

12:27:44.0194 5720 MSTEE - ok

12:27:44.0206 5720 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

12:27:44.0206 5720 MTConfig - ok

12:27:44.0236 5720 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys

12:27:44.0237 5720 MTsensor - ok

12:27:44.0247 5720 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

12:27:44.0248 5720 Mup - ok

12:27:44.0282 5720 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

12:27:44.0287 5720 napagent - ok

12:27:44.0316 5720 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

12:27:44.0319 5720 NativeWifiP - ok

12:27:44.0377 5720 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys

12:27:44.0389 5720 NDIS - ok

12:27:44.0410 5720 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

12:27:44.0411 5720 NdisCap - ok

12:27:44.0434 5720 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

12:27:44.0435 5720 NdisTapi - ok

12:27:44.0457 5720 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

12:27:44.0458 5720 Ndisuio - ok

12:27:44.0477 5720 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

12:27:44.0479 5720 NdisWan - ok

12:27:44.0504 5720 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

12:27:44.0505 5720 NDProxy - ok

12:27:44.0514 5720 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

12:27:44.0515 5720 NetBIOS - ok

12:27:44.0541 5720 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

12:27:44.0544 5720 NetBT - ok

12:27:44.0554 5720 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

12:27:44.0556 5720 Netlogon - ok

12:27:44.0583 5720 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

12:27:44.0589 5720 Netman - ok

12:27:44.0644 5720 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:27:44.0646 5720 NetMsmqActivator - ok

12:27:44.0653 5720 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:27:44.0655 5720 NetPipeActivator - ok

12:27:44.0675 5720 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

12:27:44.0681 5720 netprofm - ok

12:27:44.0687 5720 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:27:44.0689 5720 NetTcpActivator - ok

12:27:44.0694 5720 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:27:44.0696 5720 NetTcpPortSharing - ok

12:27:44.0724 5720 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

12:27:44.0725 5720 nfrd960 - ok

12:27:44.0754 5720 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

12:27:44.0760 5720 NlaSvc - ok

12:27:44.0818 5720 [ C31FA031335EFF434B2D94278E74BCCE ] NPF C:\Windows\system32\drivers\npf.sys

12:27:44.0820 5720 NPF - ok

12:27:44.0834 5720 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

12:27:44.0836 5720 Npfs - ok

12:27:44.0866 5720 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

12:27:44.0868 5720 nsi - ok

12:27:44.0877 5720 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

12:27:44.0878 5720 nsiproxy - ok

12:27:44.0928 5720 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

12:27:44.0948 5720 Ntfs - ok

12:27:44.0977 5720 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

12:27:44.0978 5720 Null - ok

12:27:45.0028 5720 [ E20ABD5B229760158F753CA90B97E090 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys

12:27:45.0030 5720 NVHDA - ok

12:27:45.0266 5720 [ 240E2667AA8A63BCDF253C11A44C465C ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

12:27:45.0324 5720 nvlddmkm - ok

12:27:45.0354 5720 [ 7E11307E8E48EE6FF73FACA6C62E3BE4 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys

12:27:45.0355 5720 nvpciflt - ok

12:27:45.0388 5720 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

12:27:45.0389 5720 nvraid - ok

12:27:45.0406 5720 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

12:27:45.0409 5720 nvstor - ok

12:27:45.0438 5720 [ 7D77A2B349017A7B9EAEF105A22E8B36 ] nvsvc C:\Windows\system32\nvvsvc.exe

12:27:45.0442 5720 nvsvc - ok

12:27:45.0515 5720 [ E0ECB3C5C905B4942D3740373605A31A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

12:27:45.0532 5720 nvUpdatusService - ok

12:27:45.0559 5720 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

12:27:45.0560 5720 nv_agp - ok

12:27:45.0587 5720 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

12:27:45.0588 5720 ohci1394 - ok

12:27:45.0647 5720 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

12:27:45.0649 5720 ose - ok

12:27:45.0789 5720 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

12:27:45.0811 5720 osppsvc - ok

12:27:45.0857 5720 [ DAF5D6B1696D42140839CD557336EFC8 ] OXSDIDRV_x64 C:\Windows\system32\DRIVERS\OXSDIDRV_x64.sys

12:27:45.0858 5720 OXSDIDRV_x64 - ok

12:27:45.0904 5720 [ D77856902312AB9129C966F64A3AC430 ] OXUDIDRV C:\Windows\system32\Drivers\OXUDIDRV_X64.sys

12:27:45.0906 5720 OXUDIDRV - ok

12:27:45.0936 5720 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

12:27:45.0941 5720 p2pimsvc - ok

12:27:45.0969 5720 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

12:27:45.0976 5720 p2psvc - ok

12:27:46.0000 5720 [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

12:27:46.0002 5720 PACSPTISVR - ok

12:27:46.0025 5720 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

12:27:46.0027 5720 Parport - ok

12:27:46.0049 5720 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

12:27:46.0051 5720 partmgr - ok

12:27:46.0064 5720 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

12:27:46.0068 5720 PcaSvc - ok

12:27:46.0093 5720 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

12:27:46.0095 5720 pci - ok

12:27:46.0112 5720 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

12:27:46.0113 5720 pciide - ok

12:27:46.0133 5720 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

12:27:46.0135 5720 pcmcia - ok

12:27:46.0152 5720 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

12:27:46.0153 5720 pcw - ok

12:27:46.0179 5720 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

12:27:46.0186 5720 PEAUTH - ok

12:27:46.0270 5720 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

12:27:46.0272 5720 PerfHost - ok

12:27:46.0310 5720 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

12:27:46.0318 5720 pla - ok

12:27:46.0363 5720 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

12:27:46.0371 5720 PlugPlay - ok

12:27:46.0397 5720 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

12:27:46.0400 5720 PNRPAutoReg - ok

12:27:46.0415 5720 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

12:27:46.0420 5720 PNRPsvc - ok

12:27:46.0448 5720 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

12:27:46.0454 5720 PolicyAgent - ok

12:27:46.0497 5720 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

12:27:46.0501 5720 Power - ok

12:27:46.0528 5720 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

12:27:46.0529 5720 PptpMiniport - ok

12:27:46.0551 5720 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

12:27:46.0553 5720 Processor - ok

12:27:46.0582 5720 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

12:27:46.0587 5720 ProfSvc - ok

12:27:46.0600 5720 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

12:27:46.0602 5720 ProtectedStorage - ok

12:27:46.0625 5720 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

12:27:46.0627 5720 Psched - ok

12:27:46.0658 5720 pvkvlw - ok

12:27:46.0674 5720 [ 5D6C8E778F0218FCD2CCA0EFBC9766CA ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

12:27:46.0676 5720 PxHlpa64 - ok

12:27:46.0727 5720 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

12:27:46.0742 5720 ql2300 - ok

12:27:46.0789 5720 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

12:27:46.0791 5720 ql40xx - ok

12:27:46.0819 5720 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

12:27:46.0824 5720 QWAVE - ok

12:27:46.0833 5720 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

12:27:46.0834 5720 QWAVEdrv - ok

12:27:46.0853 5720 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

12:27:46.0855 5720 RasAcd - ok

12:27:46.0890 5720 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

12:27:46.0891 5720 RasAgileVpn - ok

12:27:46.0903 5720 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

12:27:46.0907 5720 RasAuto - ok

12:27:46.0925 5720 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

12:27:46.0927 5720 Rasl2tp - ok

12:27:46.0961 5720 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

12:27:46.0967 5720 RasMan - ok

12:27:46.0984 5720 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

12:27:46.0985 5720 RasPppoe - ok

12:27:46.0998 5720 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

12:27:47.0000 5720 RasSstp - ok

12:27:47.0034 5720 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

12:27:47.0037 5720 rdbss - ok

12:27:47.0055 5720 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

12:27:47.0056 5720 rdpbus - ok

12:27:47.0084 5720 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

12:27:47.0084 5720 RDPCDD - ok

12:27:47.0092 5720 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

12:27:47.0093 5720 RDPENCDD - ok

12:27:47.0117 5720 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

12:27:47.0118 5720 RDPREFMP - ok

12:27:47.0141 5720 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

12:27:47.0144 5720 RDPWD - ok

12:27:47.0173 5720 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

12:27:47.0175 5720 rdyboost - ok

12:27:47.0206 5720 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

12:27:47.0210 5720 RemoteAccess - ok

12:27:47.0235 5720 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

12:27:47.0240 5720 RemoteRegistry - ok

12:27:47.0273 5720 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

12:27:47.0275 5720 RFCOMM - ok

12:27:47.0362 5720 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

12:27:47.0365 5720 RichVideo - ok

12:27:47.0409 5720 [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe

12:27:47.0412 5720 rpcapd - ok

12:27:47.0431 5720 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

12:27:47.0435 5720 RpcEptMapper - ok

12:27:47.0460 5720 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

12:27:47.0463 5720 RpcLocator - ok

12:27:47.0503 5720 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

12:27:47.0511 5720 RpcSs - ok

12:27:47.0537 5720 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

12:27:47.0539 5720 rspndr - ok

12:27:47.0582 5720 [ 268967955B42DAB765395E72277F5346 ] S6000KNT C:\Windows\system32\Drivers\S6000KNT.sys

12:27:47.0585 5720 S6000KNT - ok

12:27:47.0599 5720 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

12:27:47.0601 5720 SamSs - ok

12:27:47.0637 5720 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

12:27:47.0638 5720 SASDIFSV - ok

12:27:47.0662 5720 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

12:27:47.0663 5720 SASKUTIL - ok

12:27:47.0695 5720 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

12:27:47.0696 5720 sbp2port - ok

12:27:47.0720 5720 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

12:27:47.0726 5720 SCardSvr - ok

12:27:47.0753 5720 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

12:27:47.0754 5720 scfilter - ok

12:27:47.0795 5720 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

12:27:47.0809 5720 Schedule - ok

12:27:47.0840 5720 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

12:27:47.0841 5720 SCPolicySvc - ok

12:27:47.0862 5720 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

12:27:47.0865 5720 SDRSVC - ok

12:27:47.0894 5720 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

12:27:47.0895 5720 secdrv - ok

12:27:47.0904 5720 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

12:27:47.0907 5720 seclogon - ok

12:27:47.0919 5720 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

12:27:47.0922 5720 SENS - ok

12:27:47.0934 5720 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

12:27:47.0937 5720 SensrSvc - ok

12:27:47.0952 5720 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

12:27:47.0953 5720 Serenum - ok

12:27:47.0977 5720 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

12:27:47.0978 5720 Serial - ok

12:27:48.0012 5720 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

12:27:48.0012 5720 sermouse - ok

12:27:48.0043 5720 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

12:27:48.0046 5720 SessionEnv - ok

12:27:48.0067 5720 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

12:27:48.0068 5720 sffdisk - ok

12:27:48.0083 5720 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

12:27:48.0083 5720 sffp_mmc - ok

12:27:48.0094 5720 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

12:27:48.0095 5720 sffp_sd - ok

12:27:48.0111 5720 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

12:27:48.0112 5720 sfloppy - ok

12:27:48.0149 5720 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys

12:27:48.0153 5720 Sftfs - ok

12:27:48.0208 5720 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

12:27:48.0211 5720 sftlist - ok

12:27:48.0237 5720 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys

12:27:48.0238 5720 Sftplay - ok

12:27:48.0265 5720 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys

12:27:48.0266 5720 Sftredir - ok

12:27:48.0278 5720 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys

12:27:48.0279 5720 Sftvol - ok

12:27:48.0299 5720 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

12:27:48.0300 5720 sftvsa - ok

12:27:48.0340 5720 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

12:27:48.0345 5720 ShellHWDetection - ok

12:27:48.0378 5720 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys

12:27:48.0379 5720 SiSGbeLH - ok

12:27:48.0398 5720 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

12:27:48.0399 5720 SiSRaid2 - ok

12:27:48.0409 5720 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

12:27:48.0411 5720 SiSRaid4 - ok

12:27:48.0462 5720 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

12:27:48.0465 5720 SkypeUpdate - ok

12:27:48.0483 5720 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

12:27:48.0485 5720 Smb - ok

12:27:48.0519 5720 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

12:27:48.0522 5720 SNMPTRAP - ok

12:27:48.0557 5720 [ 977AAA4398D7D6FA65D973F5B3F54E40 ] SonicStage Back-End Service C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe

12:27:48.0559 5720 SonicStage Back-End Service - ok

12:27:48.0592 5720 [ 7455ED832A33FEF453407F5411C3342D ] speedfan C:\Windows\syswow64\speedfan.sys

12:27:48.0595 5720 speedfan - ok

12:27:48.0609 5720 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

12:27:48.0611 5720 spldr - ok

12:27:48.0644 5720 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

12:27:48.0652 5720 Spooler - ok

12:27:48.0737 5720 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

12:27:48.0759 5720 sppsvc - ok

12:27:48.0792 5720 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

12:27:48.0794 5720 sppuinotify - ok

12:27:48.0810 5720 [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe

12:27:48.0812 5720 SPTISRV - ok

12:27:48.0849 5720 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

12:27:48.0855 5720 srv - ok

12:27:48.0877 5720 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

12:27:48.0881 5720 srv2 - ok

12:27:48.0892 5720 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

12:27:48.0895 5720 srvnet - ok

12:27:48.0924 5720 [ F4F1E1FF6986FE8914525AF751EA3EAC ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys

12:27:48.0926 5720 sscdbus - ok

12:27:48.0951 5720 [ 5447690D2CFE1BDE1BE3A5A5A3E2F796 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys

12:27:48.0952 5720 sscdmdfl - ok

12:27:48.0974 5720 [ BFDA292053AEB76A0C1D63B2279D5138 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys

12:27:48.0975 5720 sscdmdm - ok

12:27:49.0016 5720 [ 208731A751357DD71C5A0345C77AFD0A ] sscdserd C:\Windows\system32\DRIVERS\sscdserd.sys

12:27:49.0018 5720 sscdserd - ok

12:27:49.0043 5720 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

12:27:49.0047 5720 SSDPSRV - ok

12:27:49.0065 5720 [ 756E371B3B86A3D3039926D32EAC0E8D ] SSScsiSV C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe

12:27:49.0066 5720 SSScsiSV - ok

12:27:49.0077 5720 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

12:27:49.0079 5720 SstpSvc - ok

12:27:49.0116 5720 [ 9029786EE426CE2A01E1D8D4C493C363 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

12:27:49.0119 5720 Stereo Service - ok

12:27:49.0143 5720 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

12:27:49.0145 5720 stexstor - ok

12:27:49.0174 5720 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

12:27:49.0182 5720 stisvc - ok

12:27:49.0199 5720 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

12:27:49.0199 5720 swenum - ok

12:27:49.0218 5720 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

12:27:49.0226 5720 swprv - ok

12:27:49.0355 5720 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

12:27:49.0375 5720 SysMain - ok

12:27:49.0405 5720 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

12:27:49.0407 5720 TabletInputService - ok

12:27:49.0434 5720 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

12:27:49.0437 5720 TapiSrv - ok

12:27:49.0454 5720 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

12:27:49.0456 5720 TBS - ok

12:27:49.0521 5720 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

12:27:49.0536 5720 Tcpip - ok

12:27:49.0583 5720 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

12:27:49.0591 5720 TCPIP6 - ok

12:27:49.0628 5720 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

12:27:49.0629 5720 tcpipreg - ok

12:27:49.0662 5720 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

12:27:49.0663 5720 TDPIPE - ok

12:27:49.0683 5720 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

12:27:49.0685 5720 TDTCP - ok

12:27:49.0713 5720 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

12:27:49.0715 5720 tdx - ok

12:27:49.0750 5720 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

12:27:49.0752 5720 TermDD - ok

12:27:49.0790 5720 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

12:27:49.0800 5720 TermService - ok

12:27:49.0827 5720 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

12:27:49.0831 5720 Themes - ok

12:27:49.0861 5720 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

12:27:49.0864 5720 THREADORDER - ok

12:27:49.0902 5720 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

12:27:49.0907 5720 TrkWks - ok

12:27:50.0024 5720 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

12:27:50.0028 5720 TrustedInstaller - ok

12:27:50.0052 5720 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

12:27:50.0054 5720 tssecsrv - ok

12:27:50.0085 5720 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

12:27:50.0087 5720 TsUsbFlt - ok

12:27:50.0118 5720 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

12:27:50.0120 5720 tunnel - ok

12:27:50.0147 5720 [ B355581A9DA34C92E2DBAFA410D2F829 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys

12:27:50.0148 5720 TurboB - ok

12:27:50.0177 5720 [ 6564E84B1522C12EA1C3A181ED03276F ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe

12:27:50.0179 5720 TurboBoost - ok

12:27:50.0205 5720 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

12:27:50.0207 5720 uagp35 - ok

12:27:50.0230 5720 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

12:27:50.0235 5720 udfs - ok

12:27:50.0265 5720 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

12:27:50.0269 5720 UI0Detect - ok

12:27:50.0291 5720 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

12:27:50.0292 5720 uliagpkx - ok

12:27:50.0307 5720 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

12:27:50.0308 5720 umbus - ok

12:27:50.0331 5720 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

12:27:50.0332 5720 UmPass - ok

12:27:50.0421 5720 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

12:27:50.0438 5720 UNS - ok

12:27:50.0451 5720 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

12:27:50.0454 5720 upnphost - ok

12:27:50.0482 5720 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

12:27:50.0482 5720 USBAAPL64 - ok

12:27:50.0507 5720 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

12:27:50.0509 5720 usbaudio - ok

12:27:50.0538 5720 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

12:27:50.0539 5720 usbccgp - ok

12:27:50.0567 5720 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

12:27:50.0569 5720 usbcir - ok

12:27:50.0592 5720 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

12:27:50.0594 5720 usbehci - ok

12:27:50.0621 5720 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

12:27:50.0624 5720 usbhub - ok

12:27:50.0647 5720 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

12:27:50.0648 5720 usbohci - ok

12:27:50.0676 5720 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

12:27:50.0677 5720 usbprint - ok

12:27:50.0707 5720 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

12:27:50.0709 5720 usbscan - ok

12:27:50.0734 5720 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

12:27:50.0736 5720 USBSTOR - ok

12:27:50.0746 5720 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

12:27:50.0747 5720 usbuhci - ok

12:27:50.0799 5720 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

12:27:50.0802 5720 usbvideo - ok

12:27:50.0824 5720 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

12:27:50.0829 5720 UxSms - ok

12:27:50.0842 5720 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

12:27:50.0844 5720 VaultSvc - ok

12:27:50.0868 5720 [ 71CA94F344F1631EC25521B3F7FCBE29 ] VCam_WDM C:\Windows\system32\DRIVERS\VCam_WDM.sys

12:27:50.0870 5720 VCam_WDM - ok

12:27:50.0903 5720 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

12:27:50.0904 5720 vdrvroot - ok

12:27:50.0934 5720 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

12:27:50.0941 5720 vds - ok

12:27:50.0966 5720 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

12:27:50.0967 5720 vga - ok

12:27:50.0981 5720 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

12:27:50.0983 5720 VgaSave - ok

12:27:51.0010 5720 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

12:27:51.0014 5720 vhdmp - ok

12:27:51.0025 5720 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

12:27:51.0027 5720 viaide - ok

12:27:51.0039 5720 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

12:27:51.0040 5720 volmgr - ok

12:27:51.0062 5720 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

12:27:51.0066 5720 volmgrx - ok

12:27:51.0086 5720 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

12:27:51.0090 5720 volsnap - ok

12:27:51.0118 5720 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

12:27:51.0120 5720 vsmraid - ok

12:27:51.0168 5720 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

12:27:51.0186 5720 VSS - ok

12:27:51.0196 5720 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

12:27:51.0197 5720 vwifibus - ok

12:27:51.0211 5720 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

12:27:51.0213 5720 vwififlt - ok

12:27:51.0245 5720 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

12:27:51.0246 5720 vwifimp - ok

12:27:51.0285 5720 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

12:27:51.0292 5720 W32Time - ok

12:27:51.0313 5720 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

12:27:51.0314 5720 WacomPen - ok

12:27:51.0346 5720 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

12:27:51.0347 5720 WANARP - ok

12:27:51.0353 5720 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

12:27:51.0354 5720 Wanarpv6 - ok

12:27:51.0410 5720 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

12:27:51.0422 5720 WatAdminSvc - ok

12:27:51.0473 5720 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

12:27:51.0485 5720 wbengine - ok

12:27:51.0509 5720 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

12:27:51.0512 5720 WbioSrvc - ok

12:27:51.0536 5720 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

12:27:51.0539 5720 wcncsvc - ok

12:27:51.0548 5720 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

12:27:51.0550 5720 WcsPlugInService - ok

12:27:51.0573 5720 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

12:27:51.0574 5720 Wd - ok

12:27:51.0596 5720 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

12:27:51.0600 5720 Wdf01000 - ok

12:27:51.0609 5720 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

12:27:51.0611 5720 WdiServiceHost - ok

12:27:51.0615 5720 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

12:27:51.0616 5720 WdiSystemHost - ok

12:27:51.0632 5720 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

12:27:51.0635 5720 WebClient - ok

12:27:51.0642 5720 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

12:27:51.0645 5720 Wecsvc - ok

12:27:51.0655 5720 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

12:27:51.0657 5720 wercplsupport - ok

12:27:51.0680 5720 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

12:27:51.0683 5720 WerSvc - ok

12:27:51.0694 5720 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

12:27:51.0695 5720 WfpLwf - ok

12:27:51.0720 5720 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

12:27:51.0723 5720 WimFltr - ok

12:27:51.0730 5720 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

12:27:51.0732 5720 WIMMount - ok

12:27:51.0743 5720 WinHttpAutoProxySvc - ok

12:27:51.0799 5720 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

12:27:51.0801 5720 Winmgmt - ok

12:27:51.0855 5720 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

12:27:51.0867 5720 WinRM - ok

12:27:51.0913 5720 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

12:27:51.0914 5720 WinUsb - ok

12:27:51.0950 5720 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

12:27:51.0963 5720 Wlansvc - ok

12:27:51.0983 5720 [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys

12:27:51.0984 5720 WmBEnum - ok

12:27:52.0007 5720 [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys

12:27:52.0008 5720 WmFilter - ok

12:27:52.0036 5720 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

12:27:52.0037 5720 WmiAcpi - ok

12:27:52.0053 5720 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

12:27:52.0055 5720 wmiApSrv - ok

12:27:52.0080 5720 WMPNetworkSvc - ok

12:27:52.0111 5720 [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys

12:27:52.0112 5720 WmVirHid - ok

12:27:52.0133 5720 [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys

12:27:52.0135 5720 WmXlCore - ok

12:27:52.0161 5720 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

12:27:52.0164 5720 WPCSvc - ok

12:27:52.0184 5720 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

12:27:52.0187 5720 WPDBusEnum - ok

12:27:52.0212 5720 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

12:27:52.0214 5720 ws2ifsl - ok

12:27:52.0237 5720 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys

12:27:52.0238 5720 WSDPrintDevice - ok

12:27:52.0242 5720 WSearch - ok

12:27:52.0276 5720 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

12:27:52.0278 5720 WudfPf - ok

12:27:52.0306 5720 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

12:27:52.0308 5720 WUDFRd - ok

12:27:52.0325 5720 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

12:27:52.0328 5720 wudfsvc - ok

12:27:52.0341 5720 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

12:27:52.0346 5720 WwanSvc - ok

12:27:52.0377 5720 ================ Scan global ===============================

12:27:52.0396 5720 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

12:27:52.0420 5720 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

12:27:52.0436 5720 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

12:27:52.0455 5720 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

12:27:52.0488 5720 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe

12:27:52.0497 5720 Suspicious file (NoAccess): C:\Windows\system32\services.exe. md5: 50BEA589F7D7958BDD2528A8F69D05CC

12:27:52.0499 5720 [Global] - ok

12:27:52.0500 5720 ================ Scan MBR ==================================

12:27:52.0513 5720 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

12:27:52.0903 5720 \Device\Harddisk0\DR0 - ok

12:27:52.0904 5720 ================ Scan VBR ==================================

12:27:52.0927 5720 [ ACD2BAC05AFEF7F87D3D4CE1083EB84B ] \Device\Harddisk0\DR0\Partition1

12:27:52.0930 5720 \Device\Harddisk0\DR0\Partition1 - ok

12:27:52.0952 5720 [ 5DE55EFFD9E9CE545A59584BA571E6F1 ] \Device\Harddisk0\DR0\Partition2

12:27:52.0956 5720 \Device\Harddisk0\DR0\Partition2 - ok

12:27:52.0956 5720 ============================================================

12:27:52.0956 5720 Scan finished

12:27:52.0956 5720 ============================================================

12:27:52.0968 5916 Detected object count: 0

12:27:52.0968 5916 Actual detected object count: 0

12:32:18.0561 5756 Deinitialize success

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member only. If you are a casual viewer, do NOT try this on your system!

If you are not and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

Link to post
Share on other sites

ComboFix 12-09-06.02 - Brian 09/06/2012 15:00:34.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4021.2089 [GMT -7:00]

Running from: c:\users\Brian\Desktop\ComboFix.exe

AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

c:\users\Brian\AppData\Roaming\kb9jrt0j.default.tmp

c:\users\Brian\AppData\Roaming\Microsoft\Windows\Recent\Ps3lightsfix.com- The First Ps3 Ylod red Lights Repair Guide!.url

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\chrome.manifest

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\chrome\content\background.html

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\chrome\content\browser.xul

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\chrome\content\crossrider.js

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\chrome\content\crossriderapi.js

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\chrome\content\dialog.js

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\chrome\content\options.js

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\chrome\content\options.xul

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\chrome\content\search_dialog.xul

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\chrome\content\update.html

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\defaults\preferences\prefs.js

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\install.rdf

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\locale\en-US\translations.dtd

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\skin\button1.png

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\skin\button2.png

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\skin\button3.png

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\skin\button4.png

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\skin\button5.png

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\skin\crossrider_statusbar.png

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\skin\icon128.png

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\skin\icon16.png

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\skin\icon24.png

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\skin\icon48.png

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\skin\panelarrow-up.png

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\skin\popup.css

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\skin\popup.html

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\skin\popup_binding.xml

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\skin\skin.css

c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\extensions\crossriderapp3026@crossrider.com\skin\update.css

c:\windows\AsPatch10430001.exe

c:\windows\SysWow64\FlashPlayerInstaller.exe

c:\windows\SysWow64\wpcap.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-08-06 to 2012-09-06 )))))))))))))))))))))))))))))))

.

.

2012-09-06 22:05 . 2012-09-06 22:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2012-09-06 22:05 . 2012-09-06 22:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-09-06 22:05 . 2012-09-06 22:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-06 22:05 . 2012-09-06 22:05 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-09-06 18:27 . 2012-09-06 18:28 -------- d-----w- c:\program files (x86)\ERUNT

2012-09-05 22:08 . 2012-09-05 22:08 -------- d-----w- c:\program files (x86)\ESET

2012-09-05 03:22 . 2012-09-05 03:22 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys

2012-09-05 02:59 . 2012-09-05 02:59 -------- d-----w- c:\program files\Enigma Software Group

2012-09-05 02:59 . 2012-09-05 20:26 -------- d-----w- c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP

2012-09-05 02:59 . 2012-09-05 02:59 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-09-05 02:29 . 2012-09-05 02:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-09-05 02:29 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-04 23:49 . 2012-09-05 00:07 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-09-04 21:17 . 2012-09-04 21:17 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-09-04 21:10 . 2012-09-04 21:12 -------- d-----w- c:\programdata\Windows Codecs

2012-09-04 21:10 . 2012-09-04 23:31 -------- d-----w- c:\program files (x86)\Mega Codec Pack

2012-09-04 12:56 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E582FD7A-95B7-4412-9DF0-8BFB99224EDF}\mpengine.dll

2012-09-04 03:32 . 2012-09-06 22:08 -------- d-----w- c:\users\Brian\AppData\Roaming\Skype

2012-09-04 03:32 . 2012-09-04 03:32 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-09-04 03:32 . 2012-09-04 03:32 -------- d-----r- c:\program files (x86)\Skype

2012-09-04 03:32 . 2012-09-04 03:32 -------- d-----w- c:\programdata\Skype

2012-08-31 14:10 . 2012-08-31 14:10 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-08-20 23:36 . 2012-08-20 23:36 -------- d-----w- c:\users\Administrator\AppData\Local\Macromedia

2012-08-17 01:31 . 2012-08-17 01:31 -------- d-----w- c:\program files (x86)\SplitMediaLabs

2012-08-15 10:03 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys

2012-08-15 06:54 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll

2012-08-15 06:54 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll

2012-08-15 06:54 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll

2012-08-15 06:54 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-15 06:54 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe

2012-08-15 06:54 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2012-08-15 06:54 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-08-15 06:54 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll

2012-08-15 06:54 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll

2012-08-15 06:54 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll

2012-08-15 06:54 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-08-15 06:54 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll

2012-08-12 07:05 . 2012-08-12 08:35 -------- d-----w- c:\users\Brian\AppData\Local\PokerStars.NET

2012-08-12 07:04 . 2012-08-12 08:35 -------- d-----w- c:\program files (x86)\PokerStars.NET

2012-08-08 19:05 . 2012-08-08 19:05 -------- d-----w- c:\users\Brian\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2012-08-08 19:00 . 2012-08-08 19:00 -------- d-----w- c:\users\Brian\AppData\Local\Software Assist

2012-08-08 19:00 . 2012-08-08 19:00 -------- d-----w- c:\program files (x86)\Software Assist

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-29 03:24 . 2012-07-23 20:51 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-08-29 03:24 . 2011-02-26 01:11 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-08-21 17:25 . 2012-03-29 04:46 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-21 17:25 . 2011-05-14 23:27 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-15 10:00 . 2011-02-25 23:58 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll

2012-06-09 05:43 . 2012-07-10 23:16 14172672 ----a-w- c:\windows\system32\shell32.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{7aeb3efd-e564-43f1-b658-5058a7c5743b}"= "c:\program files (x86)\vshare.tv_Bar\prxtbvsha.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]

2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\vshare.tv_Bar\prxtbvsha.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{7aeb3efd-e564-43f1-b658-5058a7c5743b}"= "c:\program files (x86)\vshare.tv_Bar\prxtbvsha.dll" [2011-03-28 176936]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Windows Codecs]

@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"

[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]

2012-09-04 21:10 172032 ----a-w- c:\programdata\Windows Codecs\MediaShellOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-04 5661056]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-06-24 210216]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer6"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R0 pvkvlw;pvkvlw; [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-07 135664]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-05-03 44032]

R3 AtiIrRcvr;ATI Remote Receiver Service;c:\windows\system32\DRIVERS\aticir.sys [2009-09-02 26496]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]

R3 cpuz134;cpuz134;c:\users\Brian\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]

R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\users\Brian\AppData\Local\Temp\EverestDriver.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-07 135664]

R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]

R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

R3 LVUVC64;Logitech QuickCam Fusion(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-31 114144]

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);c:\windows\system32\DRIVERS\OXSDIDRV_x64.sys [2009-09-28 51760]

R3 OXUDIDRV;OXUDIDRV;c:\windows\system32\Drivers\OXUDIDRV_X64.sys [2010-05-25 31280]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-03 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-25 1255736]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-08-16 24680]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2006-10-18 52760]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-18 254528]

S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]

S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-06-22 379520]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-08-17 1620584]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-08-17 235624]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-17 13832]

S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-17 134928]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-07-21 129024]

S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-09-25 229376]

S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2010-09-25 69120]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-04 75816]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-06-21 131688]

S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys [2010-05-13 190464]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 VCam_WDM;e2eSoft VCam;c:\windows\system32\DRIVERS\VCam_WDM.sys [2011-02-04 106424]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-07 10:22]

.

2012-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-07 10:22]

.

2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2070526624-2483950506-4163818189-1002Core.job

- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-21 02:47]

.

2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2070526624-2483950506-4163818189-1002UA.job

- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-21 02:47]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-09-28 2121320]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-05-03 324096]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-15 190536]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"NCInstallQueue"="netman.dll" [2009-07-14 360448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://yahoo.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kb9jrt0j.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ata\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kb9jrt0j.default\\\\extensions\\\\DTToolbar@toolbarnet.com\,\mtime\:1305739308783},\fdm_ffext@freedownloadmanager.org\:{\descriptor\:\c:\\\\Program Files (x86)\\\\Free Download Manager\\\\Firefox\\\\Extension\,\mtime\:1316987691288},\firefox@ghostery.com\:{\descriptor\:\c:\\\\Users\\\\Brian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kb9jrt0j.default\\\\extensions\\\\firefox@ghostery.com\,\mtime\:1331796568192},\support@lastpass.com\:{\descriptor\:\c:\\\\Users\\\\Brian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kb9jrt0j.default\\\\extensions\\\\support@lastpass.com\,\mtime\:1332389759384},\toolbar@ask.com\:{\descriptor\:\c:\\\\Users\\\\Brian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kb9jrt0j.default\\\\extensions\\\\toolbar@ask.com\,\mtime\:1332389719887},\vshare@toolbar\:{\descriptor\:\c:\\\\Users\\\\Brian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kb9jrt0j.default\\\\extensions\\\\vshare@toolbar\,\mtime\:1303077062748},\{1fc895a6-2042-46ec-a61b-233165b4c218}\:{\descriptor\:\c:\\\\Users\\\\Brian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kb9jrt0j.default\\\\extensions\\\\{1fc895a6-2042-46ec-a61b-233165b4c218}.xpi\,\mtime\:1310709378991},\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}\:{\descriptor\:\c:\\\\Users\\\\Brian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kb9jrt0j.default\\\\extensions\\\\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}\,\mtime\:1305175452817},\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\:{\descriptor\:\c:\\\\Users\\\\Brian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kb9jrt0j.default\\\\extensions\\\\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\,\mtime\:1331131858954},\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\:{\descriptor\:\c:\\\\Users\\\\Brian\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kb9jrt0j.default\\\\extensions\\\\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi\,\mtime\:1325837968525}}}]

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc]

"ImagePath"="."

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

c:\windows\AsScrPro.exe

c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

.

**************************************************************************

.

Completion time: 2012-09-06 15:17:02 - machine was rebooted

ComboFix-quarantined-files.txt 2012-09-06 22:17

.

Pre-Run: 17,061,543,936 bytes free

Post-Run: 17,069,842,432 bytes free

.

- - End Of File - - DA9F515F86F792404D712B89D16D784B

The system seems better ever since the last round with rogue killer... ever since then the malware that was coming up in my antivirus program is not recurring in my quarrantine... its wierd though..... my quarrantine says there are 3 items in quarrentine but there are no programs in there to be seen...

Link to post
Share on other sites

ok. Let's have you run an antivirus check with DrWeb

Download Dr.Web CureIt to the desktop.

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.