Jump to content

Can't get rid of Google Redirect Virus


JoeBay
 Share

Recommended Posts

Hello JoeBay and welcome to Malwarebytes,

I`m kevinf80 one of the trusted advisors, continue as follows:

Malwarebytes Anti-Malware and save it to your desktop.

Alernative D/L mirror

Alternative D/L mirror

Double Click mbam-setup.exe to install the application.

mbamicontw5.gif Please download

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Let me see the log in your reply,

Thanks,

Kevin

Link to post
Share on other sites

Hi Kevin,

Thank you for helping out with this. Nothing was found during the scan and below is the report:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.24.08

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

MARI :: MARY-PC [administrator]

11/25/2012 2:22:54 PM

mbam-log-2012-11-25 (14-22-54).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 204710

Time elapsed: 4 minute(s), 36 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Thanks for the reply, do the following:

Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Please post the log.

Next,

Download RogueKiller from here http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe and save direct to your Desktop.

  • Quit all programs
  • Start RogueKiller.exe Capture-1.png
  • Wait until Prescan has finished ...
  • You will see the following EULA, select Accept to continue:
    RKLicence.png
  • Ensure all boxes are ticked under "Report" tab.
  • Click on Scan.
  • Click on Report when complete.Copy/paste the content of the report and paste to next reply....

RKstarter.png

Post those two logs,

Kevin

Link to post
Share on other sites

Here is the log from Adwcleaner:

# AdwCleaner v2.007 - Logfile created 11/25/2012 at 16:42:38

# Updated 06/11/2012 by Xplode

# Operating system : Windows 7 Home Premium (64 bits)

# User : MARI - MARY-PC

# Boot Mode : Normal

# Running from : C:\Users\MARI\Desktop\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Deleted : C:\Program Files (x86)\AVG Secure Search

Folder Deleted : C:\ProgramData\AVG Secure Search

Folder Deleted : C:\Users\MARI\AppData\Local\AVG Secure Search

Folder Deleted : C:\Users\MARI\AppData\Local\Temp\avg@toolbar

Folder Deleted : C:\Users\MARI\AppData\LocalLow\AVG Secure Search

Folder Deleted : C:\Users\MARI\AppData\LocalLow\imeshbandmltbpi

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Key Deleted : HKCU\Software\Zugo

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [5741 octets] - [25/11/2012 16:39:39]

AdwCleaner[R2].txt - [5801 octets] - [25/11/2012 16:41:05]

AdwCleaner[R3].txt - [5861 octets] - [25/11/2012 16:42:26]

AdwCleaner[s1].txt - [5621 octets] - [25/11/2012 16:42:38]

########## EOF - C:\AdwCleaner[s1].txt - [5681 octets] ##########

This is the log from RogueKiller:

RogueKiller V8.3.1 [Nov 25 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : MARI [Admin rights]

Mode : Scan -- Date : 11/25/2012 16:55:56

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

188.119.151.111 www.google-analytics.com.

188.119.151.111 ad-emea.doubleclick.net.

188.119.151.111 www.statcounter.com.

108.163.215.51 www.google-analytics.com.

108.163.215.51 ad-emea.doubleclick.net.

108.163.215.51 www.statcounter.com.

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++

--- User ---

[MBR] dd6967e897e9549401c89a8d9f38da4a

[bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30928845 | Size: 461837 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_11252012_02d1655.txt >>

RKreport[1]_S_11252012_02d1655.txt

Thank you,

Joe

Link to post
Share on other sites

Run RogueKiller one more time, when complete select the Fix Hosts Tab, Post that log,

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

Combofix

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*

  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the logs in next reply please...

Kevin

Link to post
Share on other sites

Below is the log from RogueKiller Fix Hosts Tab:

RogueKiller V8.3.1 [Nov 25 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : MARI [Admin rights]

Mode : HOSTSFix -- Date : 11/25/2012 20:12:47

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

188.119.151.111 www.google-analytics.com.

188.119.151.111 ad-emea.doubleclick.net.

188.119.151.111 www.statcounter.com.

108.163.215.51 www.google-analytics.com.

108.163.215.51 ad-emea.doubleclick.net.

108.163.215.51 www.statcounter.com.

¤¤¤ Reset HOSTS: ¤¤¤

Finished : << RKreport[3]_H_11252012_02d2012.txt >>

RKreport[1]_S_11252012_02d1655.txt ; RKreport[2]_S_11252012_02d2012.txt ; RKreport[3]_H_11252012_02d2012.txt

And this is the log from ComboFix:

ComboFix 12-11-25.01 - MARI 11/25/2012 21:51:05.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4010.2268 [GMT -5:00]

Running from: c:\users\MARI\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\PCDr\6032\AddOnDownloaded\06004c97-c212-44da-81de-706b46554efe.dll

c:\programdata\PCDr\6032\AddOnDownloaded\087abda5-3ca9-433a-8a4e-6b9fc9285607.dll

c:\programdata\PCDr\6032\AddOnDownloaded\0d03215e-4c16-4ea7-b7d7-805a2556effc.dll

c:\programdata\PCDr\6032\AddOnDownloaded\21eb1c2f-b0d8-40e6-96dd-163437759b68.dll

c:\programdata\PCDr\6032\AddOnDownloaded\2f733848-355c-4a6f-89a5-08a4dcc89c5c.dll

c:\programdata\PCDr\6032\AddOnDownloaded\35445406-e7ed-4a0e-9922-45505e71594b.dll

c:\programdata\PCDr\6032\AddOnDownloaded\358ba71b-117f-40d5-95aa-57de622719b7.dll

c:\programdata\PCDr\6032\AddOnDownloaded\3b429c4f-8ba9-4a7d-bbb4-4548bb6d2539.dll

c:\programdata\PCDr\6032\AddOnDownloaded\3c49c05a-0eb3-4044-a0f8-d4ea2a439295.dll

c:\programdata\PCDr\6032\AddOnDownloaded\3d656744-60b2-4576-8124-a39729f8b522.dll

c:\programdata\PCDr\6032\AddOnDownloaded\4704833a-6508-40cc-b98b-5ebd235e52ca.dll

c:\programdata\PCDr\6032\AddOnDownloaded\489f121a-4538-4839-9d1d-3c48e590be59.dll

c:\programdata\PCDr\6032\AddOnDownloaded\4f64943e-d62a-4f2e-a3cd-98fb91e30469.dll

c:\programdata\PCDr\6032\AddOnDownloaded\5cd81d7c-326c-42d2-8929-1ee85c69dc1d.dll

c:\programdata\PCDr\6032\AddOnDownloaded\5f169f6e-cfce-411e-b266-aa53ac35ce83.dll

c:\programdata\PCDr\6032\AddOnDownloaded\7119bf4b-d404-4b31-8779-44fac71761fa.dll

c:\programdata\PCDr\6032\AddOnDownloaded\72f0dc20-5af7-4221-9657-442597ce030b.dll

c:\programdata\PCDr\6032\AddOnDownloaded\75c8751b-fcad-4846-80ce-3a2efec60612.dll

c:\programdata\PCDr\6032\AddOnDownloaded\8c199aef-9eca-4ab6-863d-c9136ebec654.dll

c:\programdata\PCDr\6032\AddOnDownloaded\a7201707-7895-43cf-9119-8a0279b75d4c.dll

c:\programdata\PCDr\6032\AddOnDownloaded\af728edb-0984-4c06-9a4b-0878bcfa9a26.dll

c:\programdata\PCDr\6032\AddOnDownloaded\b510dd11-341c-4dfa-9f1e-dd5ddcc444f4.dll

c:\programdata\PCDr\6032\AddOnDownloaded\c882e61c-ecc2-4db0-9a28-7cbe8bd4876b.dll

c:\programdata\PCDr\6032\AddOnDownloaded\cf9bce06-e765-4c6f-afa9-0d82a3adc417.dll

c:\programdata\PCDr\6032\AddOnDownloaded\d3ef65ec-842a-4640-b428-aca2f4a966e6.dll

c:\programdata\PCDr\6032\AddOnDownloaded\d78fa15b-2d61-4303-adaa-edec9ebbb2b3.dll

c:\programdata\PCDr\6032\AddOnDownloaded\dbecb802-efe1-453f-828f-29af4ab73508.dll

c:\programdata\PCDr\6032\AddOnDownloaded\e1ce76af-328a-41dc-b2c4-0dd9771f6aa1.dll

c:\programdata\PCDr\6032\AddOnDownloaded\e3e252fe-80ab-4f89-82a9-b607007220bd.dll

c:\programdata\PCDr\6032\AddOnDownloaded\eb115e4d-8592-4082-bffa-e65ae6b21e95.dll

c:\programdata\PCDr\6032\AddOnDownloaded\ed26c1b3-d9f9-42e8-80e0-cd62e65fd901.dll

c:\programdata\PCDr\6032\AddOnDownloaded\f28ef68b-8cc4-4c00-891d-473fb67bd0b0.dll

c:\programdata\Roaming

c:\users\MARI\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp

c:\users\MARI\AppData\Roaming\Microsoft\Windows\Recent\cb.exe

c:\users\MARI\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll

c:\users\MARI\AppData\Roaming\Microsoft\Windows\Recent\delfile.drv

c:\users\MARI\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe

c:\users\MARI\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp

c:\users\MARI\AppData\Roaming\Microsoft\Windows\Recent\eb.exe

c:\users\MARI\AppData\Roaming\Microsoft\Windows\Recent\eb.sys

c:\users\MARI\AppData\Roaming\Microsoft\Windows\Recent\FW.dll

c:\users\MARI\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp

c:\users\MARI\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll

c:\users\MARI\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys

c:\users\MARI\AppData\Roaming\Microsoft\Windows\Recent\PE.dll

c:\users\MARI\AppData\Roaming\Microsoft\Windows\Recent\PE.exe

c:\users\MARI\AppData\Roaming\Microsoft\Windows\Recent\sld.drv

c:\users\MARI\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv

c:\users\MARI\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-10-26 to 2012-11-26 )))))))))))))))))))))))))))))))

.

.

2012-11-26 02:55 . 2012-11-26 02:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-13 03:47 . 2012-11-13 03:47 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin

2012-10-29 20:06 . 2012-09-25 03:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-17 00:47 . 2012-09-09 01:09 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2012-10-29 20:02 . 2012-07-18 22:20 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-29 20:02 . 2011-07-02 23:44 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-22 18:02 . 2012-10-22 18:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2012-10-15 08:48 . 2012-10-15 08:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2012-10-05 08:32 . 2012-10-05 08:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2012-10-02 07:30 . 2012-10-02 07:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2012-09-30 00:54 . 2012-07-21 19:07 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-21 07:46 . 2012-09-21 07:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2012-09-21 07:46 . 2012-09-21 07:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys

2012-09-14 07:05 . 2012-09-14 07:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

2012-09-09 03:18 . 2012-07-18 22:33 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-09-09 03:18 . 2011-04-17 06:45 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify"="c:\users\MARI\AppData\Roaming\Spotify\Spotify.exe" [2012-08-30 5576408]

"Spotify Web Helper"="c:\users\MARI\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-30 1193176]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562]

"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-12 559616]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-08-01 165184]

.

c:\users\MARI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-21 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-17 30568]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]

S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-17 711112]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2010-12-14 58128]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2010-12-14 274432]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]

S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2010-12-14 59904]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 20:02]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-12-14 6561384]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-18 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-18 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-18 417304]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-05 592240]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-12-14 10222080]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.yahoo.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe

SafeBoot-77477271.sys

SafeBoot-91860681.sys

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-25 21:57:08

ComboFix-quarantined-files.txt 2012-11-26 02:57

.

Pre-Run: 416,450,461,696 bytes free

Post-Run: 417,103,405,056 bytes free

.

- - End Of File - - 9A0B0296FCCA7C7EA5F3DC30A287EA2F

Thank you,

Joe

Link to post
Share on other sites

Hiya Joe,

Can you give me an update on how your system is responding, is any issues or concerns are remaining. Run the following and post the produced logs.....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:


ClearJavaCache::

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next,

Go Here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

Link to post
Share on other sites

Hi Kevin,

I have not used this machine much after I started woring on trying to get rid of Google Redirect with your help. However, I notices that when I open any webpages in the Internet Explorer, which is the only browser on this PC, it takes a very long tome to load any page (5-15 mins for CNN, Yahoo, Google), which was not the case before.

Below is the log from ComboFix:

ComboFix 12-11-27.01 - MARI 11/27/2012 21:45:13.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4010.2496 [GMT -5:00]

Running from: c:\users\MARI\Desktop\ComboFix.exe

Command switches used :: c:\users\MARI\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-28 )))))))))))))))))))))))))))))))

.

.

2012-11-28 02:50 . 2012-11-28 02:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-13 03:47 . 2012-11-13 03:47 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin

2012-10-29 20:06 . 2012-09-25 03:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-17 00:47 . 2012-09-09 01:09 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2012-10-29 20:02 . 2012-07-18 22:20 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-29 20:02 . 2011-07-02 23:44 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-22 18:02 . 2012-10-22 18:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2012-10-15 08:48 . 2012-10-15 08:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2012-10-05 08:32 . 2012-10-05 08:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2012-10-02 07:30 . 2012-10-02 07:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2012-09-30 00:54 . 2012-07-21 19:07 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-21 07:46 . 2012-09-21 07:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2012-09-21 07:46 . 2012-09-21 07:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys

2012-09-14 07:05 . 2012-09-14 07:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

2012-09-09 03:18 . 2012-07-18 22:33 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-09-09 03:18 . 2011-04-17 06:45 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify"="c:\users\MARI\AppData\Roaming\Spotify\Spotify.exe" [2012-08-30 5576408]

"Spotify Web Helper"="c:\users\MARI\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-30 1193176]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562]

"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-12 559616]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-08-01 165184]

.

c:\users\MARI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-21 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-17 30568]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]

S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-17 711112]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2010-12-14 58128]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2010-12-14 274432]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]

S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2010-12-14 59904]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 20:02]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-12-14 6561384]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-18 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-18 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-18 417304]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-05 592240]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-12-14 10222080]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.yahoo.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-27 21:51:34

ComboFix-quarantined-files.txt 2012-11-28 02:51

ComboFix2.txt 2012-11-26 02:57

.

Pre-Run: 416,831,934,464 bytes free

Post-Run: 416,779,345,920 bytes free

.

- - End Of File - - B51E1AB15CA2342BA72F80F20B88E395

Here is the log from ESET:

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application

Thank you for your continuing help with this.

-Joe

Link to post
Share on other sites

Go to Virustotal

  • Click the Browse... button
  • Navigate to the file C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe or just copy/paste it in.
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.
  • Repeat the above steps for the following files

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe

Post those results.

Next,

1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

Image1.png

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

mbarwm.png

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

Image2.png

7. The following image opens, select Update

Image3.png

8. When the Update completes, select Next

Image4.png

9. In the following window ensure "Targets" are ticked. Then select "Scan"

Image5.png

10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:

MBAntiRKclean.png

11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:

MBAntiRKclean1.png

12. Select "Yes" to close down the program. If NO infections were found you will see the following image:

Image6.png

13. Select "Exit" to close down.

14. Copy and paste the two following logs from the mbar folder:

System - log

Mbar - log Date and time of scan will also be shown

Image10.png

Post those two logs in your reply.

Link to post
Share on other sites

Hi Kevin,

Below is Virustotal C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe result:

ssdeep

384:lEs33AbAs2SZyaIrXfPHBYJLXVabC/1Po:xrHMLwbCdQ

TrID

Win32 Executable Generic (42.3%)

Win32 Dynamic Link Library (generic) (37.6%)

Generic Win/DOS Executable (9.9%)

DOS Executable Generic (9.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

ExifTool

SubsystemVersion.........: 5.0

InitializedDataSize......: 6144

ImageVersion.............: 0.0

ProductName..............: hstart

FileVersionNumber........: 2.2.0.0

UninitializedDataSize....: 0

LanguageCode.............: English (U.S.)

FileFlagsMask............: 0x003f

CharacterSet.............: Windows, Latin1

LinkerVersion............: 9.0

FileOS...................: Win32

MIMEType.................: application/octet-stream

Subsystem................: Windows GUI

FileVersion..............: 2.2.0.0

TimeStamp................: 2009:01:27 20:50:26+00:00

FileType.................: Win32 EXE

PEType...................: PE32

InternalName.............: hstart.exe

ProductVersion...........: 2.2.0.0

FileDescription..........: Hidden Start

OSVersion................: 5.0

OriginalFilename.........: hstart.exe

LegalCopyright...........: 2009 Dell

MachineType..............: Intel 386 or later, and compatibles

CompanyName..............: Dell

CodeSize.................: 5632

FileSubtype..............: 0

ProductVersionNumber.....: 2.2.0.0

EntryPoint...............: 0x1810

ObjectFileType...........: Executable application

Sigcheck

publisher................: Dell

product..................: hstart

internal name............: hstart.exe

copyright................: © 2009 Dell

original name............: hstart.exe

signing date.............: 7:54 PM 8/1/2011

signers..................: Dell Inc; VeriSign Class 3 Code Signing 2009-2 CA; Class 3 Public Primary Certification Authority

file version.............: 2.2.0.0

description..............: Hidden Start

Portable Executable structural information

Compilation timedatestamp.....: 2009-01-27 20:50:26

Target machine................: 0x14C (Intel 386 or later processors and compatible processors)

Entry point address...........: 0x00001810

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5

.text 4096 5531 5632 5.90 1b009e5aa94f5691f76caae94ce33bac

.rdata 12288 3878 4096 3.88 5932847b9c9a0088fb797cde6bb94508

.data 16384 840 512 0.27 1f2f38a035dbdb9b9a9abf35b21acd90

.rsrc 20480 1516 1536 4.62 87c38cdba5e26712bf814f63a6726e34

PE Imports....................:

[[ADVAPI32.dll]]

GetTokenInformation, OpenProcessToken

[[sHELL32.dll]]

ShellExecuteExW, CommandLineToArgvW

[[KERNEL32.dll]]

LocalLock, lstrlenW, GetModuleFileNameW, WaitForSingleObject, GetExitCodeProcess, IsDebuggerPresent, ExitProcess, lstrcmpiW, GetFileAttributesW, GetCurrentProcess, GetPriorityClass, LocalAlloc, GetCommandLineW, UnhandledExceptionFilter, lstrcpynW, CompareStringW, lstrcpyW, SetUnhandledExceptionFilter, CloseHandle, SetPriorityClass, LocalFree, TerminateProcess, SetCurrentDirectoryW, CreateProcessW

[[uSER32.dll]]

MessageBoxW, WaitForInputIdle

PE Resources..................:

Resource type Number of resources

RT_MANIFEST 1

RT_VERSION 1

Resource language Number of resources

NEUTRAL 1

ENGLISH US 1

Symantec Reputation

Suspicious.Insight

First seen by VirusTotal

2011-09-16 09:49:51 UTC ( 1 year, 2 months ago )

Last seen by VirusTotal

2012-11-30 01:53:00 UTC ( 6 minutes ago )

File names (max. 25)

1. hstart.exe

2. BD3C685B5F9C5FDDBCF46DAF1C89E094C69F87B0.a2m

3. hstart.exe

4. F70D5F6B4088608F4771008CD29773009814364B.exe

5. DPVPREPBQM-20.pms.exe.SVD

6. file-4239240_exe

This is the C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe result:

ssdeep

384:zEs33AbAs2SZyaIrXfPHBYJLXVabC/1Pnx:3rHMLwbCd/x

TrID

Win32 Executable Generic (42.3%)

Win32 Dynamic Link Library (generic) (37.6%)

Generic Win/DOS Executable (9.9%)

DOS Executable Generic (9.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

ExifTool

SubsystemVersion.........: 5.0

InitializedDataSize......: 6144

ImageVersion.............: 0.0

ProductName..............: hstart

FileVersionNumber........: 2.2.0.0

UninitializedDataSize....: 0

LanguageCode.............: English (U.S.)

FileFlagsMask............: 0x003f

CharacterSet.............: Windows, Latin1

LinkerVersion............: 9.0

FileOS...................: Win32

MIMEType.................: application/octet-stream

Subsystem................: Windows GUI

FileVersion..............: 2.2.0.0

TimeStamp................: 2009:01:27 20:50:26+00:00

FileType.................: Win32 EXE

PEType...................: PE32

InternalName.............: hstart.exe

ProductVersion...........: 2.2.0.0

FileDescription..........: Hidden Start

OSVersion................: 5.0

OriginalFilename.........: hstart.exe

LegalCopyright...........: 2009 Dell

MachineType..............: Intel 386 or later, and compatibles

CompanyName..............: Dell

CodeSize.................: 5632

FileSubtype..............: 0

ProductVersionNumber.....: 2.2.0.0

EntryPoint...............: 0x1810

ObjectFileType...........: Executable application

Sigcheck

publisher................: Dell

product..................: hstart

internal name............: hstart.exe

copyright................: © 2009 Dell

signing date.............: 6:57 PM 8/1/2011

original name............: hstart.exe

signers..................: Dell Inc; VeriSign Class 3 Code Signing 2009-2 CA; Class 3 Public Primary Certification Authority

file version.............: 2.2.0.0

description..............: Hidden Start

Portable Executable structural information

Compilation timedatestamp.....: 2009-01-27 20:50:26

Target machine................: 0x14C (Intel 386 or later processors and compatible processors)

Entry point address...........: 0x00001810

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5

.text 4096 5531 5632 5.90 1b009e5aa94f5691f76caae94ce33bac

.rdata 12288 3878 4096 3.88 5932847b9c9a0088fb797cde6bb94508

.data 16384 840 512 0.27 1f2f38a035dbdb9b9a9abf35b21acd90

.rsrc 20480 1516 1536 4.62 87c38cdba5e26712bf814f63a6726e34

PE Imports....................:

[[ADVAPI32.dll]]

GetTokenInformation, OpenProcessToken

[[sHELL32.dll]]

ShellExecuteExW, CommandLineToArgvW

[[KERNEL32.dll]]

LocalLock, lstrlenW, GetModuleFileNameW, WaitForSingleObject, GetExitCodeProcess, IsDebuggerPresent, ExitProcess, lstrcmpiW, GetFileAttributesW, GetCurrentProcess, GetPriorityClass, LocalAlloc, GetCommandLineW, UnhandledExceptionFilter, lstrcpynW, CompareStringW, lstrcpyW, SetUnhandledExceptionFilter, CloseHandle, SetPriorityClass, LocalFree, TerminateProcess, SetCurrentDirectoryW, CreateProcessW

[[uSER32.dll]]

MessageBoxW, WaitForInputIdle

PE Resources..................:

Resource type Number of resources

RT_MANIFEST 1

RT_VERSION 1

Resource language Number of resources

NEUTRAL 1

ENGLISH US 1

Symantec Reputation

Suspicious.Insight

First seen by VirusTotal

2011-09-17 16:44:23 UTC ( 1 year, 2 months ago )

Last seen by VirusTotal

2012-11-30 02:11:22 UTC ( 2 minutes ago )

File names (max. 25)

1. hstart.exe

2. F70D5F6B4088608F4771008CD297730093CE8331.exe

3. b3dc2359fa6e58c753abe9d6f13b3608

4. hstart.exe

5. 3963D8A5B82F5DD540BB1DDEE8BA5B8D9098C549.a2m

Here is mbar System - log:

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_33

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED

CPU speed: 2.292000 GHz

Memory total: 4204969984, free: 2527973376

------------ Kernel report ------------

11/29/2012 21:23:10

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\DRIVERS\ACPI.sys

\SystemRoot\system32\DRIVERS\WMILIB.SYS

\SystemRoot\system32\DRIVERS\msisadrv.sys

\SystemRoot\system32\DRIVERS\pci.sys

\SystemRoot\system32\DRIVERS\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\DRIVERS\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\PxHlpa64.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\avgrkx64.sys

\SystemRoot\system32\DRIVERS\avgloga.sys

\SystemRoot\system32\DRIVERS\avgmfx64.sys

\SystemRoot\system32\DRIVERS\avgidsha.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\??\C:\Windows\system32\drivers\avgtpx64.sys

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\avgtdia.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\avgldx64.sys

\SystemRoot\system32\DRIVERS\avgidsdrivera.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\NETwNs64.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\nusb3xhc.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\Apfiltr.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\WDKMD.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\nusb3hub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\iBtFltCoex.sys

\SystemRoot\system32\DRIVERS\btmhsf.sys

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\CtClsFlt.sys

\SystemRoot\system32\DRIVERS\rfcomm.sys

\SystemRoot\system32\drivers\BthEnum.sys

\SystemRoot\system32\DRIVERS\bthpan.sys

\SystemRoot\system32\DRIVERS\btmaux.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\Sftvollh.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\DRIVERS\TurboB.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\system32\DRIVERS\Sftfslh.sys

\SystemRoot\system32\DRIVERS\Sftplaylh.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\Sftredirlh.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\DRIVERS\monitor.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8006613060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa800483a050

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

DriverEntry returned 0x0

Function returned 0x0

Downloaded database version: v2012.11.30.01

Downloaded database version: v2012.11.28.01

Initializing...

Done!

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 3

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8006613060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8006613ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8006613060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800483a050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Upper DeviceData: 0xfffff8a009a60620, 0xfffffa8006613060, 0xfffffa8004217400

Lower DeviceData: 0xfffff8a003a15910, 0xfffffa800483a050, 0xfffffa800486bae0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 7F2837E

Partition information:

Partition 0 type is Other (0xde)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 208782

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 208845 Numsec = 30720000

Partition file system is NTFS

Partition is bootable

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 30928845 Numsec = 945842275

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

And this is mbar-log-2012-11-29 (21-42-22):

Malwarebytes Anti-Rootkit 1.1.0.1009

www.malwarebytes.org

Database version: v2012.11.30.01

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

MARI :: MARY-PC [administrator]

11/29/2012 9:42:22 PM

mbar-log-2012-11-29 (21-42-22).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: PUP | PUM | P2P

Objects scanned: 25477

Time elapsed: 18 minute(s), 8 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Thank you,

Joe

Link to post
Share on other sites

Thanks for those logs, all good nothing specific. Are you still having issues with Internet Explorer, if so go here http://support.microsoft.com/kb/923737 reset to default settings.

Next,

Download tfc_icon.png TFC to your desktop, from either of the following links

Link 1

Link 2

  • Save any open work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert.
  • If prompted, click "Yes" to reboot.

TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

Keep TFC it is an excellent, run weekly utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run, even if not prompted

Let me know how the system is responding, also if any issues remain...

Kevin...

Link to post
Share on other sites

Hi Kevin,

The loading time of the web pages has not improved at all and it takes 5 to 15 mins for a page to load. Therefore, it is hard for me to start clicking around and see if redirect will take me to unintednded web pages again. It did not take this long for a page to load before all this cleaning we did. Do you know what may cause this and how I can fix it?

Thank you,

Joe

Link to post
Share on other sites

Did you reset Internet Explorer settings back to default as per the link in reply #14? OK, lets make sure we have not missed anything, run the following and post the log:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on tdssk.jpg to run the application.
  • The "Ready to scan" window will open, Click on "Change parameters"
    tda.png
  • Place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, (Leave "Service & Drivers" and "Boot Sectors" ticked. Click OK.
    td1.png
  • Select "Start Scan"
    tdb.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    td2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    td3.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    td4.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Thanks,

Kevin

Link to post
Share on other sites

Hi Kevin,

I resetted IE settings back to default and ran the TDSSKiller. However, the loadong time for the web pages has not improved. Below is the TDSSKiller log:

22:30:21.0925 3968 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

22:30:22.0377 3968 ============================================================

22:30:22.0377 3968 Current date / time: 2012/12/04 22:30:22.0377

22:30:22.0377 3968 SystemInfo:

22:30:22.0377 3968

22:30:22.0377 3968 OS Version: 6.1.7600 ServicePack: 0.0

22:30:22.0377 3968 Product type: Workstation

22:30:22.0377 3968 ComputerName: MARY-PC

22:30:22.0377 3968 UserName: MARI

22:30:22.0377 3968 Windows directory: C:\Windows

22:30:22.0377 3968 System windows directory: C:\Windows

22:30:22.0377 3968 Running under WOW64

22:30:22.0377 3968 Processor architecture: Intel x64

22:30:22.0377 3968 Number of processors: 4

22:30:22.0377 3968 Page size: 0x1000

22:30:22.0377 3968 Boot type: Normal boot

22:30:22.0377 3968 ============================================================

22:30:24.0156 3968 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:30:24.0171 3968 ============================================================

22:30:24.0171 3968 \Device\Harddisk0\DR0:

22:30:24.0171 3968 MBR partitions:

22:30:24.0171 3968 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D4C000

22:30:24.0171 3968 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7EFCD, BlocksNum 0x38606863

22:30:24.0171 3968 ============================================================

22:30:24.0249 3968 C: <-> \Device\Harddisk0\DR0\Partition2

22:30:24.0249 3968 ============================================================

22:30:24.0249 3968 Initialize success

22:30:24.0249 3968 ============================================================

22:31:36.0462 1076 ============================================================

22:31:36.0462 1076 Scan started

22:31:36.0462 1076 Mode: Manual; SigCheck; TDLFS;

22:31:36.0462 1076 ============================================================

22:31:36.0961 1076 ================ Scan system memory ========================

22:31:36.0961 1076 System memory - ok

22:31:36.0961 1076 ================ Scan services =============================

22:31:37.0133 1076 [ 969C91060CBB5D17CB8440B5F78B4C51 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys

22:31:37.0242 1076 1394ohci - ok

22:31:37.0273 1076 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys

22:31:37.0304 1076 ACPI - ok

22:31:37.0335 1076 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys

22:31:37.0460 1076 AcpiPmi - ok

22:31:37.0679 1076 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

22:31:37.0710 1076 AdobeARMservice - ok

22:31:37.0897 1076 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

22:31:37.0928 1076 AdobeFlashPlayerUpdateSvc - ok

22:31:37.0975 1076 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

22:31:38.0037 1076 adp94xx - ok

22:31:38.0084 1076 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

22:31:38.0131 1076 adpahci - ok

22:31:38.0131 1076 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

22:31:38.0147 1076 adpu320 - ok

22:31:38.0193 1076 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

22:31:38.0396 1076 AeLookupSvc - ok

22:31:38.0552 1076 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

22:31:38.0615 1076 AERTFilters - ok

22:31:38.0817 1076 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys

22:31:38.0895 1076 AFD - ok

22:31:38.0958 1076 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys

22:31:38.0973 1076 agp440 - ok

22:31:39.0020 1076 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

22:31:39.0098 1076 ALG - ok

22:31:39.0161 1076 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys

22:31:39.0176 1076 aliide - ok

22:31:39.0239 1076 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys

22:31:39.0270 1076 amdide - ok

22:31:39.0301 1076 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

22:31:39.0395 1076 AmdK8 - ok

22:31:39.0426 1076 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

22:31:39.0504 1076 AmdPPM - ok

22:31:39.0551 1076 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys

22:31:39.0597 1076 amdsata - ok

22:31:39.0629 1076 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

22:31:39.0660 1076 amdsbs - ok

22:31:39.0722 1076 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys

22:31:39.0753 1076 amdxata - ok

22:31:39.0816 1076 [ 7380B9072EBC65A54DA3074E14BF34B9 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys

22:31:39.0831 1076 ApfiltrService - ok

22:31:39.0878 1076 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys

22:31:40.0019 1076 AppID - ok

22:31:40.0065 1076 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

22:31:40.0128 1076 AppIDSvc - ok

22:31:40.0206 1076 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll

22:31:40.0253 1076 Appinfo - ok

22:31:40.0455 1076 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

22:31:40.0487 1076 arc - ok

22:31:40.0518 1076 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

22:31:40.0533 1076 arcsas - ok

22:31:40.0596 1076 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

22:31:40.0643 1076 AsyncMac - ok

22:31:40.0736 1076 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys

22:31:40.0783 1076 atapi - ok

22:31:40.0861 1076 [ E1FFD1F7B043AEF0ACC9E7593043FD4C ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

22:31:40.0939 1076 AudioEndpointBuilder - ok

22:31:40.0970 1076 [ E1FFD1F7B043AEF0ACC9E7593043FD4C ] AudioSrv C:\Windows\System32\Audiosrv.dll

22:31:40.0986 1076 AudioSrv - ok

22:31:41.0251 1076 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

22:31:41.0329 1076 AVGIDSAgent - ok

22:31:41.0376 1076 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys

22:31:41.0407 1076 AVGIDSDriver - ok

22:31:41.0423 1076 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys

22:31:41.0469 1076 AVGIDSHA - ok

22:31:41.0547 1076 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys

22:31:41.0594 1076 Avgldx64 - ok

22:31:41.0641 1076 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys

22:31:41.0672 1076 Avgloga - ok

22:31:41.0703 1076 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys

22:31:41.0735 1076 Avgmfx64 - ok

22:31:41.0750 1076 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys

22:31:41.0781 1076 Avgrkx64 - ok

22:31:41.0797 1076 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys

22:31:41.0859 1076 Avgtdia - ok

22:31:41.0875 1076 [ 371428CF0F71934CB0F2344823ADFA32 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys

22:31:41.0906 1076 avgtp - ok

22:31:41.0937 1076 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

22:31:41.0969 1076 avgwd - ok

22:31:42.0000 1076 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll

22:31:42.0125 1076 AxInstSV - ok

22:31:42.0171 1076 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

22:31:42.0265 1076 b06bdrv - ok

22:31:42.0281 1076 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

22:31:42.0296 1076 b57nd60a - ok

22:31:42.0374 1076 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

22:31:42.0452 1076 BDESVC - ok

22:31:42.0499 1076 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

22:31:42.0561 1076 Beep - ok

22:31:42.0655 1076 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll

22:31:42.0686 1076 BFE - ok

22:31:42.0749 1076 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll

22:31:42.0842 1076 BITS - ok

22:31:42.0873 1076 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

22:31:42.0920 1076 blbdrive - ok

22:31:42.0998 1076 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

22:31:43.0076 1076 bowser - ok

22:31:43.0123 1076 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

22:31:43.0170 1076 BrFiltLo - ok

22:31:43.0170 1076 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

22:31:43.0201 1076 BrFiltUp - ok

22:31:43.0217 1076 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

22:31:43.0279 1076 BridgeMP - ok

22:31:43.0310 1076 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll

22:31:43.0357 1076 Browser - ok

22:31:43.0388 1076 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

22:31:43.0419 1076 Brserid - ok

22:31:43.0451 1076 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

22:31:43.0497 1076 BrSerWdm - ok

22:31:43.0529 1076 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

22:31:43.0560 1076 BrUsbMdm - ok

22:31:43.0575 1076 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

22:31:43.0622 1076 BrUsbSer - ok

22:31:43.0669 1076 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

22:31:43.0716 1076 BthEnum - ok

22:31:43.0747 1076 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

22:31:43.0809 1076 BTHMODEM - ok

22:31:43.0856 1076 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

22:31:43.0887 1076 BthPan - ok

22:31:43.0934 1076 [ 21084CEB85280468C9ACA3C805C0F8CF ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

22:31:43.0997 1076 BTHPORT - ok

22:31:44.0028 1076 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

22:31:44.0106 1076 bthserv - ok

22:31:44.0153 1076 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

22:31:44.0199 1076 BTHUSB - ok

22:31:44.0246 1076 [ 962BD3689E2C85F0BA97F3D7E7BA540B ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys

22:31:44.0262 1076 btmaux - ok

22:31:44.0340 1076 [ EC1220B647F0D995DA5CAD4153454779 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys

22:31:44.0465 1076 btmhsf - ok

22:31:44.0527 1076 catchme - ok

22:31:44.0589 1076 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

22:31:44.0636 1076 cdfs - ok

22:31:44.0730 1076 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

22:31:44.0777 1076 cdrom - ok

22:31:44.0839 1076 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll

22:31:44.0901 1076 CertPropSvc - ok

22:31:44.0933 1076 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

22:31:44.0979 1076 circlass - ok

22:31:45.0042 1076 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

22:31:45.0073 1076 CLFS - ok

22:31:45.0182 1076 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:31:45.0213 1076 clr_optimization_v2.0.50727_32 - ok

22:31:45.0323 1076 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

22:31:45.0338 1076 clr_optimization_v2.0.50727_64 - ok

22:31:45.0416 1076 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:31:45.0447 1076 clr_optimization_v4.0.30319_32 - ok

22:31:45.0510 1076 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

22:31:45.0541 1076 clr_optimization_v4.0.30319_64 - ok

22:31:45.0557 1076 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

22:31:45.0603 1076 CmBatt - ok

22:31:45.0635 1076 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys

22:31:45.0650 1076 cmdide - ok

22:31:45.0713 1076 [ 937BEB186A735ACA91D717044A49D17E ] CNG C:\Windows\system32\Drivers\cng.sys

22:31:45.0759 1076 CNG - ok

22:31:45.0806 1076 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

22:31:45.0837 1076 Compbatt - ok

22:31:45.0869 1076 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

22:31:45.0931 1076 CompositeBus - ok

22:31:45.0962 1076 COMSysApp - ok

22:31:45.0993 1076 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

22:31:46.0025 1076 crcdisk - ok

22:31:46.0071 1076 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll

22:31:46.0134 1076 CryptSvc - ok

22:31:46.0149 1076 [ FBE228ABEAB2BE13B9C3A3A112D4D8DC ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys

22:31:46.0227 1076 CtClsFlt - ok

22:31:46.0383 1076 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

22:31:46.0415 1076 cvhsvc - ok

22:31:46.0493 1076 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll

22:31:46.0602 1076 DcomLaunch - ok

22:31:46.0680 1076 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

22:31:46.0727 1076 defragsvc - ok

22:31:46.0773 1076 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

22:31:46.0836 1076 DfsC - ok

22:31:46.0945 1076 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll

22:31:47.0101 1076 Dhcp - ok

22:31:47.0179 1076 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

22:31:47.0273 1076 discache - ok

22:31:47.0335 1076 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

22:31:47.0366 1076 Disk - ok

22:31:47.0382 1076 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll

22:31:47.0429 1076 Dnscache - ok

22:31:47.0507 1076 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll

22:31:47.0569 1076 dot3svc - ok

22:31:47.0616 1076 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll

22:31:47.0725 1076 DPS - ok

22:31:47.0772 1076 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

22:31:47.0834 1076 drmkaud - ok

22:31:47.0881 1076 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

22:31:47.0943 1076 DXGKrnl - ok

22:31:47.0990 1076 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

22:31:48.0068 1076 EapHost - ok

22:31:48.0177 1076 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

22:31:48.0349 1076 ebdrv - ok

22:31:48.0396 1076 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe

22:31:48.0458 1076 EFS - ok

22:31:48.0521 1076 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe

22:31:48.0614 1076 ehRecvr - ok

22:31:48.0645 1076 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

22:31:48.0755 1076 ehSched - ok

22:31:48.0817 1076 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

22:31:48.0848 1076 elxstor - ok

22:31:48.0864 1076 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys

22:31:48.0895 1076 ErrDev - ok

22:31:48.0957 1076 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

22:31:49.0051 1076 EventSystem - ok

22:31:49.0176 1076 [ 8B6C9924B0D333DBF76086B8258A0891 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe

22:31:49.0223 1076 EvtEng - ok

22:31:49.0223 1076 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

22:31:49.0301 1076 exfat - ok

22:31:49.0332 1076 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

22:31:49.0379 1076 fastfat - ok

22:31:49.0425 1076 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe

22:31:49.0472 1076 Fax - ok

22:31:49.0503 1076 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

22:31:49.0550 1076 fdc - ok

22:31:49.0581 1076 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

22:31:49.0659 1076 fdPHost - ok

22:31:49.0691 1076 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

22:31:49.0737 1076 FDResPub - ok

22:31:49.0800 1076 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

22:31:49.0831 1076 FileInfo - ok

22:31:49.0831 1076 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

22:31:49.0893 1076 Filetrace - ok

22:31:49.0940 1076 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

22:31:49.0987 1076 flpydisk - ok

22:31:50.0096 1076 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

22:31:50.0112 1076 FltMgr - ok

22:31:50.0361 1076 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll

22:31:50.0408 1076 FontCache - ok

22:31:50.0486 1076 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

22:31:50.0502 1076 FontCache3.0.0.0 - ok

22:31:50.0533 1076 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

22:31:50.0564 1076 FsDepends - ok

22:31:50.0595 1076 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

22:31:50.0595 1076 Fs_Rec - ok

22:31:50.0642 1076 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

22:31:50.0642 1076 fvevol - ok

22:31:50.0689 1076 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

22:31:50.0689 1076 gagp30kx - ok

22:31:50.0876 1076 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll

22:31:50.0907 1076 gpsvc - ok

22:31:50.0985 1076 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

22:31:51.0095 1076 hcw85cir - ok

22:31:51.0126 1076 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

22:31:51.0141 1076 HDAudBus - ok

22:31:51.0173 1076 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

22:31:51.0219 1076 HidBatt - ok

22:31:51.0235 1076 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

22:31:51.0251 1076 HidBth - ok

22:31:51.0297 1076 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

22:31:51.0329 1076 HidIr - ok

22:31:51.0360 1076 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

22:31:51.0391 1076 hidserv - ok

22:31:51.0438 1076 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

22:31:51.0469 1076 HidUsb - ok

22:31:51.0500 1076 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll

22:31:51.0547 1076 hkmsvc - ok

22:31:51.0563 1076 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

22:31:51.0594 1076 HomeGroupListener - ok

22:31:51.0625 1076 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll

22:31:51.0703 1076 HomeGroupProvider - ok

22:31:51.0765 1076 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys

22:31:51.0781 1076 HpSAMD - ok

22:31:51.0828 1076 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys

22:31:51.0921 1076 HTTP - ok

22:31:51.0984 1076 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

22:31:51.0999 1076 hwpolicy - ok

22:31:52.0031 1076 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

22:31:52.0046 1076 i8042prt - ok

22:31:52.0093 1076 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

22:31:52.0124 1076 iaStor - ok

22:31:52.0171 1076 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

22:31:52.0218 1076 iaStorV - ok

22:31:52.0233 1076 [ E44F0B4DC753C14930B8DC48BB7A1644 ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys

22:31:52.0249 1076 iBtFltCoex - ok

22:31:52.0311 1076 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

22:31:52.0358 1076 idsvc - ok

22:31:52.0686 1076 [ 0AC9E321D604BE48A0D72B69BA484BDC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

22:31:53.0107 1076 igfx - ok

22:31:53.0138 1076 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

22:31:53.0154 1076 iirsp - ok

22:31:53.0216 1076 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll

22:31:53.0247 1076 IKEEXT - ok

22:31:53.0279 1076 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys

22:31:53.0357 1076 Impcd - ok

22:31:53.0450 1076 [ A9853214CC97796579D75B1F59C51DCD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

22:31:53.0544 1076 IntcAzAudAddService - ok

22:31:53.0575 1076 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

22:31:53.0653 1076 IntcDAud - ok

22:31:53.0684 1076 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys

22:31:53.0684 1076 intelide - ok

22:31:53.0715 1076 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

22:31:53.0762 1076 intelppm - ok

22:31:53.0793 1076 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

22:31:53.0825 1076 IPBusEnum - ok

22:31:53.0840 1076 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:31:53.0871 1076 IpFilterDriver - ok

22:31:53.0934 1076 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

22:31:53.0981 1076 iphlpsvc - ok

22:31:53.0996 1076 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys

22:31:54.0043 1076 IPMIDRV - ok

22:31:54.0074 1076 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

22:31:54.0105 1076 IPNAT - ok

22:31:54.0199 1076 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

22:31:54.0246 1076 IRENUM - ok

22:31:54.0261 1076 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys

22:31:54.0277 1076 isapnp - ok

22:31:54.0339 1076 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

22:31:54.0371 1076 iScsiPrt - ok

22:31:54.0402 1076 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

22:31:54.0417 1076 kbdclass - ok

22:31:54.0449 1076 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

22:31:54.0464 1076 kbdhid - ok

22:31:54.0495 1076 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe

22:31:54.0527 1076 KeyIso - ok

22:31:54.0573 1076 [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

22:31:54.0605 1076 KSecDD - ok

22:31:54.0620 1076 [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

22:31:54.0620 1076 KSecPkg - ok

22:31:54.0651 1076 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

22:31:54.0714 1076 ksthunk - ok

22:31:54.0745 1076 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

22:31:54.0854 1076 KtmRm - ok

22:31:54.0917 1076 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll

22:31:54.0963 1076 LanmanServer - ok

22:31:54.0995 1076 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

22:31:55.0057 1076 LanmanWorkstation - ok

22:31:55.0104 1076 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

22:31:55.0151 1076 lltdio - ok

22:31:55.0229 1076 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

22:31:55.0353 1076 lltdsvc - ok

22:31:55.0416 1076 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

22:31:55.0509 1076 lmhosts - ok

22:31:55.0587 1076 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

22:31:55.0619 1076 LMS - ok

22:31:55.0665 1076 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

22:31:55.0697 1076 LSI_FC - ok

22:31:55.0712 1076 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

22:31:55.0728 1076 LSI_SAS - ok

22:31:55.0743 1076 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

22:31:55.0759 1076 LSI_SAS2 - ok

22:31:55.0790 1076 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

22:31:55.0790 1076 LSI_SCSI - ok

22:31:55.0821 1076 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

22:31:55.0884 1076 luafv - ok

22:31:55.0946 1076 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

22:31:55.0962 1076 MBAMProtector - ok

22:31:56.0040 1076 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

22:31:56.0071 1076 MBAMScheduler - ok

22:31:56.0087 1076 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

22:31:56.0102 1076 MBAMService - ok

22:31:56.0133 1076 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

22:31:56.0149 1076 Mcx2Svc - ok

22:31:56.0196 1076 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

22:31:56.0211 1076 megasas - ok

22:31:56.0243 1076 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

22:31:56.0258 1076 MegaSR - ok

22:31:56.0305 1076 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

22:31:56.0336 1076 MEIx64 - ok

22:31:56.0367 1076 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

22:31:56.0414 1076 MMCSS - ok

22:31:56.0461 1076 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

22:31:56.0508 1076 Modem - ok

22:31:56.0539 1076 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

22:31:56.0570 1076 monitor - ok

22:31:56.0617 1076 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

22:31:56.0648 1076 mouclass - ok

22:31:56.0679 1076 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

22:31:56.0711 1076 mouhid - ok

22:31:56.0742 1076 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

22:31:56.0757 1076 mountmgr - ok

22:31:56.0789 1076 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys

22:31:56.0804 1076 mpio - ok

22:31:56.0820 1076 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

22:31:56.0898 1076 mpsdrv - ok

22:31:56.0929 1076 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll

22:31:56.0991 1076 MpsSvc - ok

22:31:57.0054 1076 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

22:31:57.0085 1076 MRxDAV - ok

22:31:57.0116 1076 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

22:31:57.0163 1076 mrxsmb - ok

22:31:57.0194 1076 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:31:57.0257 1076 mrxsmb10 - ok

22:31:57.0288 1076 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:31:57.0335 1076 mrxsmb20 - ok

22:31:57.0366 1076 [ BCCF16D5FB1109162380E3E28DC9E4E5 ] msahci C:\Windows\system32\DRIVERS\msahci.sys

22:31:57.0381 1076 msahci - ok

22:31:57.0444 1076 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys

22:31:57.0475 1076 msdsm - ok

22:31:57.0475 1076 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

22:31:57.0506 1076 MSDTC - ok

22:31:57.0522 1076 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

22:31:57.0553 1076 Msfs - ok

22:31:57.0569 1076 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

22:31:57.0600 1076 mshidkmdf - ok

22:31:57.0631 1076 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys

22:31:57.0631 1076 msisadrv - ok

22:31:57.0662 1076 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

22:31:57.0787 1076 MSiSCSI - ok

22:31:57.0787 1076 msiserver - ok

22:31:57.0818 1076 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

22:31:57.0849 1076 MSKSSRV - ok

22:31:57.0896 1076 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

22:31:57.0943 1076 MSPCLOCK - ok

22:31:57.0959 1076 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

22:31:57.0990 1076 MSPQM - ok

22:31:58.0005 1076 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

22:31:58.0021 1076 MsRPC - ok

22:31:58.0037 1076 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

22:31:58.0052 1076 mssmbios - ok

22:31:58.0068 1076 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

22:31:58.0099 1076 MSTEE - ok

22:31:58.0115 1076 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

22:31:58.0161 1076 MTConfig - ok

22:31:58.0208 1076 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

22:31:58.0224 1076 Mup - ok

22:31:58.0286 1076 [ 6ED8935257672F4CD04A88A0F3DE093D ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

22:31:58.0302 1076 MyWiFiDHCPDNS - ok

22:31:58.0333 1076 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll

22:31:58.0364 1076 napagent - ok

22:31:58.0427 1076 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

22:31:58.0520 1076 NativeWifiP - ok

22:31:58.0770 1076 [ A3151B3463EEA7E47F618F115D0D142E ] NDIS C:\Windows\system32\drivers\ndis.sys

22:31:58.0801 1076 NDIS - ok

22:31:58.0848 1076 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

22:31:58.0879 1076 NdisCap - ok

22:31:58.0957 1076 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

22:31:59.0004 1076 NdisTapi - ok

22:31:59.0019 1076 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

22:31:59.0051 1076 Ndisuio - ok

22:31:59.0082 1076 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

22:31:59.0175 1076 NdisWan - ok

22:31:59.0175 1076 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

22:31:59.0222 1076 NDProxy - ok

22:31:59.0238 1076 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

22:31:59.0285 1076 NetBIOS - ok

22:31:59.0363 1076 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

22:31:59.0441 1076 NetBT - ok

22:31:59.0456 1076 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe

22:31:59.0472 1076 Netlogon - ok

22:31:59.0581 1076 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

22:31:59.0628 1076 Netman - ok

22:31:59.0659 1076 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

22:31:59.0706 1076 netprofm - ok

22:31:59.0721 1076 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

22:31:59.0737 1076 NetTcpPortSharing - ok

22:32:01.0531 1076 [ 5D262402B0634C998F8CBCEAD7DD8676 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys

22:32:01.0921 1076 NETwNs64 - ok

22:32:01.0968 1076 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

22:32:01.0968 1076 nfrd960 - ok

22:32:02.0015 1076 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll

22:32:02.0046 1076 NlaSvc - ok

22:32:02.0217 1076 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

22:32:02.0311 1076 NOBU - ok

22:32:02.0327 1076 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

22:32:02.0389 1076 Npfs - ok

22:32:02.0420 1076 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

22:32:02.0483 1076 nsi - ok

22:32:02.0483 1076 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

22:32:02.0514 1076 nsiproxy - ok

22:32:02.0592 1076 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

22:32:02.0685 1076 Ntfs - ok

22:32:02.0701 1076 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

22:32:02.0732 1076 Null - ok

22:32:02.0763 1076 [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys

22:32:02.0810 1076 nusb3hub - ok

22:32:02.0857 1076 [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys

22:32:02.0919 1076 nusb3xhc - ok

22:32:02.0982 1076 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys

22:32:02.0982 1076 nvraid - ok

22:32:03.0060 1076 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys

22:32:03.0091 1076 nvstor - ok

22:32:03.0107 1076 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys

22:32:03.0107 1076 nv_agp - ok

22:32:03.0138 1076 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

22:32:03.0153 1076 ohci1394 - ok

22:32:03.0185 1076 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

22:32:03.0185 1076 ose - ok

22:32:03.0387 1076 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

22:32:03.0450 1076 osppsvc - ok

22:32:03.0481 1076 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

22:32:03.0559 1076 p2pimsvc - ok

22:32:03.0590 1076 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

22:32:03.0606 1076 p2psvc - ok

22:32:03.0637 1076 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

22:32:03.0653 1076 Parport - ok

22:32:03.0668 1076 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys

22:32:03.0684 1076 partmgr - ok

22:32:03.0699 1076 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

22:32:03.0746 1076 PcaSvc - ok

22:32:03.0809 1076 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys

22:32:03.0840 1076 pci - ok

22:32:03.0855 1076 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys

22:32:03.0871 1076 pciide - ok

22:32:03.0871 1076 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

22:32:03.0887 1076 pcmcia - ok

22:32:03.0918 1076 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

22:32:03.0918 1076 pcw - ok

22:32:03.0965 1076 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

22:32:04.0043 1076 PEAUTH - ok

22:32:04.0136 1076 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

22:32:04.0214 1076 PerfHost - ok

22:32:04.0479 1076 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll

22:32:04.0589 1076 pla - ok

22:32:04.0713 1076 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

22:32:04.0760 1076 PlugPlay - ok

22:32:04.0791 1076 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

22:32:04.0854 1076 PNRPAutoReg - ok

22:32:04.0869 1076 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

22:32:04.0901 1076 PNRPsvc - ok

22:32:04.0932 1076 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

22:32:05.0025 1076 PolicyAgent - ok

22:32:05.0057 1076 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

22:32:05.0119 1076 Power - ok

22:32:05.0150 1076 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

22:32:05.0181 1076 PptpMiniport - ok

22:32:05.0197 1076 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

22:32:05.0228 1076 Processor - ok

22:32:05.0259 1076 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll

22:32:05.0306 1076 ProfSvc - ok

22:32:05.0322 1076 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe

22:32:05.0337 1076 ProtectedStorage - ok

22:32:05.0369 1076 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys

22:32:05.0415 1076 Psched - ok

22:32:05.0540 1076 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

22:32:05.0556 1076 PxHlpa64 - ok

22:32:05.0618 1076 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

22:32:05.0712 1076 ql2300 - ok

22:32:05.0712 1076 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

22:32:05.0727 1076 ql40xx - ok

22:32:05.0805 1076 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

22:32:05.0852 1076 QWAVE - ok

22:32:05.0883 1076 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

22:32:05.0899 1076 QWAVEdrv - ok

22:32:05.0915 1076 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

22:32:05.0961 1076 RasAcd - ok

22:32:05.0993 1076 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

22:32:06.0024 1076 RasAgileVpn - ok

22:32:06.0055 1076 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

22:32:06.0086 1076 RasAuto - ok

22:32:06.0117 1076 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

22:32:06.0149 1076 Rasl2tp - ok

22:32:06.0180 1076 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll

22:32:06.0227 1076 RasMan - ok

22:32:06.0242 1076 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

22:32:06.0273 1076 RasPppoe - ok

22:32:06.0305 1076 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

22:32:06.0367 1076 RasSstp - ok

22:32:06.0383 1076 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

22:32:06.0492 1076 rdbss - ok

22:32:06.0507 1076 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

22:32:06.0523 1076 rdpbus - ok

22:32:06.0570 1076 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

22:32:06.0617 1076 RDPCDD - ok

22:32:06.0663 1076 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

22:32:06.0710 1076 RDPENCDD - ok

22:32:06.0757 1076 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

22:32:06.0804 1076 RDPREFMP - ok

22:32:06.0819 1076 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

22:32:06.0851 1076 RDPWD - ok

22:32:06.0882 1076 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

22:32:06.0897 1076 rdyboost - ok

22:32:07.0116 1076 [ 189C5A8D2098E0AA14FD157A954B34FC ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

22:32:07.0178 1076 RegSrvc - ok

22:32:07.0194 1076 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

22:32:07.0241 1076 RemoteAccess - ok

22:32:07.0256 1076 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

22:32:07.0287 1076 RemoteRegistry - ok

22:32:07.0334 1076 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

22:32:07.0381 1076 RFCOMM - ok

22:32:07.0490 1076 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

22:32:07.0568 1076 RoxMediaDB12OEM - ok

22:32:07.0646 1076 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

22:32:07.0677 1076 RoxWatch12 - ok

22:32:07.0724 1076 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

22:32:07.0740 1076 RpcEptMapper - ok

22:32:07.0771 1076 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

22:32:07.0818 1076 RpcLocator - ok

22:32:07.0849 1076 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll

22:32:07.0880 1076 RpcSs - ok

22:32:07.0911 1076 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

22:32:07.0974 1076 rspndr - ok

22:32:08.0021 1076 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys

22:32:08.0036 1076 RSUSBSTOR - ok

22:32:08.0083 1076 [ A73ED14670220307874AD6BC2F279349 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

22:32:08.0130 1076 RTL8167 - ok

22:32:08.0130 1076 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe

22:32:08.0145 1076 SamSs - ok

22:32:08.0161 1076 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys

22:32:08.0177 1076 sbp2port - ok

22:32:08.0192 1076 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

22:32:08.0239 1076 SCardSvr - ok

22:32:08.0255 1076 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

22:32:08.0301 1076 scfilter - ok

22:32:08.0364 1076 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll

22:32:08.0411 1076 Schedule - ok

22:32:08.0426 1076 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll

22:32:08.0473 1076 SCPolicySvc - ok

22:32:08.0504 1076 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll

22:32:08.0598 1076 SDRSVC - ok

22:32:08.0691 1076 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

22:32:08.0754 1076 secdrv - ok

22:32:08.0785 1076 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll

22:32:08.0847 1076 seclogon - ok

22:32:08.0863 1076 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

22:32:08.0894 1076 SENS - ok

22:32:08.0925 1076 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

22:32:08.0972 1076 SensrSvc - ok

22:32:08.0988 1076 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

22:32:09.0003 1076 Serenum - ok

22:32:09.0066 1076 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

22:32:09.0097 1076 Serial - ok

22:32:09.0175 1076 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

22:32:09.0191 1076 sermouse - ok

22:32:09.0237 1076 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll

22:32:09.0284 1076 SessionEnv - ok

22:32:09.0300 1076 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

22:32:09.0362 1076 sffdisk - ok

22:32:09.0425 1076 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys

22:32:09.0440 1076 sffp_mmc - ok

22:32:09.0471 1076 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

22:32:09.0518 1076 sffp_sd - ok

22:32:09.0549 1076 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

22:32:09.0581 1076 sfloppy - ok

22:32:09.0627 1076 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys

22:32:09.0659 1076 Sftfs - ok

22:32:09.0737 1076 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

22:32:09.0799 1076 sftlist - ok

22:32:09.0815 1076 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys

22:32:09.0830 1076 Sftplay - ok

22:32:09.0846 1076 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys

22:32:09.0846 1076 Sftredir - ok

22:32:09.0939 1076 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

22:32:10.0017 1076 SftService - ok

22:32:10.0049 1076 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys

22:32:10.0049 1076 Sftvol - ok

22:32:10.0095 1076 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

22:32:10.0127 1076 sftvsa - ok

22:32:10.0158 1076 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

22:32:10.0205 1076 SharedAccess - ok

22:32:10.0236 1076 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll

22:32:10.0267 1076 ShellHWDetection - ok

22:32:10.0314 1076 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

22:32:10.0329 1076 SiSRaid2 - ok

22:32:10.0329 1076 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

22:32:10.0345 1076 SiSRaid4 - ok

22:32:10.0423 1076 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

22:32:10.0454 1076 SkypeUpdate - ok

22:32:10.0501 1076 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

22:32:10.0548 1076 Smb - ok

22:32:10.0595 1076 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

22:32:10.0657 1076 SNMPTRAP - ok

22:32:10.0657 1076 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

22:32:10.0673 1076 spldr - ok

22:32:10.0704 1076 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe

22:32:10.0782 1076 Spooler - ok

22:32:10.0891 1076 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe

22:32:10.0922 1076 sppsvc - ok

22:32:10.0953 1076 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

22:32:10.0985 1076 sppuinotify - ok

22:32:11.0016 1076 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys

22:32:11.0063 1076 srv - ok

22:32:11.0078 1076 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

22:32:11.0125 1076 srv2 - ok

22:32:11.0156 1076 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

22:32:11.0187 1076 srvnet - ok

22:32:11.0234 1076 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

22:32:11.0281 1076 SSDPSRV - ok

22:32:11.0281 1076 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

22:32:11.0328 1076 SstpSvc - ok

22:32:11.0375 1076 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

22:32:11.0406 1076 stexstor - ok

22:32:11.0562 1076 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll

22:32:11.0624 1076 stisvc - ok

22:32:11.0655 1076 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

22:32:11.0671 1076 stllssvr - ok

22:32:11.0702 1076 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

22:32:11.0718 1076 swenum - ok

22:32:11.0765 1076 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

22:32:11.0796 1076 swprv - ok

22:32:12.0201 1076 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll

22:32:12.0233 1076 SysMain - ok

22:32:12.0264 1076 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll

22:32:12.0295 1076 TabletInputService - ok

22:32:12.0373 1076 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll

22:32:12.0451 1076 TapiSrv - ok

22:32:12.0467 1076 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

22:32:12.0498 1076 TBS - ok

22:32:12.0576 1076 [ F18F56EFC0BFB9C87BA01C37B27F4DA5 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

22:32:12.0654 1076 Tcpip - ok

22:32:12.0701 1076 [ F18F56EFC0BFB9C87BA01C37B27F4DA5 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

22:32:12.0732 1076 TCPIP6 - ok

22:32:12.0747 1076 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

22:32:12.0794 1076 tcpipreg - ok

22:32:12.0810 1076 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

22:32:12.0825 1076 TDPIPE - ok

22:32:12.0841 1076 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

22:32:12.0935 1076 TDTCP - ok

22:32:13.0059 1076 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys

22:32:13.0122 1076 tdx - ok

22:32:13.0153 1076 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

22:32:13.0153 1076 TermDD - ok

22:32:13.0184 1076 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll

22:32:13.0215 1076 TermService - ok

22:32:13.0247 1076 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

22:32:13.0293 1076 Themes - ok

22:32:13.0325 1076 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

22:32:13.0356 1076 THREADORDER - ok

22:32:13.0387 1076 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

22:32:13.0434 1076 TrkWks - ok

22:32:13.0481 1076 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

22:32:13.0496 1076 TrustedInstaller - ok

22:32:13.0527 1076 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

22:32:13.0559 1076 tssecsrv - ok

22:32:13.0605 1076 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

22:32:13.0652 1076 tunnel - ok

22:32:13.0683 1076 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys

22:32:13.0715 1076 TurboB - ok

22:32:13.0730 1076 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe

22:32:13.0746 1076 TurboBoost - ok

22:32:13.0777 1076 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

22:32:13.0808 1076 uagp35 - ok

22:32:13.0824 1076 [ 31BA4A33AFAB6A69EA092B18017F737F ] udfs C:\Windows\system32\DRIVERS\udfs.sys

22:32:13.0871 1076 udfs - ok

22:32:13.0902 1076 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

22:32:13.0933 1076 UI0Detect - ok

22:32:13.0964 1076 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys

22:32:13.0964 1076 uliagpkx - ok

22:32:13.0995 1076 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

22:32:14.0042 1076 umbus - ok

22:32:14.0151 1076 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

22:32:14.0198 1076 UmPass - ok

22:32:14.0323 1076 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

22:32:14.0370 1076 UNS - ok

22:32:14.0401 1076 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

22:32:14.0463 1076 upnphost - ok

22:32:14.0495 1076 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

22:32:14.0557 1076 usbccgp - ok

22:32:14.0588 1076 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys

22:32:14.0651 1076 usbcir - ok

22:32:14.0697 1076 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys

22:32:14.0729 1076 usbehci - ok

22:32:14.0775 1076 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

22:32:14.0791 1076 usbhub - ok

22:32:14.0822 1076 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys

22:32:14.0838 1076 usbohci - ok

22:32:14.0853 1076 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

22:32:14.0885 1076 usbprint - ok

22:32:14.0900 1076 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:32:14.0963 1076 USBSTOR - ok

22:32:15.0009 1076 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

22:32:15.0056 1076 usbuhci - ok

22:32:15.0087 1076 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

22:32:15.0150 1076 usbvideo - ok

22:32:15.0165 1076 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

22:32:15.0212 1076 UxSms - ok

22:32:15.0228 1076 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe

22:32:15.0228 1076 VaultSvc - ok

22:32:15.0259 1076 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys

22:32:15.0275 1076 vdrvroot - ok

22:32:15.0321 1076 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe

22:32:15.0368 1076 vds - ok

22:32:15.0384 1076 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

22:32:15.0399 1076 vga - ok

22:32:15.0431 1076 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

22:32:15.0477 1076 VgaSave - ok

22:32:15.0524 1076 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys

22:32:15.0571 1076 vhdmp - ok

22:32:15.0587 1076 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys

22:32:15.0602 1076 viaide - ok

22:32:15.0633 1076 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys

22:32:15.0665 1076 volmgr - ok

22:32:15.0680 1076 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

22:32:15.0696 1076 volmgrx - ok

22:32:15.0711 1076 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys

22:32:15.0727 1076 volsnap - ok

22:32:15.0774 1076 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

22:32:15.0774 1076 vsmraid - ok

22:32:16.0242 1076 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe

22:32:16.0273 1076 VSS - ok

22:32:16.0367 1076 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

22:32:16.0445 1076 vToolbarUpdater13.2.0 - ok

22:32:16.0460 1076 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

22:32:16.0523 1076 vwifibus - ok

22:32:16.0554 1076 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

22:32:16.0601 1076 vwififlt - ok

22:32:16.0647 1076 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

22:32:16.0679 1076 vwifimp - ok

22:32:16.0710 1076 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

22:32:16.0741 1076 W32Time - ok

22:32:16.0772 1076 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

22:32:16.0788 1076 WacomPen - ok

22:32:16.0819 1076 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

22:32:16.0881 1076 WANARP - ok

22:32:16.0881 1076 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

22:32:16.0913 1076 Wanarpv6 - ok

22:32:17.0069 1076 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

22:32:17.0147 1076 WatAdminSvc - ok

22:32:17.0225 1076 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe

22:32:17.0287 1076 wbengine - ok

22:32:17.0365 1076 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

22:32:17.0412 1076 WbioSrvc - ok

22:32:17.0459 1076 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll

22:32:17.0537 1076 wcncsvc - ok

22:32:17.0568 1076 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

22:32:17.0630 1076 WcsPlugInService - ok

22:32:17.0661 1076 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

22:32:17.0677 1076 Wd - ok

22:32:17.0708 1076 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

22:32:17.0739 1076 Wdf01000 - ok

22:32:17.0786 1076 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

22:32:17.0817 1076 WdiServiceHost - ok

22:32:17.0817 1076 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

22:32:17.0833 1076 WdiSystemHost - ok

22:32:17.0880 1076 [ 94DC2BF6CBAAA95E369C3756D3115A76 ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys

22:32:17.0895 1076 wdkmd - ok

22:32:17.0927 1076 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll

22:32:17.0973 1076 WebClient - ok

22:32:18.0005 1076 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

22:32:18.0098 1076 Wecsvc - ok

22:32:18.0114 1076 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

22:32:18.0161 1076 wercplsupport - ok

22:32:18.0176 1076 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

22:32:18.0207 1076 WerSvc - ok

22:32:18.0239 1076 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

22:32:18.0270 1076 WfpLwf - ok

22:32:18.0317 1076 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

22:32:18.0317 1076 WimFltr - ok

22:32:18.0348 1076 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

22:32:18.0348 1076 WIMMount - ok

22:32:18.0379 1076 WinDefend - ok

22:32:18.0379 1076 WinHttpAutoProxySvc - ok

22:32:18.0441 1076 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

22:32:18.0504 1076 Winmgmt - ok

22:32:18.0987 1076 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll

22:32:19.0050 1076 WinRM - ok

22:32:19.0097 1076 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

22:32:19.0112 1076 Wlansvc - ok

22:32:19.0175 1076 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

22:32:19.0190 1076 wlcrasvc - ok

22:32:19.0783 1076 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

22:32:19.0830 1076 wlidsvc - ok

22:32:19.0892 1076 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

22:32:19.0923 1076 WmiAcpi - ok

22:32:19.0955 1076 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

22:32:20.0017 1076 wmiApSrv - ok

22:32:20.0048 1076 WMPNetworkSvc - ok

22:32:20.0064 1076 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

22:32:20.0111 1076 WPCSvc - ok

22:32:20.0111 1076 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

22:32:20.0126 1076 WPDBusEnum - ok

22:32:20.0142 1076 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

22:32:20.0173 1076 ws2ifsl - ok

22:32:20.0189 1076 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll

22:32:20.0220 1076 wscsvc - ok

22:32:20.0235 1076 WSearch - ok

22:32:20.0391 1076 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

22:32:20.0423 1076 wuauserv - ok

22:32:20.0454 1076 [ C63907207B837A5C05CF6D1606AA0008 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

22:32:20.0501 1076 WudfPf - ok

22:32:20.0532 1076 [ D885A873D733020F8B9B9FF4B1666158 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

22:32:20.0563 1076 WUDFRd - ok

22:32:20.0594 1076 [ 27B9BEE5AAC00139E3A3AF5D6227A0DC ] wudfsvc C:\Windows\System32\WUDFSvc.dll

22:32:20.0641 1076 wudfsvc - ok

22:32:20.0688 1076 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

22:32:20.0766 1076 WwanSvc - ok

22:32:20.0797 1076 ================ Scan global ===============================

22:32:20.0844 1076 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

22:32:20.0875 1076 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll

22:32:20.0891 1076 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll

22:32:20.0906 1076 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

22:32:20.0937 1076 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

22:32:20.0953 1076 [Global] - ok

22:32:20.0953 1076 ================ Scan MBR ==================================

22:32:20.0984 1076 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

22:32:21.0499 1076 \Device\Harddisk0\DR0 - ok

22:32:21.0499 1076 ================ Scan VBR ==================================

22:32:21.0530 1076 [ C6E92685F316E6625F78BBD04599B9D0 ] \Device\Harddisk0\DR0\Partition1

22:32:21.0546 1076 \Device\Harddisk0\DR0\Partition1 - ok

22:32:21.0561 1076 [ 683C52AD82086AEDC39384B3D0160F54 ] \Device\Harddisk0\DR0\Partition2

22:32:21.0561 1076 \Device\Harddisk0\DR0\Partition2 - ok

22:32:21.0561 1076 ============================================================

22:32:21.0561 1076 Scan finished

22:32:21.0561 1076 ============================================================

22:32:21.0577 3120 Detected object count: 0

22:32:21.0577 3120 Actual detected object count: 0

Thank you,

Joe

Link to post
Share on other sites

Hi Kevin,

Please ignore the previous post, as I did not paste the correct log. I resetted IE settings back to default and ran the TDSSKiller. However, the loadong time for the web pages has not improved. Below is the TDSSKiller log:

22:30:21.0925 3968 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

22:30:22.0377 3968 ============================================================

22:30:22.0377 3968 Current date / time: 2012/12/04 22:30:22.0377

22:30:22.0377 3968 SystemInfo:

22:30:22.0377 3968

22:30:22.0377 3968 OS Version: 6.1.7600 ServicePack: 0.0

22:30:22.0377 3968 Product type: Workstation

22:30:22.0377 3968 ComputerName: MARY-PC

22:30:22.0377 3968 UserName: MARI

22:30:22.0377 3968 Windows directory: C:\Windows

22:30:22.0377 3968 System windows directory: C:\Windows

22:30:22.0377 3968 Running under WOW64

22:30:22.0377 3968 Processor architecture: Intel x64

22:30:22.0377 3968 Number of processors: 4

22:30:22.0377 3968 Page size: 0x1000

22:30:22.0377 3968 Boot type: Normal boot

22:30:22.0377 3968 ============================================================

22:30:24.0156 3968 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:30:24.0171 3968 ============================================================

22:30:24.0171 3968 \Device\Harddisk0\DR0:

22:30:24.0171 3968 MBR partitions:

22:30:24.0171 3968 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D4C000

22:30:24.0171 3968 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7EFCD, BlocksNum 0x38606863

22:30:24.0171 3968 ============================================================

22:30:24.0249 3968 C: <-> \Device\Harddisk0\DR0\Partition2

22:30:24.0249 3968 ============================================================

22:30:24.0249 3968 Initialize success

22:30:24.0249 3968 ============================================================

22:31:36.0462 1076 ============================================================

22:31:36.0462 1076 Scan started

22:31:36.0462 1076 Mode: Manual; SigCheck; TDLFS;

22:31:36.0462 1076 ============================================================

22:31:36.0961 1076 ================ Scan system memory ========================

22:31:36.0961 1076 System memory - ok

22:31:36.0961 1076 ================ Scan services =============================

22:31:37.0133 1076 [ 969C91060CBB5D17CB8440B5F78B4C51 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys

22:31:37.0242 1076 1394ohci - ok

22:31:37.0273 1076 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys

22:31:37.0304 1076 ACPI - ok

22:31:37.0335 1076 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys

22:31:37.0460 1076 AcpiPmi - ok

22:31:37.0679 1076 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

22:31:37.0710 1076 AdobeARMservice - ok

22:31:37.0897 1076 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

22:31:37.0928 1076 AdobeFlashPlayerUpdateSvc - ok

22:31:37.0975 1076 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

22:31:38.0037 1076 adp94xx - ok

22:31:38.0084 1076 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

22:31:38.0131 1076 adpahci - ok

22:31:38.0131 1076 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

22:31:38.0147 1076 adpu320 - ok

22:31:38.0193 1076 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

22:31:38.0396 1076 AeLookupSvc - ok

22:31:38.0552 1076 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

22:31:38.0615 1076 AERTFilters - ok

22:31:38.0817 1076 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys

22:31:38.0895 1076 AFD - ok

22:31:38.0958 1076 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys

22:31:38.0973 1076 agp440 - ok

22:31:39.0020 1076 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

22:31:39.0098 1076 ALG - ok

22:31:39.0161 1076 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys

22:31:39.0176 1076 aliide - ok

22:31:39.0239 1076 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys

22:31:39.0270 1076 amdide - ok

22:31:39.0301 1076 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

22:31:39.0395 1076 AmdK8 - ok

22:31:39.0426 1076 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

22:31:39.0504 1076 AmdPPM - ok

22:31:39.0551 1076 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys

22:31:39.0597 1076 amdsata - ok

22:31:39.0629 1076 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

22:31:39.0660 1076 amdsbs - ok

22:31:39.0722 1076 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys

22:31:39.0753 1076 amdxata - ok

22:31:39.0816 1076 [ 7380B9072EBC65A54DA3074E14BF34B9 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys

22:31:39.0831 1076 ApfiltrService - ok

22:31:39.0878 1076 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys

22:31:40.0019 1076 AppID - ok

22:31:40.0065 1076 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

22:31:40.0128 1076 AppIDSvc - ok

22:31:40.0206 1076 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll

22:31:40.0253 1076 Appinfo - ok

22:31:40.0455 1076 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

22:31:40.0487 1076 arc - ok

22:31:40.0518 1076 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

22:31:40.0533 1076 arcsas - ok

22:31:40.0596 1076 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

22:31:40.0643 1076 AsyncMac - ok

22:31:40.0736 1076 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys

22:31:40.0783 1076 atapi - ok

22:31:40.0861 1076 [ E1FFD1F7B043AEF0ACC9E7593043FD4C ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

22:31:40.0939 1076 AudioEndpointBuilder - ok

22:31:40.0970 1076 [ E1FFD1F7B043AEF0ACC9E7593043FD4C ] AudioSrv C:\Windows\System32\Audiosrv.dll

22:31:40.0986 1076 AudioSrv - ok

22:31:41.0251 1076 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

22:31:41.0329 1076 AVGIDSAgent - ok

22:31:41.0376 1076 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys

22:31:41.0407 1076 AVGIDSDriver - ok

22:31:41.0423 1076 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys

22:31:41.0469 1076 AVGIDSHA - ok

22:31:41.0547 1076 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys

22:31:41.0594 1076 Avgldx64 - ok

22:31:41.0641 1076 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys

22:31:41.0672 1076 Avgloga - ok

22:31:41.0703 1076 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys

22:31:41.0735 1076 Avgmfx64 - ok

22:31:41.0750 1076 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys

22:31:41.0781 1076 Avgrkx64 - ok

22:31:41.0797 1076 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys

22:31:41.0859 1076 Avgtdia - ok

22:31:41.0875 1076 [ 371428CF0F71934CB0F2344823ADFA32 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys

22:31:41.0906 1076 avgtp - ok

22:31:41.0937 1076 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

22:31:41.0969 1076 avgwd - ok

22:31:42.0000 1076 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll

22:31:42.0125 1076 AxInstSV - ok

22:31:42.0171 1076 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

22:31:42.0265 1076 b06bdrv - ok

22:31:42.0281 1076 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

22:31:42.0296 1076 b57nd60a - ok

22:31:42.0374 1076 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

22:31:42.0452 1076 BDESVC - ok

22:31:42.0499 1076 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

22:31:42.0561 1076 Beep - ok

22:31:42.0655 1076 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll

22:31:42.0686 1076 BFE - ok

22:31:42.0749 1076 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll

22:31:42.0842 1076 BITS - ok

22:31:42.0873 1076 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

22:31:42.0920 1076 blbdrive - ok

22:31:42.0998 1076 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

22:31:43.0076 1076 bowser - ok

22:31:43.0123 1076 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

22:31:43.0170 1076 BrFiltLo - ok

22:31:43.0170 1076 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

22:31:43.0201 1076 BrFiltUp - ok

22:31:43.0217 1076 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

22:31:43.0279 1076 BridgeMP - ok

22:31:43.0310 1076 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll

22:31:43.0357 1076 Browser - ok

22:31:43.0388 1076 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

22:31:43.0419 1076 Brserid - ok

22:31:43.0451 1076 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

22:31:43.0497 1076 BrSerWdm - ok

22:31:43.0529 1076 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

22:31:43.0560 1076 BrUsbMdm - ok

22:31:43.0575 1076 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

22:31:43.0622 1076 BrUsbSer - ok

22:31:43.0669 1076 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

22:31:43.0716 1076 BthEnum - ok

22:31:43.0747 1076 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

22:31:43.0809 1076 BTHMODEM - ok

22:31:43.0856 1076 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

22:31:43.0887 1076 BthPan - ok

22:31:43.0934 1076 [ 21084CEB85280468C9ACA3C805C0F8CF ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

22:31:43.0997 1076 BTHPORT - ok

22:31:44.0028 1076 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

22:31:44.0106 1076 bthserv - ok

22:31:44.0153 1076 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

22:31:44.0199 1076 BTHUSB - ok

22:31:44.0246 1076 [ 962BD3689E2C85F0BA97F3D7E7BA540B ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys

22:31:44.0262 1076 btmaux - ok

22:31:44.0340 1076 [ EC1220B647F0D995DA5CAD4153454779 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys

22:31:44.0465 1076 btmhsf - ok

22:31:44.0527 1076 catchme - ok

22:31:44.0589 1076 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

22:31:44.0636 1076 cdfs - ok

22:31:44.0730 1076 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

22:31:44.0777 1076 cdrom - ok

22:31:44.0839 1076 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll

22:31:44.0901 1076 CertPropSvc - ok

22:31:44.0933 1076 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

22:31:44.0979 1076 circlass - ok

22:31:45.0042 1076 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

22:31:45.0073 1076 CLFS - ok

22:31:45.0182 1076 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:31:45.0213 1076 clr_optimization_v2.0.50727_32 - ok

22:31:45.0323 1076 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

22:31:45.0338 1076 clr_optimization_v2.0.50727_64 - ok

22:31:45.0416 1076 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:31:45.0447 1076 clr_optimization_v4.0.30319_32 - ok

22:31:45.0510 1076 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

22:31:45.0541 1076 clr_optimization_v4.0.30319_64 - ok

22:31:45.0557 1076 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

22:31:45.0603 1076 CmBatt - ok

22:31:45.0635 1076 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys

22:31:45.0650 1076 cmdide - ok

22:31:45.0713 1076 [ 937BEB186A735ACA91D717044A49D17E ] CNG C:\Windows\system32\Drivers\cng.sys

22:31:45.0759 1076 CNG - ok

22:31:45.0806 1076 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

22:31:45.0837 1076 Compbatt - ok

22:31:45.0869 1076 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

22:31:45.0931 1076 CompositeBus - ok

22:31:45.0962 1076 COMSysApp - ok

22:31:45.0993 1076 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

22:31:46.0025 1076 crcdisk - ok

22:31:46.0071 1076 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll

22:31:46.0134 1076 CryptSvc - ok

22:31:46.0149 1076 [ FBE228ABEAB2BE13B9C3A3A112D4D8DC ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys

22:31:46.0227 1076 CtClsFlt - ok

22:31:46.0383 1076 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

22:31:46.0415 1076 cvhsvc - ok

22:31:46.0493 1076 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll

22:31:46.0602 1076 DcomLaunch - ok

22:31:46.0680 1076 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

22:31:46.0727 1076 defragsvc - ok

22:31:46.0773 1076 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

22:31:46.0836 1076 DfsC - ok

22:31:46.0945 1076 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll

22:31:47.0101 1076 Dhcp - ok

22:31:47.0179 1076 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

22:31:47.0273 1076 discache - ok

22:31:47.0335 1076 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

22:31:47.0366 1076 Disk - ok

22:31:47.0382 1076 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll

22:31:47.0429 1076 Dnscache - ok

22:31:47.0507 1076 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll

22:31:47.0569 1076 dot3svc - ok

22:31:47.0616 1076 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll

22:31:47.0725 1076 DPS - ok

22:31:47.0772 1076 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

22:31:47.0834 1076 drmkaud - ok

22:31:47.0881 1076 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

22:31:47.0943 1076 DXGKrnl - ok

22:31:47.0990 1076 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

22:31:48.0068 1076 EapHost - ok

22:31:48.0177 1076 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

22:31:48.0349 1076 ebdrv - ok

22:31:48.0396 1076 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe

22:31:48.0458 1076 EFS - ok

22:31:48.0521 1076 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe

22:31:48.0614 1076 ehRecvr - ok

22:31:48.0645 1076 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

22:31:48.0755 1076 ehSched - ok

22:31:48.0817 1076 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

22:31:48.0848 1076 elxstor - ok

22:31:48.0864 1076 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys

22:31:48.0895 1076 ErrDev - ok

22:31:48.0957 1076 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

22:31:49.0051 1076 EventSystem - ok

22:31:49.0176 1076 [ 8B6C9924B0D333DBF76086B8258A0891 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe

22:31:49.0223 1076 EvtEng - ok

22:31:49.0223 1076 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

22:31:49.0301 1076 exfat - ok

22:31:49.0332 1076 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

22:31:49.0379 1076 fastfat - ok

22:31:49.0425 1076 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe

22:31:49.0472 1076 Fax - ok

22:31:49.0503 1076 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

22:31:49.0550 1076 fdc - ok

22:31:49.0581 1076 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

22:31:49.0659 1076 fdPHost - ok

22:31:49.0691 1076 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

22:31:49.0737 1076 FDResPub - ok

22:31:49.0800 1076 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

22:31:49.0831 1076 FileInfo - ok

22:31:49.0831 1076 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

22:31:49.0893 1076 Filetrace - ok

22:31:49.0940 1076 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

22:31:49.0987 1076 flpydisk - ok

22:31:50.0096 1076 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

22:31:50.0112 1076 FltMgr - ok

22:31:50.0361 1076 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll

22:31:50.0408 1076 FontCache - ok

22:31:50.0486 1076 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

22:31:50.0502 1076 FontCache3.0.0.0 - ok

22:31:50.0533 1076 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

22:31:50.0564 1076 FsDepends - ok

22:31:50.0595 1076 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

22:31:50.0595 1076 Fs_Rec - ok

22:31:50.0642 1076 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

22:31:50.0642 1076 fvevol - ok

22:31:50.0689 1076 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

22:31:50.0689 1076 gagp30kx - ok

22:31:50.0876 1076 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll

22:31:50.0907 1076 gpsvc - ok

22:31:50.0985 1076 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

22:31:51.0095 1076 hcw85cir - ok

22:31:51.0126 1076 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

22:31:51.0141 1076 HDAudBus - ok

22:31:51.0173 1076 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

22:31:51.0219 1076 HidBatt - ok

22:31:51.0235 1076 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

22:31:51.0251 1076 HidBth - ok

22:31:51.0297 1076 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

22:31:51.0329 1076 HidIr - ok

22:31:51.0360 1076 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

22:31:51.0391 1076 hidserv - ok

22:31:51.0438 1076 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

22:31:51.0469 1076 HidUsb - ok

22:31:51.0500 1076 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll

22:31:51.0547 1076 hkmsvc - ok

22:31:51.0563 1076 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

22:31:51.0594 1076 HomeGroupListener - ok

22:31:51.0625 1076 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll

22:31:51.0703 1076 HomeGroupProvider - ok

22:31:51.0765 1076 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys

22:31:51.0781 1076 HpSAMD - ok

22:31:51.0828 1076 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys

22:31:51.0921 1076 HTTP - ok

22:31:51.0984 1076 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

22:31:51.0999 1076 hwpolicy - ok

22:31:52.0031 1076 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

22:31:52.0046 1076 i8042prt - ok

22:31:52.0093 1076 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

22:31:52.0124 1076 iaStor - ok

22:31:52.0171 1076 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

22:31:52.0218 1076 iaStorV - ok

22:31:52.0233 1076 [ E44F0B4DC753C14930B8DC48BB7A1644 ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys

22:31:52.0249 1076 iBtFltCoex - ok

22:31:52.0311 1076 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

22:31:52.0358 1076 idsvc - ok

22:31:52.0686 1076 [ 0AC9E321D604BE48A0D72B69BA484BDC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

22:31:53.0107 1076 igfx - ok

22:31:53.0138 1076 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

22:31:53.0154 1076 iirsp - ok

22:31:53.0216 1076 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll

22:31:53.0247 1076 IKEEXT - ok

22:31:53.0279 1076 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys

22:31:53.0357 1076 Impcd - ok

22:31:53.0450 1076 [ A9853214CC97796579D75B1F59C51DCD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

22:31:53.0544 1076 IntcAzAudAddService - ok

22:31:53.0575 1076 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

22:31:53.0653 1076 IntcDAud - ok

22:31:53.0684 1076 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys

22:31:53.0684 1076 intelide - ok

22:31:53.0715 1076 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

22:31:53.0762 1076 intelppm - ok

22:31:53.0793 1076 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

22:31:53.0825 1076 IPBusEnum - ok

22:31:53.0840 1076 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:31:53.0871 1076 IpFilterDriver - ok

22:31:53.0934 1076 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

22:31:53.0981 1076 iphlpsvc - ok

22:31:53.0996 1076 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys

22:31:54.0043 1076 IPMIDRV - ok

22:31:54.0074 1076 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

22:31:54.0105 1076 IPNAT - ok

22:31:54.0199 1076 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

22:31:54.0246 1076 IRENUM - ok

22:31:54.0261 1076 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys

22:31:54.0277 1076 isapnp - ok

22:31:54.0339 1076 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

22:31:54.0371 1076 iScsiPrt - ok

22:31:54.0402 1076 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

22:31:54.0417 1076 kbdclass - ok

22:31:54.0449 1076 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

22:31:54.0464 1076 kbdhid - ok

22:31:54.0495 1076 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe

22:31:54.0527 1076 KeyIso - ok

22:31:54.0573 1076 [ 16C1B906FC5EAD84769F90B736B6BF0E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

22:31:54.0605 1076 KSecDD - ok

22:31:54.0620 1076 [ 0B711550C56444879D71C7DAABDA6C83 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

22:31:54.0620 1076 KSecPkg - ok

22:31:54.0651 1076 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

22:31:54.0714 1076 ksthunk - ok

22:31:54.0745 1076 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

22:31:54.0854 1076 KtmRm - ok

22:31:54.0917 1076 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll

22:31:54.0963 1076 LanmanServer - ok

22:31:54.0995 1076 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

22:31:55.0057 1076 LanmanWorkstation - ok

22:31:55.0104 1076 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

22:31:55.0151 1076 lltdio - ok

22:31:55.0229 1076 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

22:31:55.0353 1076 lltdsvc - ok

22:31:55.0416 1076 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

22:31:55.0509 1076 lmhosts - ok

22:31:55.0587 1076 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

22:31:55.0619 1076 LMS - ok

22:31:55.0665 1076 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

22:31:55.0697 1076 LSI_FC - ok

22:31:55.0712 1076 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

22:31:55.0728 1076 LSI_SAS - ok

22:31:55.0743 1076 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

22:31:55.0759 1076 LSI_SAS2 - ok

22:31:55.0790 1076 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

22:31:55.0790 1076 LSI_SCSI - ok

22:31:55.0821 1076 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

22:31:55.0884 1076 luafv - ok

22:31:55.0946 1076 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

22:31:55.0962 1076 MBAMProtector - ok

22:31:56.0040 1076 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

22:31:56.0071 1076 MBAMScheduler - ok

22:31:56.0087 1076 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

22:31:56.0102 1076 MBAMService - ok

22:31:56.0133 1076 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

22:31:56.0149 1076 Mcx2Svc - ok

22:31:56.0196 1076 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

22:31:56.0211 1076 megasas - ok

22:31:56.0243 1076 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

22:31:56.0258 1076 MegaSR - ok

22:31:56.0305 1076 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

22:31:56.0336 1076 MEIx64 - ok

22:31:56.0367 1076 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

22:31:56.0414 1076 MMCSS - ok

22:31:56.0461 1076 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

22:31:56.0508 1076 Modem - ok

22:31:56.0539 1076 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

22:31:56.0570 1076 monitor - ok

22:31:56.0617 1076 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

22:31:56.0648 1076 mouclass - ok

22:31:56.0679 1076 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

22:31:56.0711 1076 mouhid - ok

22:31:56.0742 1076 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

22:31:56.0757 1076 mountmgr - ok

22:31:56.0789 1076 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys

22:31:56.0804 1076 mpio - ok

22:31:56.0820 1076 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

22:31:56.0898 1076 mpsdrv - ok

22:31:56.0929 1076 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll

22:31:56.0991 1076 MpsSvc - ok

22:31:57.0054 1076 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

22:31:57.0085 1076 MRxDAV - ok

22:31:57.0116 1076 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

22:31:57.0163 1076 mrxsmb - ok

22:31:57.0194 1076 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:31:57.0257 1076 mrxsmb10 - ok

22:31:57.0288 1076 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:31:57.0335 1076 mrxsmb20 - ok

22:31:57.0366 1076 [ BCCF16D5FB1109162380E3E28DC9E4E5 ] msahci C:\Windows\system32\DRIVERS\msahci.sys

22:31:57.0381 1076 msahci - ok

22:31:57.0444 1076 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys

22:31:57.0475 1076 msdsm - ok

22:31:57.0475 1076 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

22:31:57.0506 1076 MSDTC - ok

22:31:57.0522 1076 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

22:31:57.0553 1076 Msfs - ok

22:31:57.0569 1076 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

22:31:57.0600 1076 mshidkmdf - ok

22:31:57.0631 1076 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys

22:31:57.0631 1076 msisadrv - ok

22:31:57.0662 1076 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

22:31:57.0787 1076 MSiSCSI - ok

22:31:57.0787 1076 msiserver - ok

22:31:57.0818 1076 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

22:31:57.0849 1076 MSKSSRV - ok

22:31:57.0896 1076 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

22:31:57.0943 1076 MSPCLOCK - ok

22:31:57.0959 1076 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

22:31:57.0990 1076 MSPQM - ok

22:31:58.0005 1076 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

22:31:58.0021 1076 MsRPC - ok

22:31:58.0037 1076 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

22:31:58.0052 1076 mssmbios - ok

22:31:58.0068 1076 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

22:31:58.0099 1076 MSTEE - ok

22:31:58.0115 1076 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

22:31:58.0161 1076 MTConfig - ok

22:31:58.0208 1076 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

22:31:58.0224 1076 Mup - ok

22:31:58.0286 1076 [ 6ED8935257672F4CD04A88A0F3DE093D ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

22:31:58.0302 1076 MyWiFiDHCPDNS - ok

22:31:58.0333 1076 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll

22:31:58.0364 1076 napagent - ok

22:31:58.0427 1076 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

22:31:58.0520 1076 NativeWifiP - ok

22:31:58.0770 1076 [ A3151B3463EEA7E47F618F115D0D142E ] NDIS C:\Windows\system32\drivers\ndis.sys

22:31:58.0801 1076 NDIS - ok

22:31:58.0848 1076 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

22:31:58.0879 1076 NdisCap - ok

22:31:58.0957 1076 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

22:31:59.0004 1076 NdisTapi - ok

22:31:59.0019 1076 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

22:31:59.0051 1076 Ndisuio - ok

22:31:59.0082 1076 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

22:31:59.0175 1076 NdisWan - ok

22:31:59.0175 1076 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

22:31:59.0222 1076 NDProxy - ok

22:31:59.0238 1076 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

22:31:59.0285 1076 NetBIOS - ok

22:31:59.0363 1076 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

22:31:59.0441 1076 NetBT - ok

22:31:59.0456 1076 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe

22:31:59.0472 1076 Netlogon - ok

22:31:59.0581 1076 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

22:31:59.0628 1076 Netman - ok

22:31:59.0659 1076 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

22:31:59.0706 1076 netprofm - ok

22:31:59.0721 1076 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

22:31:59.0737 1076 NetTcpPortSharing - ok

22:32:01.0531 1076 [ 5D262402B0634C998F8CBCEAD7DD8676 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys

22:32:01.0921 1076 NETwNs64 - ok

22:32:01.0968 1076 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

22:32:01.0968 1076 nfrd960 - ok

22:32:02.0015 1076 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll

22:32:02.0046 1076 NlaSvc - ok

22:32:02.0217 1076 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

22:32:02.0311 1076 NOBU - ok

22:32:02.0327 1076 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

22:32:02.0389 1076 Npfs - ok

22:32:02.0420 1076 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

22:32:02.0483 1076 nsi - ok

22:32:02.0483 1076 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

22:32:02.0514 1076 nsiproxy - ok

22:32:02.0592 1076 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

22:32:02.0685 1076 Ntfs - ok

22:32:02.0701 1076 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

22:32:02.0732 1076 Null - ok

22:32:02.0763 1076 [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys

22:32:02.0810 1076 nusb3hub - ok

22:32:02.0857 1076 [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys

22:32:02.0919 1076 nusb3xhc - ok

22:32:02.0982 1076 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys

22:32:02.0982 1076 nvraid - ok

22:32:03.0060 1076 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys

22:32:03.0091 1076 nvstor - ok

22:32:03.0107 1076 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys

22:32:03.0107 1076 nv_agp - ok

22:32:03.0138 1076 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

22:32:03.0153 1076 ohci1394 - ok

22:32:03.0185 1076 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

22:32:03.0185 1076 ose - ok

22:32:03.0387 1076 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

22:32:03.0450 1076 osppsvc - ok

22:32:03.0481 1076 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

22:32:03.0559 1076 p2pimsvc - ok

22:32:03.0590 1076 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

22:32:03.0606 1076 p2psvc - ok

22:32:03.0637 1076 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

22:32:03.0653 1076 Parport - ok

22:32:03.0668 1076 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys

22:32:03.0684 1076 partmgr - ok

22:32:03.0699 1076 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

22:32:03.0746 1076 PcaSvc - ok

22:32:03.0809 1076 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys

22:32:03.0840 1076 pci - ok

22:32:03.0855 1076 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys

22:32:03.0871 1076 pciide - ok

22:32:03.0871 1076 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

22:32:03.0887 1076 pcmcia - ok

22:32:03.0918 1076 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

22:32:03.0918 1076 pcw - ok

22:32:03.0965 1076 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

22:32:04.0043 1076 PEAUTH - ok

22:32:04.0136 1076 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

22:32:04.0214 1076 PerfHost - ok

22:32:04.0479 1076 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll

22:32:04.0589 1076 pla - ok

22:32:04.0713 1076 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

22:32:04.0760 1076 PlugPlay - ok

22:32:04.0791 1076 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

22:32:04.0854 1076 PNRPAutoReg - ok

22:32:04.0869 1076 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

22:32:04.0901 1076 PNRPsvc - ok

22:32:04.0932 1076 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

22:32:05.0025 1076 PolicyAgent - ok

22:32:05.0057 1076 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

22:32:05.0119 1076 Power - ok

22:32:05.0150 1076 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

22:32:05.0181 1076 PptpMiniport - ok

22:32:05.0197 1076 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

22:32:05.0228 1076 Processor - ok

22:32:05.0259 1076 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll

22:32:05.0306 1076 ProfSvc - ok

22:32:05.0322 1076 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe

22:32:05.0337 1076 ProtectedStorage - ok

22:32:05.0369 1076 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys

22:32:05.0415 1076 Psched - ok

22:32:05.0540 1076 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

22:32:05.0556 1076 PxHlpa64 - ok

22:32:05.0618 1076 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

22:32:05.0712 1076 ql2300 - ok

22:32:05.0712 1076 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

22:32:05.0727 1076 ql40xx - ok

22:32:05.0805 1076 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

22:32:05.0852 1076 QWAVE - ok

22:32:05.0883 1076 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

22:32:05.0899 1076 QWAVEdrv - ok

22:32:05.0915 1076 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

22:32:05.0961 1076 RasAcd - ok

22:32:05.0993 1076 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

22:32:06.0024 1076 RasAgileVpn - ok

22:32:06.0055 1076 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

22:32:06.0086 1076 RasAuto - ok

22:32:06.0117 1076 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

22:32:06.0149 1076 Rasl2tp - ok

22:32:06.0180 1076 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll

22:32:06.0227 1076 RasMan - ok

22:32:06.0242 1076 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

22:32:06.0273 1076 RasPppoe - ok

22:32:06.0305 1076 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

22:32:06.0367 1076 RasSstp - ok

22:32:06.0383 1076 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

22:32:06.0492 1076 rdbss - ok

22:32:06.0507 1076 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

22:32:06.0523 1076 rdpbus - ok

22:32:06.0570 1076 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

22:32:06.0617 1076 RDPCDD - ok

22:32:06.0663 1076 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

22:32:06.0710 1076 RDPENCDD - ok

22:32:06.0757 1076 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

22:32:06.0804 1076 RDPREFMP - ok

22:32:06.0819 1076 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

22:32:06.0851 1076 RDPWD - ok

22:32:06.0882 1076 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

22:32:06.0897 1076 rdyboost - ok

22:32:07.0116 1076 [ 189C5A8D2098E0AA14FD157A954B34FC ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

22:32:07.0178 1076 RegSrvc - ok

22:32:07.0194 1076 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

22:32:07.0241 1076 RemoteAccess - ok

22:32:07.0256 1076 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

22:32:07.0287 1076 RemoteRegistry - ok

22:32:07.0334 1076 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

22:32:07.0381 1076 RFCOMM - ok

22:32:07.0490 1076 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

22:32:07.0568 1076 RoxMediaDB12OEM - ok

22:32:07.0646 1076 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

22:32:07.0677 1076 RoxWatch12 - ok

22:32:07.0724 1076 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

22:32:07.0740 1076 RpcEptMapper - ok

22:32:07.0771 1076 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

22:32:07.0818 1076 RpcLocator - ok

22:32:07.0849 1076 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll

22:32:07.0880 1076 RpcSs - ok

22:32:07.0911 1076 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

22:32:07.0974 1076 rspndr - ok

22:32:08.0021 1076 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys

22:32:08.0036 1076 RSUSBSTOR - ok

22:32:08.0083 1076 [ A73ED14670220307874AD6BC2F279349 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

22:32:08.0130 1076 RTL8167 - ok

22:32:08.0130 1076 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe

22:32:08.0145 1076 SamSs - ok

22:32:08.0161 1076 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys

22:32:08.0177 1076 sbp2port - ok

22:32:08.0192 1076 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

22:32:08.0239 1076 SCardSvr - ok

22:32:08.0255 1076 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

22:32:08.0301 1076 scfilter - ok

22:32:08.0364 1076 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll

22:32:08.0411 1076 Schedule - ok

22:32:08.0426 1076 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll

22:32:08.0473 1076 SCPolicySvc - ok

22:32:08.0504 1076 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll

22:32:08.0598 1076 SDRSVC - ok

22:32:08.0691 1076 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

22:32:08.0754 1076 secdrv - ok

22:32:08.0785 1076 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll

22:32:08.0847 1076 seclogon - ok

22:32:08.0863 1076 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

22:32:08.0894 1076 SENS - ok

22:32:08.0925 1076 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

22:32:08.0972 1076 SensrSvc - ok

22:32:08.0988 1076 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

22:32:09.0003 1076 Serenum - ok

22:32:09.0066 1076 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

22:32:09.0097 1076 Serial - ok

22:32:09.0175 1076 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

22:32:09.0191 1076 sermouse - ok

22:32:09.0237 1076 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll

22:32:09.0284 1076 SessionEnv - ok

22:32:09.0300 1076 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

22:32:09.0362 1076 sffdisk - ok

22:32:09.0425 1076 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys

22:32:09.0440 1076 sffp_mmc - ok

22:32:09.0471 1076 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

22:32:09.0518 1076 sffp_sd - ok

22:32:09.0549 1076 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

22:32:09.0581 1076 sfloppy - ok

22:32:09.0627 1076 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys

22:32:09.0659 1076 Sftfs - ok

22:32:09.0737 1076 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

22:32:09.0799 1076 sftlist - ok

22:32:09.0815 1076 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys

22:32:09.0830 1076 Sftplay - ok

22:32:09.0846 1076 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys

22:32:09.0846 1076 Sftredir - ok

22:32:09.0939 1076 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

22:32:10.0017 1076 SftService - ok

22:32:10.0049 1076 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys

22:32:10.0049 1076 Sftvol - ok

22:32:10.0095 1076 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

22:32:10.0127 1076 sftvsa - ok

22:32:10.0158 1076 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

22:32:10.0205 1076 SharedAccess - ok

22:32:10.0236 1076 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll

22:32:10.0267 1076 ShellHWDetection - ok

22:32:10.0314 1076 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

22:32:10.0329 1076 SiSRaid2 - ok

22:32:10.0329 1076 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

22:32:10.0345 1076 SiSRaid4 - ok

22:32:10.0423 1076 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

22:32:10.0454 1076 SkypeUpdate - ok

22:32:10.0501 1076 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

22:32:10.0548 1076 Smb - ok

22:32:10.0595 1076 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

22:32:10.0657 1076 SNMPTRAP - ok

22:32:10.0657 1076 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

22:32:10.0673 1076 spldr - ok

22:32:10.0704 1076 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe

22:32:10.0782 1076 Spooler - ok

22:32:10.0891 1076 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe

22:32:10.0922 1076 sppsvc - ok

22:32:10.0953 1076 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

22:32:10.0985 1076 sppuinotify - ok

22:32:11.0016 1076 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys

22:32:11.0063 1076 srv - ok

22:32:11.0078 1076 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

22:32:11.0125 1076 srv2 - ok

22:32:11.0156 1076 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

22:32:11.0187 1076 srvnet - ok

22:32:11.0234 1076 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

22:32:11.0281 1076 SSDPSRV - ok

22:32:11.0281 1076 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

22:32:11.0328 1076 SstpSvc - ok

22:32:11.0375 1076 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

22:32:11.0406 1076 stexstor - ok

22:32:11.0562 1076 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll

22:32:11.0624 1076 stisvc - ok

22:32:11.0655 1076 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

22:32:11.0671 1076 stllssvr - ok

22:32:11.0702 1076 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

22:32:11.0718 1076 swenum - ok

22:32:11.0765 1076 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

22:32:11.0796 1076 swprv - ok

22:32:12.0201 1076 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll

22:32:12.0233 1076 SysMain - ok

22:32:12.0264 1076 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll

22:32:12.0295 1076 TabletInputService - ok

22:32:12.0373 1076 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll

22:32:12.0451 1076 TapiSrv - ok

22:32:12.0467 1076 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

22:32:12.0498 1076 TBS - ok

22:32:12.0576 1076 [ F18F56EFC0BFB9C87BA01C37B27F4DA5 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

22:32:12.0654 1076 Tcpip - ok

22:32:12.0701 1076 [ F18F56EFC0BFB9C87BA01C37B27F4DA5 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

22:32:12.0732 1076 TCPIP6 - ok

22:32:12.0747 1076 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

22:32:12.0794 1076 tcpipreg - ok

22:32:12.0810 1076 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

22:32:12.0825 1076 TDPIPE - ok

22:32:12.0841 1076 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

22:32:12.0935 1076 TDTCP - ok

22:32:13.0059 1076 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys

22:32:13.0122 1076 tdx - ok

22:32:13.0153 1076 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

22:32:13.0153 1076 TermDD - ok

22:32:13.0184 1076 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll

22:32:13.0215 1076 TermService - ok

22:32:13.0247 1076 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

22:32:13.0293 1076 Themes - ok

22:32:13.0325 1076 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

22:32:13.0356 1076 THREADORDER - ok

22:32:13.0387 1076 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

22:32:13.0434 1076 TrkWks - ok

22:32:13.0481 1076 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

22:32:13.0496 1076 TrustedInstaller - ok

22:32:13.0527 1076 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

22:32:13.0559 1076 tssecsrv - ok

22:32:13.0605 1076 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

22:32:13.0652 1076 tunnel - ok

22:32:13.0683 1076 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys

22:32:13.0715 1076 TurboB - ok

22:32:13.0730 1076 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe

22:32:13.0746 1076 TurboBoost - ok

22:32:13.0777 1076 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

22:32:13.0808 1076 uagp35 - ok

22:32:13.0824 1076 [ 31BA4A33AFAB6A69EA092B18017F737F ] udfs C:\Windows\system32\DRIVERS\udfs.sys

22:32:13.0871 1076 udfs - ok

22:32:13.0902 1076 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

22:32:13.0933 1076 UI0Detect - ok

22:32:13.0964 1076 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys

22:32:13.0964 1076 uliagpkx - ok

22:32:13.0995 1076 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

22:32:14.0042 1076 umbus - ok

22:32:14.0151 1076 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

22:32:14.0198 1076 UmPass - ok

22:32:14.0323 1076 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

22:32:14.0370 1076 UNS - ok

22:32:14.0401 1076 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

22:32:14.0463 1076 upnphost - ok

22:32:14.0495 1076 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

22:32:14.0557 1076 usbccgp - ok

22:32:14.0588 1076 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys

22:32:14.0651 1076 usbcir - ok

22:32:14.0697 1076 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys

22:32:14.0729 1076 usbehci - ok

22:32:14.0775 1076 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

22:32:14.0791 1076 usbhub - ok

22:32:14.0822 1076 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys

22:32:14.0838 1076 usbohci - ok

22:32:14.0853 1076 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

22:32:14.0885 1076 usbprint - ok

22:32:14.0900 1076 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:32:14.0963 1076 USBSTOR - ok

22:32:15.0009 1076 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

22:32:15.0056 1076 usbuhci - ok

22:32:15.0087 1076 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

22:32:15.0150 1076 usbvideo - ok

22:32:15.0165 1076 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

22:32:15.0212 1076 UxSms - ok

22:32:15.0228 1076 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe

22:32:15.0228 1076 VaultSvc - ok

22:32:15.0259 1076 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys

22:32:15.0275 1076 vdrvroot - ok

22:32:15.0321 1076 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe

22:32:15.0368 1076 vds - ok

22:32:15.0384 1076 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

22:32:15.0399 1076 vga - ok

22:32:15.0431 1076 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

22:32:15.0477 1076 VgaSave - ok

22:32:15.0524 1076 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys

22:32:15.0571 1076 vhdmp - ok

22:32:15.0587 1076 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys

22:32:15.0602 1076 viaide - ok

22:32:15.0633 1076 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys

22:32:15.0665 1076 volmgr - ok

22:32:15.0680 1076 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

22:32:15.0696 1076 volmgrx - ok

22:32:15.0711 1076 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys

22:32:15.0727 1076 volsnap - ok

22:32:15.0774 1076 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

22:32:15.0774 1076 vsmraid - ok

22:32:16.0242 1076 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe

22:32:16.0273 1076 VSS - ok

22:32:16.0367 1076 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

22:32:16.0445 1076 vToolbarUpdater13.2.0 - ok

22:32:16.0460 1076 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

22:32:16.0523 1076 vwifibus - ok

22:32:16.0554 1076 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

22:32:16.0601 1076 vwififlt - ok

22:32:16.0647 1076 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

22:32:16.0679 1076 vwifimp - ok

22:32:16.0710 1076 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

22:32:16.0741 1076 W32Time - ok

22:32:16.0772 1076 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

22:32:16.0788 1076 WacomPen - ok

22:32:16.0819 1076 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

22:32:16.0881 1076 WANARP - ok

22:32:16.0881 1076 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

22:32:16.0913 1076 Wanarpv6 - ok

22:32:17.0069 1076 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

22:32:17.0147 1076 WatAdminSvc - ok

22:32:17.0225 1076 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe

22:32:17.0287 1076 wbengine - ok

22:32:17.0365 1076 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

22:32:17.0412 1076 WbioSrvc - ok

22:32:17.0459 1076 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll

22:32:17.0537 1076 wcncsvc - ok

22:32:17.0568 1076 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

22:32:17.0630 1076 WcsPlugInService - ok

22:32:17.0661 1076 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

22:32:17.0677 1076 Wd - ok

22:32:17.0708 1076 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

22:32:17.0739 1076 Wdf01000 - ok

22:32:17.0786 1076 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

22:32:17.0817 1076 WdiServiceHost - ok

22:32:17.0817 1076 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

22:32:17.0833 1076 WdiSystemHost - ok

22:32:17.0880 1076 [ 94DC2BF6CBAAA95E369C3756D3115A76 ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys

22:32:17.0895 1076 wdkmd - ok

22:32:17.0927 1076 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll

22:32:17.0973 1076 WebClient - ok

22:32:18.0005 1076 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

22:32:18.0098 1076 Wecsvc - ok

22:32:18.0114 1076 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

22:32:18.0161 1076 wercplsupport - ok

22:32:18.0176 1076 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

22:32:18.0207 1076 WerSvc - ok

22:32:18.0239 1076 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

22:32:18.0270 1076 WfpLwf - ok

22:32:18.0317 1076 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

22:32:18.0317 1076 WimFltr - ok

22:32:18.0348 1076 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

22:32:18.0348 1076 WIMMount - ok

22:32:18.0379 1076 WinDefend - ok

22:32:18.0379 1076 WinHttpAutoProxySvc - ok

22:32:18.0441 1076 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

22:32:18.0504 1076 Winmgmt - ok

22:32:18.0987 1076 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll

22:32:19.0050 1076 WinRM - ok

22:32:19.0097 1076 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

22:32:19.0112 1076 Wlansvc - ok

22:32:19.0175 1076 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

22:32:19.0190 1076 wlcrasvc - ok

22:32:19.0783 1076 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

22:32:19.0830 1076 wlidsvc - ok

22:32:19.0892 1076 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

22:32:19.0923 1076 WmiAcpi - ok

22:32:19.0955 1076 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

22:32:20.0017 1076 wmiApSrv - ok

22:32:20.0048 1076 WMPNetworkSvc - ok

22:32:20.0064 1076 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

22:32:20.0111 1076 WPCSvc - ok

22:32:20.0111 1076 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

22:32:20.0126 1076 WPDBusEnum - ok

22:32:20.0142 1076 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

22:32:20.0173 1076 ws2ifsl - ok

22:32:20.0189 1076 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll

22:32:20.0220 1076 wscsvc - ok

22:32:20.0235 1076 WSearch - ok

22:32:20.0391 1076 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

22:32:20.0423 1076 wuauserv - ok

22:32:20.0454 1076 [ C63907207B837A5C05CF6D1606AA0008 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

22:32:20.0501 1076 WudfPf - ok

22:32:20.0532 1076 [ D885A873D733020F8B9B9FF4B1666158 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

22:32:20.0563 1076 WUDFRd - ok

22:32:20.0594 1076 [ 27B9BEE5AAC00139E3A3AF5D6227A0DC ] wudfsvc C:\Windows\System32\WUDFSvc.dll

22:32:20.0641 1076 wudfsvc - ok

22:32:20.0688 1076 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

22:32:20.0766 1076 WwanSvc - ok

22:32:20.0797 1076 ================ Scan global ===============================

22:32:20.0844 1076 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

22:32:20.0875 1076 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll

22:32:20.0891 1076 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll

22:32:20.0906 1076 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

22:32:20.0937 1076 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

22:32:20.0953 1076 [Global] - ok

22:32:20.0953 1076 ================ Scan MBR ==================================

22:32:20.0984 1076 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

22:32:21.0499 1076 \Device\Harddisk0\DR0 - ok

22:32:21.0499 1076 ================ Scan VBR ==================================

22:32:21.0530 1076 [ C6E92685F316E6625F78BBD04599B9D0 ] \Device\Harddisk0\DR0\Partition1

22:32:21.0546 1076 \Device\Harddisk0\DR0\Partition1 - ok

22:32:21.0561 1076 [ 683C52AD82086AEDC39384B3D0160F54 ] \Device\Harddisk0\DR0\Partition2

22:32:21.0561 1076 \Device\Harddisk0\DR0\Partition2 - ok

22:32:21.0561 1076 ============================================================

22:32:21.0561 1076 Scan finished

22:32:21.0561 1076 ============================================================

22:32:21.0577 3120 Detected object count: 0

22:32:21.0577 3120 Actual detected object count: 0

Thank you,

Joe

Link to post
Share on other sites

OK, run online AV scan by ESET make sure we`ve missed nothing:

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

close program

copy and paste the report here

Kevin..

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.