Jump to content

Adverts pop up in new tab (all logs provided)


Recommended Posts

Hi all

I am infected... again :(

Basically I could be browsing normally and all of a sudded without clicking adverts open up in a new tab. Very strange! I did a bit of research and I cannot remember the name of the virus (it is stated in the address bar in the new tab before redirecting to another thing)

I also notice my PC running much slower than usual...

Malwarebytes scan detected nothing.

Please help me! All logs attaced (also attached a ComboFix log)

Thanks in advance :D

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2

Run by Conor at 13:38:09 on 2013-01-11

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3692.1420 [GMT 0:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\windows\system32\svchost.exe -k LocalService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\windows\system32\WLANExt.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe

C:\windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\windows\system32\atieclxx.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe

C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe

C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files (x86)\TRENDnet\MFP Server\Control Center.exe

C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\windows\SysWOW64\RunDll32.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe

C:\windows\system32\taskeng.exe

C:\Program Files\Dell Support Center\uaclauncher.exe

C:\Program Files\CCleaner\CCleaner64.exe

C:\windows\servicing\TrustedInstaller.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uSearchAssistant = hxxp://www.google.com

uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [Control Center] C:\Program Files (x86)\TRENDnet\MFP Server\Control Center.exe -mini

mRun: [gbrspcontrol] "C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe" -controlservice -slave

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe

uPolicies-Explorer: NoDrives = dword:0

uPolicies-Explorer: NoDriveTypeAutoRun = dword:255

uPolicies-Explorer: RestrictRun = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-Explorer: RestrictRun = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - C:\Users\Conor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{4A92C260-D31D-47C8-8A74-6B120C7909E3} : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3} : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3} : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\358455D2553535 : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\358455D2553535 : DHCPNameServer = 10.14.72.10 10.11.73.10 143.52.2.91

TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\358455D27455543545 : DHCPNameServer = 10.14.72.10 10.11.73.10 143.52.2.91

TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\35B4953383737373 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\4514C4B44514C4B4D2145423641403 : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

AppInit_DLLs= C:\windows\SysWOW64\guard32.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet

x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

Hosts: 216.239.32.20 www.google.ae # bck9

Hosts: 216.239.32.20 www.google.at # bck9

Hosts: 216.239.32.20 www.google.be # bck9

Hosts: 216.239.32.20 www.google.ca # bck9

Hosts: 216.239.32.20 www.google.ch # bck9

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\jpugj63t.default\

FF - prefs.js: browser.startup.homepage - http:\\\\www.google.co.uk

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Conor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

FF - ExtSQL: 2012-12-21 13:56; 50d46eaa39804@50d46eaa3983d.com; C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\jpugj63t.default\extensions\50d46eaa39804@50d46eaa3983d.com.xpi

FF - ExtSQL: !HIDDEN! 2012-09-24 21:07; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2011-11-27 79488]

R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2011-11-27 40064]

R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-11-27 55856]

R0 RapportKE64;RapportKE64;C:\windows\System32\drivers\RapportKE64.sys [2012-7-5 101688]

R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-5-3 984144]

R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-5-3 370288]

R1 bckd;bckd;C:\windows\System32\drivers\bckd.sys [2012-2-13 108304]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\windows\System32\drivers\cmdGuard.sys [2012-10-5 584056]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\windows\System32\drivers\cmdhlp.sys [2012-10-5 38144]

R1 RapportCerberus_43926;RapportCerberus_43926;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-4 505720]

R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-12-23 55096]

R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-12-23 297240]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-11-27 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-11-27 204288]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-8-6 365568]

R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2012-5-3 25232]

R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-5-3 71600]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-20 44808]

R2 bckwfs;Blue Coat K9 Web Protection;C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2012-2-13 2122000]

R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe [2012-12-19 70352]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2012-12-19 1868432]

R2 GeekBuddyRSP;GeekBuddyRSP Service;C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe [2012-11-26 1851088]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-12-23 976728]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-11-27 1692480]

R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-6-21 92632]

R3 amdiox64;AMD IO Driver;C:\windows\System32\drivers\amdiox64.sys [2011-11-27 46136]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2011-11-27 114704]

R3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2011-11-27 349736]

R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-11-27 39464]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2011-11-27 176096]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-11-27 533096]

R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\drivers\usbfilter.sys [2011-11-27 44672]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-9-16 1431888]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-8-17 25584]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-11-27 250984]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-14 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== File Associations ===============

.

FileExt: .scr: AutoCADScriptFile=C:\windows\System32\notepad.exe "%1"

.

=============== Created Last 30 ================

.

2013-01-11 13:35:11 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BB314319-DACE-45D8-9210-F93E5018246C}\mpengine.dll

2013-01-10 22:53:17 -------- d-----w- C:\Users\Conor\AppData\Roaming\GetRightToGo

2013-01-10 19:17:57 -------- d-----w- C:\Users\Conor\AppData\Local\Programs

2013-01-09 18:37:49 750592 ----a-w- C:\windows\System32\win32spl.dll

2013-01-09 18:37:49 492032 ----a-w- C:\windows\SysWow64\win32spl.dll

2013-01-09 18:37:47 307200 ----a-w- C:\windows\System32\ncrypt.dll

2013-01-09 18:37:47 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll

2013-01-09 18:37:44 2002432 ----a-w- C:\windows\System32\msxml6.dll

2013-01-09 18:37:43 1882624 ----a-w- C:\windows\System32\msxml3.dll

2013-01-09 18:37:42 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll

2013-01-09 18:37:42 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll

2013-01-09 18:37:08 800768 ----a-w- C:\windows\System32\usp10.dll

2013-01-09 18:37:08 626688 ----a-w- C:\windows\SysWow64\usp10.dll

2013-01-09 18:34:21 424448 ----a-w- C:\windows\System32\KernelBase.dll

2013-01-09 18:33:15 68608 ----a-w- C:\windows\System32\taskhost.exe

2013-01-09 18:33:13 3149824 ----a-w- C:\windows\System32\win32k.sys

2013-01-08 06:01:23 -------- d-----w- C:\Program Files (x86)\Common Files\Comodo

2013-01-07 21:49:36 -------- d-----w- C:\Program Files\Blue Coat K9 Web Protection

2012-12-23 10:26:22 46080 ----a-w- C:\windows\System32\atmlib.dll

2012-12-23 10:26:22 34304 ----a-w- C:\windows\SysWow64\atmlib.dll

2012-12-23 10:26:16 367616 ----a-w- C:\windows\System32\atmfd.dll

2012-12-23 10:26:14 295424 ----a-w- C:\windows\SysWow64\atmfd.dll

2012-12-17 18:48:05 54024 ----a-w- C:\windows\System32\certsentry.dll

2012-12-17 18:48:05 45832 ----a-w- C:\windows\SysWow64\certsentry.dll

2012-12-12 22:46:48 -------- d-----w- C:\Users\Conor\New folder

2012-12-12 22:46:32 -------- d-----w- C:\Users\Conor\Blackberry Back Up (December 2012)

2012-12-12 19:24:30 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2012-12-12 19:24:30 2048 ----a-w- C:\windows\System32\tzres.dll

2012-12-12 19:18:43 478208 ----a-w- C:\windows\System32\dpnet.dll

2012-12-12 19:18:43 376832 ----a-w- C:\windows\SysWow64\dpnet.dll

.

==================== Find3M ====================

.

2013-01-11 03:50:32 151552 ----a-w- C:\windows\KMSEmulator.exe

2013-01-08 19:12:42 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-08 19:12:42 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-12-23 22:13:34 101688 ----a-w- C:\windows\System32\drivers\RapportKE64.sys

2012-12-19 21:01:57 281152 ----a-w- C:\windows\SysWow64\PnkBstrB.xtr

2012-12-19 21:01:57 281152 ----a-w- C:\windows\SysWow64\PnkBstrB.exe

2012-12-18 19:58:21 281152 ----a-w- C:\windows\SysWow64\PnkBstrB.ex0

2012-12-14 16:49:28 24176 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs

2012-12-04 08:41:28 37976 ----a-w- C:\windows\SysWow64\drivers\CFRMD.sys

2012-12-04 08:41:28 37976 ----a-w- C:\windows\inf\CFRMD\cfrmd.sys

2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll

2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll

2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll

2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll

2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe

2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe

2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe

2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll

2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-22 21:16:56 76888 ----a-w- C:\windows\SysWow64\PnkBstrA.exe

2012-11-22 21:16:43 840264 ----a-w- C:\windows\SysWow64\pbsvc.exe

2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-11-07 23:38:00 38144 ----a-w- C:\windows\System32\drivers\cmdhlp.sys

2012-11-07 23:37:59 584056 ----a-w- C:\windows\System32\drivers\cmdGuard.sys

2012-11-07 23:37:57 22736 ----a-w- C:\windows\System32\drivers\cmderd.sys

2012-11-07 23:37:36 41240 ----a-w- C:\windows\System32\cmdcsr.dll

2012-11-07 23:37:34 301264 ----a-w- C:\windows\SysWow64\guard32.dll

2012-11-07 23:37:31 390392 ----a-w- C:\windows\System32\guard64.dll

2012-10-30 22:51:55 984144 ----a-w- C:\windows\System32\drivers\aswSnx.sys

2012-10-30 22:51:55 71600 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys

2012-10-30 22:51:07 41224 ----a-w- C:\windows\avastSS.scr

2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll

2012-10-15 16:59:28 54072 ----a-w- C:\windows\System32\drivers\aswRdr2.sys

2012-10-14 19:43:48 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-14 19:43:47 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll

.

============= FINISH: 13:42:06.76 ===============

ComboFix 13-01-11.01 - Conor 11/01/2013 13:54:37.7.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3692.1678 [GMT 0:00]

Running from: C:\Users\Conor\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\ProgramData\PCDr\6032\AddOnDownloaded\18d25bc5-acbb-424f-a6c6-d04a97765094.dll

C:\ProgramData\PCDr\6032\AddOnDownloaded\2141cd58-3a24-481f-8ca2-8b466c9b797f.dll

C:\ProgramData\PCDr\6032\AddOnDownloaded\2d2ff7e2-f0f8-4f32-a28e-e44234dd3300.dll

C:\ProgramData\PCDr\6032\AddOnDownloaded\3e137363-345c-454a-a474-2da300d9297a.dll

C:\ProgramData\PCDr\6032\AddOnDownloaded\4011a5cd-1208-467b-b149-4c0534295875.dll

C:\ProgramData\PCDr\6032\AddOnDownloaded\62089595-46e8-4c4f-9d7b-48be969390bb.dll

C:\ProgramData\PCDr\6032\AddOnDownloaded\65a823a3-a5fc-440a-b276-153555251042.dll

C:\ProgramData\PCDr\6032\AddOnDownloaded\8c199aef-9eca-4ab6-863d-c9136ebec654.dll

C:\ProgramData\PCDr\6032\AddOnDownloaded\918ee45c-eb0a-4e61-97ad-c1849c2623ee.dll

C:\ProgramData\PCDr\6032\AddOnDownloaded\b0654984-096d-4244-a127-3364577b6279.dll

C:\ProgramData\PCDr\6032\AddOnDownloaded\b967e9c4-897a-42c8-96d2-4ceb543f8cdb.dll

C:\ProgramData\PCDr\6032\AddOnDownloaded\db33b903-f6ef-4bdd-adf8-db57372a45ec.dll

C:\ProgramData\PCDr\6032\AddOnDownloaded\ea058b56-dc30-479c-af0f-bcf27aed08df.dll

C:\ProgramData\PCDr\6032\AddOnDownloaded\f4d48f15-9f33-4b3f-a84f-bc8b2800e772.dll

((((((((((((((((((((((((( Files Created from 2012-12-11 to 2013-01-11 )))))))))))))))))))))))))))))))

2013-01-11 14:17:17 . 2013-01-11 14:17:17 -------- d-----w- C:\Users\Public\AppData\Local\temp

2013-01-11 14:17:17 . 2013-01-11 14:17:17 -------- d-----w- C:\Users\Default\AppData\Local\temp

2013-01-11 13:43:32 . 2013-01-11 13:43:32 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BB314319-DACE-45D8-9210-F93E5018246C}\offreg.dll

2013-01-11 13:35:11 . 2012-11-08 17:24:30 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BB314319-DACE-45D8-9210-F93E5018246C}\mpengine.dll

2013-01-10 22:53:17 . 2013-01-10 22:55:22 -------- d-----w- C:\Users\Conor\AppData\Roaming\GetRightToGo

2013-01-10 19:17:57 . 2013-01-10 19:17:57 -------- d-----w- C:\Users\Conor\AppData\Local\Programs

2013-01-09 18:37:49 . 2012-11-09 05:45:32 750592 ----a-w- C:\windows\system32\win32spl.dll

2013-01-09 18:37:49 . 2012-11-09 04:43:04 492032 ----a-w- C:\windows\SysWow64\win32spl.dll

2013-01-09 18:37:47 . 2012-11-20 05:48:49 307200 ----a-w- C:\windows\system32\ncrypt.dll

2013-01-09 18:37:47 . 2012-11-20 04:51:09 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll

2013-01-09 18:37:44 . 2012-11-01 05:43:42 2002432 ----a-w- C:\windows\system32\msxml6.dll

2013-01-09 18:37:43 . 2012-11-01 05:43:42 1882624 ----a-w- C:\windows\system32\msxml3.dll

2013-01-09 18:37:42 . 2012-11-01 04:47:54 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll

2013-01-09 18:37:42 . 2012-11-01 04:47:54 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll

2013-01-09 18:37:08 . 2012-11-22 05:44:23 800768 ----a-w- C:\windows\system32\usp10.dll

2013-01-09 18:37:08 . 2012-11-22 04:45:03 626688 ----a-w- C:\windows\SysWow64\usp10.dll

2013-01-09 18:34:21 . 2012-11-30 05:41:07 424448 ----a-w- C:\windows\system32\KernelBase.dll

2013-01-09 18:33:15 . 2012-11-23 03:13:57 68608 ----a-w- C:\windows\system32\taskhost.exe

2013-01-09 18:33:13 . 2012-11-23 03:26:31 3149824 ----a-w- C:\windows\system32\win32k.sys

2013-01-08 06:01:23 . 2013-01-08 06:01:24 -------- d-----w- C:\Program Files (x86)\Common Files\Comodo

2013-01-07 21:49:36 . 2013-01-09 19:15:25 -------- d-----w- C:\Program Files\Blue Coat K9 Web Protection

2012-12-23 10:26:22 . 2012-12-16 17:11:22 46080 ----a-w- C:\windows\system32\atmlib.dll

2012-12-23 10:26:22 . 2012-12-16 14:13:20 34304 ----a-w- C:\windows\SysWow64\atmlib.dll

2012-12-23 10:26:16 . 2012-12-16 14:45:03 367616 ----a-w- C:\windows\system32\atmfd.dll

2012-12-23 10:26:14 . 2012-12-16 14:13:28 295424 ----a-w- C:\windows\SysWow64\atmfd.dll

2012-12-17 18:48:05 . 2012-12-30 06:05:29 54024 ----a-w- C:\windows\system32\certsentry.dll

2012-12-17 18:48:05 . 2012-12-30 06:05:29 45832 ----a-w- C:\windows\SysWow64\certsentry.dll

2012-12-12 22:46:48 . 2012-12-19 20:55:28 -------- d-----w- C:\Users\Conor\New folder

2012-12-12 22:46:32 . 2012-12-12 22:46:32 -------- d-----w- C:\Users\Conor\Blackberry Back Up (December 2012)

2012-12-12 19:24:30 . 2012-11-09 05:45:09 2048 ----a-w- C:\windows\system32\tzres.dll

2012-12-12 19:24:30 . 2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2012-12-12 19:18:43 . 2012-11-02 05:59:11 478208 ----a-w- C:\windows\system32\dpnet.dll

2012-12-12 19:18:43 . 2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-01-11 03:50:32 . 2012-10-16 20:31:33 151552 ----a-w- C:\windows\KMSEmulator.exe

2013-01-11 03:14:14 . 2012-08-01 22:05:00 67599240 ----a-w- C:\windows\system32\MRT.exe

2013-01-08 19:12:42 . 2012-08-19 21:03:11 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-08 19:12:42 . 2012-08-19 21:03:11 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-12-23 22:13:34 . 2012-07-05 11:05:08 101688 ----a-w- C:\windows\system32\drivers\RapportKE64.sys

2012-12-19 21:01:57 . 2012-11-22 21:32:29 281152 ----a-w- C:\windows\SysWow64\PnkBstrB.xtr

2012-12-19 21:01:57 . 2012-11-22 21:16:57 281152 ----a-w- C:\windows\SysWow64\PnkBstrB.exe

2012-12-18 19:58:21 . 2012-11-22 21:16:57 281152 ----a-w- C:\windows\SysWow64\PnkBstrB.ex0

2012-12-14 16:49:28 . 2012-05-03 13:03:09 24176 ----a-w- C:\windows\system32\drivers\mbam.sys

2012-12-11 21:52:17 . 2012-12-11 21:52:17 53248 ----a-r- C:\Users\Conor\AppData\Roaming\Microsoft\Installer\{38676C9C-270F-43D1-926A-E45DE8820A6B}\ARPPRODUCTICON.exe

2012-12-04 08:41:28 . 2012-12-04 08:41:28 37976 ----a-w- C:\windows\SysWow64\drivers\CFRMD.sys

2012-12-04 08:41:28 . 2012-12-04 08:41:28 37976 ----a-w- C:\windows\inf\CFRMD\cfrmd.sys

2012-11-30 04:45:10 . 2013-01-09 18:34:17 44032 ----a-w- C:\windows\apppatch\acwow64.dll

2012-11-22 21:16:56 . 2012-11-22 21:16:56 76888 ----a-w- C:\windows\SysWow64\PnkBstrA.exe

2012-11-22 21:16:43 . 2012-11-22 21:16:55 840264 ----a-w- C:\windows\SysWow64\pbsvc.exe

2012-11-07 23:38:01 . 2012-10-05 00:32:42 94288 ----a-w- C:\windows\system32\drivers\inspect.sys

2012-11-07 23:38:00 . 2012-10-05 00:32:40 38144 ----a-w- C:\windows\system32\drivers\cmdhlp.sys

2012-11-07 23:37:59 . 2012-10-05 00:32:40 584056 ----a-w- C:\windows\system32\drivers\cmdGuard.sys

2012-11-07 23:37:57 . 2012-10-05 00:32:38 22736 ----a-w- C:\windows\system32\drivers\cmderd.sys

2012-11-07 23:37:36 . 2012-10-05 00:32:16 41240 ----a-w- C:\windows\system32\cmdcsr.dll

2012-11-07 23:37:34 . 2012-10-05 00:32:12 301264 ----a-w- C:\windows\SysWow64\guard32.dll

2012-11-07 23:37:31 . 2012-10-05 00:32:10 390392 ----a-w- C:\windows\system32\guard64.dll

2012-10-30 22:51:56 . 2012-05-03 13:07:32 59728 ----a-w- C:\windows\system32\drivers\aswTdi.sys

2012-10-30 22:51:55 . 2012-05-03 13:07:34 370288 ----a-w- C:\windows\system32\drivers\aswSP.sys

2012-10-30 22:51:55 . 2012-05-03 13:07:32 984144 ----a-w- C:\windows\system32\drivers\aswSnx.sys

2012-10-30 22:51:55 . 2012-05-03 13:07:31 71600 ----a-w- C:\windows\system32\drivers\aswMonFlt.sys

2012-10-30 22:51:53 . 2012-05-03 13:07:34 25232 ----a-w- C:\windows\system32\drivers\aswFsBlk.sys

2012-10-30 22:51:07 . 2012-05-03 13:06:30 41224 ----a-w- C:\windows\avastSS.scr

2012-10-30 22:50:59 . 2012-05-03 13:06:28 227648 ----a-w- C:\windows\SysWow64\aswBoot.exe

2012-10-30 22:50:30 . 2012-05-03 13:07:31 285328 ----a-w- C:\windows\system32\aswBoot.exe

2012-10-16 08:38:37 . 2012-11-27 19:44:47 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 . 2012-11-27 19:44:47 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 . 2012-11-27 19:44:47 561664 ----a-w- C:\windows\apppatch\AcLayers.dll

2012-10-15 16:59:28 . 2012-05-03 13:07:32 54072 ----a-w- C:\windows\system32\drivers\aswRdr2.sys

2012-10-14 19:43:48 . 2012-10-14 19:44:07 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-14 19:43:47 . 2011-11-27 21:40:47 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll

attach.txt

Link to post
Share on other sites

Hello,

I'd like to remind you to NOT run tools on your own. Especially not Combofix, which is not intended to be run without expert guidance.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program. excl.png

Then copy/paste the following into your post (in order):

  • the contents of C:\AdwCleaner[R1].txt;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Edited by Maurice Naggar
Link to post
Share on other sites

C:\AdwCleaner[R1].txt

# AdwCleaner v2.105 - Logfile created 01/11/2013 at 15:09:53

# Updated 08/01/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Conor - CONOR-PC

# Boot Mode : Normal

# Running from : C:\Users\Conor\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\END

Folder Found : C:\Program Files (x86)\1ClickDownload

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\Users\Conor\AppData\Local\Conduit

Folder Found : C:\Users\Conor\AppData\LocalLow\Conduit

Folder Found : C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\jpugj63t.default\extensions\staged

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\SweetIM

Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS

Key Found : HKLM\Software\SweetIM

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0 (en-US)

File : C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js

Found : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb128?a=6PQFeVAurz&loc=FF_NT");

File : C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\jpugj63t.default\prefs.js

Found : user_pref("CT2504091_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Found : user_pref("extensions.50d46eaa398b6.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2215 octets] - [11/01/2013 15:09:53]

AdwCleaner[s1].txt - [5083 octets] - [13/10/2012 13:19:54]

########## EOF - C:\AdwCleaner[R1].txt - [2335 octets] ##########

Link to post
Share on other sites

TDSSKILLER log

15:11:49.0032 1144 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

15:11:49.0453 1144 ============================================================

15:11:49.0453 1144 Current date / time: 2013/01/11 15:11:49.0453

15:11:49.0453 1144 SystemInfo:

15:11:49.0453 1144

15:11:49.0453 1144 OS Version: 6.1.7601 ServicePack: 1.0

15:11:49.0453 1144 Product type: Workstation

15:11:49.0469 1144 ComputerName: CONOR-PC

15:11:49.0469 1144 UserName: Conor

15:11:49.0469 1144 Windows directory: C:\windows

15:11:49.0469 1144 System windows directory: C:\windows

15:11:49.0469 1144 Running under WOW64

15:11:49.0469 1144 Processor architecture: Intel x64

15:11:49.0469 1144 Number of processors: 2

15:11:49.0469 1144 Page size: 0x1000

15:11:49.0469 1144 Boot type: Normal boot

15:11:49.0469 1144 ============================================================

15:11:50.0498 1144 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:11:50.0514 1144 ============================================================

15:11:50.0514 1144 \Device\Harddisk0\DR0:

15:11:50.0514 1144 MBR partitions:

15:11:50.0514 1144 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000

15:11:50.0514 1144 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030

15:11:50.0514 1144 ============================================================

15:11:50.0545 1144 C: <-> \Device\Harddisk0\DR0\Partition2

15:11:50.0545 1144 ============================================================

15:11:50.0545 1144 Initialize success

15:11:50.0545 1144 ============================================================

15:11:59.0813 6244 ============================================================

15:11:59.0813 6244 Scan started

15:11:59.0813 6244 Mode: Manual;

15:11:59.0813 6244 ============================================================

15:12:00.0295 6244 ================ Scan system memory ========================

15:12:00.0295 6244 System memory - ok

15:12:00.0295 6244 ================ Scan services =============================

15:12:00.0669 6244 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys

15:12:00.0685 6244 1394ohci - ok

15:12:00.0731 6244 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys

15:12:00.0731 6244 ACPI - ok

15:12:00.0778 6244 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys

15:12:00.0778 6244 AcpiPmi - ok

15:12:00.0950 6244 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

15:12:00.0965 6244 AdobeFlashPlayerUpdateSvc - ok

15:12:01.0012 6244 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys

15:12:01.0012 6244 adp94xx - ok

15:12:01.0075 6244 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys

15:12:01.0075 6244 adpahci - ok

15:12:01.0090 6244 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys

15:12:01.0090 6244 adpu320 - ok

15:12:01.0153 6244 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll

15:12:01.0153 6244 AeLookupSvc - ok

15:12:01.0231 6244 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe

15:12:01.0231 6244 AESTFilters - ok

15:12:01.0293 6244 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys

15:12:01.0324 6244 AFD - ok

15:12:01.0371 6244 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys

15:12:01.0371 6244 agp440 - ok

15:12:01.0418 6244 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe

15:12:01.0418 6244 ALG - ok

15:12:01.0433 6244 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys

15:12:01.0433 6244 aliide - ok

15:12:01.0480 6244 [ 7922823AB3210517660712ED01B8A2B5 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe

15:12:01.0480 6244 AMD External Events Utility - ok

15:12:01.0527 6244 AMD FUEL Service - ok

15:12:01.0574 6244 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys

15:12:01.0574 6244 amdide - ok

15:12:01.0621 6244 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\windows\system32\DRIVERS\amdiox64.sys

15:12:01.0621 6244 amdiox64 - ok

15:12:01.0636 6244 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys

15:12:01.0652 6244 AmdK8 - ok

15:12:01.0917 6244 [ B3FE665C2D7DDE331BB05E0FD2292457 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys

15:12:02.0151 6244 amdkmdag - ok

15:12:02.0182 6244 [ 6264A490E9E825185895E8FF290545C8 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys

15:12:02.0198 6244 amdkmdap - ok

15:12:02.0229 6244 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys

15:12:02.0245 6244 AmdPPM - ok

15:12:02.0276 6244 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys

15:12:02.0276 6244 amdsata - ok

15:12:02.0323 6244 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys

15:12:02.0323 6244 amdsbs - ok

15:12:02.0369 6244 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys

15:12:02.0369 6244 amdxata - ok

15:12:02.0432 6244 [ BB4FE7889DB9CBBE61A308E99697F53C ] amd_sata C:\windows\system32\DRIVERS\amd_sata.sys

15:12:02.0432 6244 amd_sata - ok

15:12:02.0463 6244 [ 5631CBA53F1CBEA3F9E88348E6723391 ] amd_xata C:\windows\system32\DRIVERS\amd_xata.sys

15:12:02.0463 6244 amd_xata - ok

15:12:02.0572 6244 [ 6690E42CED5D067233ABAD42DA141213 ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys

15:12:02.0588 6244 ApfiltrService - ok

15:12:02.0650 6244 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys

15:12:02.0650 6244 AppID - ok

15:12:02.0681 6244 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll

15:12:02.0697 6244 AppIDSvc - ok

15:12:02.0713 6244 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll

15:12:02.0713 6244 Appinfo - ok

15:12:02.0837 6244 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

15:12:02.0837 6244 Apple Mobile Device - ok

15:12:02.0931 6244 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys

15:12:02.0931 6244 arc - ok

15:12:02.0947 6244 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys

15:12:02.0962 6244 arcsas - ok

15:12:03.0056 6244 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

15:12:03.0071 6244 aspnet_state - ok

15:12:03.0118 6244 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys

15:12:03.0118 6244 aswFsBlk - ok

15:12:03.0149 6244 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys

15:12:03.0165 6244 aswMonFlt - ok

15:12:03.0196 6244 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\windows\System32\Drivers\aswrdr2.sys

15:12:03.0196 6244 aswRdr - ok

15:12:03.0243 6244 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\windows\system32\drivers\aswSnx.sys

15:12:03.0274 6244 aswSnx - ok

15:12:03.0305 6244 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\windows\system32\drivers\aswSP.sys

15:12:03.0305 6244 aswSP - ok

15:12:03.0352 6244 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\windows\system32\drivers\aswTdi.sys

15:12:03.0352 6244 aswTdi - ok

15:12:03.0383 6244 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

15:12:03.0383 6244 AsyncMac - ok

15:12:03.0415 6244 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys

15:12:03.0415 6244 atapi - ok

15:12:03.0477 6244 [ CBD14F698DEF12EE3557604B726CB8EB ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys

15:12:03.0493 6244 AtiHDAudioService - ok

15:12:03.0555 6244 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

15:12:03.0571 6244 AudioEndpointBuilder - ok

15:12:03.0602 6244 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll

15:12:03.0617 6244 AudioSrv - ok

15:12:03.0695 6244 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe

15:12:03.0695 6244 avast! Antivirus - ok

15:12:03.0773 6244 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll

15:12:03.0773 6244 AxInstSV - ok

15:12:03.0836 6244 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys

15:12:03.0836 6244 b06bdrv - ok

15:12:03.0883 6244 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys

15:12:03.0898 6244 b57nd60a - ok

15:12:03.0993 6244 [ B9B123DD438E0FA190BE10A77ADCF38E ] bckd C:\windows\system32\drivers\bckd.sys

15:12:03.0993 6244 bckd - ok

15:12:04.0258 6244 [ 00BF725BFD0FE84EB196E9F45DAC091B ] bckwfs C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe

15:12:04.0289 6244 bckwfs - ok

15:12:04.0445 6244 [ 783F1C7ED6B39454A8D1028D4F30768D ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys

15:12:04.0570 6244 BCM43XX - ok

15:12:04.0601 6244 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll

15:12:04.0601 6244 BDESVC - ok

15:12:04.0648 6244 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys

15:12:04.0664 6244 Beep - ok

15:12:04.0710 6244 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll

15:12:04.0726 6244 BFE - ok

15:12:04.0773 6244 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll

15:12:04.0804 6244 BITS - ok

15:12:04.0851 6244 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys

15:12:04.0851 6244 blbdrive - ok

15:12:04.0929 6244 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

15:12:04.0945 6244 Bonjour Service - ok

15:12:04.0977 6244 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys

15:12:04.0992 6244 bowser - ok

15:12:05.0039 6244 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys

15:12:05.0039 6244 BrFiltLo - ok

15:12:05.0055 6244 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys

15:12:05.0055 6244 BrFiltUp - ok

15:12:05.0086 6244 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys

15:12:05.0101 6244 BridgeMP - ok

15:12:05.0133 6244 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll

15:12:05.0133 6244 Browser - ok

15:12:05.0164 6244 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys

15:12:05.0179 6244 Brserid - ok

15:12:05.0179 6244 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys

15:12:05.0195 6244 BrSerWdm - ok

15:12:05.0211 6244 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys

15:12:05.0226 6244 BrUsbMdm - ok

15:12:05.0226 6244 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys

15:12:05.0242 6244 BrUsbSer - ok

15:12:05.0257 6244 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys

15:12:05.0257 6244 BthEnum - ok

15:12:05.0289 6244 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys

15:12:05.0304 6244 BTHMODEM - ok

15:12:05.0335 6244 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys

15:12:05.0335 6244 BthPan - ok

15:12:05.0367 6244 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys

15:12:05.0382 6244 BTHPORT - ok

15:12:05.0429 6244 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll

15:12:05.0429 6244 bthserv - ok

15:12:05.0476 6244 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys

15:12:05.0476 6244 BTHUSB - ok

15:12:05.0569 6244 [ A0DFB69ADE3444C78B17636FCF28E898 ] BTWAMPFL C:\windows\system32\DRIVERS\btwampfl.sys

15:12:05.0569 6244 BTWAMPFL - ok

15:12:05.0616 6244 [ F6135859A582A7294BA7A3336E08BAA1 ] btwaudio C:\windows\system32\drivers\btwaudio.sys

15:12:05.0616 6244 btwaudio - ok

15:12:05.0647 6244 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys

15:12:05.0647 6244 btwavdt - ok

15:12:05.0772 6244 [ B7DEA77EE893806859072274EE8EC8FC ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

15:12:05.0772 6244 btwdins - ok

15:12:05.0835 6244 [ 9AD0FA253ED531D39FB2D74FE12A5FA9 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys

15:12:05.0835 6244 btwl2cap - ok

15:12:05.0866 6244 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys

15:12:05.0866 6244 btwrchid - ok

15:12:05.0897 6244 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys

15:12:05.0913 6244 cdfs - ok

15:12:05.0944 6244 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys

15:12:05.0960 6244 cdrom - ok

15:12:06.0007 6244 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll

15:12:06.0023 6244 CertPropSvc - ok

15:12:06.0038 6244 CFRMD - ok

15:12:06.0070 6244 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys

15:12:06.0070 6244 circlass - ok

15:12:06.0116 6244 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys

15:12:06.0116 6244 CLFS - ok

15:12:06.0194 6244 [ 5EFF2D9DC1D80C1934DE81321599C8DB ] CLPSLauncher C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe

15:12:06.0194 6244 CLPSLauncher - ok

15:12:06.0304 6244 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:12:06.0304 6244 clr_optimization_v2.0.50727_32 - ok

15:12:06.0335 6244 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

15:12:06.0350 6244 clr_optimization_v2.0.50727_64 - ok

15:12:06.0428 6244 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:12:06.0475 6244 clr_optimization_v4.0.30319_32 - ok

15:12:06.0506 6244 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

15:12:06.0506 6244 clr_optimization_v4.0.30319_64 - ok

15:12:06.0584 6244 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys

15:12:06.0584 6244 CmBatt - ok

15:12:06.0787 6244 [ 65FB5097D9EE7E3A99E932CFA0E4B344 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

15:12:06.0818 6244 cmdAgent - ok

15:12:06.0896 6244 [ 919ACCC22ABDC1C3CA68326C0E5DEAF9 ] cmdGuard C:\windows\system32\DRIVERS\cmdguard.sys

15:12:06.0896 6244 cmdGuard - ok

15:12:06.0928 6244 [ F8FECE0F1D44C4A58778083B00EEADAC ] cmdHlp C:\windows\system32\DRIVERS\cmdhlp.sys

15:12:06.0928 6244 cmdHlp - ok

15:12:06.0959 6244 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys

15:12:06.0974 6244 cmdide - ok

15:12:07.0021 6244 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys

15:12:07.0037 6244 CNG - ok

15:12:07.0084 6244 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys

15:12:07.0084 6244 Compbatt - ok

15:12:07.0115 6244 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys

15:12:07.0115 6244 CompositeBus - ok

15:12:07.0130 6244 COMSysApp - ok

15:12:07.0162 6244 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys

15:12:07.0162 6244 crcdisk - ok

15:12:07.0224 6244 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll

15:12:07.0224 6244 CryptSvc - ok

15:12:07.0302 6244 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\windows\system32\DRIVERS\CtClsFlt.sys

15:12:07.0302 6244 CtClsFlt - ok

15:12:07.0349 6244 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll

15:12:07.0380 6244 DcomLaunch - ok

15:12:07.0411 6244 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll

15:12:07.0411 6244 defragsvc - ok

15:12:07.0442 6244 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys

15:12:07.0442 6244 DfsC - ok

15:12:07.0489 6244 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll

15:12:07.0489 6244 Dhcp - ok

15:12:07.0536 6244 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys

15:12:07.0536 6244 discache - ok

15:12:07.0583 6244 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys

15:12:07.0598 6244 Disk - ok

15:12:07.0614 6244 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll

15:12:07.0630 6244 Dnscache - ok

15:12:07.0661 6244 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll

15:12:07.0661 6244 dot3svc - ok

15:12:07.0708 6244 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\windows\system32\DRIVERS\Dot4.sys

15:12:07.0723 6244 Dot4 - ok

15:12:07.0754 6244 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\windows\system32\DRIVERS\Dot4Prt.sys

15:12:07.0770 6244 Dot4Print - ok

15:12:07.0786 6244 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\windows\system32\DRIVERS\dot4usb.sys

15:12:07.0786 6244 dot4usb - ok

15:12:07.0817 6244 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll

15:12:07.0817 6244 DPS - ok

15:12:07.0973 6244 [ 02F0870C07872CC506C33E79883082B3 ] DragonUpdater C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe

15:12:07.0988 6244 DragonUpdater - ok

15:12:08.0051 6244 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

15:12:08.0066 6244 drmkaud - ok

15:12:08.0098 6244 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys

15:12:08.0129 6244 DXGKrnl - ok

15:12:08.0207 6244 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll

15:12:08.0222 6244 EapHost - ok

15:12:08.0347 6244 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys

15:12:08.0441 6244 ebdrv - ok

15:12:08.0472 6244 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe

15:12:08.0488 6244 EFS - ok

15:12:08.0550 6244 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe

15:12:08.0581 6244 ehRecvr - ok

15:12:08.0597 6244 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe

15:12:08.0597 6244 ehSched - ok

15:12:08.0644 6244 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys

15:12:08.0659 6244 elxstor - ok

15:12:08.0675 6244 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys

15:12:08.0675 6244 ErrDev - ok

15:12:08.0753 6244 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll

15:12:08.0753 6244 EventSystem - ok

15:12:08.0784 6244 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys

15:12:08.0800 6244 exfat - ok

15:12:08.0815 6244 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys

15:12:08.0831 6244 fastfat - ok

15:12:08.0862 6244 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe

15:12:08.0909 6244 Fax - ok

15:12:08.0924 6244 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys

15:12:08.0924 6244 fdc - ok

15:12:08.0940 6244 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll

15:12:08.0956 6244 fdPHost - ok

15:12:08.0971 6244 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll

15:12:08.0971 6244 FDResPub - ok

15:12:08.0987 6244 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys

15:12:09.0002 6244 FileInfo - ok

15:12:09.0018 6244 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys

15:12:09.0018 6244 Filetrace - ok

15:12:09.0143 6244 [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

15:12:09.0190 6244 FLEXnet Licensing Service 64 - ok

15:12:09.0221 6244 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys

15:12:09.0221 6244 flpydisk - ok

15:12:09.0252 6244 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

15:12:09.0268 6244 FltMgr - ok

15:12:09.0330 6244 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll

15:12:09.0361 6244 FontCache - ok

15:12:09.0424 6244 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

15:12:09.0424 6244 FontCache3.0.0.0 - ok

15:12:09.0455 6244 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys

15:12:09.0455 6244 FsDepends - ok

15:12:09.0502 6244 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

15:12:09.0502 6244 Fs_Rec - ok

15:12:09.0548 6244 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys

15:12:09.0548 6244 fvevol - ok

15:12:09.0580 6244 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys

15:12:09.0580 6244 gagp30kx - ok

15:12:09.0658 6244 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

15:12:09.0673 6244 GamesAppService - ok

15:12:09.0720 6244 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys

15:12:09.0720 6244 GEARAspiWDM - ok

15:12:09.0845 6244 [ 24B6902AE2735C7C8ED6670E5E323EC9 ] GeekBuddyRSP C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe

15:12:09.0876 6244 GeekBuddyRSP - ok

15:12:09.0923 6244 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll

15:12:09.0954 6244 gpsvc - ok

15:12:10.0063 6244 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:12:10.0063 6244 gupdate - ok

15:12:10.0094 6244 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:12:10.0094 6244 gupdatem - ok

15:12:10.0136 6244 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys

15:12:10.0136 6244 hcw85cir - ok

15:12:10.0186 6244 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

15:12:10.0196 6244 HdAudAddService - ok

15:12:10.0216 6244 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys

15:12:10.0226 6244 HDAudBus - ok

15:12:10.0236 6244 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys

15:12:10.0246 6244 HidBatt - ok

15:12:10.0256 6244 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys

15:12:10.0256 6244 HidBth - ok

15:12:10.0296 6244 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys

15:12:10.0306 6244 HidIr - ok

15:12:10.0336 6244 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll

15:12:10.0346 6244 hidserv - ok

15:12:10.0376 6244 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys

15:12:10.0376 6244 HidUsb - ok

15:12:10.0426 6244 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll

15:12:10.0436 6244 hkmsvc - ok

15:12:10.0456 6244 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll

15:12:10.0466 6244 HomeGroupListener - ok

15:12:10.0506 6244 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll

15:12:10.0516 6244 HomeGroupProvider - ok

15:12:10.0646 6244 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

15:12:10.0656 6244 hpqcxs08 - ok

15:12:10.0706 6244 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

15:12:10.0706 6244 hpqddsvc - ok

15:12:10.0736 6244 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys

15:12:10.0736 6244 HpSAMD - ok

15:12:10.0796 6244 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys

15:12:10.0826 6244 HTTP - ok

15:12:10.0836 6244 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys

15:12:10.0846 6244 hwpolicy - ok

15:12:10.0876 6244 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys

15:12:10.0886 6244 i8042prt - ok

15:12:10.0926 6244 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys

15:12:10.0936 6244 iaStorV - ok

15:12:11.0006 6244 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

15:12:11.0016 6244 IDriverT - ok

15:12:11.0076 6244 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

15:12:11.0116 6244 idsvc - ok

15:12:11.0186 6244 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys

15:12:11.0196 6244 iirsp - ok

15:12:11.0246 6244 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll

15:12:11.0276 6244 IKEEXT - ok

15:12:11.0356 6244 [ C4E67D3037DC79E39D7136581A947F50 ] inspect C:\windows\system32\DRIVERS\inspect.sys

15:12:11.0356 6244 inspect - ok

15:12:11.0366 6244 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys

15:12:11.0376 6244 intelide - ok

15:12:11.0396 6244 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys

15:12:11.0406 6244 intelppm - ok

15:12:11.0431 6244 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll

15:12:11.0431 6244 IPBusEnum - ok

15:12:11.0462 6244 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

15:12:11.0462 6244 IpFilterDriver - ok

15:12:11.0525 6244 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll

15:12:11.0556 6244 iphlpsvc - ok

15:12:11.0556 6244 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys

15:12:11.0572 6244 IPMIDRV - ok

15:12:11.0603 6244 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys

15:12:11.0603 6244 IPNAT - ok

15:12:11.0696 6244 [ 755E4BA6DCE627A2683BB7640553C8D6 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

15:12:11.0728 6244 iPod Service - ok

15:12:11.0743 6244 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys

15:12:11.0759 6244 IRENUM - ok

15:12:11.0774 6244 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys

15:12:11.0790 6244 isapnp - ok

15:12:11.0821 6244 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys

15:12:11.0821 6244 iScsiPrt - ok

15:12:11.0852 6244 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys

15:12:11.0868 6244 kbdclass - ok

15:12:11.0884 6244 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys

15:12:11.0899 6244 kbdhid - ok

15:12:11.0915 6244 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe

15:12:11.0915 6244 KeyIso - ok

15:12:11.0946 6244 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys

15:12:11.0962 6244 KSecDD - ok

15:12:11.0977 6244 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys

15:12:11.0993 6244 KSecPkg - ok

15:12:12.0008 6244 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys

15:12:12.0008 6244 ksthunk - ok

15:12:12.0055 6244 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll

15:12:12.0086 6244 KtmRm - ok

15:12:12.0133 6244 KUSBusByTCP - ok

15:12:12.0274 6244 [ 384E82435A09A89C4E87A6B20AA9EE69 ] KUSBusByTCPMasterBus C:\windows\syswow64\Drivers\KUSBusByTCPMasterBus.sys

15:12:12.0274 6244 KUSBusByTCPMasterBus - ok

15:12:12.0352 6244 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll

15:12:12.0383 6244 LanmanServer - ok

15:12:12.0414 6244 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll

15:12:12.0430 6244 LanmanWorkstation - ok

15:12:12.0476 6244 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys

15:12:12.0492 6244 lltdio - ok

15:12:12.0523 6244 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll

15:12:12.0539 6244 lltdsvc - ok

15:12:12.0554 6244 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll

15:12:12.0570 6244 lmhosts - ok

15:12:12.0601 6244 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys

15:12:12.0601 6244 LSI_FC - ok

15:12:12.0632 6244 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys

15:12:12.0632 6244 LSI_SAS - ok

15:12:12.0664 6244 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys

15:12:12.0664 6244 LSI_SAS2 - ok

15:12:12.0695 6244 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys

15:12:12.0695 6244 LSI_SCSI - ok

15:12:12.0710 6244 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys

15:12:12.0726 6244 luafv - ok

15:12:12.0773 6244 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\windows\system32\DRIVERS\mcdbus.sys

15:12:12.0773 6244 mcdbus - ok

15:12:12.0804 6244 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll

15:12:12.0804 6244 Mcx2Svc - ok

15:12:12.0820 6244 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys

15:12:12.0835 6244 megasas - ok

15:12:12.0866 6244 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys

15:12:12.0866 6244 MegaSR - ok

15:12:12.0944 6244 Microsoft SharePoint Workspace Audit Service - ok

15:12:12.0991 6244 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll

15:12:12.0991 6244 MMCSS - ok

15:12:13.0007 6244 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys

15:12:13.0022 6244 Modem - ok

15:12:13.0069 6244 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys

15:12:13.0069 6244 monitor - ok

15:12:13.0100 6244 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys

15:12:13.0100 6244 mouclass - ok

15:12:13.0132 6244 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys

15:12:13.0132 6244 mouhid - ok

15:12:13.0163 6244 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys

15:12:13.0163 6244 mountmgr - ok

15:12:13.0225 6244 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

15:12:13.0241 6244 MozillaMaintenance - ok

15:12:13.0256 6244 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys

15:12:13.0272 6244 mpio - ok

15:12:13.0303 6244 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys

15:12:13.0303 6244 mpsdrv - ok

15:12:13.0350 6244 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll

15:12:13.0381 6244 MpsSvc - ok

15:12:13.0428 6244 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys

15:12:13.0444 6244 MRxDAV - ok

15:12:13.0475 6244 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys

15:12:13.0490 6244 mrxsmb - ok

15:12:13.0506 6244 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys

15:12:13.0522 6244 mrxsmb10 - ok

15:12:13.0537 6244 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys

15:12:13.0537 6244 mrxsmb20 - ok

15:12:13.0568 6244 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys

15:12:13.0568 6244 msahci - ok

15:12:13.0600 6244 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys

15:12:13.0600 6244 msdsm - ok

15:12:13.0631 6244 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe

15:12:13.0646 6244 MSDTC - ok

15:12:13.0693 6244 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys

15:12:13.0693 6244 Msfs - ok

15:12:13.0709 6244 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys

15:12:13.0709 6244 mshidkmdf - ok

15:12:13.0740 6244 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys

15:12:13.0740 6244 msisadrv - ok

15:12:13.0787 6244 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll

15:12:13.0802 6244 MSiSCSI - ok

15:12:13.0802 6244 msiserver - ok

15:12:13.0865 6244 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

15:12:13.0865 6244 MSKSSRV - ok

15:12:13.0880 6244 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

15:12:13.0896 6244 MSPCLOCK - ok

15:12:13.0912 6244 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys

15:12:13.0912 6244 MSPQM - ok

15:12:13.0953 6244 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys

15:12:13.0963 6244 MsRPC - ok

15:12:13.0983 6244 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys

15:12:13.0993 6244 mssmbios - ok

15:12:14.0003 6244 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys

15:12:14.0013 6244 MSTEE - ok

15:12:14.0043 6244 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys

15:12:14.0043 6244 MTConfig - ok

15:12:14.0083 6244 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys

15:12:14.0083 6244 Mup - ok

15:12:14.0133 6244 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll

15:12:14.0153 6244 napagent - ok

15:12:14.0213 6244 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys

15:12:14.0223 6244 NativeWifiP - ok

15:12:14.0313 6244 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe

15:12:14.0323 6244 NAUpdate - ok

15:12:14.0393 6244 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys

15:12:14.0433 6244 NDIS - ok

15:12:14.0473 6244 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys

15:12:14.0483 6244 NdisCap - ok

15:12:14.0513 6244 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

15:12:14.0513 6244 NdisTapi - ok

15:12:14.0543 6244 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

15:12:14.0553 6244 Ndisuio - ok

15:12:14.0573 6244 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

15:12:14.0583 6244 NdisWan - ok

15:12:14.0603 6244 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys

15:12:14.0603 6244 NDProxy - ok

15:12:14.0683 6244 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

15:12:14.0693 6244 Net Driver HPZ12 - ok

15:12:14.0733 6244 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

15:12:14.0733 6244 NetBIOS - ok

15:12:14.0773 6244 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys

15:12:14.0773 6244 NetBT - ok

15:12:14.0803 6244 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe

15:12:14.0803 6244 Netlogon - ok

15:12:14.0853 6244 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll

15:12:14.0863 6244 Netman - ok

15:12:14.0943 6244 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:12:14.0953 6244 NetMsmqActivator - ok

15:12:14.0973 6244 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:12:14.0983 6244 NetPipeActivator - ok

15:12:15.0023 6244 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll

15:12:15.0043 6244 netprofm - ok

15:12:15.0053 6244 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:12:15.0053 6244 NetTcpActivator - ok

15:12:15.0073 6244 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:12:15.0083 6244 NetTcpPortSharing - ok

15:12:15.0113 6244 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys

15:12:15.0123 6244 nfrd960 - ok

15:12:15.0173 6244 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll

15:12:15.0183 6244 NlaSvc - ok

15:12:15.0203 6244 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys

15:12:15.0213 6244 Npfs - ok

15:12:15.0233 6244 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll

15:12:15.0243 6244 nsi - ok

15:12:15.0263 6244 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys

15:12:15.0263 6244 nsiproxy - ok

15:12:15.0363 6244 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys

15:12:15.0433 6244 Ntfs - ok

15:12:15.0463 6244 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys

15:12:15.0463 6244 Null - ok

15:12:15.0503 6244 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys

15:12:15.0513 6244 nvraid - ok

15:12:15.0533 6244 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys

15:12:15.0543 6244 nvstor - ok

15:12:15.0553 6244 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys

15:12:15.0563 6244 nv_agp - ok

15:12:15.0583 6244 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys

15:12:15.0583 6244 ohci1394 - ok

15:12:15.0653 6244 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:12:15.0653 6244 ose - ok

15:12:15.0833 6244 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

15:12:15.0873 6244 osppsvc - ok

15:12:15.0933 6244 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll

15:12:15.0943 6244 p2pimsvc - ok

15:12:15.0973 6244 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll

15:12:15.0993 6244 p2psvc - ok

15:12:16.0014 6244 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys

15:12:16.0024 6244 Parport - ok

15:12:16.0054 6244 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys

15:12:16.0054 6244 partmgr - ok

15:12:16.0084 6244 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll

15:12:16.0094 6244 PcaSvc - ok

15:12:16.0194 6244 [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{1E208CE0-FB7451FF-06020200}_0 c:\program files\dell support center\pcdsrvc_x64.pkms

15:12:16.0194 6244 PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - ok

15:12:16.0234 6244 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys

15:12:16.0244 6244 pci - ok

15:12:16.0264 6244 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys

15:12:16.0274 6244 pciide - ok

15:12:16.0294 6244 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys

15:12:16.0304 6244 pcmcia - ok

15:12:16.0334 6244 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys

15:12:16.0334 6244 pcw - ok

15:12:16.0364 6244 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys

15:12:16.0394 6244 PEAUTH - ok

15:12:16.0524 6244 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe

15:12:16.0534 6244 PerfHost - ok

15:12:16.0624 6244 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll

15:12:16.0674 6244 pla - ok

15:12:16.0724 6244 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll

15:12:16.0744 6244 PlugPlay - ok

15:12:16.0814 6244 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

15:12:16.0824 6244 Pml Driver HPZ12 - ok

15:12:16.0854 6244 PnkBstrA - ok

15:12:16.0884 6244 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll

15:12:16.0894 6244 PNRPAutoReg - ok

15:12:16.0934 6244 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll

15:12:16.0944 6244 PNRPsvc - ok

15:12:16.0984 6244 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll

15:12:17.0004 6244 PolicyAgent - ok

15:12:17.0045 6244 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll

15:12:17.0055 6244 Power - ok

15:12:17.0095 6244 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys

15:12:17.0095 6244 PptpMiniport - ok

15:12:17.0125 6244 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys

15:12:17.0125 6244 Processor - ok

15:12:17.0182 6244 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll

15:12:17.0197 6244 ProfSvc - ok

15:12:17.0213 6244 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe

15:12:17.0228 6244 ProtectedStorage - ok

15:12:17.0260 6244 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys

15:12:17.0260 6244 Psched - ok

15:12:17.0322 6244 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys

15:12:17.0322 6244 PxHlpa64 - ok

15:12:17.0384 6244 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys

15:12:17.0431 6244 ql2300 - ok

15:12:17.0447 6244 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys

15:12:17.0462 6244 ql40xx - ok

15:12:17.0509 6244 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll

15:12:17.0509 6244 QWAVE - ok

15:12:17.0525 6244 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys

15:12:17.0525 6244 QWAVEdrv - ok

15:12:17.0681 6244 [ F98487B25828441B1C6488C642C2AC10 ] RapportCerberus_43926 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys

15:12:17.0696 6244 RapportCerberus_43926 - ok

15:12:17.0743 6244 [ EAE1BB44F17EB3F439367AAC6B829D55 ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys

15:12:17.0759 6244 RapportEI64 - ok

15:12:17.0790 6244 [ 428ABD0B5D771284F393356C6729074F ] RapportKE64 C:\windows\system32\Drivers\RapportKE64.sys

15:12:17.0790 6244 RapportKE64 - ok

15:12:17.0884 6244 [ 35468625105F5B10FCF43E5D58659924 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

15:12:17.0899 6244 RapportMgmtService - ok

15:12:17.0962 6244 [ 4CCFCED21C81C0C1D2BE6CB3ABF8A217 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys

15:12:17.0977 6244 RapportPG64 - ok

15:12:18.0008 6244 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

15:12:18.0008 6244 RasAcd - ok

15:12:18.0040 6244 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys

15:12:18.0040 6244 RasAgileVpn - ok

15:12:18.0071 6244 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll

15:12:18.0086 6244 RasAuto - ok

15:12:18.0118 6244 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys

15:12:18.0133 6244 Rasl2tp - ok

15:12:18.0164 6244 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll

15:12:18.0196 6244 RasMan - ok

15:12:18.0211 6244 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

15:12:18.0211 6244 RasPppoe - ok

15:12:18.0242 6244 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys

15:12:18.0242 6244 RasSstp - ok

15:12:18.0274 6244 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys

15:12:18.0274 6244 rdbss - ok

15:12:18.0305 6244 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys

15:12:18.0305 6244 rdpbus - ok

15:12:18.0320 6244 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys

15:12:18.0336 6244 RDPCDD - ok

15:12:18.0352 6244 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys

15:12:18.0367 6244 RDPENCDD - ok

15:12:18.0398 6244 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys

15:12:18.0398 6244 RDPREFMP - ok

15:12:18.0445 6244 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys

15:12:18.0445 6244 RDPWD - ok

15:12:18.0492 6244 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys

15:12:18.0492 6244 rdyboost - ok

15:12:18.0523 6244 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll

15:12:18.0539 6244 RemoteAccess - ok

15:12:18.0570 6244 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll

15:12:18.0586 6244 RemoteRegistry - ok

15:12:18.0648 6244 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys

15:12:18.0648 6244 RFCOMM - ok

15:12:18.0695 6244 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\windows\system32\Drivers\RimUsb_AMD64.sys

15:12:18.0695 6244 RimUsb - ok

15:12:18.0757 6244 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\windows\system32\DRIVERS\RimSerial_AMD64.sys

15:12:18.0757 6244 RimVSerPort - ok

15:12:18.0788 6244 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\windows\system32\Drivers\RootMdm.sys

15:12:18.0788 6244 ROOTMODEM - ok

15:12:18.0898 6244 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

15:12:18.0929 6244 RoxMediaDB12OEM - ok

15:12:18.0976 6244 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

15:12:18.0991 6244 RoxWatch12 - ok

15:12:19.0022 6244 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll

15:12:19.0038 6244 RpcEptMapper - ok

15:12:19.0069 6244 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe

15:12:19.0085 6244 RpcLocator - ok

15:12:19.0132 6244 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\System32\rpcss.dll

15:12:19.0147 6244 RpcSs - ok

15:12:19.0163 6244 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys

15:12:19.0178 6244 rspndr - ok

15:12:19.0245 6244 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys

15:12:19.0255 6244 RSUSBSTOR - ok

15:12:19.0285 6244 [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys

15:12:19.0305 6244 RTL8167 - ok

15:12:19.0325 6244 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe

15:12:19.0325 6244 SamSs - ok

15:12:19.0355 6244 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys

15:12:19.0365 6244 sbp2port - ok

15:12:19.0415 6244 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll

15:12:19.0445 6244 SCardSvr - ok

15:12:19.0475 6244 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys

15:12:19.0475 6244 scfilter - ok

15:12:19.0535 6244 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll

15:12:19.0585 6244 Schedule - ok

15:12:19.0635 6244 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll

15:12:19.0645 6244 SCPolicySvc - ok

15:12:19.0685 6244 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll

15:12:19.0705 6244 SDRSVC - ok

15:12:19.0745 6244 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys

15:12:19.0755 6244 secdrv - ok

15:12:19.0785 6244 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll

15:12:19.0795 6244 seclogon - ok

15:12:19.0825 6244 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll

15:12:19.0835 6244 SENS - ok

15:12:19.0865 6244 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll

15:12:19.0875 6244 SensrSvc - ok

15:12:19.0915 6244 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys

15:12:19.0915 6244 Serenum - ok

15:12:19.0945 6244 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys

15:12:19.0945 6244 Serial - ok

15:12:19.0955 6244 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys

15:12:19.0965 6244 sermouse - ok

15:12:20.0055 6244 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll

15:12:20.0055 6244 SessionEnv - ok

15:12:20.0071 6244 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys

15:12:20.0071 6244 sffdisk - ok

15:12:20.0086 6244 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys

15:12:20.0102 6244 sffp_mmc - ok

15:12:20.0118 6244 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys

15:12:20.0133 6244 sffp_sd - ok

15:12:20.0149 6244 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys

15:12:20.0149 6244 sfloppy - ok

15:12:20.0258 6244 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

15:12:20.0274 6244 SftService - ok

15:12:20.0336 6244 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll

15:12:20.0352 6244 SharedAccess - ok

15:12:20.0383 6244 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll

15:12:20.0398 6244 ShellHWDetection - ok

15:12:20.0430 6244 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys

15:12:20.0430 6244 SiSRaid2 - ok

15:12:20.0461 6244 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys

15:12:20.0461 6244 SiSRaid4 - ok

15:12:20.0523 6244 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

15:12:20.0523 6244 SkypeUpdate - ok

15:12:20.0554 6244 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys

15:12:20.0554 6244 Smb - ok

15:12:20.0617 6244 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe

15:12:20.0617 6244 SNMPTRAP - ok

15:12:20.0664 6244 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys

15:12:20.0664 6244 spldr - ok

15:12:20.0726 6244 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe

15:12:20.0742 6244 Spooler - ok

15:12:20.0882 6244 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe

15:12:20.0976 6244 sppsvc - ok

15:12:21.0007 6244 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll

15:12:21.0022 6244 sppuinotify - ok

15:12:21.0054 6244 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys

15:12:21.0069 6244 srv - ok

15:12:21.0100 6244 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys

15:12:21.0116 6244 srv2 - ok

15:12:21.0147 6244 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys

15:12:21.0147 6244 srvnet - ok

15:12:21.0194 6244 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

15:12:21.0194 6244 SSDPSRV - ok

15:12:21.0225 6244 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll

15:12:21.0241 6244 SstpSvc - ok

15:12:21.0350 6244 [ A6B2EC3A2B6AD7C3F7B2F3495CADE4C0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe

15:12:21.0366 6244 STacSV - ok

15:12:21.0397 6244 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys

15:12:21.0397 6244 stexstor - ok

15:12:21.0459 6244 [ EBA98394A7D58F7552C52192BD8FA7E6 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys

15:12:21.0490 6244 STHDA - ok

15:12:21.0568 6244 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll

15:12:21.0600 6244 stisvc - ok

15:12:21.0662 6244 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

15:12:21.0662 6244 stllssvr - ok

15:12:21.0693 6244 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys

15:12:21.0693 6244 swenum - ok

15:12:21.0740 6244 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll

15:12:21.0771 6244 swprv - ok

15:12:21.0834 6244 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll

15:12:21.0912 6244 SysMain - ok

15:12:21.0958 6244 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll

15:12:21.0974 6244 TabletInputService - ok

15:12:22.0021 6244 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll

15:12:22.0052 6244 TapiSrv - ok

15:12:22.0083 6244 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll

15:12:22.0083 6244 TBS - ok

15:12:22.0192 6244 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys

15:12:22.0255 6244 Tcpip - ok

15:12:22.0317 6244 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys

15:12:22.0348 6244 TCPIP6 - ok

15:12:22.0411 6244 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys

15:12:22.0411 6244 tcpipreg - ok

15:12:22.0473 6244 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys

15:12:22.0473 6244 TDPIPE - ok

15:12:22.0504 6244 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys

15:12:22.0504 6244 TDTCP - ok

15:12:22.0551 6244 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys

15:12:22.0551 6244 tdx - ok

15:12:22.0582 6244 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys

15:12:22.0582 6244 TermDD - ok

15:12:22.0629 6244 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll

15:12:22.0660 6244 TermService - ok

15:12:22.0676 6244 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll

15:12:22.0692 6244 Themes - ok

15:12:22.0723 6244 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll

15:12:22.0738 6244 THREADORDER - ok

15:12:22.0801 6244 [ E9CA6ED72EA9F56BD6E98C7042092A1C ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

15:12:22.0801 6244 TomTomHOMEService - ok

15:12:22.0863 6244 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll

15:12:22.0894 6244 TrkWks - ok

15:12:22.0957 6244 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

15:12:22.0957 6244 TrustedInstaller - ok

15:12:23.0004 6244 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys

15:12:23.0004 6244 tssecsrv - ok

15:12:23.0035 6244 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys

15:12:23.0035 6244 TsUsbFlt - ok

15:12:23.0066 6244 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys

15:12:23.0066 6244 TsUsbGD - ok

15:12:23.0128 6244 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys

15:12:23.0128 6244 tunnel - ok

15:12:23.0144 6244 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys

15:12:23.0160 6244 uagp35 - ok

15:12:23.0175 6244 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys

15:12:23.0191 6244 udfs - ok

15:12:23.0238 6244 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe

15:12:23.0253 6244 UI0Detect - ok

15:12:23.0269 6244 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys

15:12:23.0269 6244 uliagpkx - ok

15:12:23.0300 6244 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys

15:12:23.0300 6244 umbus - ok

15:12:23.0316 6244 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys

15:12:23.0316 6244 UmPass - ok

15:12:23.0347 6244 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll

15:12:23.0362 6244 upnphost - ok

15:12:23.0425 6244 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys

15:12:23.0425 6244 USBAAPL64 - ok

15:12:23.0472 6244 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys

15:12:23.0472 6244 usbccgp - ok

15:12:23.0518 6244 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys

15:12:23.0518 6244 usbcir - ok

15:12:23.0550 6244 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys

15:12:23.0550 6244 usbehci - ok

15:12:23.0581 6244 [ 76E2FFAD301490BA27B947C6507752FB ] usbfilter C:\windows\system32\DRIVERS\usbfilter.sys

15:12:23.0596 6244 usbfilter - ok

15:12:23.0643 6244 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys

15:12:23.0659 6244 usbhub - ok

15:12:23.0690 6244 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys

15:12:23.0690 6244 usbohci - ok

15:12:23.0721 6244 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys

15:12:23.0737 6244 usbprint - ok

15:12:23.0768 6244 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys

15:12:23.0768 6244 usbscan - ok

15:12:23.0815 6244 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS

15:12:23.0830 6244 USBSTOR - ok

15:12:23.0846 6244 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys

15:12:23.0846 6244 usbuhci - ok

15:12:23.0893 6244 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys

15:12:23.0893 6244 usbvideo - ok

15:12:23.0924 6244 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll

15:12:23.0940 6244 UxSms - ok

15:12:23.0971 6244 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe

15:12:23.0986 6244 VaultSvc - ok

15:12:24.0002 6244 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys

15:12:24.0018 6244 vdrvroot - ok

15:12:24.0033 6244 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe

15:12:24.0080 6244 vds - ok

15:12:24.0111 6244 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys

15:12:24.0111 6244 vga - ok

15:12:24.0158 6244 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys

15:12:24.0158 6244 VgaSave - ok

15:12:24.0189 6244 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys

15:12:24.0189 6244 vhdmp - ok

15:12:24.0205 6244 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys

15:12:24.0205 6244 viaide - ok

15:12:24.0220 6244 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys

15:12:24.0236 6244 volmgr - ok

15:12:24.0283 6244 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys

15:12:24.0298 6244 volmgrx - ok

15:12:24.0345 6244 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys

15:12:24.0345 6244 volsnap - ok

15:12:24.0376 6244 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys

15:12:24.0376 6244 vsmraid - ok

15:12:24.0454 6244 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe

15:12:24.0486 6244 VSS - ok

15:12:24.0532 6244 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys

15:12:24.0532 6244 vwifibus - ok

15:12:24.0564 6244 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys

15:12:24.0564 6244 vwififlt - ok

15:12:24.0595 6244 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll

15:12:24.0626 6244 W32Time - ok

15:12:24.0657 6244 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys

15:12:24.0657 6244 WacomPen - ok

15:12:24.0688 6244 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys

15:12:24.0704 6244 WANARP - ok

15:12:24.0704 6244 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys

15:12:24.0720 6244 Wanarpv6 - ok

15:12:24.0829 6244 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe

15:12:24.0876 6244 WatAdminSvc - ok

15:12:24.0954 6244 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe

15:12:25.0047 6244 wbengine - ok

15:12:25.0063 6244 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll

15:12:25.0078 6244 WbioSrvc - ok

15:12:25.0094 6244 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll

15:12:25.0110 6244 wcncsvc - ok

15:12:25.0141 6244 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

15:12:25.0141 6244 WcsPlugInService - ok

15:12:25.0172 6244 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys

15:12:25.0172 6244 Wd - ok

15:12:25.0234 6244 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys

15:12:25.0266 6244 Wdf01000 - ok

15:12:25.0281 6244 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll

15:12:25.0297 6244 WdiServiceHost - ok

15:12:25.0312 6244 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll

15:12:25.0328 6244 WdiSystemHost - ok

15:12:25.0344 6244 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll

15:12:25.0375 6244 WebClient - ok

15:12:25.0406 6244 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll

15:12:25.0422 6244 Wecsvc - ok

15:12:25.0437 6244 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll

15:12:25.0453 6244 wercplsupport - ok

15:12:25.0500 6244 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll

15:12:25.0515 6244 WerSvc - ok

15:12:25.0546 6244 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys

15:12:25.0546 6244 WfpLwf - ok

15:12:25.0593 6244 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys

15:12:25.0593 6244 WimFltr - ok

15:12:25.0624 6244 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys

15:12:25.0624 6244 WIMMount - ok

15:12:25.0656 6244 WinDefend - ok

15:12:25.0687 6244 WinHttpAutoProxySvc - ok

15:12:25.0749 6244 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll

15:12:25.0765 6244 Winmgmt - ok

15:12:25.0858 6244 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll

15:12:25.0952 6244 WinRM - ok

15:12:26.0014 6244 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys

15:12:26.0014 6244 WinUsb - ok

15:12:26.0077 6244 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll

15:12:26.0108 6244 Wlansvc - ok

15:12:26.0156 6244 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

15:12:26.0156 6244 wlcrasvc - ok

15:12:26.0327 6244 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

15:12:26.0343 6244 wlidsvc - ok

15:12:26.0421 6244 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys

15:12:26.0437 6244 WmiAcpi - ok

15:12:26.0515 6244 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe

15:12:26.0530 6244 wmiApSrv - ok

15:12:26.0561 6244 WMPNetworkSvc - ok

15:12:26.0593 6244 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll

15:12:26.0593 6244 WPCSvc - ok

15:12:26.0624 6244 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll

15:12:26.0639 6244 WPDBusEnum - ok

15:12:26.0671 6244 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys

15:12:26.0671 6244 ws2ifsl - ok

15:12:26.0702 6244 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll

15:12:26.0702 6244 wscsvc - ok

15:12:26.0717 6244 WSearch - ok

15:12:26.0842 6244 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll

15:12:26.0920 6244 wuauserv - ok

15:12:26.0983 6244 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys

15:12:26.0983 6244 WudfPf - ok

15:12:27.0076 6244 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys

15:12:27.0076 6244 WUDFRd - ok

15:12:27.0123 6244 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll

15:12:27.0155 6244 wudfsvc - ok

15:12:27.0202 6244 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll

15:12:27.0218 6244 WwanSvc - ok

15:12:27.0264 6244 ================ Scan global ===============================

15:12:27.0280 6244 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll

15:12:27.0342 6244 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll

15:12:27.0358 6244 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll

15:12:27.0389 6244 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll

15:12:27.0420 6244 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe

15:12:27.0452 6244 [Global] - ok

15:12:27.0452 6244 ================ Scan MBR ==================================

15:12:27.0467 6244 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

15:12:27.0857 6244 \Device\Harddisk0\DR0 - ok

15:12:27.0857 6244 ================ Scan VBR ==================================

15:12:27.0857 6244 [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1

15:12:27.0857 6244 \Device\Harddisk0\DR0\Partition1 - ok

15:12:27.0920 6244 [ 9353CF31A6EC515E78353D1600509A2F ] \Device\Harddisk0\DR0\Partition2

15:12:27.0920 6244 \Device\Harddisk0\DR0\Partition2 - ok

15:12:27.0920 6244 ============================================================

15:12:27.0920 6244 Scan finished

15:12:27.0920 6244 ============================================================

15:12:27.0951 5072 Detected object count: 0

15:12:27.0951 5072 Actual detected object count: 0

15:12:47.0434 6588 Deinitialize success

Link to post
Share on other sites

RKReport log

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Conor [Admin rights]

Mode : Scan -- Date : 01/11/2013 15:15:46

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{4A92C260-D31D-47C8-8A74-6B120C7909E3} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{4A92C260-D31D-47C8-8A74-6B120C7909E3} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3} : NameServer (8.26.56.26,156.154.70.22) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost

216.239.32.20 www.google.ae # bck9

216.239.32.20 www.google.at # bck9

216.239.32.20 www.google.be # bck9

216.239.32.20 www.google.ca # bck9

216.239.32.20 www.google.ch # bck9

216.239.32.20 www.google.cl # bck9

216.239.32.20 www.google.co.il # bck9

216.239.32.20 www.google.co.in # bck9

216.239.32.20 www.google.co.jp # bck9

216.239.32.20 www.google.co.kr # bck9

216.239.32.20 www.google.co.nz # bck9

216.239.32.20 www.google.co.uk # bck9

216.239.32.20 www.google.co.ve # bck9

216.239.32.20 www.google.co.za # bck9

216.239.32.20 www.google.com # bck9

216.239.32.20 www.google.com.ar # bck9

216.239.32.20 www.google.com.au # bck9

216.239.32.20 www.google.com.br # bck9

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST950032 5AS SATA Disk Device +++++

--- User ---

[MBR] e1cf3956ef2f984ff195364e4f6062fc

[bSP] ee1fa6662c2a2d395c2bf5b13616a5b9 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_01112013_02d1515.txt >>

RKreport[1]_S_01112013_02d1515.txt

Link to post
Share on other sites

Please proceed with the following.

Also, I would urge you to not do any free-wheeling websurfing. And just only go to this forum and the sites I guide you to for tools.

  • Close any open documents/programs & all internet browsers you have running.
  • Please start AdwCleaner
  • Click on Delete button.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
  • Note: You can find the logfile at C:\AdwCleaner[s1]

Step 2

Download OTL by OldTimer & SAVE to your desktop: http://oldtimer.geekstogo.com/OTL.exe

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member only. If you are a casual viewer, do NOT try this on your system!

If you are not and have a similar problem, do NOT post here; start your own topic

  • Temporarily disable your antivirus program and close any programs that you started.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Download the attached file OTLFIX.txt and SAVE to your DESKTOP
  • Start NOTEPAD
  • Open the OTLFIX.txt that you saved
  • Copy ALL the lines to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Right click in the customFix.png window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button runFixbutton.png.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 3

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan. i_arrow-l.gif

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

Link to post
Share on other sites

Sorry been away for the weekend.

Here are a couple of logs below:

AdwCleaner:

# AdwCleaner v2.105 - Logfile created 01/13/2013 at 22:03:14

# Updated 08/01/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Conor - CONOR-PC

# Boot Mode : Normal

# Running from : C:\Users\Conor\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\END

Folder Deleted : C:\Program Files (x86)\1ClickDownload

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Users\Conor\AppData\Local\Conduit

Folder Deleted : C:\Users\Conor\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\jpugj63t.default\extensions\staged

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\SweetIM

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS

Key Deleted : HKLM\Software\SweetIM

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0 (en-US)

File : C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js

Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb128?a=6PQFeVAurz&loc=FF_NT");

File : C:\Users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\jpugj63t.default\prefs.js

Deleted : user_pref("CT2504091_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Deleted : user_pref("extensions.50d46eaa398b6.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Conor\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2404 octets] - [11/01/2013 15:09:53]

AdwCleaner[s1].txt - [5083 octets] - [13/10/2012 13:19:54]

AdwCleaner[s2].txt - [2375 octets] - [13/01/2013 22:03:14]

########## EOF - C:\AdwCleaner[s2].txt - [2435 octets] ##########

OTL:

All processes killed

========== COMMANDS ==========

C:\windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Conor

->Temp folder emptied: 3714356 bytes

->Temporary Internet Files folder emptied: 229578 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 70109067 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 715 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 561470 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 293203 bytes

RecycleBin emptied: 2428036 bytes

Total Files Cleaned = 74.00 mb

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Conor

->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Conor

->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01132013_221047

Files\Folders moved on Reboot...

C:\Users\Conor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Conor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{21E223EE-C65F-410C-AA3B-31FCF5CD247E}.tmp moved successfully.

C:\Users\Conor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{42B804F3-3716-49F5-A390-9C5BD1D796CA}.tmp moved successfully.

C:\Users\Conor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{50DF3375-707C-4699-BC51-7C7606956339}.tmp moved successfully.

File\Folder C:\Users\Conor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\18F9F700.gif not found!

File\Folder C:\Users\Conor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\220889E5.png not found!

File\Folder C:\Users\Conor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4662BA3B.png not found!

File\Folder C:\Users\Conor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\98BD3EA2.png not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Mbam scanning as we speak (will post a log in my next reply)

Must admit its still running slow and I've seen adverts for ILivid... :(

Also had the blue screen of death from my video driver :( Not sure if related...

Link to post
Share on other sites

Mbam Log:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.14.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Conor :: CONOR-PC [administrator]

14/01/2013 19:07:29

mbam-log-2013-01-14 (19-07-29).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 403232

Time elapsed: 1 hour(s), 50 minute(s), 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

I just want my PC clean :) thanks for your help so far :D

Link to post
Share on other sites

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click JRT.exe and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into a new reply.
  • Re-enable your security software.

Step 2

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member ccfc1987 only. If you are a casual viewer, do NOT try this on your system!

If you are not ccfc1987 and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

Link to post
Share on other sites

JRT

Tried running the scan but when it starts doing a quick scan on the registry the image below poped up:

cgrep.jpg

Tried closing the program but subsequently pooped up again after 5 minuites or so. The scan therefore couldn't complete...

ComboFix log:

ComboFix 13-01-15.02 - Conor 15/01/2013 20:38:31.8.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3692.1695 [GMT 0:00]

Running from: c:\users\Conor\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\programdata\PCDr\6032\AddOnDownloaded\18d25bc5-acbb-424f-a6c6-d04a97765094.dll

c:\programdata\PCDr\6032\AddOnDownloaded\2141cd58-3a24-481f-8ca2-8b466c9b797f.dll

c:\programdata\PCDr\6032\AddOnDownloaded\2d2ff7e2-f0f8-4f32-a28e-e44234dd3300.dll

c:\programdata\PCDr\6032\AddOnDownloaded\3e137363-345c-454a-a474-2da300d9297a.dll

c:\programdata\PCDr\6032\AddOnDownloaded\4011a5cd-1208-467b-b149-4c0534295875.dll

c:\programdata\PCDr\6032\AddOnDownloaded\62089595-46e8-4c4f-9d7b-48be969390bb.dll

c:\programdata\PCDr\6032\AddOnDownloaded\65a823a3-a5fc-440a-b276-153555251042.dll

c:\programdata\PCDr\6032\AddOnDownloaded\8c199aef-9eca-4ab6-863d-c9136ebec654.dll

c:\programdata\PCDr\6032\AddOnDownloaded\918ee45c-eb0a-4e61-97ad-c1849c2623ee.dll

c:\programdata\PCDr\6032\AddOnDownloaded\b0654984-096d-4244-a127-3364577b6279.dll

c:\programdata\PCDr\6032\AddOnDownloaded\b967e9c4-897a-42c8-96d2-4ceb543f8cdb.dll

c:\programdata\PCDr\6032\AddOnDownloaded\db33b903-f6ef-4bdd-adf8-db57372a45ec.dll

c:\programdata\PCDr\6032\AddOnDownloaded\ea058b56-dc30-479c-af0f-bcf27aed08df.dll

c:\programdata\PCDr\6032\AddOnDownloaded\f4d48f15-9f33-4b3f-a84f-bc8b2800e772.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-12-15 to 2013-01-15 )))))))))))))))))))))))))))))))

.

.

2013-01-15 20:56 . 2013-01-15 20:56 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-01-15 20:56 . 2013-01-15 20:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-15 19:22 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{211F444E-B71F-4D37-B545-34068E124FC6}\mpengine.dll

2013-01-15 19:19 . 2013-01-15 19:19 -------- d-----w- c:\windows\ERUNT

2013-01-15 19:13 . 2013-01-15 20:25 -------- d-----w- C:\JRT

2013-01-14 19:13 . 2013-01-14 19:13 56072 ----a-w- c:\windows\system32\certsentry.dll

2013-01-14 19:13 . 2013-01-14 19:13 47368 ----a-w- c:\windows\SysWow64\certsentry.dll

2013-01-13 22:10 . 2013-01-13 22:10 -------- d-----w- C:\_OTL

2013-01-11 15:05 . 2013-01-11 15:05 -------- d-----w- c:\program files (x86)\ERUNT

2013-01-10 22:53 . 2013-01-10 22:55 -------- d-----w- c:\users\Conor\AppData\Roaming\GetRightToGo

2013-01-10 19:17 . 2013-01-10 19:17 -------- d-----w- c:\users\Conor\AppData\Local\Programs

2013-01-09 18:37 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll

2013-01-09 18:37 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-01-09 18:37 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-09 18:37 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll

2013-01-09 18:37 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll

2013-01-09 18:37 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll

2013-01-09 18:37 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll

2013-01-09 18:37 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2013-01-09 18:37 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll

2013-01-09 18:37 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll

2013-01-09 18:34 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll

2013-01-09 18:33 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe

2013-01-09 18:33 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2013-01-08 06:01 . 2013-01-08 06:01 -------- d-----w- c:\program files (x86)\Common Files\Comodo

2012-12-23 10:26 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-23 10:26 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-23 10:26 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-23 10:26 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-15 20:29 . 2012-10-16 20:31 151552 ----a-w- c:\windows\KMSEmulator.exe

2013-01-11 03:14 . 2012-08-01 22:05 67599240 ----a-w- c:\windows\system32\MRT.exe

2013-01-08 19:12 . 2012-08-19 21:03 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-08 19:12 . 2012-08-19 21:03 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-23 22:13 . 2012-07-05 11:05 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys

2012-12-19 21:01 . 2012-11-22 21:32 281152 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-12-19 21:01 . 2012-11-22 21:16 281152 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-12-18 19:58 . 2012-11-22 21:16 281152 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-12-14 16:49 . 2012-05-03 13:03 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-11 21:52 . 2012-12-11 21:52 53248 ----a-r- c:\users\Conor\AppData\Roaming\Microsoft\Installer\{38676C9C-270F-43D1-926A-E45DE8820A6B}\ARPPRODUCTICON.exe

2012-12-04 08:41 . 2012-12-04 08:41 37976 ----a-w- c:\windows\SysWow64\drivers\CFRMD.sys

2012-12-04 08:41 . 2012-12-04 08:41 37976 ----a-w- c:\windows\inf\CFRMD\cfrmd.sys

2012-11-30 04:45 . 2013-01-09 18:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-11-22 21:16 . 2012-11-22 21:16 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-11-22 21:16 . 2012-11-22 21:16 840264 ----a-w- c:\windows\SysWow64\pbsvc.exe

2012-11-14 07:06 . 2012-12-15 17:37 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-11-14 06:32 . 2012-12-15 17:37 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-11-14 06:11 . 2012-12-15 17:37 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 06:04 . 2012-12-15 17:37 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-11-14 06:04 . 2012-12-15 17:37 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 06:02 . 2012-12-15 17:37 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 06:02 . 2012-12-15 17:37 237056 ----a-w- c:\windows\system32\url.dll

2012-11-14 05:59 . 2012-12-15 17:37 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-11-14 05:58 . 2012-12-15 17:37 816640 ----a-w- c:\windows\system32\jscript.dll

2012-11-14 05:57 . 2012-12-15 17:37 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 05:57 . 2012-12-15 17:37 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 05:55 . 2012-12-15 17:37 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-11-14 05:55 . 2012-12-15 17:37 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-11-14 05:53 . 2012-12-15 17:37 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-11-14 05:52 . 2012-12-15 17:37 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-14 05:46 . 2012-12-15 17:37 248320 ----a-w- c:\windows\system32\ieui.dll

2012-11-14 02:09 . 2012-12-15 17:37 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-11-14 01:58 . 2012-12-15 17:37 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57 . 2012-12-15 17:37 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-11-14 01:49 . 2012-12-15 17:37 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48 . 2012-12-15 17:37 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-11-14 01:44 . 2012-12-15 17:37 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-11-09 05:45 . 2012-12-12 19:24 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-09 04:42 . 2012-12-12 19:24 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-11-07 23:38 . 2012-10-05 00:32 94288 ----a-w- c:\windows\system32\drivers\inspect.sys

2012-11-07 23:38 . 2012-10-05 00:32 38144 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2012-11-07 23:37 . 2012-10-05 00:32 584056 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2012-11-07 23:37 . 2012-10-05 00:32 22736 ----a-w- c:\windows\system32\drivers\cmderd.sys

2012-11-07 23:37 . 2012-10-05 00:32 41240 ----a-w- c:\windows\system32\cmdcsr.dll

2012-11-07 23:37 . 2012-10-05 00:32 301264 ----a-w- c:\windows\SysWow64\guard32.dll

2012-11-07 23:37 . 2012-10-05 00:32 390392 ----a-w- c:\windows\system32\guard64.dll

2012-11-02 05:59 . 2012-12-12 19:18 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-11-02 05:11 . 2012-12-12 19:18 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

2012-10-30 22:51 . 2012-05-03 13:07 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-10-30 22:51 . 2012-05-03 13:07 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-10-30 22:51 . 2012-05-03 13:07 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-30 22:51 . 2012-05-03 13:07 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-10-30 22:51 . 2012-05-03 13:07 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-10-30 22:51 . 2012-05-03 13:06 41224 ----a-w- c:\windows\avastSS.scr

2012-10-30 22:50 . 2012-05-03 13:06 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-10-30 22:50 . 2012-05-03 13:07 285328 ----a-w- c:\windows\system32\aswBoot.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-30 885760]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"Control Center"="c:\program files (x86)\TRENDnet\MFP Server\Control Center.exe" [2007-11-02 2477568]

"gbrspcontrol"="c:\program files (x86)\Common Files\Comodo\GeekBuddyRSP.exe" [2012-11-26 1851088]

.

c:\users\Conor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464]

Start GeekBuddy.lnk - c:\program files (x86)\Comodo\GeekBuddy\launcher.exe [2012-12-19 49360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-08-18 39464]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-09-16 1431888]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 KUSBusByTCP;KUSBusByTCP;c:\windows\system32\Drivers\KUSBusByTCP.sys [x]

R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-13 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-16 79488]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-16 40064]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-12-23 101688]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-07 584056]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-07 38144]

S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-04 505720]

S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-12-23 55096]

S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-12-23 297240]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-06 204288]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-08-06 365568]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]

S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\Comodo\launcher_service.exe [2012-12-19 70352]

S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2013-01-14 1868432]

S2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files (x86)\Common Files\Comodo\GeekBuddyRSP.exe [2012-11-26 1851088]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-12-23 976728]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-06-21 92632]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]

S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-08-18 349736]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]

S3 KUSBusByTCPMasterBus;Master Bus of Kernel USB Software Bus by TCP;SysWOW64\Drivers\KUSBusByTCPMasterBus.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-01-15 19:11 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-19 19:12]

.

2013-01-15 c:\windows\Tasks\AutoKMS.job

- c:\windows\AutoKMS\AutoKMS.exe [2012-09-15 10:41]

.

2013-01-15 c:\windows\Tasks\AutoKMSDaily.job

- c:\windows\AutoKMS\AutoKMS.exe [2012-09-15 10:41]

.

2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-20 22:47]

.

2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-20 22:47]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]

"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\users\Conor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{4A92C260-D31D-47C8-8A74-6B120C7909E3}: NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}: NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{B512E631-5A5E-4138-A7FD-90203EC4A5F3}\358455D2553535: NameServer = 8.26.56.26,156.154.70.22

FF - ProfilePath - c:\users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\jpugj63t.default\

FF - prefs.js: browser.startup.homepage - http:\\\\www.google.co.uk

FF - ExtSQL: 2012-12-21 13:56; 50d46eaa39804@50d46eaa3983d.com; c:\users\Conor\AppData\Roaming\Mozilla\Firefox\Profiles\jpugj63t.default\extensions\50d46eaa39804@50d46eaa3983d.com.xpi

FF - ExtSQL: !HIDDEN! 2012-09-24 21:07; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\03\00\0b\0f\06\05?"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-15 21:04:59

ComboFix-quarantined-files.txt 2013-01-15 21:04

.

Pre-Run: 415,447,019,520 bytes free

Post-Run: 415,198,908,416 bytes free

.

- - End Of File - - 2B47DE32F90F85262EACB6A82D685DB3

Still adverts :( It says underneath 'Ads not by this site' on most of them.

Link to post
Share on other sites

Do the ads appear in a browser ? which one? Internet Explorer, or Firefox, or Chrome or ??

While we continue the hunt for malware, please do NOT do any websurfing, online games, etc.

Just only go to this forum and just the websites I guide you to for tools.

Download Dr.Web CureIt to the desktop.

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

Link to post
Share on other sites

There were a lot of temporary files shown in that last log.

Question: As a matter of your standard pc housekeeping, you need to empty out temporary internet files.

TFC is a tool that you can use for that. You can also use options in each browser to delete temp files.

For the latter, it is typically pressing SHIFT+CTRL+DEL keys and following the prompt.

Do this now: Close any programs you have opened.

Download TFC by OldTimer and SAVE it to your desktop

  • Double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Step 2

To Reset Firefox to its default state:

Start Firefox

in the address bar, type in

about:support

Click on the Reset Firefox button at top right of screen.

Also see http://support.mozilla.org/en-US/kb/reset-preferences-fix-problems?s=reset+search+options&r=2&as=s

Still in Firefox, on main menu, choose Tools >>> Options

click the General tab

Under the Downloads block

IF the SAVE files to is selected, then Click on (to select) Always ask me where to save files

Then press OK button

Close & exit Firefox.

Step 3

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://go.eset.com/us/online-scanner/faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

Re-enable the antivirus program.

Reply with copy of the Eset scan log

Step 4

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to post
Share on other sites

ESET Scanner

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

TDS KIller:

20:20:20.0917 7036 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

20:20:22.0942 7036 ============================================================

20:20:22.0942 7036 Current date / time: 2013/01/16 20:20:22.0942

20:20:22.0942 7036 SystemInfo:

20:20:22.0942 7036

20:20:22.0942 7036 OS Version: 6.1.7601 ServicePack: 1.0

20:20:22.0942 7036 Product type: Workstation

20:20:22.0942 7036 ComputerName: CONOR-PC

20:20:22.0942 7036 UserName: Conor

20:20:22.0942 7036 Windows directory: C:\windows

20:20:22.0942 7036 System windows directory: C:\windows

20:20:22.0942 7036 Running under WOW64

20:20:22.0942 7036 Processor architecture: Intel x64

20:20:22.0942 7036 Number of processors: 2

20:20:22.0942 7036 Page size: 0x1000

20:20:22.0942 7036 Boot type: Normal boot

20:20:22.0942 7036 ============================================================

20:20:24.0924 7036 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:20:24.0971 7036 ============================================================

20:20:24.0971 7036 \Device\Harddisk0\DR0:

20:20:24.0986 7036 MBR partitions:

20:20:24.0986 7036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000

20:20:24.0986 7036 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030

20:20:24.0986 7036 ============================================================

20:20:25.0080 7036 C: <-> \Device\Harddisk0\DR0\Partition2

20:20:25.0080 7036 ============================================================

20:20:25.0080 7036 Initialize success

20:20:25.0080 7036 ============================================================

20:20:41.0742 4064 ============================================================

20:20:41.0742 4064 Scan started

20:20:41.0742 4064 Mode: Manual;

20:20:41.0742 4064 ============================================================

20:20:44.0503 4064 ================ Scan system memory ========================

20:20:44.0503 4064 System memory - ok

20:20:44.0503 4064 ================ Scan services =============================

20:20:44.0815 4064 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys

20:20:44.0877 4064 1394ohci - ok

20:20:44.0908 4064 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys

20:20:44.0924 4064 ACPI - ok

20:20:44.0971 4064 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys

20:20:44.0986 4064 AcpiPmi - ok

20:20:45.0189 4064 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

20:20:45.0205 4064 AdobeFlashPlayerUpdateSvc - ok

20:20:45.0252 4064 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys

20:20:45.0283 4064 adp94xx - ok

20:20:45.0330 4064 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys

20:20:45.0345 4064 adpahci - ok

20:20:45.0376 4064 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys

20:20:45.0376 4064 adpu320 - ok

20:20:45.0439 4064 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll

20:20:45.0439 4064 AeLookupSvc - ok

20:20:45.0532 4064 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe

20:20:45.0548 4064 AESTFilters - ok

20:20:45.0610 4064 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys

20:20:45.0642 4064 AFD - ok

20:20:45.0688 4064 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys

20:20:45.0704 4064 agp440 - ok

20:20:45.0751 4064 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe

20:20:45.0751 4064 ALG - ok

20:20:45.0813 4064 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys

20:20:45.0813 4064 aliide - ok

20:20:45.0876 4064 [ 7922823AB3210517660712ED01B8A2B5 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe

20:20:45.0891 4064 AMD External Events Utility - ok

20:20:45.0985 4064 AMD FUEL Service - ok

20:20:46.0016 4064 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys

20:20:46.0032 4064 amdide - ok

20:20:46.0063 4064 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\windows\system32\DRIVERS\amdiox64.sys

20:20:46.0063 4064 amdiox64 - ok

20:20:46.0094 4064 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys

20:20:46.0094 4064 AmdK8 - ok

20:20:46.0702 4064 [ B3FE665C2D7DDE331BB05E0FD2292457 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys

20:20:47.0030 4064 amdkmdag - ok

20:20:47.0108 4064 [ 6264A490E9E825185895E8FF290545C8 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys

20:20:47.0124 4064 amdkmdap - ok

20:20:47.0170 4064 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys

20:20:47.0170 4064 AmdPPM - ok

20:20:47.0217 4064 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys

20:20:47.0217 4064 amdsata - ok

20:20:47.0264 4064 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys

20:20:47.0280 4064 amdsbs - ok

20:20:47.0311 4064 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys

20:20:47.0311 4064 amdxata - ok

20:20:47.0358 4064 [ BB4FE7889DB9CBBE61A308E99697F53C ] amd_sata C:\windows\system32\DRIVERS\amd_sata.sys

20:20:47.0358 4064 amd_sata - ok

20:20:47.0389 4064 [ 5631CBA53F1CBEA3F9E88348E6723391 ] amd_xata C:\windows\system32\DRIVERS\amd_xata.sys

20:20:47.0389 4064 amd_xata - ok

20:20:47.0467 4064 [ 6690E42CED5D067233ABAD42DA141213 ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys

20:20:47.0482 4064 ApfiltrService - ok

20:20:47.0607 4064 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys

20:20:47.0623 4064 AppID - ok

20:20:47.0716 4064 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll

20:20:47.0716 4064 AppIDSvc - ok

20:20:47.0795 4064 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll

20:20:47.0795 4064 Appinfo - ok

20:20:47.0936 4064 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:20:47.0951 4064 Apple Mobile Device - ok

20:20:48.0029 4064 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys

20:20:48.0045 4064 arc - ok

20:20:48.0107 4064 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys

20:20:48.0123 4064 arcsas - ok

20:20:48.0263 4064 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

20:20:48.0295 4064 aspnet_state - ok

20:20:48.0341 4064 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys

20:20:48.0341 4064 aswFsBlk - ok

20:20:48.0388 4064 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys

20:20:48.0404 4064 aswMonFlt - ok

20:20:48.0435 4064 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\windows\System32\Drivers\aswrdr2.sys

20:20:48.0451 4064 aswRdr - ok

20:20:48.0529 4064 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\windows\system32\drivers\aswSnx.sys

20:20:48.0560 4064 aswSnx - ok

20:20:48.0591 4064 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\windows\system32\drivers\aswSP.sys

20:20:48.0607 4064 aswSP - ok

20:20:48.0653 4064 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\windows\system32\drivers\aswTdi.sys

20:20:48.0669 4064 aswTdi - ok

20:20:48.0731 4064 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

20:20:48.0747 4064 AsyncMac - ok

20:20:48.0809 4064 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys

20:20:48.0809 4064 atapi - ok

20:20:48.0903 4064 [ CBD14F698DEF12EE3557604B726CB8EB ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys

20:20:48.0903 4064 AtiHDAudioService - ok

20:20:48.0965 4064 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

20:20:49.0012 4064 AudioEndpointBuilder - ok

20:20:49.0075 4064 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll

20:20:49.0090 4064 AudioSrv - ok

20:20:49.0231 4064 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe

20:20:49.0231 4064 avast! Antivirus - ok

20:20:49.0355 4064 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll

20:20:49.0355 4064 AxInstSV - ok

20:20:49.0496 4064 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys

20:20:49.0511 4064 b06bdrv - ok

20:20:49.0636 4064 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys

20:20:49.0652 4064 b57nd60a - ok

20:20:50.0401 4064 [ 783F1C7ED6B39454A8D1028D4F30768D ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys

20:20:50.0557 4064 BCM43XX - ok

20:20:50.0619 4064 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll

20:20:50.0635 4064 BDESVC - ok

20:20:50.0666 4064 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys

20:20:50.0666 4064 Beep - ok

20:20:50.0744 4064 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll

20:20:50.0775 4064 BFE - ok

20:20:50.0869 4064 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll

20:20:50.0915 4064 BITS - ok

20:20:50.0962 4064 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys

20:20:50.0978 4064 blbdrive - ok

20:20:51.0056 4064 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

20:20:51.0087 4064 Bonjour Service - ok

20:20:51.0212 4064 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys

20:20:51.0227 4064 bowser - ok

20:20:51.0290 4064 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys

20:20:51.0290 4064 BrFiltLo - ok

20:20:51.0321 4064 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys

20:20:51.0337 4064 BrFiltUp - ok

20:20:51.0368 4064 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys

20:20:51.0368 4064 BridgeMP - ok

20:20:51.0446 4064 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll

20:20:51.0477 4064 Browser - ok

20:20:51.0555 4064 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys

20:20:51.0586 4064 Brserid - ok

20:20:51.0617 4064 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys

20:20:51.0633 4064 BrSerWdm - ok

20:20:51.0711 4064 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys

20:20:51.0711 4064 BrUsbMdm - ok

20:20:51.0758 4064 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys

20:20:51.0758 4064 BrUsbSer - ok

20:20:51.0820 4064 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys

20:20:51.0820 4064 BthEnum - ok

20:20:51.0867 4064 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys

20:20:51.0867 4064 BTHMODEM - ok

20:20:51.0914 4064 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys

20:20:51.0945 4064 BthPan - ok

20:20:52.0023 4064 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys

20:20:52.0085 4064 BTHPORT - ok

20:20:52.0132 4064 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll

20:20:52.0148 4064 bthserv - ok

20:20:52.0273 4064 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys

20:20:52.0273 4064 BTHUSB - ok

20:20:52.0382 4064 [ A0DFB69ADE3444C78B17636FCF28E898 ] BTWAMPFL C:\windows\system32\DRIVERS\btwampfl.sys

20:20:52.0382 4064 BTWAMPFL - ok

20:20:52.0429 4064 [ F6135859A582A7294BA7A3336E08BAA1 ] btwaudio C:\windows\system32\drivers\btwaudio.sys

20:20:52.0444 4064 btwaudio - ok

20:20:52.0475 4064 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys

20:20:52.0475 4064 btwavdt - ok

20:20:52.0585 4064 [ B7DEA77EE893806859072274EE8EC8FC ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

20:20:52.0631 4064 btwdins - ok

20:20:52.0678 4064 [ 9AD0FA253ED531D39FB2D74FE12A5FA9 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys

20:20:52.0694 4064 btwl2cap - ok

20:20:52.0725 4064 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys

20:20:52.0741 4064 btwrchid - ok

20:20:52.0787 4064 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys

20:20:52.0787 4064 cdfs - ok

20:20:52.0928 4064 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys

20:20:52.0959 4064 cdrom - ok

20:20:53.0068 4064 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll

20:20:53.0084 4064 CertPropSvc - ok

20:20:53.0131 4064 CFRMD - ok

20:20:53.0162 4064 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys

20:20:53.0162 4064 circlass - ok

20:20:53.0240 4064 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys

20:20:53.0302 4064 CLFS - ok

20:20:53.0521 4064 [ 5EFF2D9DC1D80C1934DE81321599C8DB ] CLPSLauncher C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe

20:20:53.0521 4064 CLPSLauncher - ok

20:20:53.0614 4064 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:20:53.0614 4064 clr_optimization_v2.0.50727_32 - ok

20:20:53.0692 4064 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:20:53.0708 4064 clr_optimization_v2.0.50727_64 - ok

20:20:53.0801 4064 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:20:53.0817 4064 clr_optimization_v4.0.30319_32 - ok

20:20:53.0879 4064 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

20:20:53.0911 4064 clr_optimization_v4.0.30319_64 - ok

20:20:53.0989 4064 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys

20:20:53.0989 4064 CmBatt - ok

20:20:54.0176 4064 [ 65FB5097D9EE7E3A99E932CFA0E4B344 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

20:20:54.0269 4064 cmdAgent - ok

20:20:54.0347 4064 [ 919ACCC22ABDC1C3CA68326C0E5DEAF9 ] cmdGuard C:\windows\system32\DRIVERS\cmdguard.sys

20:20:54.0379 4064 cmdGuard - ok

20:20:54.0441 4064 [ F8FECE0F1D44C4A58778083B00EEADAC ] cmdHlp C:\windows\system32\DRIVERS\cmdhlp.sys

20:20:54.0457 4064 cmdHlp - ok

20:20:54.0503 4064 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys

20:20:54.0519 4064 cmdide - ok

20:20:54.0628 4064 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys

20:20:54.0659 4064 CNG - ok

20:20:54.0753 4064 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys

20:20:54.0753 4064 Compbatt - ok

20:20:54.0815 4064 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys

20:20:54.0815 4064 CompositeBus - ok

20:20:54.0878 4064 COMSysApp - ok

20:20:54.0925 4064 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys

20:20:54.0940 4064 crcdisk - ok

20:20:55.0049 4064 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll

20:20:55.0065 4064 CryptSvc - ok

20:20:55.0159 4064 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\windows\system32\DRIVERS\CtClsFlt.sys

20:20:55.0174 4064 CtClsFlt - ok

20:20:55.0237 4064 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll

20:20:55.0283 4064 DcomLaunch - ok

20:20:55.0361 4064 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll

20:20:55.0377 4064 defragsvc - ok

20:20:55.0408 4064 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys

20:20:55.0408 4064 DfsC - ok

20:20:55.0455 4064 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll

20:20:55.0502 4064 Dhcp - ok

20:20:55.0549 4064 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys

20:20:55.0549 4064 discache - ok

20:20:55.0627 4064 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys

20:20:55.0642 4064 Disk - ok

20:20:55.0673 4064 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll

20:20:55.0689 4064 Dnscache - ok

20:20:55.0798 4064 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll

20:20:55.0829 4064 dot3svc - ok

20:20:55.0954 4064 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\windows\system32\DRIVERS\Dot4.sys

20:20:55.0954 4064 Dot4 - ok

20:20:56.0032 4064 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\windows\system32\DRIVERS\Dot4Prt.sys

20:20:56.0048 4064 Dot4Print - ok

20:20:56.0110 4064 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\windows\system32\DRIVERS\dot4usb.sys

20:20:56.0126 4064 dot4usb - ok

20:20:56.0219 4064 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll

20:20:56.0235 4064 DPS - ok

20:20:56.0485 4064 [ C2A43D645FCC1DD154DF6CE029ED5C48 ] DragonUpdater C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe

20:20:56.0531 4064 DragonUpdater - ok

20:20:56.0609 4064 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

20:20:56.0609 4064 drmkaud - ok

20:20:56.0719 4064 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys

20:20:56.0765 4064 DXGKrnl - ok

20:20:56.0843 4064 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll

20:20:56.0859 4064 EapHost - ok

20:20:57.0031 4064 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys

20:20:57.0171 4064 ebdrv - ok

20:20:57.0249 4064 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe

20:20:57.0265 4064 EFS - ok

20:20:57.0358 4064 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe

20:20:57.0405 4064 ehRecvr - ok

20:20:57.0436 4064 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe

20:20:57.0452 4064 ehSched - ok

20:20:57.0530 4064 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys

20:20:57.0577 4064 elxstor - ok

20:20:57.0592 4064 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys

20:20:57.0592 4064 ErrDev - ok

20:20:57.0686 4064 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll

20:20:57.0717 4064 EventSystem - ok

20:20:57.0826 4064 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys

20:20:57.0873 4064 exfat - ok

20:20:57.0920 4064 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys

20:20:57.0951 4064 fastfat - ok

20:20:58.0045 4064 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe

20:20:58.0076 4064 Fax - ok

20:20:58.0107 4064 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys

20:20:58.0123 4064 fdc - ok

20:20:58.0169 4064 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll

20:20:58.0169 4064 fdPHost - ok

20:20:58.0232 4064 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll

20:20:58.0247 4064 FDResPub - ok

20:20:58.0294 4064 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys

20:20:58.0294 4064 FileInfo - ok

20:20:58.0325 4064 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys

20:20:58.0325 4064 Filetrace - ok

20:20:58.0513 4064 [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

20:20:58.0559 4064 FLEXnet Licensing Service 64 - ok

20:20:58.0637 4064 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys

20:20:58.0637 4064 flpydisk - ok

20:20:58.0684 4064 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

20:20:58.0700 4064 FltMgr - ok

20:20:58.0778 4064 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll

20:20:58.0825 4064 FontCache - ok

20:20:58.0918 4064 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:20:58.0934 4064 FontCache3.0.0.0 - ok

20:20:58.0965 4064 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys

20:20:58.0965 4064 FsDepends - ok

20:20:59.0043 4064 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

20:20:59.0059 4064 Fs_Rec - ok

20:20:59.0121 4064 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys

20:20:59.0137 4064 fvevol - ok

20:20:59.0168 4064 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys

20:20:59.0183 4064 gagp30kx - ok

20:20:59.0324 4064 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

20:20:59.0371 4064 GamesAppService - ok

20:20:59.0433 4064 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys

20:20:59.0433 4064 GEARAspiWDM - ok

20:20:59.0589 4064 [ 24B6902AE2735C7C8ED6670E5E323EC9 ] GeekBuddyRSP C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe

20:20:59.0620 4064 GeekBuddyRSP - ok

20:20:59.0714 4064 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll

20:20:59.0745 4064 gpsvc - ok

20:20:59.0885 4064 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

20:20:59.0885 4064 gupdate - ok

20:20:59.0901 4064 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

20:20:59.0901 4064 gupdatem - ok

20:20:59.0979 4064 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys

20:20:59.0995 4064 hcw85cir - ok

20:21:00.0057 4064 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

20:21:00.0073 4064 HdAudAddService - ok

20:21:00.0119 4064 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys

20:21:00.0135 4064 HDAudBus - ok

20:21:00.0166 4064 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys

20:21:00.0182 4064 HidBatt - ok

20:21:00.0229 4064 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys

20:21:00.0244 4064 HidBth - ok

20:21:00.0260 4064 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys

20:21:00.0275 4064 HidIr - ok

20:21:00.0322 4064 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll

20:21:00.0338 4064 hidserv - ok

20:21:00.0416 4064 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys

20:21:00.0431 4064 HidUsb - ok

20:21:00.0478 4064 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll

20:21:00.0509 4064 hkmsvc - ok

20:21:00.0541 4064 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll

20:21:00.0572 4064 HomeGroupListener - ok

20:21:00.0619 4064 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll

20:21:00.0650 4064 HomeGroupProvider - ok

20:21:00.0821 4064 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

20:21:00.0821 4064 hpqcxs08 - ok

20:21:00.0899 4064 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

20:21:00.0899 4064 hpqddsvc - ok

20:21:00.0931 4064 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys

20:21:00.0946 4064 HpSAMD - ok

20:21:01.0009 4064 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys

20:21:01.0040 4064 HTTP - ok

20:21:01.0071 4064 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys

20:21:01.0071 4064 hwpolicy - ok

20:21:01.0133 4064 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys

20:21:01.0180 4064 i8042prt - ok

20:21:01.0243 4064 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys

20:21:01.0258 4064 iaStorV - ok

20:21:01.0352 4064 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

20:21:01.0367 4064 IDriverT - ok

20:21:01.0430 4064 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:21:01.0477 4064 idsvc - ok

20:21:01.0523 4064 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys

20:21:01.0523 4064 iirsp - ok

20:21:01.0586 4064 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll

20:21:01.0633 4064 IKEEXT - ok

20:21:01.0679 4064 [ C4E67D3037DC79E39D7136581A947F50 ] inspect C:\windows\system32\DRIVERS\inspect.sys

20:21:01.0695 4064 inspect - ok

20:21:01.0711 4064 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys

20:21:01.0726 4064 intelide - ok

20:21:01.0757 4064 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys

20:21:01.0773 4064 intelppm - ok

20:21:01.0835 4064 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll

20:21:01.0835 4064 IPBusEnum - ok

20:21:01.0867 4064 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

20:21:01.0867 4064 IpFilterDriver - ok

20:21:01.0945 4064 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll

20:21:01.0976 4064 iphlpsvc - ok

20:21:02.0038 4064 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys

20:21:02.0038 4064 IPMIDRV - ok

20:21:02.0054 4064 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys

20:21:02.0069 4064 IPNAT - ok

20:21:02.0179 4064 [ 755E4BA6DCE627A2683BB7640553C8D6 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

20:21:02.0225 4064 iPod Service - ok

20:21:02.0257 4064 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys

20:21:02.0257 4064 IRENUM - ok

20:21:02.0319 4064 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys

20:21:02.0350 4064 isapnp - ok

20:21:02.0381 4064 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys

20:21:02.0397 4064 iScsiPrt - ok

20:21:02.0444 4064 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys

20:21:02.0444 4064 kbdclass - ok

20:21:02.0506 4064 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys

20:21:02.0506 4064 kbdhid - ok

20:21:02.0537 4064 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe

20:21:02.0537 4064 KeyIso - ok

20:21:02.0584 4064 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys

20:21:02.0600 4064 KSecDD - ok

20:21:02.0647 4064 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys

20:21:02.0647 4064 KSecPkg - ok

20:21:02.0693 4064 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys

20:21:02.0693 4064 ksthunk - ok

20:21:02.0756 4064 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll

20:21:02.0787 4064 KtmRm - ok

20:21:02.0849 4064 KUSBusByTCP - ok

20:21:02.0990 4064 [ 384E82435A09A89C4E87A6B20AA9EE69 ] KUSBusByTCPMasterBus C:\windows\syswow64\Drivers\KUSBusByTCPMasterBus.sys

20:21:02.0990 4064 KUSBusByTCPMasterBus - ok

20:21:03.0068 4064 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll

20:21:03.0099 4064 LanmanServer - ok

20:21:03.0146 4064 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll

20:21:03.0177 4064 LanmanWorkstation - ok

20:21:03.0208 4064 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys

20:21:03.0224 4064 lltdio - ok

20:21:03.0271 4064 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll

20:21:03.0302 4064 lltdsvc - ok

20:21:03.0333 4064 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll

20:21:03.0349 4064 lmhosts - ok

20:21:03.0411 4064 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys

20:21:03.0411 4064 LSI_FC - ok

20:21:03.0458 4064 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys

20:21:03.0473 4064 LSI_SAS - ok

20:21:03.0489 4064 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys

20:21:03.0489 4064 LSI_SAS2 - ok

20:21:03.0520 4064 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys

20:21:03.0536 4064 LSI_SCSI - ok

20:21:03.0583 4064 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys

20:21:03.0583 4064 luafv - ok

20:21:03.0645 4064 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\windows\system32\DRIVERS\mcdbus.sys

20:21:03.0661 4064 mcdbus - ok

20:21:03.0692 4064 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll

20:21:03.0723 4064 Mcx2Svc - ok

20:21:03.0770 4064 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys

20:21:03.0785 4064 megasas - ok

20:21:03.0817 4064 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys

20:21:03.0832 4064 MegaSR - ok

20:21:03.0910 4064 Microsoft SharePoint Workspace Audit Service - ok

20:21:03.0941 4064 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll

20:21:03.0957 4064 MMCSS - ok

20:21:03.0973 4064 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys

20:21:03.0988 4064 Modem - ok

20:21:04.0035 4064 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys

20:21:04.0035 4064 monitor - ok

20:21:04.0082 4064 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys

20:21:04.0113 4064 mouclass - ok

20:21:04.0160 4064 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys

20:21:04.0160 4064 mouhid - ok

20:21:04.0191 4064 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys

20:21:04.0207 4064 mountmgr - ok

20:21:04.0285 4064 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

20:21:04.0285 4064 MozillaMaintenance - ok

20:21:04.0331 4064 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys

20:21:04.0347 4064 mpio - ok

20:21:04.0378 4064 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys

20:21:04.0378 4064 mpsdrv - ok

20:21:04.0441 4064 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll

20:21:04.0487 4064 MpsSvc - ok

20:21:04.0534 4064 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys

20:21:04.0534 4064 MRxDAV - ok

20:21:04.0597 4064 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys

20:21:04.0628 4064 mrxsmb - ok

20:21:04.0675 4064 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys

20:21:04.0675 4064 mrxsmb10 - ok

20:21:04.0706 4064 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys

20:21:04.0721 4064 mrxsmb20 - ok

20:21:04.0753 4064 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys

20:21:04.0768 4064 msahci - ok

20:21:04.0784 4064 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys

20:21:04.0799 4064 msdsm - ok

20:21:04.0831 4064 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe

20:21:04.0862 4064 MSDTC - ok

20:21:04.0971 4064 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys

20:21:04.0971 4064 Msfs - ok

20:21:05.0002 4064 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys

20:21:05.0002 4064 mshidkmdf - ok

20:21:05.0049 4064 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys

20:21:05.0065 4064 msisadrv - ok

20:21:05.0111 4064 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll

20:21:05.0127 4064 MSiSCSI - ok

20:21:05.0143 4064 msiserver - ok

20:21:05.0189 4064 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

20:21:05.0189 4064 MSKSSRV - ok

20:21:05.0221 4064 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

20:21:05.0236 4064 MSPCLOCK - ok

20:21:05.0252 4064 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys

20:21:05.0252 4064 MSPQM - ok

20:21:05.0299 4064 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys

20:21:05.0314 4064 MsRPC - ok

20:21:05.0361 4064 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys

20:21:05.0377 4064 mssmbios - ok

20:21:05.0408 4064 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys

20:21:05.0408 4064 MSTEE - ok

20:21:05.0439 4064 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys

20:21:05.0439 4064 MTConfig - ok

20:21:05.0501 4064 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys

20:21:05.0501 4064 Mup - ok

20:21:05.0564 4064 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll

20:21:05.0595 4064 napagent - ok

20:21:05.0673 4064 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys

20:21:05.0673 4064 NativeWifiP - ok

20:21:05.0829 4064 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe

20:21:05.0860 4064 NAUpdate - ok

20:21:05.0985 4064 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys

20:21:06.0063 4064 NDIS - ok

20:21:06.0157 4064 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys

20:21:06.0172 4064 NdisCap - ok

20:21:06.0266 4064 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

20:21:06.0297 4064 NdisTapi - ok

20:21:06.0359 4064 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

20:21:06.0375 4064 Ndisuio - ok

20:21:06.0547 4064 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

20:21:06.0578 4064 NdisWan - ok

20:21:06.0625 4064 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys

20:21:06.0640 4064 NDProxy - ok

20:21:06.0718 4064 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

20:21:06.0734 4064 Net Driver HPZ12 - ok

20:21:06.0812 4064 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

20:21:06.0827 4064 NetBIOS - ok

20:21:06.0874 4064 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys

20:21:06.0890 4064 NetBT - ok

20:21:06.0937 4064 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe

20:21:06.0937 4064 Netlogon - ok

20:21:06.0999 4064 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll

20:21:07.0030 4064 Netman - ok

20:21:07.0139 4064 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:21:07.0171 4064 NetMsmqActivator - ok

20:21:07.0217 4064 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:21:07.0217 4064 NetPipeActivator - ok

20:21:07.0264 4064 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll

20:21:07.0295 4064 netprofm - ok

20:21:07.0311 4064 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:21:07.0327 4064 NetTcpActivator - ok

20:21:07.0358 4064 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:21:07.0373 4064 NetTcpPortSharing - ok

20:21:07.0436 4064 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys

20:21:07.0451 4064 nfrd960 - ok

20:21:07.0529 4064 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll

20:21:07.0592 4064 NlaSvc - ok

20:21:07.0639 4064 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys

20:21:07.0639 4064 Npfs - ok

20:21:07.0701 4064 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll

20:21:07.0717 4064 nsi - ok

20:21:07.0763 4064 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys

20:21:07.0763 4064 nsiproxy - ok

20:21:07.0904 4064 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys

20:21:07.0966 4064 Ntfs - ok

20:21:07.0997 4064 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys

20:21:07.0997 4064 Null - ok

20:21:08.0029 4064 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys

20:21:08.0029 4064 nvraid - ok

20:21:08.0060 4064 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys

20:21:08.0075 4064 nvstor - ok

20:21:08.0091 4064 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys

20:21:08.0107 4064 nv_agp - ok

20:21:08.0138 4064 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys

20:21:08.0138 4064 ohci1394 - ok

20:21:08.0216 4064 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:21:08.0216 4064 ose - ok

20:21:08.0450 4064 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

20:21:08.0606 4064 osppsvc - ok

20:21:08.0684 4064 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll

20:21:08.0699 4064 p2pimsvc - ok

20:21:08.0746 4064 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll

20:21:08.0777 4064 p2psvc - ok

20:21:08.0809 4064 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys

20:21:08.0824 4064 Parport - ok

20:21:08.0871 4064 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys

20:21:08.0871 4064 partmgr - ok

20:21:08.0918 4064 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll

20:21:08.0933 4064 PcaSvc - ok

20:21:09.0027 4064 [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{1E208CE0-FB7451FF-06020200}_0 c:\program files\dell support center\pcdsrvc_x64.pkms

20:21:09.0089 4064 PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - ok

20:21:09.0136 4064 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys

20:21:09.0152 4064 pci - ok

20:21:09.0199 4064 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys

20:21:09.0199 4064 pciide - ok

20:21:09.0230 4064 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys

20:21:09.0230 4064 pcmcia - ok

20:21:09.0261 4064 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys

20:21:09.0261 4064 pcw - ok

20:21:09.0308 4064 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys

20:21:09.0339 4064 PEAUTH - ok

20:21:09.0448 4064 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe

20:21:09.0464 4064 PerfHost - ok

20:21:09.0604 4064 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll

20:21:09.0667 4064 pla - ok

20:21:09.0745 4064 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll

20:21:09.0776 4064 PlugPlay - ok

20:21:09.0823 4064 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

20:21:09.0838 4064 Pml Driver HPZ12 - ok

20:21:09.0869 4064 PnkBstrA - ok

20:21:09.0916 4064 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll

20:21:09.0932 4064 PNRPAutoReg - ok

20:21:09.0979 4064 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll

20:21:09.0994 4064 PNRPsvc - ok

20:21:10.0041 4064 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll

20:21:10.0072 4064 PolicyAgent - ok

20:21:10.0135 4064 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll

20:21:10.0166 4064 Power - ok

20:21:10.0213 4064 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys

20:21:10.0213 4064 PptpMiniport - ok

20:21:10.0259 4064 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys

20:21:10.0259 4064 Processor - ok

20:21:10.0306 4064 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll

20:21:10.0337 4064 ProfSvc - ok

20:21:10.0384 4064 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe

20:21:10.0384 4064 ProtectedStorage - ok

20:21:10.0431 4064 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys

20:21:10.0447 4064 Psched - ok

20:21:10.0509 4064 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys

20:21:10.0509 4064 PxHlpa64 - ok

20:21:10.0603 4064 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys

20:21:10.0649 4064 ql2300 - ok

20:21:10.0681 4064 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys

20:21:10.0681 4064 ql40xx - ok

20:21:10.0743 4064 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll

20:21:10.0774 4064 QWAVE - ok

20:21:10.0790 4064 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys

20:21:10.0805 4064 QWAVEdrv - ok

20:21:10.0961 4064 [ F98487B25828441B1C6488C642C2AC10 ] RapportCerberus_43926 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys

20:21:10.0993 4064 RapportCerberus_43926 - ok

20:21:11.0039 4064 [ EAE1BB44F17EB3F439367AAC6B829D55 ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys

20:21:11.0055 4064 RapportEI64 - ok

20:21:11.0117 4064 [ 428ABD0B5D771284F393356C6729074F ] RapportKE64 C:\windows\system32\Drivers\RapportKE64.sys

20:21:11.0117 4064 RapportKE64 - ok

20:21:11.0227 4064 [ 35468625105F5B10FCF43E5D58659924 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

20:21:11.0273 4064 RapportMgmtService - ok

20:21:11.0336 4064 [ 4CCFCED21C81C0C1D2BE6CB3ABF8A217 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys

20:21:11.0351 4064 RapportPG64 - ok

20:21:11.0383 4064 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

20:21:11.0383 4064 RasAcd - ok

20:21:11.0445 4064 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys

20:21:11.0476 4064 RasAgileVpn - ok

20:21:11.0507 4064 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll

20:21:11.0539 4064 RasAuto - ok

20:21:11.0570 4064 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys

20:21:11.0585 4064 Rasl2tp - ok

20:21:11.0617 4064 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll

20:21:11.0648 4064 RasMan - ok

20:21:11.0679 4064 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

20:21:11.0695 4064 RasPppoe - ok

20:21:11.0710 4064 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys

20:21:11.0726 4064 RasSstp - ok

20:21:11.0773 4064 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys

20:21:11.0788 4064 rdbss - ok

20:21:11.0835 4064 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys

20:21:11.0835 4064 rdpbus - ok

20:21:11.0866 4064 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys

20:21:11.0866 4064 RDPCDD - ok

20:21:11.0913 4064 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys

20:21:11.0913 4064 RDPENCDD - ok

20:21:11.0960 4064 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys

20:21:11.0975 4064 RDPREFMP - ok

20:21:12.0038 4064 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys

20:21:12.0038 4064 RDPWD - ok

20:21:12.0100 4064 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys

20:21:12.0116 4064 rdyboost - ok

20:21:12.0147 4064 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll

20:21:12.0163 4064 RemoteAccess - ok

20:21:12.0209 4064 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll

20:21:12.0256 4064 RemoteRegistry - ok

20:21:12.0319 4064 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys

20:21:12.0319 4064 RFCOMM - ok

20:21:12.0381 4064 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\windows\system32\Drivers\RimUsb_AMD64.sys

20:21:12.0397 4064 RimUsb - ok

20:21:12.0459 4064 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\windows\system32\DRIVERS\RimSerial_AMD64.sys

20:21:12.0459 4064 RimVSerPort - ok

20:21:12.0490 4064 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\windows\system32\Drivers\RootMdm.sys

20:21:12.0506 4064 ROOTMODEM - ok

20:21:12.0615 4064 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

20:21:12.0677 4064 RoxMediaDB12OEM - ok

20:21:12.0724 4064 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

20:21:12.0740 4064 RoxWatch12 - ok

20:21:12.0802 4064 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll

20:21:12.0833 4064 RpcEptMapper - ok

20:21:12.0865 4064 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe

20:21:12.0880 4064 RpcLocator - ok

20:21:12.0943 4064 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\System32\rpcss.dll

20:21:12.0974 4064 RpcSs - ok

20:21:13.0052 4064 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys

20:21:13.0067 4064 rspndr - ok

20:21:13.0130 4064 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys

20:21:13.0145 4064 RSUSBSTOR - ok

20:21:13.0192 4064 [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys

20:21:13.0223 4064 RTL8167 - ok

20:21:13.0255 4064 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe

20:21:13.0270 4064 SamSs - ok

20:21:13.0317 4064 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys

20:21:13.0333 4064 sbp2port - ok

20:21:13.0379 4064 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll

20:21:13.0395 4064 SCardSvr - ok

20:21:13.0411 4064 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys

20:21:13.0426 4064 scfilter - ok

20:21:13.0489 4064 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll

20:21:13.0535 4064 Schedule - ok

20:21:13.0598 4064 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll

20:21:13.0598 4064 SCPolicySvc - ok

20:21:13.0629 4064 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll

20:21:13.0660 4064 SDRSVC - ok

20:21:13.0691 4064 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys

20:21:13.0707 4064 secdrv - ok

20:21:13.0738 4064 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll

20:21:13.0754 4064 seclogon - ok

20:21:13.0785 4064 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll

20:21:13.0801 4064 SENS - ok

20:21:13.0847 4064 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll

20:21:13.0863 4064 SensrSvc - ok

20:21:13.0894 4064 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys

20:21:13.0910 4064 Serenum - ok

20:21:13.0925 4064 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys

20:21:13.0941 4064 Serial - ok

20:21:13.0957 4064 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys

20:21:13.0957 4064 sermouse - ok

20:21:14.0035 4064 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll

20:21:14.0066 4064 SessionEnv - ok

20:21:14.0081 4064 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys

20:21:14.0081 4064 sffdisk - ok

20:21:14.0097 4064 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys

20:21:14.0113 4064 sffp_mmc - ok

20:21:14.0128 4064 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys

20:21:14.0144 4064 sffp_sd - ok

20:21:14.0159 4064 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys

20:21:14.0159 4064 sfloppy - ok

20:21:14.0284 4064 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

20:21:14.0331 4064 SftService - ok

20:21:14.0409 4064 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll

20:21:14.0440 4064 SharedAccess - ok

20:21:14.0503 4064 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll

20:21:14.0534 4064 ShellHWDetection - ok

20:21:14.0549 4064 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys

20:21:14.0565 4064 SiSRaid2 - ok

20:21:14.0596 4064 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys

20:21:14.0612 4064 SiSRaid4 - ok

20:21:14.0659 4064 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

20:21:14.0674 4064 SkypeUpdate - ok

20:21:14.0690 4064 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys

20:21:14.0705 4064 Smb - ok

20:21:14.0768 4064 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe

20:21:14.0783 4064 SNMPTRAP - ok

20:21:14.0830 4064 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys

20:21:14.0830 4064 spldr - ok

20:21:14.0893 4064 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe

20:21:14.0939 4064 Spooler - ok

20:21:15.0111 4064 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe

20:21:15.0236 4064 sppsvc - ok

20:21:15.0298 4064 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll

20:21:15.0314 4064 sppuinotify - ok

20:21:15.0376 4064 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys

20:21:15.0407 4064 srv - ok

20:21:15.0454 4064 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys

20:21:15.0470 4064 srv2 - ok

20:21:15.0501 4064 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys

20:21:15.0517 4064 srvnet - ok

20:21:15.0563 4064 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

20:21:15.0595 4064 SSDPSRV - ok

20:21:15.0626 4064 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll

20:21:15.0657 4064 SstpSvc - ok

20:21:15.0766 4064 [ A6B2EC3A2B6AD7C3F7B2F3495CADE4C0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe

20:21:15.0766 4064 STacSV - ok

20:21:15.0813 4064 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys

20:21:15.0829 4064 stexstor - ok

20:21:15.0891 4064 [ EBA98394A7D58F7552C52192BD8FA7E6 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys

20:21:15.0922 4064 STHDA - ok

20:21:15.0985 4064 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll

20:21:16.0016 4064 stisvc - ok

20:21:16.0078 4064 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

20:21:16.0094 4064 stllssvr - ok

20:21:16.0141 4064 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys

20:21:16.0141 4064 swenum - ok

20:21:16.0203 4064 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll

20:21:16.0234 4064 swprv - ok

20:21:16.0312 4064 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll

20:21:16.0390 4064 SysMain - ok

20:21:16.0437 4064 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll

20:21:16.0453 4064 TabletInputService - ok

20:21:16.0484 4064 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll

20:21:16.0531 4064 TapiSrv - ok

20:21:16.0546 4064 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll

20:21:16.0577 4064 TBS - ok

20:21:16.0687 4064 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys

20:21:16.0749 4064 Tcpip - ok

20:21:16.0874 4064 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys

20:21:16.0905 4064 TCPIP6 - ok

20:21:16.0983 4064 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys

20:21:16.0999 4064 tcpipreg - ok

20:21:17.0061 4064 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys

20:21:17.0061 4064 TDPIPE - ok

20:21:17.0108 4064 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys

20:21:17.0123 4064 TDTCP - ok

20:21:17.0155 4064 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys

20:21:17.0170 4064 tdx - ok

20:21:17.0201 4064 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys

20:21:17.0217 4064 TermDD - ok

20:21:17.0279 4064 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll

20:21:17.0326 4064 TermService - ok

20:21:17.0357 4064 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll

20:21:17.0389 4064 Themes - ok

20:21:17.0435 4064 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll

20:21:17.0451 4064 THREADORDER - ok

20:21:17.0529 4064 [ E9CA6ED72EA9F56BD6E98C7042092A1C ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

20:21:17.0529 4064 TomTomHOMEService - ok

20:21:17.0607 4064 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll

20:21:17.0623 4064 TrkWks - ok

20:21:17.0701 4064 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

20:21:17.0732 4064 TrustedInstaller - ok

20:21:17.0763 4064 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys

20:21:17.0779 4064 tssecsrv - ok

20:21:17.0810 4064 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys

20:21:17.0825 4064 TsUsbFlt - ok

20:21:17.0857 4064 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys

20:21:17.0857 4064 TsUsbGD - ok

20:21:17.0919 4064 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys

20:21:17.0919 4064 tunnel - ok

20:21:17.0981 4064 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys

20:21:17.0997 4064 uagp35 - ok

20:21:18.0044 4064 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys

20:21:18.0059 4064 udfs - ok

20:21:18.0122 4064 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe

20:21:18.0153 4064 UI0Detect - ok

20:21:18.0169 4064 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys

20:21:18.0184 4064 uliagpkx - ok

20:21:18.0248 4064 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys

20:21:18.0248 4064 umbus - ok

20:21:18.0279 4064 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys

20:21:18.0294 4064 UmPass - ok

20:21:18.0341 4064 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll

20:21:18.0388 4064 upnphost - ok

20:21:18.0450 4064 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys

20:21:18.0450 4064 USBAAPL64 - ok

20:21:18.0497 4064 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys

20:21:18.0497 4064 usbccgp - ok

20:21:18.0560 4064 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys

20:21:18.0560 4064 usbcir - ok

20:21:18.0622 4064 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys

20:21:18.0622 4064 usbehci - ok

20:21:18.0669 4064 [ 76E2FFAD301490BA27B947C6507752FB ] usbfilter C:\windows\system32\DRIVERS\usbfilter.sys

20:21:18.0684 4064 usbfilter - ok

20:21:18.0747 4064 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys

20:21:18.0778 4064 usbhub - ok

20:21:18.0809 4064 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys

20:21:18.0809 4064 usbohci - ok

20:21:18.0856 4064 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys

20:21:18.0872 4064 usbprint - ok

20:21:18.0950 4064 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys

20:21:18.0950 4064 usbscan - ok

20:21:19.0012 4064 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS

20:21:19.0012 4064 USBSTOR - ok

20:21:19.0043 4064 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys

20:21:19.0043 4064 usbuhci - ok

20:21:19.0090 4064 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys

20:21:19.0106 4064 usbvideo - ok

20:21:19.0137 4064 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll

20:21:19.0168 4064 UxSms - ok

20:21:19.0199 4064 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe

20:21:19.0199 4064 VaultSvc - ok

20:21:19.0246 4064 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys

20:21:19.0262 4064 vdrvroot - ok

20:21:19.0324 4064 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe

20:21:19.0371 4064 vds - ok

20:21:19.0402 4064 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys

20:21:19.0402 4064 vga - ok

20:21:19.0433 4064 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys

20:21:19.0449 4064 VgaSave - ok

20:21:19.0464 4064 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys

20:21:19.0480 4064 vhdmp - ok

20:21:19.0511 4064 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys

20:21:19.0527 4064 viaide - ok

20:21:19.0574 4064 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys

20:21:19.0574 4064 volmgr - ok

20:21:19.0620 4064 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys

20:21:19.0636 4064 volmgrx - ok

20:21:19.0698 4064 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys

20:21:19.0714 4064 volsnap - ok

20:21:19.0745 4064 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys

20:21:19.0761 4064 vsmraid - ok

20:21:19.0854 4064 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe

20:21:19.0932 4064 VSS - ok

20:21:19.0964 4064 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys

20:21:19.0964 4064 vwifibus - ok

20:21:20.0042 4064 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys

20:21:20.0042 4064 vwififlt - ok

20:21:20.0135 4064 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll

20:21:20.0166 4064 W32Time - ok

20:21:20.0276 4064 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys

20:21:20.0291 4064 WacomPen - ok

20:21:20.0354 4064 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys

20:21:20.0369 4064 WANARP - ok

20:21:20.0400 4064 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys

20:21:20.0416 4064 Wanarpv6 - ok

20:21:20.0525 4064 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe

20:21:20.0572 4064 WatAdminSvc - ok

20:21:20.0666 4064 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe

20:21:20.0744 4064 wbengine - ok

20:21:20.0775 4064 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll

20:21:20.0790 4064 WbioSrvc - ok

20:21:20.0822 4064 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll

20:21:20.0853 4064 wcncsvc - ok

20:21:20.0884 4064 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

20:21:20.0915 4064 WcsPlugInService - ok

20:21:20.0962 4064 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys

20:21:20.0962 4064 Wd - ok

20:21:21.0102 4064 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys

20:21:21.0134 4064 Wdf01000 - ok

20:21:21.0196 4064 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll

20:21:21.0227 4064 WdiServiceHost - ok

20:21:21.0243 4064 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll

20:21:21.0258 4064 WdiSystemHost - ok

20:21:21.0321 4064 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll

20:21:21.0352 4064 WebClient - ok

20:21:21.0399 4064 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll

20:21:21.0430 4064 Wecsvc - ok

20:21:21.0508 4064 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll

20:21:21.0539 4064 wercplsupport - ok

20:21:21.0602 4064 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll

20:21:21.0617 4064 WerSvc - ok

20:21:21.0711 4064 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys

20:21:21.0758 4064 WfpLwf - ok

20:21:21.0836 4064 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys

20:21:21.0836 4064 WimFltr - ok

20:21:21.0929 4064 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys

20:21:21.0929 4064 WIMMount - ok

20:21:22.0007 4064 WinDefend - ok

20:21:22.0101 4064 WinHttpAutoProxySvc - ok

20:21:22.0226 4064 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll

20:21:22.0272 4064 Winmgmt - ok

20:21:22.0382 4064 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll

20:21:22.0475 4064 WinRM - ok

20:21:22.0616 4064 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys

20:21:22.0631 4064 WinUsb - ok

20:21:22.0709 4064 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll

20:21:22.0772 4064 Wlansvc - ok

20:21:22.0834 4064 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

20:21:22.0850 4064 wlcrasvc - ok

20:21:22.0990 4064 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

20:21:23.0084 4064 wlidsvc - ok

20:21:23.0162 4064 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys

20:21:23.0162 4064 WmiAcpi - ok

20:21:23.0224 4064 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe

20:21:23.0240 4064 wmiApSrv - ok

20:21:23.0271 4064 WMPNetworkSvc - ok

20:21:23.0318 4064 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll

20:21:23.0364 4064 WPCSvc - ok

20:21:23.0380 4064 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll

20:21:23.0411 4064 WPDBusEnum - ok

20:21:23.0458 4064 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys

20:21:23.0458 4064 ws2ifsl - ok

20:21:23.0505 4064 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll

20:21:23.0536 4064 wscsvc - ok

20:21:23.0552 4064 WSearch - ok

20:21:23.0692 4064 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll

20:21:23.0786 4064 wuauserv - ok

20:21:23.0848 4064 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys

20:21:23.0864 4064 WudfPf - ok

20:21:23.0926 4064 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys

20:21:23.0942 4064 WUDFRd - ok

20:21:24.0004 4064 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll

20:21:24.0020 4064 wudfsvc - ok

20:21:24.0082 4064 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll

20:21:24.0113 4064 WwanSvc - ok

20:21:24.0191 4064 ================ Scan global ===============================

20:21:24.0222 4064 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll

20:21:24.0269 4064 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll

20:21:24.0332 4064 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll

20:21:24.0363 4064 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll

20:21:24.0410 4064 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe

20:21:24.0456 4064 [Global] - ok

20:21:24.0456 4064 ================ Scan MBR ==================================

20:21:24.0472 4064 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

20:21:24.0831 4064 \Device\Harddisk0\DR0 - ok

20:21:24.0831 4064 ================ Scan VBR ==================================

20:21:24.0846 4064 [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1

20:21:24.0846 4064 \Device\Harddisk0\DR0\Partition1 - ok

20:21:24.0893 4064 [ 9353CF31A6EC515E78353D1600509A2F ] \Device\Harddisk0\DR0\Partition2

20:21:24.0893 4064 \Device\Harddisk0\DR0\Partition2 - ok

20:21:24.0893 4064 ============================================================

20:21:24.0893 4064 Scan finished

20:21:24.0893 4064 ============================================================

20:21:24.0940 7088 Detected object count: 0

20:21:24.0940 7088 Actual detected object count: 0

Link to post
Share on other sites

The TDSSKILLER run is good. But you did not get me the contents of the real ESET log.

It should be located here => C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt

Copy all contents and Paste into a new reply.

And, tell me if you are getting pop-ups or adverts ? and if so, in which browser?

and tell me if you use an Instant messenger program?

and which websites show the "pop ups".

Link to post
Share on other sites

Howdy,

The system "should be" clear of malware. Do be very aware, the only way to be absolutely 100% sure is to wipe the system in total, and then do a clean setup of Windows, and clean install of all your application programs. e.g. to rebuild the system and start from scratch.

Older versions of Java pose a security risk.

And if you do not need Java for the programs that you use, keep Java off your system .

How to disable Java in various browsers : http://blog.eset.com/2012/08/29/disabling-java-a-safer-way-to-browse

If you do need Java on your system, see Oracle releases new Java update to close security holes

Any "slow"/"slowness" issues can well be due to other / non-malware issues.

Here are some recommended articles:

MS Speed up your pc - Win7 / Vista

http://windows.microsoft.com/en-US/windows/explore/speed-up-your-pc

What to do if your Computer is running slowly

http://www.malwareremoval.com/tutorials/runningslowly.php

See Quietman7's Slow Computer/browser? Check Here First

http://www.bleepingcomputer.com/forums/topic87058.html

See Miekiemoes' Help! My computer is slow!

http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

Slow Computer/Browser: Check here first!

http://www.bleepingcomputer.com/forums/topic44694.html

Cleanup of tools

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix icon_exclaim.gif),

put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Highlight the line in this CODEBOX.
    Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
    c:\users\Conor\Desktop\ComboFix.exe /uninstall


  • Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
    Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
    Then tap Enter

IF in the case Combofix un-install has an issue, skip that step.

NEXT

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

DrWeb Cure-It

adwcleaner.exe

Roguekiller.exe

TDSSKILLER.exe

JRT.exe

You may use Control Panel >> Programs and Features and uninstall ESET Online scan.

Safer practices & malware prevention

We are finished here. Best regards. cool.gif

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.