Jump to content

Isolated Storage: BlinkyApp/Chameleon/ObsidianApp


Recommended Posts

I have been re-directed from my post here: http://forums.malwarebytes.org/index.php?showtopic=121645&st=0&p=639112entry639112

Hello there.

I recently noticed on my laptop that when I went to the recently changed search there was loads of jpgs in there which I have not downloaded.

A folder has appeared:

C:\Users\HP\AppData\Local\Microsoft\Toolbar\IsolatedStorage\ObsidianApp as well as Chameleon and Obsidian App

and folders are appearing under that. (see screenshot attached)

The pictures are not 'porn' just images.... but taking up so much space.

I am going in daily to delete all of the folders but each day new ones appear.

Please can someone help me to stop these automatically downloading.

Logs are attached

Thank you

post-52570-0-32146900-1359125498.jpg

attach.txt

dds.txt

mbam-log-2013-01-25 (14-25-19).txt

Link to post
Share on other sites

Thank you for your response. Logs below.

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.28.02

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

HP :: HP-PC [administrator]

Protection: Enabled

28/01/2013 08:08:08

mbam-log-2013-01-28 (08-08-08).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 216357

Time elapsed: 11 minute(s), 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 06/07/2012 22:22:03

System Uptime: 28/01/2013 07:50:15 (1 hours ago)

.

Motherboard: Wistron | | 3612

Processor: Intel® Pentium® Dual CPU T3200 @ 2.00GHz | CPU | 1000/667mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 140 GiB total, 78.976 GiB free.

D: is FIXED (NTFS) - 9 GiB total, 1.619 GiB free.

E: is CDROM (UDF)

F: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet 6500 E709n

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet 6500 E709n

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

6500_E709_eDocs

6500_E709_Help

6500_E709n

Activation Assistant for the 2007 Microsoft Office suites

Adobe Flash Player 11 ActiveX

Adobe Reader 8.1.2

Adobe Shockwave Player

AIM 6

AOL Toolbar 5.0

Apple Application Support

Apple Software Update

Atheros Driver Installation Program

AVG 2013

AVG Security Toolbar

Bing Bar

Bing Bar Platform

bpd_scan

BPDSoftware

BPDSoftware_Ini

BufferChm

CCleaner

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Citrix Access Gateway Endpoint Analysis

Citrix Authentication Manager

Citrix Receiver

Citrix Receiver (HDX Flash Redirection)

Citrix Receiver Inside

Citrix Receiver Updater

Citrix Receiver(Aero)

Citrix Receiver(DV)

Citrix Receiver(USB)

Compatibility Pack for the 2007 Office system

Conexant HD Audio

Creative Live! Cam Video IM Pro Driver (1.03.02.00)

CutePDF Writer 3.0

CyberLink DVD Suite

CyberLink YouCam

Destinations

DeviceDiscovery

DocMgr

DocProc

ESU for Microsoft Vista

Fax

Google Chrome

GPBaseService2

HDAUDIO Soft Data Fax Modem with SmartCP

Hewlett-Packard Active Check for Health Check

Hewlett-Packard Asset Agent for Health Check

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Customer Experience Enhancements

HP Customer Participation Program 14.0

HP Doc Viewer

HP Document Manager 2.0

HP DVD Play 3.7

HP Easy Setup - Frontend

HP Help and Support

HP Imaging Device Functions 14.0

HP Officejet 6500 E709 Series

HP Quick Launch Buttons 6.40 F1

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Total Care Advisor

HP Update

HP User Guides 0118

HP Wireless Assistant

HPNetworkAssistant

HPProductAssistant

HPSSupply

Intel® Graphics Media Accelerator Driver

Java 7 Update 10

Java Auto Updater

Java 6 Update 34

Java 6 Update 5

LabelPrint

LightScribe System Software 1.12.33.2

Malwarebytes Anti-Malware version 1.70.0.1100

MarketResearch

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Default Manager

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee autoProducer 6.1

My HP Games

MyLiveChat

NetWaiting

Network

OCR Software by I.R.I.S. 14.0

Online Plug-in

Power2Go

PowerDirector

ProductContext

QuickPlay SlingPlayer 0.4.6

QuickTime

Realtek 8169 8168 8101E 8102E Ethernet Driver

Realtek USB 2.0 Card Reader

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Self-service Plug-in

Shop for HP Supplies

Skype Click to Call

Skype™ 5.10

SmartWebPrinting

SolutionCenter

Status

Synaptics Pointing Device Driver

Toolbox

TrayApp

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Office 2007 (KB934528)

Viewpoint Media Player

WebReg

Windows Live ID Sign-in Assistant

WinX Free MOV to WMV Converter 4.1.12

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2

Run by HP at 8:22:11 on 2013-01-28

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3002.1308 [GMT 0:00]

.

AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ================

.

C:\PROGRA~1\AVG\AVG2013\avgrsx.exe

C:\Program Files\AVG\AVG2013\avgcsrvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\AVG\AVG2013\avgidsagent.exe

C:\Program Files\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\AVG\AVG2013\avgnsx.exe

C:\Program Files\AVG\AVG2013\avgemcx.exe

C:\Windows\SMINST\BLService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\igfxpers.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\V0230Mon.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\AVG\AVG2013\avgui.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\Citrix\Receiver\Receiver.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

uSearch Bar = Preserve

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: AOL Toolbar BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.0.2.14\AVG Secure Search_toolbar.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.0.2.14\AVG Secure Search_toolbar.dll

TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [Google Update] "c:\users\hp\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"

mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"

mRun: [V0230Mon.exe] c:\windows\V0230Mon.exe

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY

mRun: [CitrixReceiver] "c:\programdata\microsoft\windows\start menu\programs\citrix\Receiver Updater.lnk"

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab

TCP: NameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{C1726B53-48BC-433A-8FBD-C871BA2117C0} : DHCPNameServer = 194.168.4.100 194.168.8.100

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.0.1\ViProtocol.dll

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]

R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-28 31576]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2012-4-25 67960]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-25 398184]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-25 682344]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-7-31 361808]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-12-13 3290896]

R2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files\common files\avg secure search\vtoolbarupdater\14.0.1\ToolbarUpdater.exe [2013-1-25 945328]

R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-31 193840]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-4 113664]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-25 21104]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2012-8-20 6272]

S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2012-8-20 509760]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2013-01-25 14:23:56 -------- d-----w- c:\users\hp\appdata\roaming\Malwarebytes

2013-01-25 14:23:42 -------- d-----w- c:\programdata\Malwarebytes

2013-01-25 14:23:40 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-25 14:23:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-01-22 10:20:32 -------- d-----w- c:\program files\CCleaner

2013-01-15 17:52:05 -------- d-----w- c:\users\hp\appdata\local\CutePDF Writer

2013-01-15 17:50:21 -------- d-----w- c:\program files\GPLGS

2013-01-15 17:49:47 88688 ----a-w- c:\windows\system32\cpwmon2k.dll

2013-01-15 17:49:46 -------- d-----w- c:\program files\Acro Software

2013-01-14 19:19:16 -------- d-----w- c:\programdata\WEBREG

2013-01-14 19:06:32 -------- d-----w- c:\users\hp\appdata\local\HP

2013-01-14 19:04:25 319488 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp02t.dll

2013-01-14 18:54:57 -------- d-----w- c:\program files\Microsoft

2013-01-14 18:54:55 -------- d-----w- c:\program files\MSN Toolbar

2013-01-14 18:54:18 -------- d-----w- c:\program files\Bing Bar Installer

2013-01-14 18:50:52 -------- d-----w- c:\users\hp\appdata\roaming\HpUpdate

2013-01-14 18:48:49 -------- d-----w- c:\program files\common files\HP

2013-01-14 18:48:46 -------- d-----w- c:\program files\common files\Hewlett-Packard

2013-01-14 18:47:16 125440 ----a-w- c:\windows\system32\hpf3l02t.dll

2013-01-14 18:44:13 970752 ----a-w- c:\windows\system32\hpwtiop4.dll

2013-01-14 18:44:13 718336 ----a-w- c:\windows\system32\hpwwiax5.dll

2013-01-14 18:44:13 454504 ----a-w- c:\windows\system32\hpzids01.dll

2013-01-14 18:44:12 372736 ----a-w- c:\windows\system32\hppldcoi.dll

2013-01-14 18:44:12 294912 ----a-w- c:\windows\system32\hpovst11.dll

2013-01-12 15:34:50 2048000 ----a-w- c:\windows\system32\win32k.sys

2013-01-12 15:34:23 204288 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-12 15:34:21 1400832 ----a-w- c:\windows\system32\msxml6.dll

2012-12-31 18:49:40 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-31 18:49:40 293376 ----a-w- c:\windows\system32\atmfd.dll

.

==================== Find3M ====================

.

2013-01-25 10:07:22 31576 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-01-12 15:36:28 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-12 15:36:28 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-18 16:36:13 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-12-18 16:36:12 859072 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-12-18 16:36:12 779704 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll

2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe

.

============= FINISH: 8:23:10.38 ===============

Many thanks for your assistance.

Link to post
Share on other sites

  • Staff

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

If after ComboFix reboots you get a message about an "Invalid Option Registry Key Marked for Deletion," please reboot again and the error will go away.

-screen317

Link to post
Share on other sites

I have been asked to download combofix for an issue on my laptop. I couldn't do this for a few days because of the issues they had. I just downloaded and ran it and AVG said it had detected idp trojan and I clicked on the fix.

I just went to run it again to take a screen shot to show you and now it says Insufficient permissions.

Two questions - was this a real virus (idp trojan)

if it wasn't I can't now run Combofix because of the insufficient permissions...... SCREAM!!!!!!!!!! what on earth have I done??

(feel free to move to another location if this is in the wrong place)

Link to post
Share on other sites

  • Staff

Hi,

Please delete all copies of ComboFix that you have.

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com (ensure that the Save As type is "All Files").

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall

See if it will run successfully now. Stop it after half an hour of no activity.

Link to post
Share on other sites

ok - well I did as you instructed, and also uninstalled AVG

I the ran it and it worked but as it went through I got these messages:

Error saving file

C:\Windows\erdnt\Hiv-backup\SECURITY !

Continue with next file?

[RegCreateKeyEx: 5 - Access is denied]

Error saving file

C:\Windows\erdnt\Hiv-backup\SOFTWARE !

Continue with next file?

[RegCreateKeyEx: 5 - Access is denied]

Error saving file

C:\Windows\erdnt\Hiv-backup\SYSTEM !

Continue with next file?

[RegCreateKeyEx: 5 - Access is denied]

Error saving file

C:\Windows\erdnt\Hiv-backup\DEFAULT !

Continue with next file?

[RegCreateKeyEx: 5 - Access is denied]

Error saving file

C:\Windows\erdnt\Hiv-backup\SAM !

Continue with next file?

[RegCreateKeyEx: 5 - Access is denied]

Error saving file

C:\Windows\erdnt\Hiv-backup\COMPON~1 !

Continue with next file?

[RegCreateKeyEx: 5 - Access is denied]

Error saving file

C:\Windows\erdnt\Hiv-backup\bcd !

Continue with next file?

[RegCreateKeyEx: 5 - Access is denied]

Error saving file

C:\Windows\erdnt\Hiv-backup\00000001\NTUSER.DAT!

Continue with next file?

[RegCreateKeyEx: 5 - Access is denied]

Error saving file

C:\Windows\erdnt\Hiv-backup\00000002\NTUSER.DAT!

Continue with next file?

[RegCreateKeyEx: 5 - Access is denied]

Error saving file

C:\Windows\erdnt\Hiv-backup\00000003\NTUSER.DAT!

Continue with next file?

[RegCreateKeyEx: 5 - Access is denied]

Error saving file

C:\Windows\erdnt\Hiv-backup\00000004\NTUSER.DAT!

Continue with next file?

[RegCreateKeyEx: 5 - Access is denied]

I just clicked yes to continue after each one.

Then it seemed to work ok but just stopped and I think exit without giving any logs at all.

Link to post
Share on other sites

  • Staff

Hi,

Sorry for the delay.

We have an advanced product in development that is now in public Beta: Malwarebytes Anti-Rootkit. This tool has been designed to address the specific type of infection(s) identified on your system. At this stage Malwarebytes Anti-Rootkit has been heavily tested and we are confident in it's capabilities and stability. That being said, this is a Beta product and certain disclaimers need to be made. All Beta versions are not final products. Malwarebytes does not guarantee the absence of errors which might lead to interruption in normal computer operations or data loss. Precautions should be taken. The types of infections targeted by Malwarebytes Anti-Rootkit can be very difficult to remove. Please be sure you have any valued data backed up before proceeding, just as a precaution.

While we encourage and invite participation, Malwarebytes Anti-Rootkit Beta users run the tool at their own risk. Malwarebytes bears no responsibility for issues that may arise during use of this tool, however all reasonable efforts will be made by Malwarebytes to assist in recovery should the need arise.

If you agree to these terms, please let us know and we will provide a download link and instructions for you.

Link to post
Share on other sites

It says no malware found no cleanup required.

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1017

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_34

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 1.995000 GHz

Memory total: 3148292096, free: 1744596992

------------ Kernel report ------------

02/06/2013 08:20:32

------------ Loaded modules -----------

\SystemRoot\system32\ntkrnlpa.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\acpi.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\isapnp.sys

\SystemRoot\system32\drivers\mpio.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\intelide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\aliide.sys

\SystemRoot\system32\drivers\amdide.sys

\SystemRoot\system32\drivers\cmdide.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\msdsm.sys

\SystemRoot\system32\drivers\nvraid.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\drivers\viaide.sys

\SystemRoot\system32\drivers\iastorv.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\lsi_scsi.sys

\SystemRoot\system32\drivers\storport.sys

\SystemRoot\system32\drivers\nvstor.sys

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\hpcisss.sys

\SystemRoot\system32\drivers\adp94xx.sys

\SystemRoot\system32\drivers\adpahci.sys

\SystemRoot\system32\drivers\adpu160m.sys

\SystemRoot\system32\drivers\SCSIPORT.SYS

\SystemRoot\system32\drivers\adpu320.sys

\SystemRoot\system32\drivers\djsvs.sys

\SystemRoot\system32\drivers\arc.sys

\SystemRoot\system32\drivers\arcsas.sys

\SystemRoot\system32\drivers\elxstor.sys

\SystemRoot\system32\drivers\i2omp.sys

\SystemRoot\system32\drivers\iirsp.sys

\SystemRoot\system32\drivers\iteatapi.sys

\SystemRoot\system32\drivers\iteraid.sys

\SystemRoot\system32\drivers\lsi_fc.sys

\SystemRoot\system32\drivers\lsi_sas.sys

\SystemRoot\system32\drivers\megasas.sys

\SystemRoot\system32\drivers\megasr.sys

\SystemRoot\system32\drivers\mraid35x.sys

\SystemRoot\system32\drivers\nfrd960.sys

\SystemRoot\system32\drivers\ql2300.sys

\SystemRoot\system32\drivers\ql40xx.sys

\SystemRoot\system32\drivers\sisraid2.sys

\SystemRoot\system32\drivers\sisraid4.sys

\SystemRoot\system32\drivers\symc8xx.sys

\SystemRoot\system32\drivers\sym_hi.sys

\SystemRoot\system32\drivers\sym_u3.sys

\SystemRoot\system32\drivers\uliahci.sys

\SystemRoot\system32\drivers\ulsata.sys

\SystemRoot\system32\drivers\ulsata2.sys

\SystemRoot\system32\drivers\vsmraid.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\msrpc.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\system32\drivers\wd.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\system32\drivers\sbp2port.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\ecache.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\crcdisk.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\tunmp.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\igdkmd32.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\Rtlh86.sys

\SystemRoot\system32\DRIVERS\athr.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\serscan.sys

\SystemRoot\system32\DRIVERS\msiscsi.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\CHDRT32.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\DRIVERS\HSXHWAZL.sys

\SystemRoot\system32\DRIVERS\HSX_DPV.sys

\SystemRoot\system32\DRIVERS\HSX_CNXT.sys

\SystemRoot\system32\drivers\modem.sys

\SystemRoot\system32\drivers\IntcHdmi.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\system32\drivers\HIDPARSE.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\system32\drivers\RTSTOR.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\smb.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\ctxusbm.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\udfs.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_msahci.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\drivers\spsys.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\drivers\mrxdav.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\mdmxsdk.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\xaudio.sys

\SystemRoot\system32\DRIVERS\WSDPrint.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\WINDOWS\System32\ntdll.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff860a3788

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\

Lower Device Object: 0xffffffff856a68d8

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

Initialization returned 0x0

Port sub-driver loaded: \??\C:\WINDOWS\System32\drivers\ataport.sys (0x0)

Load Function returned 0x0

Downloaded database version: v2013.02.06.03

Downloaded database version: v2013.01.23.01

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff860a3788, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff860a3470, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff860a3788, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

DevicePointer: 0xffffffff856a68d8, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xffffffffa8770840, 0xffffffff860a3788, 0xffffffff8582c470

Lower DeviceData: 0xffffffffbc0f6108, 0xffffffff856a68d8, 0xffffffff8505c690

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: CC50CC50

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 292952001

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 292952064 Numsec = 19621888

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1017

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_34

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 1.995000 GHz

Memory total: 3148292096, free: 1741475840

=======================================

Malwarebytes Anti-Rootkit BETA 1.01.0.1017

www.malwarebytes.org

Database version: v2013.02.06.03

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

HP :: HP-PC [administrator]

06/02/2013 08:43:18

mbar-log-2013-02-06 (08-43-18).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 27382

Time elapsed: 21 minute(s), 10 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

  • Staff

Hi,

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Export the threats found (if any), and post them here.

Next, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Next, download my Security Check from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Am posting these as I go along so will continue to edit until all logs are posted: here's the first one:

08:25:12.0095 3260 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

08:25:12.0500 3260 ============================================================

08:25:12.0500 3260 Current date / time: 2013/02/07 08:25:12.0500

08:25:12.0500 3260 SystemInfo:

08:25:12.0500 3260

08:25:12.0500 3260 OS Version: 6.0.6002 ServicePack: 2.0

08:25:12.0500 3260 Product type: Workstation

08:25:12.0500 3260 ComputerName: HP-PC

08:25:12.0500 3260 UserName: HP

08:25:12.0500 3260 Windows directory: C:\Windows

08:25:12.0500 3260 System windows directory: C:\Windows

08:25:12.0500 3260 Processor architecture: Intel x86

08:25:12.0500 3260 Number of processors: 2

08:25:12.0500 3260 Page size: 0x1000

08:25:12.0500 3260 Boot type: Normal boot

08:25:12.0500 3260 ============================================================

08:25:15.0121 3260 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

08:25:15.0121 3260 ============================================================

08:25:15.0121 3260 \Device\Harddisk0\DR0:

08:25:15.0121 3260 MBR partitions:

08:25:15.0121 3260 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x117617C1

08:25:15.0121 3260 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11761800, BlocksNum 0x12B6800

08:25:15.0121 3260 ============================================================

08:25:15.0152 3260 C: <-> \Device\Harddisk0\DR0\Partition1

08:25:15.0230 3260 D: <-> \Device\Harddisk0\DR0\Partition2

08:25:15.0230 3260 ============================================================

08:25:15.0230 3260 Initialize success

08:25:15.0230 3260 ============================================================

08:25:37.0991 1608 ============================================================

08:25:37.0991 1608 Scan started

08:25:37.0991 1608 Mode: Manual;

08:25:37.0991 1608 ============================================================

08:25:53.0419 1608 ================ Scan system memory ========================

08:25:53.0419 1608 System memory - ok

08:25:53.0419 1608 ================ Scan services =============================

08:25:54.0074 1608 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys

08:25:54.0090 1608 ACPI - ok

08:25:54.0636 1608 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

08:25:54.0636 1608 AdobeFlashPlayerUpdateSvc - ok

08:25:54.0698 1608 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

08:25:54.0714 1608 adp94xx - ok

08:25:54.0823 1608 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys

08:25:54.0839 1608 adpahci - ok

08:25:54.0854 1608 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

08:25:54.0854 1608 adpu160m - ok

08:25:54.0870 1608 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

08:25:54.0886 1608 adpu320 - ok

08:25:55.0338 1608 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

08:25:55.0338 1608 AeLookupSvc - ok

08:25:55.0463 1608 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys

08:25:55.0478 1608 AFD - ok

08:25:55.0510 1608 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys

08:25:55.0525 1608 agp440 - ok

08:25:55.0744 1608 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys

08:25:55.0759 1608 aic78xx - ok

08:25:55.0822 1608 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe

08:25:55.0822 1608 ALG - ok

08:25:55.0868 1608 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys

08:25:55.0884 1608 aliide - ok

08:25:55.0900 1608 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys

08:25:56.0414 1608 amdagp - ok

08:25:56.0570 1608 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys

08:25:56.0711 1608 amdide - ok

08:25:56.0945 1608 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys

08:25:57.0054 1608 AmdK7 - ok

08:25:57.0132 1608 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

08:25:57.0163 1608 AmdK8 - ok

08:25:57.0257 1608 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll

08:25:57.0257 1608 Appinfo - ok

08:25:57.0428 1608 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys

08:25:57.0428 1608 arc - ok

08:25:57.0475 1608 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys

08:25:57.0475 1608 arcsas - ok

08:25:57.0522 1608 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

08:25:57.0522 1608 AsyncMac - ok

08:25:57.0600 1608 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys

08:25:57.0600 1608 atapi - ok

08:25:57.0740 1608 [ 2846F5EE802889D500FCF5CC48B28381 ] athr C:\Windows\system32\DRIVERS\athr.sys

08:25:57.0896 1608 athr - ok

08:25:58.0115 1608 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

08:25:58.0115 1608 AudioEndpointBuilder - ok

08:25:58.0162 1608 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll

08:25:58.0162 1608 Audiosrv - ok

08:25:58.0552 1608 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe

08:25:58.0630 1608 AVGIDSAgent - ok

08:25:58.0739 1608 [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys

08:25:58.0817 1608 AVGIDSDriver - ok

08:25:58.0879 1608 [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys

08:25:58.0895 1608 AVGIDSHX - ok

08:25:58.0926 1608 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys

08:25:58.0957 1608 AVGIDSShim - ok

08:25:59.0020 1608 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys

08:25:59.0051 1608 Avgldx86 - ok

08:25:59.0113 1608 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys

08:25:59.0113 1608 Avglogx - ok

08:25:59.0191 1608 [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys

08:25:59.0207 1608 Avgmfx86 - ok

08:25:59.0269 1608 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys

08:25:59.0269 1608 Avgrkx86 - ok

08:25:59.0285 1608 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys

08:25:59.0332 1608 Avgtdix - ok

08:25:59.0378 1608 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe

08:25:59.0378 1608 avgwd - ok

08:25:59.0472 1608 [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys

08:25:59.0566 1608 BCM43XV - ok

08:25:59.0612 1608 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys

08:25:59.0659 1608 Beep - ok

08:25:59.0831 1608 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll

08:25:59.0831 1608 BFE - ok

08:25:59.0909 1608 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll

08:25:59.0924 1608 BITS - ok

08:25:59.0971 1608 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

08:26:00.0002 1608 blbdrive - ok

08:26:00.0065 1608 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys

08:26:00.0080 1608 bowser - ok

08:26:00.0143 1608 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

08:26:00.0174 1608 BrFiltLo - ok

08:26:00.0205 1608 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

08:26:00.0236 1608 BrFiltUp - ok

08:26:00.0268 1608 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll

08:26:00.0283 1608 Browser - ok

08:26:00.0330 1608 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys

08:26:00.0361 1608 Brserid - ok

08:26:00.0408 1608 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

08:26:00.0439 1608 BrSerWdm - ok

08:26:00.0470 1608 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

08:26:00.0517 1608 BrUsbMdm - ok

08:26:00.0548 1608 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

08:26:00.0580 1608 BrUsbSer - ok

08:26:00.0658 1608 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

08:26:00.0782 1608 BTHMODEM - ok

08:26:00.0970 1608 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

08:26:00.0985 1608 cdfs - ok

08:26:01.0079 1608 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

08:26:01.0188 1608 cdrom - ok

08:26:01.0453 1608 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll

08:26:01.0469 1608 CertPropSvc - ok

08:26:01.0516 1608 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys

08:26:01.0547 1608 circlass - ok

08:26:01.0594 1608 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys

08:26:01.0609 1608 CLFS - ok

08:26:02.0810 1608 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:26:04.0012 1608 clr_optimization_v2.0.50727_32 - ok

08:26:04.0183 1608 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

08:26:04.0261 1608 clr_optimization_v4.0.30319_32 - ok

08:26:04.0277 1608 clwvd - ok

08:26:04.0339 1608 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

08:26:04.0402 1608 CmBatt - ok

08:26:04.0448 1608 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys

08:26:04.0448 1608 cmdide - ok

08:26:04.0558 1608 [ DDA0CB141150FEF87419926790CD26C8 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys

08:26:04.0604 1608 CnxtHdAudService - ok

08:26:04.0792 1608 [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

08:26:04.0807 1608 Com4QLBEx - ok

08:26:04.0901 1608 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

08:26:04.0901 1608 Compbatt - ok

08:26:04.0916 1608 COMSysApp - ok

08:26:04.0932 1608 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

08:26:04.0932 1608 crcdisk - ok

08:26:04.0963 1608 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys

08:26:04.0994 1608 Crusoe - ok

08:26:05.0072 1608 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll

08:26:05.0088 1608 CryptSvc - ok

08:26:05.0197 1608 [ FFC5377AA2C1A3F5B18F359F661E76C8 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys

08:26:05.0228 1608 ctxusbm - ok

08:26:05.0306 1608 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll

08:26:05.0322 1608 DcomLaunch - ok

08:26:05.0353 1608 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys

08:26:05.0353 1608 DfsC - ok

08:26:06.0024 1608 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe

08:26:06.0367 1608 DFSR - ok

08:26:06.0539 1608 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll

08:26:06.0539 1608 Dhcp - ok

08:26:06.0586 1608 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys

08:26:06.0601 1608 disk - ok

08:26:06.0679 1608 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll

08:26:06.0679 1608 Dnscache - ok

08:26:07.0147 1608 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll

08:26:07.0147 1608 dot3svc - ok

08:26:07.0366 1608 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll

08:26:07.0366 1608 DPS - ok

08:26:07.0444 1608 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

08:26:07.0444 1608 drmkaud - ok

08:26:07.0553 1608 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

08:26:07.0584 1608 DXGKrnl - ok

08:26:07.0600 1608 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys

08:26:07.0646 1608 E1G60 - ok

08:26:07.0693 1608 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll

08:26:07.0693 1608 EapHost - ok

08:26:08.0130 1608 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys

08:26:08.0130 1608 Ecache - ok

08:26:08.0224 1608 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

08:26:08.0224 1608 ehRecvr - ok

08:26:08.0255 1608 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe

08:26:08.0255 1608 ehSched - ok

08:26:08.0302 1608 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll

08:26:08.0302 1608 ehstart - ok

08:26:08.0348 1608 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys

08:26:08.0348 1608 elxstor - ok

08:26:08.0458 1608 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll

08:26:08.0473 1608 EMDMgmt - ok

08:26:08.0598 1608 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys

08:26:08.0972 1608 ErrDev - ok

08:26:09.0050 1608 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll

08:26:09.0050 1608 EventSystem - ok

08:26:09.0222 1608 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys

08:26:09.0347 1608 exfat - ok

08:26:09.0456 1608 [ 42F721C52EEF2D6DF9372A53813A83EF ] ezSharedSvc C:\Windows\System32\ezsvc7.dll

08:26:09.0456 1608 ezSharedSvc - ok

08:26:09.0503 1608 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys

08:26:09.0674 1608 fastfat - ok

08:26:09.0737 1608 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys

08:26:09.0768 1608 fdc - ok

08:26:09.0815 1608 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll

08:26:09.0815 1608 fdPHost - ok

08:26:09.0862 1608 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll

08:26:09.0862 1608 FDResPub - ok

08:26:09.0908 1608 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

08:26:09.0908 1608 FileInfo - ok

08:26:09.0971 1608 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys

08:26:10.0002 1608 Filetrace - ok

08:26:10.0049 1608 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

08:26:10.0080 1608 flpydisk - ok

08:26:10.0127 1608 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

08:26:10.0127 1608 FltMgr - ok

08:26:10.0220 1608 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll

08:26:10.0236 1608 FontCache - ok

08:26:10.0330 1608 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

08:26:10.0454 1608 FontCache3.0.0.0 - ok

08:26:11.0281 1608 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

08:26:11.0406 1608 Fs_Rec - ok

08:26:11.0453 1608 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

08:26:11.0453 1608 gagp30kx - ok

08:26:11.0999 1608 [ 44D07E5A444692E9B6A5CDD7401B4402 ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

08:26:12.0233 1608 GameConsoleService - ok

08:26:12.0545 1608 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll

08:26:12.0545 1608 gpsvc - ok

08:26:12.0592 1608 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

08:26:12.0592 1608 HdAudAddService - ok

08:26:12.0654 1608 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

08:26:12.0685 1608 HDAudBus - ok

08:26:12.0732 1608 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys

08:26:12.0779 1608 HidBth - ok

08:26:12.0935 1608 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys

08:26:12.0982 1608 HidIr - ok

08:26:13.0091 1608 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll

08:26:13.0091 1608 hidserv - ok

08:26:13.0169 1608 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

08:26:13.0184 1608 HidUsb - ok

08:26:13.0231 1608 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll

08:26:13.0231 1608 hkmsvc - ok

08:26:13.0309 1608 [ D13E6BFD7E9189D26A42E94CB2447044 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

08:26:13.0309 1608 HP Health Check Service - ok

08:26:13.0356 1608 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

08:26:13.0356 1608 HpCISSs - ok

08:26:13.0481 1608 [ 97AAC45A375168C6A2297BEEB9692E31 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

08:26:13.0481 1608 hpqcxs08 - ok

08:26:13.0543 1608 [ 19A4FB67B1C97EA18EDFF44340973CD9 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

08:26:13.0543 1608 hpqddsvc - ok

08:26:13.0590 1608 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

08:26:13.0621 1608 HpqKbFiltr - ok

08:26:14.0042 1608 [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

08:26:14.0042 1608 hpqwmiex - ok

08:26:14.0495 1608 [ 56FC98F1014EA8DC51B92839C32759EC ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL

08:26:14.0510 1608 HPSLPSVC - ok

08:26:14.0666 1608 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS

08:26:14.0776 1608 HSFHWAZL - ok

08:26:14.0900 1608 [ CC267848CB3508E72762BE65734E764D ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys

08:26:14.0994 1608 HSF_DPV - ok

08:26:15.0134 1608 [ A2882945CC4B6E3E4E9E825590438888 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys

08:26:15.0228 1608 HSXHWAZL - ok

08:26:15.0290 1608 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys

08:26:15.0290 1608 HTTP - ok

08:26:15.0337 1608 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys

08:26:15.0337 1608 i2omp - ok

08:26:15.0384 1608 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

08:26:15.0446 1608 i8042prt - ok

08:26:15.0509 1608 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

08:26:15.0524 1608 iaStorV - ok

08:26:15.0602 1608 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

08:26:15.0665 1608 IDriverT - ok

08:26:15.0790 1608 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

08:26:16.0460 1608 idsvc - ok

08:26:16.0819 1608 [ DCE0B53570703CCE580D066F89EF58CD ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys

08:26:17.0474 1608 igfx - ok

08:26:17.0537 1608 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys

08:26:17.0537 1608 iirsp - ok

08:26:17.0615 1608 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll

08:26:17.0630 1608 IKEEXT - ok

08:26:17.0708 1608 [ AB8B0206BCDFF0ED03CEC500FA03A32A ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys

08:26:17.0740 1608 IntcHdmiAddService - ok

08:26:17.0786 1608 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys

08:26:17.0786 1608 intelide - ok

08:26:17.0818 1608 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

08:26:17.0818 1608 intelppm - ok

08:26:17.0911 1608 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

08:26:17.0911 1608 IPBusEnum - ok

08:26:18.0098 1608 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:26:18.0130 1608 IpFilterDriver - ok

08:26:18.0317 1608 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

08:26:18.0317 1608 iphlpsvc - ok

08:26:18.0348 1608 IpInIp - ok

08:26:18.0426 1608 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

08:26:18.0442 1608 IPMIDRV - ok

08:26:18.0520 1608 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

08:26:18.0566 1608 IPNAT - ok

08:26:18.0598 1608 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

08:26:18.0644 1608 IRENUM - ok

08:26:18.0707 1608 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys

08:26:18.0707 1608 isapnp - ok

08:26:18.0956 1608 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

08:26:18.0956 1608 iScsiPrt - ok

08:26:19.0019 1608 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

08:26:19.0034 1608 iteatapi - ok

08:26:19.0034 1608 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys

08:26:19.0034 1608 iteraid - ok

08:26:19.0081 1608 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

08:26:19.0112 1608 kbdclass - ok

08:26:19.0159 1608 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

08:26:19.0190 1608 kbdhid - ok

08:26:19.0253 1608 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe

08:26:19.0253 1608 KeyIso - ok

08:26:20.0329 1608 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

08:26:20.0485 1608 KSecDD - ok

08:26:20.0797 1608 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll

08:26:20.0813 1608 KtmRm - ok

08:26:20.0860 1608 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll

08:26:20.0860 1608 LanmanServer - ok

08:26:20.0969 1608 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

08:26:20.0984 1608 LanmanWorkstation - ok

08:26:21.0094 1608 [ 984ECB68ED2A2B2E6A544E87E24FBA2D ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe

08:26:21.0094 1608 LightScribeService - ok

08:26:21.0172 1608 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

08:26:21.0172 1608 lltdio - ok

08:26:21.0234 1608 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll

08:26:21.0343 1608 lltdsvc - ok

08:26:21.0374 1608 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll

08:26:21.0390 1608 lmhosts - ok

08:26:21.0437 1608 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

08:26:21.0437 1608 LSI_FC - ok

08:26:21.0452 1608 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

08:26:21.0468 1608 LSI_SAS - ok

08:26:21.0530 1608 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

08:26:21.0530 1608 LSI_SCSI - ok

08:26:21.0546 1608 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys

08:26:21.0546 1608 luafv - ok

08:26:21.0640 1608 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

08:26:21.0640 1608 MBAMProtector - ok

08:26:21.0749 1608 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

08:26:21.0749 1608 MBAMScheduler - ok

08:26:21.0827 1608 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

08:26:21.0827 1608 MBAMService - ok

08:26:21.0858 1608 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

08:26:21.0905 1608 Mcx2Svc - ok

08:26:21.0983 1608 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys

08:26:21.0998 1608 mdmxsdk - ok

08:26:22.0076 1608 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys

08:26:22.0076 1608 megasas - ok

08:26:22.0108 1608 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys

08:26:22.0123 1608 MegaSR - ok

08:26:22.0295 1608 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

08:26:22.0357 1608 Microsoft Office Groove Audit Service - ok

08:26:22.0435 1608 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll

08:26:22.0435 1608 MMCSS - ok

08:26:22.0529 1608 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys

08:26:22.0560 1608 Modem - ok

08:26:22.0622 1608 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

08:26:22.0622 1608 monitor - ok

08:26:22.0654 1608 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

08:26:22.0685 1608 mouclass - ok

08:26:22.0732 1608 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

08:26:22.0747 1608 mouhid - ok

08:26:22.0778 1608 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

08:26:22.0778 1608 MountMgr - ok

08:26:22.0841 1608 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys

08:26:22.0841 1608 mpio - ok

08:26:22.0888 1608 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

08:26:22.0888 1608 mpsdrv - ok

08:26:23.0044 1608 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll

08:26:23.0059 1608 MpsSvc - ok

08:26:23.0090 1608 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

08:26:23.0090 1608 Mraid35x - ok

08:26:23.0168 1608 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

08:26:23.0168 1608 MRxDAV - ok

08:26:23.0231 1608 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

08:26:23.0231 1608 mrxsmb - ok

08:26:23.0293 1608 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:26:23.0309 1608 mrxsmb10 - ok

08:26:23.0324 1608 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:26:23.0324 1608 mrxsmb20 - ok

08:26:23.0418 1608 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys

08:26:23.0449 1608 msahci - ok

08:26:23.0527 1608 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys

08:26:23.0527 1608 msdsm - ok

08:26:23.0574 1608 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe

08:26:23.0652 1608 MSDTC - ok

08:26:24.0136 1608 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys

08:26:24.0167 1608 Msfs - ok

08:26:24.0229 1608 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

08:26:24.0229 1608 msisadrv - ok

08:26:24.0276 1608 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

08:26:24.0338 1608 MSiSCSI - ok

08:26:24.0354 1608 msiserver - ok

08:26:24.0494 1608 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

08:26:24.0526 1608 MSKSSRV - ok

08:26:24.0541 1608 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

08:26:24.0635 1608 MSPCLOCK - ok

08:26:24.0760 1608 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

08:26:24.0791 1608 MSPQM - ok

08:26:24.0916 1608 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

08:26:24.0916 1608 MsRPC - ok

08:26:25.0150 1608 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

08:26:25.0150 1608 mssmbios - ok

08:26:25.0196 1608 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

08:26:25.0259 1608 MSTEE - ok

08:26:25.0415 1608 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys

08:26:25.0415 1608 Mup - ok

08:26:25.0696 1608 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll

08:26:25.0711 1608 napagent - ok

08:26:26.0398 1608 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

08:26:26.0398 1608 NativeWifiP - ok

08:26:26.0476 1608 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys

08:26:26.0507 1608 NDIS - ok

08:26:26.0600 1608 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

08:26:26.0647 1608 NdisTapi - ok

08:26:26.0678 1608 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

08:26:26.0678 1608 Ndisuio - ok

08:26:26.0725 1608 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

08:26:26.0756 1608 NdisWan - ok

08:26:26.0788 1608 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

08:26:26.0834 1608 NDProxy - ok

08:26:26.0897 1608 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

08:26:26.0897 1608 Net Driver HPZ12 - ok

08:26:26.0944 1608 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

08:26:27.0006 1608 NetBIOS - ok

08:26:27.0053 1608 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys

08:26:27.0115 1608 netbt - ok

08:26:27.0162 1608 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe

08:26:27.0162 1608 Netlogon - ok

08:26:27.0240 1608 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll

08:26:27.0240 1608 Netman - ok

08:26:27.0271 1608 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll

08:26:27.0287 1608 netprofm - ok

08:26:27.0349 1608 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

08:26:27.0848 1608 NetTcpPortSharing - ok

08:26:27.0926 1608 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

08:26:27.0926 1608 nfrd960 - ok

08:26:27.0989 1608 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll

08:26:27.0989 1608 NlaSvc - ok

08:26:28.0036 1608 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys

08:26:28.0067 1608 Npfs - ok

08:26:28.0145 1608 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll

08:26:28.0160 1608 nsi - ok

08:26:28.0176 1608 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

08:26:28.0207 1608 nsiproxy - ok

08:26:28.0332 1608 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

08:26:28.0550 1608 Ntfs - ok

08:26:28.0613 1608 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys

08:26:28.0644 1608 ntrigdigi - ok

08:26:28.0660 1608 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys

08:26:28.0831 1608 Null - ok

08:26:28.0894 1608 [ 1657F3FBD9061526C14FF37E79306F98 ] NVENETFD C:\Windows\system32\DRIVERS\nvm60x32.sys

08:26:28.0956 1608 NVENETFD - ok

08:26:28.0987 1608 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys

08:26:29.0003 1608 nvraid - ok

08:26:29.0065 1608 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys

08:26:29.0065 1608 nvstor - ok

08:26:29.0112 1608 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

08:26:29.0174 1608 nv_agp - ok

08:26:29.0190 1608 NwlnkFlt - ok

08:26:29.0190 1608 NwlnkFwd - ok

08:26:29.0393 1608 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

08:26:29.0596 1608 odserv - ok

08:26:29.0720 1608 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

08:26:29.0876 1608 ohci1394 - ok

08:26:30.0142 1608 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

08:26:30.0220 1608 ose - ok

08:26:30.0298 1608 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll

08:26:30.0313 1608 p2pimsvc - ok

08:26:30.0407 1608 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll

08:26:30.0422 1608 p2psvc - ok

08:26:30.0469 1608 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys

08:26:30.0469 1608 Parport - ok

08:26:30.0625 1608 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys

08:26:30.0625 1608 partmgr - ok

08:26:30.0688 1608 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys

08:26:30.0734 1608 Parvdm - ok

08:26:31.0000 1608 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll

08:26:31.0015 1608 PcaSvc - ok

08:26:31.0046 1608 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys

08:26:31.0062 1608 pci - ok

08:26:31.0109 1608 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys

08:26:31.0109 1608 pciide - ok

08:26:31.0140 1608 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

08:26:31.0280 1608 pcmcia - ok

08:26:31.0374 1608 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys

08:26:31.0655 1608 PEAUTH - ok

08:26:32.0232 1608 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll

08:26:32.0263 1608 pla - ok

08:26:32.0310 1608 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll

08:26:32.0326 1608 PlugPlay - ok

08:26:32.0357 1608 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

08:26:32.0357 1608 Pml Driver HPZ12 - ok

08:26:32.0653 1608 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

08:26:32.0669 1608 PNRPAutoReg - ok

08:26:32.0794 1608 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll

08:26:32.0809 1608 PNRPsvc - ok

08:26:32.0918 1608 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

08:26:32.0950 1608 PolicyAgent - ok

08:26:33.0137 1608 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

08:26:33.0184 1608 PptpMiniport - ok

08:26:33.0262 1608 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys

08:26:33.0293 1608 Processor - ok

08:26:33.0324 1608 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll

08:26:33.0340 1608 ProfSvc - ok

08:26:33.0386 1608 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe

08:26:33.0386 1608 ProtectedStorage - ok

08:26:33.0418 1608 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys

08:26:33.0418 1608 PSched - ok

08:26:33.0496 1608 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

08:26:33.0589 1608 ql2300 - ok

08:26:33.0620 1608 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

08:26:33.0636 1608 ql40xx - ok

08:26:33.0854 1608 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll

08:26:33.0854 1608 QWAVE - ok

08:26:34.0073 1608 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

08:26:34.0088 1608 QWAVEdrv - ok

08:26:34.0120 1608 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

08:26:34.0182 1608 RasAcd - ok

08:26:34.0229 1608 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll

08:26:34.0229 1608 RasAuto - ok

08:26:34.0276 1608 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

08:26:34.0322 1608 Rasl2tp - ok

08:26:34.0385 1608 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll

08:26:34.0400 1608 RasMan - ok

08:26:34.0510 1608 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

08:26:34.0541 1608 RasPppoe - ok

08:26:34.0744 1608 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

08:26:35.0024 1608 RasSstp - ok

08:26:35.0118 1608 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

08:26:35.0227 1608 rdbss - ok

08:26:35.0290 1608 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

08:26:35.0305 1608 RDPCDD - ok

08:26:35.0352 1608 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

08:26:35.0446 1608 rdpdr - ok

08:26:35.0477 1608 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

08:26:35.0524 1608 RDPENCDD - ok

08:26:35.0570 1608 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

08:26:35.0648 1608 RDPWD - ok

08:26:35.0789 1608 [ 431723F23D0E065BEF502389E8FFDC10 ] Recovery Service for Windows C:\Windows\SMINST\BLService.exe

08:26:36.0054 1608 Recovery Service for Windows - ok

08:26:36.0319 1608 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll

08:26:36.0319 1608 RemoteAccess - ok

08:26:36.0366 1608 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll

08:26:36.0366 1608 RemoteRegistry - ok

08:26:36.0460 1608 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe

08:26:36.0475 1608 RichVideo - ok

08:26:36.0569 1608 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe

08:26:36.0584 1608 RpcLocator - ok

08:26:36.0647 1608 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll

08:26:36.0662 1608 RpcSs - ok

08:26:36.0912 1608 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

08:26:36.0912 1608 rspndr - ok

08:26:37.0162 1608 [ 53892CBD9735A80712EE9439268344B4 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys

08:26:37.0208 1608 RTL8169 - ok

08:26:37.0302 1608 [ B0538DEA03E088B80482CA939F4E8740 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS

08:26:37.0411 1608 RTSTOR - ok

08:26:37.0489 1608 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe

08:26:37.0505 1608 SamSs - ok

08:26:37.0567 1608 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

08:26:37.0567 1608 sbp2port - ok

08:26:37.0645 1608 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll

08:26:37.0645 1608 SCardSvr - ok

08:26:37.0910 1608 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll

08:26:37.0926 1608 Schedule - ok

08:26:37.0957 1608 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll

08:26:37.0957 1608 SCPolicySvc - ok

08:26:38.0051 1608 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll

08:26:38.0066 1608 SDRSVC - ok

08:26:38.0441 1608 [ 3E0CFF5F0A9D23E327703D72CEA5253F ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

08:26:38.0456 1608 SeaPort - ok

08:26:38.0503 1608 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

08:26:38.0503 1608 secdrv - ok

08:26:38.0550 1608 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll

08:26:38.0550 1608 seclogon - ok

08:26:38.0597 1608 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll

08:26:38.0597 1608 SENS - ok

08:26:38.0690 1608 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys

08:26:38.0722 1608 Serenum - ok

08:26:38.0878 1608 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys

08:26:38.0909 1608 Serial - ok

08:26:38.0924 1608 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys

08:26:38.0956 1608 sermouse - ok

08:26:39.0314 1608 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll

08:26:39.0330 1608 SessionEnv - ok

08:26:39.0377 1608 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

08:26:39.0424 1608 sffdisk - ok

08:26:39.0439 1608 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

08:26:39.0470 1608 sffp_mmc - ok

08:26:39.0486 1608 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

08:26:39.0517 1608 sffp_sd - ok

08:26:39.0580 1608 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

08:26:39.0611 1608 sfloppy - ok

08:26:39.0689 1608 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll

08:26:39.0704 1608 SharedAccess - ok

08:26:39.0860 1608 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

08:26:39.0876 1608 ShellHWDetection - ok

08:26:39.0938 1608 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys

08:26:40.0048 1608 sisagp - ok

08:26:40.0172 1608 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

08:26:40.0172 1608 SiSRaid2 - ok

08:26:40.0328 1608 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

08:26:40.0328 1608 SiSRaid4 - ok

08:26:40.0562 1608 [ 183F04C6742902F33039913A96F5B574 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

08:26:40.0656 1608 Skype C2C Service - ok

08:26:40.0890 1608 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe

08:26:40.0890 1608 SkypeUpdate - ok

08:26:41.0093 1608 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe

08:26:41.0155 1608 slsvc - ok

08:26:41.0280 1608 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll

08:26:41.0280 1608 SLUINotify - ok

08:26:41.0452 1608 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys

08:26:41.0483 1608 Smb - ok

08:26:41.0530 1608 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

08:26:41.0545 1608 SNMPTRAP - ok

08:26:41.0608 1608 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys

08:26:41.0623 1608 spldr - ok

08:26:41.0670 1608 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe

08:26:41.0670 1608 Spooler - ok

08:26:41.0842 1608 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys

08:26:41.0842 1608 srv - ok

08:26:41.0888 1608 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

08:26:41.0888 1608 srv2 - ok

08:26:42.0185 1608 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

08:26:42.0185 1608 srvnet - ok

08:26:42.0403 1608 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

08:26:42.0419 1608 SSDPSRV - ok

08:26:42.0481 1608 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll

08:26:42.0481 1608 SstpSvc - ok

08:26:42.0575 1608 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys

08:26:42.0606 1608 StillCam - ok

08:26:42.0700 1608 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll

08:26:42.0700 1608 stisvc - ok

08:26:42.0934 1608 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

08:26:42.0965 1608 swenum - ok

08:26:43.0012 1608 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll

08:26:43.0027 1608 swprv - ok

08:26:43.0090 1608 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

08:26:43.0090 1608 Symc8xx - ok

08:26:43.0199 1608 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

08:26:43.0214 1608 Sym_hi - ok

08:26:43.0246 1608 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

08:26:43.0246 1608 Sym_u3 - ok

08:26:43.0464 1608 [ 00B19F27858F56181EDB58B71A7C67A0 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

08:26:43.0714 1608 SynTP - ok

08:26:43.0916 1608 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll

08:26:43.0932 1608 SysMain - ok

08:26:44.0119 1608 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

08:26:44.0119 1608 TabletInputService - ok

08:26:44.0166 1608 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll

08:26:44.0166 1608 TapiSrv - ok

08:26:44.0213 1608 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll

08:26:44.0213 1608 TBS - ok

08:26:44.0306 1608 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

08:26:44.0353 1608 Tcpip - ok

08:26:44.0416 1608 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

08:26:44.0416 1608 Tcpip6 - ok

08:26:44.0478 1608 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

08:26:44.0478 1608 tcpipreg - ok

08:26:44.0525 1608 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

08:26:44.0556 1608 TDPIPE - ok

08:26:44.0618 1608 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

08:26:44.0650 1608 TDTCP - ok

08:26:44.0696 1608 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

08:26:44.0728 1608 tdx - ok

08:26:44.0806 1608 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

08:26:44.0868 1608 TermDD - ok

08:26:44.0915 1608 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll

08:26:44.0930 1608 TermService - ok

08:26:45.0008 1608 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll

08:26:45.0024 1608 Themes - ok

08:26:45.0040 1608 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll

08:26:45.0040 1608 THREADORDER - ok

08:26:45.0164 1608 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll

08:26:45.0164 1608 TrkWks - ok

08:26:45.0320 1608 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

08:26:45.0320 1608 TrustedInstaller - ok

08:26:45.0445 1608 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

08:26:45.0476 1608 tssecsrv - ok

08:26:45.0508 1608 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

08:26:45.0539 1608 tunmp - ok

08:26:45.0586 1608 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

08:26:45.0586 1608 tunnel - ok

08:26:45.0664 1608 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys

08:26:45.0695 1608 uagp35 - ok

08:26:46.0054 1608 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

08:26:46.0147 1608 udfs - ok

08:26:46.0241 1608 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

08:26:46.0241 1608 UI0Detect - ok

08:26:46.0319 1608 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

08:26:46.0350 1608 uliagpkx - ok

08:26:46.0412 1608 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys

08:26:46.0428 1608 uliahci - ok

08:26:46.0444 1608 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys

08:26:46.0444 1608 UlSata - ok

08:26:46.0475 1608 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

08:26:46.0475 1608 ulsata2 - ok

08:26:46.0506 1608 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

08:26:47.0224 1608 umbus - ok

08:26:47.0333 1608 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll

08:26:47.0348 1608 upnphost - ok

08:26:47.0426 1608 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

08:26:47.0442 1608 usbccgp - ok

08:26:47.0536 1608 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys

08:26:47.0614 1608 usbcir - ok

08:26:47.0645 1608 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

08:26:47.0676 1608 usbehci - ok

08:26:47.0707 1608 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

08:26:47.0832 1608 usbhub - ok

08:26:48.0362 1608 [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

08:26:48.0378 1608 usbohci - ok

08:26:48.0409 1608 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys

08:26:48.0425 1608 usbprint - ok

08:26:48.0518 1608 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

08:26:48.0550 1608 USBSTOR - ok

08:26:48.0612 1608 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

08:26:48.0721 1608 usbuhci - ok

08:26:48.0908 1608 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

08:26:48.0955 1608 usbvideo - ok

08:26:48.0986 1608 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll

08:26:49.0002 1608 UxSms - ok

08:26:49.0049 1608 [ A0C643D5F8C60F12FAA6E3454DFE9C32 ] V0230Vfx C:\Windows\system32\DRIVERS\V0230Vfx.sys

08:26:49.0064 1608 V0230Vfx - ok

08:26:49.0142 1608 [ AB3A762B624EC835C1C7BB665B04ED41 ] V0230VID C:\Windows\system32\DRIVERS\V0230VID.sys

08:26:49.0454 1608 V0230VID - ok

08:26:49.0501 1608 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe

08:26:49.0517 1608 vds - ok

08:26:49.0766 1608 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

08:26:49.0782 1608 vga - ok

08:26:49.0860 1608 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys

08:26:49.0907 1608 VgaSave - ok

08:26:49.0969 1608 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys

08:26:50.0000 1608 viaagp - ok

08:26:50.0094 1608 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys

08:26:50.0110 1608 ViaC7 - ok

08:26:50.0141 1608 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys

08:26:50.0141 1608 viaide - ok

08:26:50.0172 1608 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys

08:26:50.0172 1608 volmgr - ok

08:26:50.0234 1608 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

08:26:50.0234 1608 volmgrx - ok

08:26:50.0281 1608 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys

08:26:50.0281 1608 volsnap - ok

08:26:50.0312 1608 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

08:26:50.0328 1608 vsmraid - ok

08:26:50.0406 1608 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe

08:26:50.0422 1608 VSS - ok

08:26:50.0484 1608 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll

08:26:50.0500 1608 W32Time - ok

08:26:50.0531 1608 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

08:26:50.0562 1608 WacomPen - ok

08:26:50.0593 1608 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

08:26:50.0624 1608 Wanarp - ok

08:26:50.0640 1608 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

08:26:50.0640 1608 Wanarpv6 - ok

08:26:50.0687 1608 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll

08:26:50.0702 1608 wcncsvc - ok

08:26:50.0749 1608 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

08:26:50.0749 1608 WcsPlugInService - ok

08:26:50.0780 1608 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys

08:26:50.0796 1608 Wd - ok

08:26:50.0858 1608 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

08:26:50.0858 1608 Wdf01000 - ok

08:26:50.0936 1608 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll

08:26:50.0936 1608 WdiServiceHost - ok

08:26:50.0952 1608 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll

08:26:50.0952 1608 WdiSystemHost - ok

08:26:51.0030 1608 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll

08:26:51.0046 1608 WebClient - ok

08:26:51.0092 1608 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll

08:26:51.0108 1608 Wecsvc - ok

08:26:51.0186 1608 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll

08:26:51.0186 1608 wercplsupport - ok

08:26:51.0264 1608 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll

08:26:51.0264 1608 WerSvc - ok

08:26:51.0358 1608 [ 0ACD399F5DB3DF1B58903CF4949AB5A8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys

08:26:51.0420 1608 winachsf - ok

08:26:51.0482 1608 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

08:26:51.0545 1608 WinDefend - ok

08:26:51.0560 1608 WinHttpAutoProxySvc - ok

08:26:51.0670 1608 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

08:26:51.0670 1608 Winmgmt - ok

08:26:51.0763 1608 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll

08:26:51.0779 1608 WinRM - ok

08:26:51.0919 1608 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll

08:26:51.0935 1608 Wlansvc - ok

08:26:52.0028 1608 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

08:26:52.0091 1608 wlidsvc - ok

08:26:52.0122 1608 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

08:26:52.0122 1608 WmiAcpi - ok

08:26:52.0169 1608 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

08:26:52.0169 1608 wmiApSrv - ok

08:26:52.0309 1608 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

08:26:52.0325 1608 WMPNetworkSvc - ok

08:26:52.0372 1608 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll

08:26:52.0387 1608 WPCSvc - ok

08:26:52.0450 1608 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

08:26:52.0450 1608 WPDBusEnum - ok

08:26:52.0574 1608 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

08:26:52.0590 1608 WPFFontCache_v0400 - ok

08:26:52.0637 1608 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

08:26:52.0652 1608 ws2ifsl - ok

08:26:52.0684 1608 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll

08:26:52.0699 1608 wscsvc - ok

08:26:52.0746 1608 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys

08:26:52.0746 1608 WSDPrintDevice - ok

08:26:52.0762 1608 WSearch - ok

08:26:52.0933 1608 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll

08:26:52.0964 1608 wuauserv - ok

08:26:53.0027 1608 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

08:26:53.0027 1608 WudfPf - ok

08:26:53.0074 1608 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

08:26:53.0136 1608 WUDFRd - ok

08:26:53.0167 1608 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

08:26:53.0183 1608 wudfsvc - ok

08:26:53.0261 1608 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys

08:26:53.0261 1608 XAudio - ok

08:26:53.0323 1608 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe

08:26:53.0339 1608 XAudioService - ok

08:26:53.0386 1608 ================ Scan global ===============================

08:26:53.0417 1608 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

08:26:53.0495 1608 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

08:26:53.0557 1608 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

08:26:53.0620 1608 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe

08:26:53.0635 1608 [Global] - ok

08:26:53.0635 1608 ================ Scan MBR ==================================

08:26:53.0651 1608 [ 85D751F0E41B8E520AEE8C07A8DA777B ] \Device\Harddisk0\DR0

08:26:54.0680 1608 \Device\Harddisk0\DR0 - ok

08:26:54.0680 1608 ================ Scan VBR ==================================

08:26:54.0696 1608 [ EDD9A47D330E565644044A02B70D0081 ] \Device\Harddisk0\DR0\Partition1

08:26:54.0696 1608 \Device\Harddisk0\DR0\Partition1 - ok

08:26:54.0836 1608 [ 1AEDF7C1E3322D9FF233E4CC6D168DFD ] \Device\Harddisk0\DR0\Partition2

08:26:54.0836 1608 \Device\Harddisk0\DR0\Partition2 - ok

08:26:54.0836 1608 ============================================================

08:26:54.0836 1608 Scan finished

08:26:54.0836 1608 ============================================================

08:26:54.0868 4072 Detected object count: 0

08:26:54.0868 4072 Actual detected object count: 0

ESET Online Scanner -clean

# AdwCleaner v2.111 - Logfile created 02/07/2013 at 13:07:58

# Updated 05/02/2013 by Xplode

# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)

# User : HP - HP-PC

# Boot Mode : Normal

# Running from : C:\Users\HP\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Viewpoint

Folder Deleted : C:\ProgramData\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\Software\MetaStream

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

Key Deleted : HKLM\Software\PIP

Key Deleted : HKLM\Software\Viewpoint

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3086 octets] - [07/02/2013 13:03:28]

AdwCleaner[s1].txt - [3079 octets] - [07/02/2013 13:07:58]

########## EOF - C:\AdwCleaner[s1].txt - [3139 octets] ##########

Results of screen317's Security Check version 0.99.57

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

AVG Anti-Virus Free Edition 2013

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

CCleaner

Java 6 Update 34

Java 7 Update 10

Java 6 Update 5

Java version out of Date!

Adobe Reader 8 Adobe Reader out of Date!

Google Chrome 24.0.1312.56

Google Chrome 24.0.1312.57

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

AVG avgwdsvc.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Link to post
Share on other sites

  • Staff

Hi,

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number

Please uninstall the following from Programs and Features:

Bing Bar

Bing Bar Platform

Reboot. Does the issue persist?

Link to post
Share on other sites

bing bar uninstalled

Where do I find bing bar platform? Not in my control panel.

Here's adw report:

# AdwCleaner v2.111 - Logfile created 02/10/2013 at 10:21:42

# Updated 05/02/2013 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : HP - HP-PC

# Boot Mode : Normal

# Running from : C:\Users\HP\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3086 octets] - [07/02/2013 13:03:28]

AdwCleaner[s1].txt - [3208 octets] - [07/02/2013 13:07:58]

AdwCleaner[s2].txt - [773 octets] - [10/02/2013 10:21:42]

########## EOF - C:\AdwCleaner[s2].txt - [832 octets] ##########

Link to post
Share on other sites

Have now rebooted. The folder C:\Users\HP\AppData\ with the folders in that no longer seem to be available. Clicked on one of the recent items which was one of the photos downloaded and tried to delete and it says it is no longer available and may have been deleted so all is looking very good.

Does anything need to be done about the registries that seem to have been changed?

Really appreciate all your help on this - I know you do this voluntary basis and in your own time. So very thankful - hopefully once everything is confirmed as ok we can breathe again!!

Link to post
Share on other sites

  • 4 weeks later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.