Jump to content

Recommended Posts

Hi there. 

 

I have a 40 mb/s connection and while other computers in the house download at 40-45 mb/s at speedtest.net, my desktop tests at about 1.0 mb/s. I strongly suspect malware as sometimes pictures on websites don't load at all and/or webpages appear broken. I ran a Malwarebytes scan and it came up clean. Below are my dds.txt and attach.txt logs. 

 

 

 

DDS.TXT

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 10.17.2
Run by Phil at 12:55:32 on 2013-06-28
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8191.6342 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\pia_manager\openvpn.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uProxyOverride = 127.0.0.1:9421;<local>;*.local
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-System: HideFastUserSwitching = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoFileAssociate = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{4C89809E-B569-44B7-919D-977CF91C8402} : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{ADC69C4A-7521-4BF6-8DF9-E3877625F1F3} : DHCPNameServer = 65.32.5.111 65.32.5.112
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\8sn5mvv4.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Roblox\Versions\version-54257e546c7e4443\NPRobloxProxy.dll
FF - plugin: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Phil\AppData\Local\Box Edit\npBoxEdit.dll
FF - plugin: C:\Users\Phil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-6-15 283200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-12-5 71032]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-12-5 384888]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
R2 SpyroService;Spyro Portal Service;C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe [2012-9-20 50688]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 danewFltr;NewDeathAdder Mouse;C:\Windows\System32\drivers\danew.sys [2011-6-15 12032]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2011-6-16 22408]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2011-6-24 121416]
R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
R3 VKbms;Virtual HID Minidriver;C:\Windows\System32\drivers\VKbms.sys [2011-6-15 13312]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2012-12-5 393080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2012-11-1 401920]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-3 103064]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-5-7 17480]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-5-7 9800]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-3-17 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 JLTECH0227;Dual Mode Camera;C:\Windows\System32\drivers\jl2005c.sys [2012-9-13 80880]
S3 LeapFrog-USBLAN;LeapFrog-USBLAN;C:\Windows\System32\drivers\btblan.sys [2009-10-9 40320]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2011-6-16 16008]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-6-27 20992]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\System32\drivers\wg111v3.sys [2009-11-18 446976]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-3 203672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-27 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-15 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== Created Last 30 ================
.
2013-06-28 12:22:01 -------- d-----w- C:\Program Files (x86)\Bethesda Softworks
2013-06-27 19:43:43 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8D20CA36-DF24-44F4-AD7F-6AA23C77B4AB}\mpengine.dll
2013-06-26 17:28:10 9552976 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-26 02:33:57 -------- d-----w- C:\Users\Phil\.autobahn
2013-06-26 02:33:48 -------- d-----w- C:\Users\Phil\AppData\Local\Autobahn
2013-06-22 12:30:04 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B1E9D0CF-E0A1-409B-87C0-CF9A5F723F21}\gapaengine.dll
2013-06-17 19:30:30 -------- d-----w- C:\Program Files (x86)\The Sims 3 Deluxe Edition
2013-06-12 11:42:43 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-12 11:42:35 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-12 11:42:34 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-12 11:42:14 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-06-12 11:42:14 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-06-12 11:42:00 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-06-03 10:45:10 -------- d-----w- C:\Users\Phil\AppData\Roaming\Samsung
2013-06-03 10:45:10 -------- d-----w- C:\Users\Phil\AppData\Local\Samsung
2013-06-03 10:44:23 203672 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2013-06-03 10:44:23 103064 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2013-06-03 10:42:26 -------- d-----w- C:\Program Files (x86)\MyFree Codec
.
==================== Find3M  ====================
.
2013-06-12 12:29:39 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 12:29:39 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-21 13:09:40 31232 ----a-w- C:\Windows\System32\drivers\tap0901.sys
2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-04-18 23:08:14 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2013-04-18 23:07:00 90112 ----a-w- C:\Windows\MAMCityDownload.ocx
2013-04-18 23:07:00 330240 ----a-w- C:\Windows\MASetupCaller.dll
2013-04-18 23:07:00 30568 ----a-w- C:\Windows\MusiccityDownload.exe
2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-11 18:10:50 2498216 ----a-w- C:\Windows\SysWow64\BootMan.exe
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-31 22:52:16 1887232 ----a-w- C:\Windows\System32\d3d11.dll
.
============= FINISH: 12:57:25.28 ===============
 
 
 
 
 
ATTACH.TXT
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 6/15/2011 3:27:39 PM
System Uptime: 6/28/2013 12:49:05 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | Benicia
Processor: Intel® Core2 Quad CPU    Q6600  @ 2.40GHz | CPU 1 | 1584/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 699 GiB total, 197.459 GiB free.
D: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP280: 6/17/2013 4:35:03 PM - Installed DirectX
RP281: 6/18/2013 7:09:02 AM - Windows Update
RP282: 6/22/2013 8:28:26 AM - Windows Update
RP283: 6/26/2013 1:27:10 PM - Windows Update
RP284: 6/28/2013 12:52:32 PM - Removed Vuze Remote Toolbar v7.0.
.
==== Installed Programs ======================
.
«The Sims 3 Deluxe Edition» (build 8.1)
3DVIA player 5.0.0.20
7-Zip 9.20 (x64 edition)
AC3Filter 1.63b
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
Akamai NetSession Interface
Amazon Games & Software Downloader
Amazon MP3 Downloader 1.0.17
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV and Media Player 3.1.1.12
Audacity 2.0.3
AudibleManager
Barbie® Fashion Show - An Eye for Style
BlueStacks App Player
Bonjour
Box Edit
Box Sync (64 bit)
BurnAware Free 5.5
Call of Duty: Modern Warfare 2
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MG3100 series MP Drivers
Canon MP Navigator EX 3.0
Canon MP560 series MP Drivers
Canon Utilities Solution Menu
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDisplay 1.8
CompuApps SwissKnife V3
Counter-Strike
D3DX10
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diablo III
Disney Toontown Online
Doom 3 BFG Edition
EaseUS Partition Master 9.2.2
FF7Music
ffdshow [rev 2527] [2008-12-19]
Foldit
Giggles Computer Funtime For Baby™ - ABC's & 123's
Giggles Computer Funtime For Baby™ - ABC's & 123's Vista-WIN7 U
Google Chrome
Google Update Helper
Haali Media Splitter
HandBrake 0.9.8
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
iCarly Photo Mall
iSEEK AnswerWorks English Runtime
iTunes
Java 7 Update 11 (64-bit)
Java 7 Update 17
Java Auto Updater
Java 6 Update 31
Karateka 
Kies mini
king.com (remove only)
LeapFrog Connect
LeapFrog LeapPad Explorer Plugin
Logitech Gaming Software
Logitech Gaming Software 8.30
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Mathematics (64-bit)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 2.0
MotioninJoy ds3 driver version 0.5.0002
Movie Maker
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyFreeCodec
Need for Speed Hot Pursuit
NexDef Plug-in
Notification Center
NVIDIA PhysX
Octoshape add-in for Adobe Flash Player
OpenAL
Pando Media Booster
Photo Common
Photo Gallery
Portal
Portal 2
Private Internet Access Support Files
Project 64 version 2.1.0.1
Project64 1.6
PS3 Theme Builder 3.0
Puzzle Quest
Quicken 2013
QuickTime
Razer DeathAdder Mouse
ROBLOX Player
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype™ 5.10
Smart PDF Converter Pro 6.3.0.466
Source SDK Base 2007
Spybot - Search & Destroy
SpyroDriver
SpyroPortalDriver
Star Wars® Knights of the Old Republic® II: The Sith Lords
Steam
The Sims™ 3
The Sims™ 3 ? ????????
The Sims™ 3 ???-??????
The Sims™ 3 ??? ????????
The Sims™ 3 ??? ???????????
The Sims™ 3 ????? ?? ??????? ???????
The Sims™ 3 ???????
The Sims™ 3 ??????? ????
The Sims™ 3 ???????? 70-?, 80-?, 90-? ???????
The Sims™ 3 ????????? ????? ???????
The Sims™ 3 ?????????? ????? ???????
The Sims™ 3 ?????????? ??????? ???????
The Sims™ 3 ??????????? ??????? ???????
The Sims™ 3 ???????????? ?????
The Sims™ 3 ??????????????????
The Sims™ 3 Diesel ???????
The Sims™ 3 Katy Perry ??????? ???????
Tomb Raider
Uninstall Dual Mode Camera (88061)
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
Ventrilo Client for Windows x64
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player 64-bit Plug-in Fix
Windows Media Player Firefox Plugin
WinRAR 4.01 (64-bit)
WMPCDText 1.4
World of Warcraft
World of Warcraft Beta
World of Warcraft Public Test
XBMC
Xross Media Simulator 1.0
.
==== Event Viewer Messages From Past Week ========
.
6/28/2013 12:51:20 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/28/2013 12:50:21 PM, Error: Service Control Manager [7023]  - The BlueStacks Android Service service terminated with the following error:  An exception occurred in the service when handling the control request.
6/28/2013 12:47:25 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
6/28/2013 12:42:44 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
6/28/2013 12:42:44 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
6/28/2013 12:04:37 PM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
6/28/2013 12:02:51 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/28/2013 12:02:50 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
6/28/2013 12:02:50 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/28/2013 12:02:48 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/28/2013 12:02:42 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/28/2013 12:02:37 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache MpFilter spldr Wanarpv6
6/27/2013 3:30:12 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
6/27/2013 3:30:12 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
6/27/2013 3:29:06 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
6/27/2013 3:07:55 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.153.667.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: Default URL   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.9607.0   Error code: 0x8007043c   Error description: This service cannot be started in Safe Mode 
6/27/2013 3:07:55 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/27/2013 12:47:59 PM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
6/26/2013 1:15:25 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005]  - Unable to produce a minidump file from the full dump file.
6/26/2013 1:15:25 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000010d (0x0000000000000005, 0x0000000000000000, 0x0000000000001202, 0xfffffa8009f40010). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
6/25/2013 8:59:20 PM, Error: Service Control Manager [7034]  - The Spyro Portal Service service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================
 
 
 
 
Thanks in advance for any and all help and consideration! 
Link to post
Share on other sites

Hello and welcome to the MalwareBytes forums.

My name is Maurice Naggar.

I will be helping you.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Press Windows-key +R key on your keyboard to get RUN option.
  • Type in
    explorer.exe
    and press Enter to start Windows Explorer.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.
Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.

    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.

  • If an infected file is detected, the default action will be Cure, click on Continue.

    TDSSKillerMal-1.png

  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

    Skip and click on Continue

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Step 5
  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or

    >> from here <<

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    For Windows XP, double-click to start.

  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller
Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program. :excl:

Then copy/paste the following into your post (in order):

  • the contents of C:\AdwCleaner[R1].txt;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;
Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

I followed your instructions. Thanks for your time and assistance. Logs are pasted below. 

 

 

# AdwCleaner v2.303 - Logfile created 06/28/2013 at 21:25:39

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : Phil - PHIL-PC

# Boot Mode : Normal

# Running from : C:\Users\Phil\Downloads\adwcleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Found : C:\Program Files (x86)\WinZip Registry Optimizer

Folder Found : C:\ProgramData\Ask

Folder Found : C:\Users\Phil\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar

 

***** [Registry] *****

 

Key Found : HKCU\Software\AppDataLow\Software\Search Settings

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}

Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater

Key Found : HKU\S-1-5-21-4185289393-979684477-479381735-1000\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v10.0.9200.16611

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v21.0 (en-US)

 

File : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\8sn5mvv4.default\prefs.js

 

Found : user_pref("browser.search.order.1", "Ask.com");

 

-\\ Google Chrome v27.0.1453.116

 

File : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [2808 octets] - [28/06/2013 21:25:39]

 

########## EOF - C:\AdwCleaner[R1].txt - [2868 octets] ##########

 

 

 

21:27:53.0652 5496  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

21:27:54.0255 5496  ============================================================

21:27:54.0255 5496  Current date / time: 2013/06/28 21:27:54.0255

21:27:54.0255 5496  SystemInfo:

21:27:54.0255 5496  

21:27:54.0255 5496  OS Version: 6.1.7601 ServicePack: 1.0

21:27:54.0255 5496  Product type: Workstation

21:27:54.0255 5496  ComputerName: PHIL-PC

21:27:54.0255 5496  UserName: Phil

21:27:54.0255 5496  Windows directory: C:\Windows

21:27:54.0255 5496  System windows directory: C:\Windows

21:27:54.0255 5496  Running under WOW64

21:27:54.0255 5496  Processor architecture: Intel x64

21:27:54.0255 5496  Number of processors: 4

21:27:54.0255 5496  Page size: 0x1000

21:27:54.0255 5496  Boot type: Normal boot

21:27:54.0255 5496  ============================================================

21:27:55.0813 5496  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:27:55.0833 5496  ============================================================

21:27:55.0833 5496  \Device\Harddisk0\DR0:

21:27:55.0833 5496  MBR partitions:

21:27:55.0833 5496  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

21:27:55.0833 5496  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x57513000

21:27:55.0833 5496  ============================================================

21:27:55.0857 5496  C: <-> \Device\Harddisk0\DR0\Partition2

21:27:55.0857 5496  ============================================================

21:27:55.0857 5496  Initialize success

21:27:55.0857 5496  ============================================================

21:28:10.0691 4452  ============================================================

21:28:10.0691 4452  Scan started

21:28:10.0691 4452  Mode: Manual; 

21:28:10.0691 4452  ============================================================

21:28:11.0336 4452  ================ Scan system memory ========================

21:28:11.0336 4452  System memory - ok

21:28:11.0337 4452  ================ Scan services =============================

21:28:11.0460 4452  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys

21:28:11.0463 4452  1394ohci - ok

21:28:11.0512 4452  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys

21:28:11.0516 4452  ACPI - ok

21:28:11.0561 4452  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys

21:28:11.0562 4452  AcpiPmi - ok

21:28:11.0634 4452  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

21:28:11.0635 4452  AdobeARMservice - ok

21:28:11.0737 4452  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

21:28:11.0740 4452  AdobeFlashPlayerUpdateSvc - ok

21:28:11.0780 4452  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys

21:28:11.0787 4452  adp94xx - ok

21:28:11.0796 4452  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys

21:28:11.0800 4452  adpahci - ok

21:28:11.0818 4452  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys

21:28:11.0821 4452  adpu320 - ok

21:28:11.0972 4452  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

21:28:11.0973 4452  AeLookupSvc - ok

21:28:12.0025 4452  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys

21:28:12.0030 4452  AFD - ok

21:28:12.0067 4452  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys

21:28:12.0068 4452  agp440 - ok

21:28:12.0092 4452  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe

21:28:12.0094 4452  ALG - ok

21:28:12.0109 4452  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys

21:28:12.0110 4452  aliide - ok

21:28:12.0216 4452  [ FF6F0F6A2D72065AE4300426FA414693 ] Amazon Download Agent C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe

21:28:12.0222 4452  Amazon Download Agent - ok

21:28:12.0276 4452  [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

21:28:12.0280 4452  AMD External Events Utility - ok

21:28:12.0293 4452  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys

21:28:12.0294 4452  amdide - ok

21:28:12.0299 4452  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys

21:28:12.0300 4452  AmdK8 - ok

21:28:12.0516 4452  [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys

21:28:12.0702 4452  amdkmdag - ok

21:28:12.0726 4452  [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys

21:28:12.0729 4452  amdkmdap - ok

21:28:12.0741 4452  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys

21:28:12.0742 4452  AmdPPM - ok

21:28:12.0786 4452  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys

21:28:12.0788 4452  amdsata - ok

21:28:12.0811 4452  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys

21:28:12.0814 4452  amdsbs - ok

21:28:12.0833 4452  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys

21:28:12.0833 4452  amdxata - ok

21:28:12.0871 4452  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys

21:28:12.0873 4452  AppID - ok

21:28:12.0891 4452  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll

21:28:12.0892 4452  AppIDSvc - ok

21:28:12.0956 4452  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll

21:28:12.0958 4452  Appinfo - ok

21:28:13.0023 4452  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

21:28:13.0025 4452  Apple Mobile Device - ok

21:28:13.0077 4452  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll

21:28:13.0080 4452  AppMgmt - ok

21:28:13.0100 4452  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys

21:28:13.0101 4452  arc - ok

21:28:13.0107 4452  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys

21:28:13.0109 4452  arcsas - ok

21:28:13.0124 4452  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

21:28:13.0124 4452  AsyncMac - ok

21:28:13.0193 4452  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys

21:28:13.0194 4452  atapi - ok

21:28:13.0247 4452  [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys

21:28:13.0248 4452  AtiHDAudioService - ok

21:28:13.0297 4452  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

21:28:13.0305 4452  AudioEndpointBuilder - ok

21:28:13.0317 4452  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll

21:28:13.0322 4452  AudioSrv - ok

21:28:13.0382 4452  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll

21:28:13.0384 4452  AxInstSV - ok

21:28:13.0408 4452  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys

21:28:13.0414 4452  b06bdrv - ok

21:28:13.0438 4452  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys

21:28:13.0442 4452  b57nd60a - ok

21:28:13.0474 4452  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll

21:28:13.0476 4452  BDESVC - ok

21:28:13.0508 4452  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys

21:28:13.0508 4452  Beep - ok

21:28:13.0588 4452  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll

21:28:13.0596 4452  BFE - ok

21:28:13.0643 4452  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll

21:28:13.0655 4452  BITS - ok

21:28:13.0664 4452  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys

21:28:13.0665 4452  blbdrive - ok

21:28:13.0728 4452  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

21:28:13.0733 4452  Bonjour Service - ok

21:28:13.0773 4452  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

21:28:13.0775 4452  bowser - ok

21:28:13.0780 4452  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys

21:28:13.0781 4452  BrFiltLo - ok

21:28:13.0801 4452  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys

21:28:13.0802 4452  BrFiltUp - ok

21:28:13.0844 4452  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll

21:28:13.0846 4452  Browser - ok

21:28:13.0854 4452  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys

21:28:13.0858 4452  Brserid - ok

21:28:13.0877 4452  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys

21:28:13.0878 4452  BrSerWdm - ok

21:28:13.0893 4452  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys

21:28:13.0894 4452  BrUsbMdm - ok

21:28:13.0909 4452  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys

21:28:13.0910 4452  BrUsbSer - ok

21:28:13.0995 4452  [ 9D7B3E989AED3DE53B13E514D3D3FDD2 ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe

21:28:14.0000 4452  BstHdAndroidSvc - ok

21:28:14.0049 4452  [ 82D92C0DF7FDA102E10D0E653316EB8A ] BstHdDrv        C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys

21:28:14.0050 4452  BstHdDrv - ok

21:28:14.0099 4452  [ 4CA44453E9DD74FB2210A198B28199CD ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

21:28:14.0104 4452  BstHdLogRotatorSvc - ok

21:28:14.0111 4452  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys

21:28:14.0112 4452  BTHMODEM - ok

21:28:14.0139 4452  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll

21:28:14.0141 4452  bthserv - ok

21:28:14.0154 4452  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

21:28:14.0156 4452  cdfs - ok

21:28:14.0198 4452  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys

21:28:14.0200 4452  cdrom - ok

21:28:14.0238 4452  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll

21:28:14.0240 4452  CertPropSvc - ok

21:28:14.0246 4452  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys

21:28:14.0247 4452  circlass - ok

21:28:14.0265 4452  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys

21:28:14.0270 4452  CLFS - ok

21:28:14.0319 4452  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:28:14.0321 4452  clr_optimization_v2.0.50727_32 - ok

21:28:14.0362 4452  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

21:28:14.0364 4452  clr_optimization_v2.0.50727_64 - ok

21:28:14.0427 4452  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

21:28:14.0429 4452  clr_optimization_v4.0.30319_32 - ok

21:28:14.0457 4452  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

21:28:14.0459 4452  clr_optimization_v4.0.30319_64 - ok

21:28:14.0465 4452  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys

21:28:14.0466 4452  CmBatt - ok

21:28:14.0484 4452  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys

21:28:14.0485 4452  cmdide - ok

21:28:14.0517 4452  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys

21:28:14.0522 4452  CNG - ok

21:28:14.0528 4452  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys

21:28:14.0529 4452  Compbatt - ok

21:28:14.0582 4452  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys

21:28:14.0584 4452  CompositeBus - ok

21:28:14.0592 4452  COMSysApp - ok

21:28:14.0602 4452  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys

21:28:14.0604 4452  crcdisk - ok

21:28:14.0648 4452  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll

21:28:14.0651 4452  CryptSvc - ok

21:28:14.0697 4452  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys

21:28:14.0704 4452  CSC - ok

21:28:14.0779 4452  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll

21:28:14.0787 4452  CscService - ok

21:28:14.0850 4452  [ 003626F7CA17C204F16CD5047AF0703A ] danewFltr       C:\Windows\system32\drivers\danew.sys

21:28:14.0851 4452  danewFltr - ok

21:28:14.0907 4452  [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys

21:28:14.0909 4452  dc3d - ok

21:28:14.0956 4452  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll

21:28:14.0964 4452  DcomLaunch - ok

21:28:14.0991 4452  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll

21:28:14.0995 4452  defragsvc - ok

21:28:15.0048 4452  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

21:28:15.0050 4452  DfsC - ok

21:28:15.0058 4452  dgderdrv - ok

21:28:15.0117 4452  [ 421D371E96480DD3A14EA37D0D2757D1 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys

21:28:15.0118 4452  dg_ssudbus - ok

21:28:15.0149 4452  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll

21:28:15.0154 4452  Dhcp - ok

21:28:15.0167 4452  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys

21:28:15.0168 4452  discache - ok

21:28:15.0178 4452  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys

21:28:15.0180 4452  Disk - ok

21:28:15.0198 4452  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll

21:28:15.0201 4452  Dnscache - ok

21:28:15.0245 4452  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll

21:28:15.0249 4452  dot3svc - ok

21:28:15.0288 4452  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll

21:28:15.0291 4452  DPS - ok

21:28:15.0327 4452  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

21:28:15.0328 4452  drmkaud - ok

21:28:15.0373 4452  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys

21:28:15.0376 4452  dtsoftbus01 - ok

21:28:15.0424 4452  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

21:28:15.0431 4452  DXGKrnl - ok

21:28:15.0451 4452  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll

21:28:15.0453 4452  EapHost - ok

21:28:15.0528 4452  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys

21:28:15.0586 4452  ebdrv - ok

21:28:15.0629 4452  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe

21:28:15.0631 4452  EFS - ok

21:28:15.0686 4452  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe

21:28:15.0695 4452  ehRecvr - ok

21:28:15.0716 4452  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe

21:28:15.0718 4452  ehSched - ok

21:28:15.0740 4452  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys

21:28:15.0747 4452  elxstor - ok

21:28:15.0810 4452  [ 6106653B08F4F72EEAA7F099E7C408A4 ] epmntdrv        C:\Windows\system32\epmntdrv.sys

21:28:15.0812 4452  epmntdrv - ok

21:28:15.0825 4452  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys

21:28:15.0826 4452  ErrDev - ok

21:28:15.0889 4452  [ 991C04A31777ED77CB92A4F96F14C2E2 ] EuGdiDrv        C:\Windows\system32\EuGdiDrv.sys

21:28:15.0890 4452  EuGdiDrv - ok

21:28:15.0908 4452  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll

21:28:15.0914 4452  EventSystem - ok

21:28:15.0933 4452  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys

21:28:15.0936 4452  exfat - ok

21:28:15.0950 4452  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys

21:28:15.0954 4452  fastfat - ok

21:28:16.0022 4452  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe

21:28:16.0031 4452  Fax - ok

21:28:16.0041 4452  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys

21:28:16.0043 4452  fdc - ok

21:28:16.0062 4452  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll

21:28:16.0064 4452  fdPHost - ok

21:28:16.0070 4452  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll

21:28:16.0072 4452  FDResPub - ok

21:28:16.0085 4452  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

21:28:16.0086 4452  FileInfo - ok

21:28:16.0103 4452  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

21:28:16.0104 4452  Filetrace - ok

21:28:16.0116 4452  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys

21:28:16.0117 4452  flpydisk - ok

21:28:16.0164 4452  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

21:28:16.0168 4452  FltMgr - ok

21:28:16.0234 4452  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll

21:28:16.0249 4452  FontCache - ok

21:28:16.0328 4452  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

21:28:16.0329 4452  FontCache3.0.0.0 - ok

21:28:16.0344 4452  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys

21:28:16.0345 4452  FsDepends - ok

21:28:16.0387 4452  [ B16B626996C74B564005BA855C5DEE90 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys

21:28:16.0388 4452  fssfltr - ok

21:28:16.0472 4452  [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

21:28:16.0495 4452  fsssvc - ok

21:28:16.0536 4452  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

21:28:16.0537 4452  Fs_Rec - ok

21:28:16.0582 4452  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys

21:28:16.0584 4452  fvevol - ok

21:28:16.0590 4452  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys

21:28:16.0591 4452  gagp30kx - ok

21:28:16.0627 4452  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

21:28:16.0627 4452  GEARAspiWDM - ok

21:28:16.0681 4452  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll

21:28:16.0691 4452  gpsvc - ok

21:28:16.0799 4452  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:28:16.0801 4452  gupdate - ok

21:28:16.0827 4452  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:28:16.0828 4452  gupdatem - ok

21:28:16.0838 4452  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys

21:28:16.0840 4452  hcw85cir - ok

21:28:16.0887 4452  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

21:28:16.0891 4452  HdAudAddService - ok

21:28:16.0922 4452  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys

21:28:16.0924 4452  HDAudBus - ok

21:28:16.0928 4452  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys

21:28:16.0930 4452  HidBatt - ok

21:28:16.0935 4452  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys

21:28:16.0937 4452  HidBth - ok

21:28:16.0957 4452  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys

21:28:16.0959 4452  HidIr - ok

21:28:16.0967 4452  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll

21:28:16.0969 4452  hidserv - ok

21:28:17.0021 4452  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys

21:28:17.0022 4452  HidUsb - ok

21:28:17.0062 4452  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll

21:28:17.0064 4452  hkmsvc - ok

21:28:17.0098 4452  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

21:28:17.0102 4452  HomeGroupListener - ok

21:28:17.0120 4452  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

21:28:17.0125 4452  HomeGroupProvider - ok

21:28:17.0144 4452  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys

21:28:17.0146 4452  HpSAMD - ok

21:28:17.0209 4452  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys

21:28:17.0218 4452  HTTP - ok

21:28:17.0259 4452  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys

21:28:17.0260 4452  hwpolicy - ok

21:28:17.0291 4452  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys

21:28:17.0293 4452  i8042prt - ok

21:28:17.0334 4452  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys

21:28:17.0336 4452  iaStorV - ok

21:28:17.0395 4452  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

21:28:17.0405 4452  idsvc - ok

21:28:17.0431 4452  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys

21:28:17.0433 4452  iirsp - ok

21:28:17.0458 4452  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll

21:28:17.0468 4452  IKEEXT - ok

21:28:17.0489 4452  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys

21:28:17.0490 4452  intelide - ok

21:28:17.0506 4452  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys

21:28:17.0507 4452  intelppm - ok

21:28:17.0531 4452  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

21:28:17.0533 4452  IPBusEnum - ok

21:28:17.0562 4452  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:28:17.0564 4452  IpFilterDriver - ok

21:28:17.0614 4452  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll

21:28:17.0622 4452  iphlpsvc - ok

21:28:17.0639 4452  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys

21:28:17.0640 4452  IPMIDRV - ok

21:28:17.0652 4452  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys

21:28:17.0654 4452  IPNAT - ok

21:28:17.0704 4452  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe

21:28:17.0712 4452  iPod Service - ok

21:28:17.0726 4452  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys

21:28:17.0728 4452  IRENUM - ok

21:28:17.0742 4452  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys

21:28:17.0743 4452  isapnp - ok

21:28:17.0763 4452  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys

21:28:17.0767 4452  iScsiPrt - ok

21:28:17.0836 4452  [ CD91D1BD200D9F39682A08E987F0DBE2 ] JLTECH0227      C:\Windows\system32\Drivers\jl2005c.sys

21:28:17.0837 4452  JLTECH0227 - ok

21:28:17.0850 4452  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys

21:28:17.0851 4452  kbdclass - ok

21:28:17.0855 4452  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys

21:28:17.0856 4452  kbdhid - ok

21:28:17.0873 4452  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe

21:28:17.0875 4452  KeyIso - ok

21:28:17.0888 4452  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

21:28:17.0890 4452  KSecDD - ok

21:28:17.0906 4452  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys

21:28:17.0908 4452  KSecPkg - ok

21:28:17.0919 4452  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys

21:28:17.0920 4452  ksthunk - ok

21:28:17.0950 4452  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll

21:28:17.0956 4452  KtmRm - ok

21:28:18.0015 4452  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll

21:28:18.0020 4452  LanmanServer - ok

21:28:18.0064 4452  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

21:28:18.0068 4452  LanmanWorkstation - ok

21:28:18.0253 4452  [ 4CCC8AABE7880C56BA10043B8FBCA3EB ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

21:28:18.0382 4452  LeapFrog Connect Device Service - ok

21:28:18.0425 4452  [ 797289607A5EBF31353AA5EAD141F872 ] LeapFrog-USBLAN C:\Windows\system32\DRIVERS\btblan.sys

21:28:18.0426 4452  LeapFrog-USBLAN - ok

21:28:18.0450 4452  [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys

21:28:18.0451 4452  LGBusEnum - ok

21:28:18.0472 4452  [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys

21:28:18.0473 4452  LGVirHid - ok

21:28:18.0495 4452  libusb0 - ok

21:28:18.0518 4452  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

21:28:18.0520 4452  lltdio - ok

21:28:18.0555 4452  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll

21:28:18.0561 4452  lltdsvc - ok

21:28:18.0580 4452  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll

21:28:18.0582 4452  lmhosts - ok

21:28:18.0615 4452  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys

21:28:18.0617 4452  LSI_FC - ok

21:28:18.0630 4452  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys

21:28:18.0632 4452  LSI_SAS - ok

21:28:18.0646 4452  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys

21:28:18.0647 4452  LSI_SAS2 - ok

21:28:18.0675 4452  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys

21:28:18.0677 4452  LSI_SCSI - ok

21:28:18.0691 4452  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys

21:28:18.0692 4452  luafv - ok

21:28:18.0737 4452  [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus          C:\Windows\system32\DRIVERS\mcdbus.sys

21:28:18.0740 4452  mcdbus - ok

21:28:18.0778 4452  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll

21:28:18.0781 4452  Mcx2Svc - ok

21:28:18.0800 4452  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys

21:28:18.0802 4452  megasas - ok

21:28:18.0810 4452  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys

21:28:18.0814 4452  MegaSR - ok

21:28:18.0839 4452  Microsoft SharePoint Workspace Audit Service - ok

21:28:18.0855 4452  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll

21:28:18.0858 4452  MMCSS - ok

21:28:18.0876 4452  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys

21:28:18.0877 4452  Modem - ok

21:28:18.0906 4452  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

21:28:18.0906 4452  monitor - ok

21:28:18.0922 4452  [ C030F9E822A057C1A7A9BB4EA3E8877E ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys

21:28:18.0923 4452  MotioninJoyXFilter - ok

21:28:18.0935 4452  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys

21:28:18.0936 4452  mouclass - ok

21:28:18.0955 4452  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

21:28:18.0956 4452  mouhid - ok

21:28:19.0001 4452  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys

21:28:19.0003 4452  mountmgr - ok

21:28:19.0071 4452  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

21:28:19.0073 4452  MozillaMaintenance - ok

21:28:19.0130 4452  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys

21:28:19.0133 4452  MpFilter - ok

21:28:19.0156 4452  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys

21:28:19.0159 4452  mpio - ok

21:28:19.0179 4452  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

21:28:19.0181 4452  mpsdrv - ok

21:28:19.0244 4452  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll

21:28:19.0255 4452  MpsSvc - ok

21:28:19.0296 4452  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

21:28:19.0299 4452  MRxDAV - ok

21:28:19.0328 4452  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

21:28:19.0330 4452  mrxsmb - ok

21:28:19.0378 4452  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:28:19.0382 4452  mrxsmb10 - ok

21:28:19.0407 4452  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:28:19.0409 4452  mrxsmb20 - ok

21:28:19.0449 4452  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys

21:28:19.0451 4452  msahci - ok

21:28:19.0467 4452  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

21:28:19.0470 4452  msdsm - ok

21:28:19.0486 4452  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe

21:28:19.0489 4452  MSDTC - ok

21:28:19.0513 4452  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys

21:28:19.0513 4452  Msfs - ok

21:28:19.0527 4452  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys

21:28:19.0528 4452  mshidkmdf - ok

21:28:19.0560 4452  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

21:28:19.0560 4452  msisadrv - ok

21:28:19.0603 4452  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

21:28:19.0607 4452  MSiSCSI - ok

21:28:19.0612 4452  msiserver - ok

21:28:19.0622 4452  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

21:28:19.0623 4452  MSKSSRV - ok

21:28:19.0673 4452  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe

21:28:19.0674 4452  MsMpSvc - ok

21:28:19.0690 4452  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

21:28:19.0691 4452  MSPCLOCK - ok

21:28:19.0700 4452  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

21:28:19.0701 4452  MSPQM - ok

21:28:19.0747 4452  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

21:28:19.0752 4452  MsRPC - ok

21:28:19.0760 4452  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys

21:28:19.0761 4452  mssmbios - ok

21:28:19.0778 4452  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

21:28:19.0780 4452  MSTEE - ok

21:28:19.0791 4452  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys

21:28:19.0792 4452  MTConfig - ok

21:28:19.0818 4452  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys

21:28:19.0819 4452  Mup - ok

21:28:19.0866 4452  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll

21:28:19.0874 4452  napagent - ok

21:28:19.0892 4452  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

21:28:19.0896 4452  NativeWifiP - ok

21:28:19.0953 4452  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys

21:28:19.0964 4452  NDIS - ok

21:28:19.0984 4452  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys

21:28:19.0986 4452  NdisCap - ok

21:28:20.0000 4452  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

21:28:20.0001 4452  NdisTapi - ok

21:28:20.0045 4452  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

21:28:20.0046 4452  Ndisuio - ok

21:28:20.0086 4452  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

21:28:20.0089 4452  NdisWan - ok

21:28:20.0133 4452  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

21:28:20.0134 4452  NDProxy - ok

21:28:20.0162 4452  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

21:28:20.0163 4452  NetBIOS - ok

21:28:20.0209 4452  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys

21:28:20.0212 4452  NetBT - ok

21:28:20.0219 4452  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe

21:28:20.0221 4452  Netlogon - ok

21:28:20.0253 4452  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll

21:28:20.0258 4452  Netman - ok

21:28:20.0272 4452  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll

21:28:20.0278 4452  netprofm - ok

21:28:20.0310 4452  [ 81B8D0C1CE44A7FDBD596B693783950C ] netr7364        C:\Windows\system32\DRIVERS\netr7364.sys

21:28:20.0318 4452  netr7364 - ok

21:28:20.0437 4452  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

21:28:20.0457 4452  NetTcpPortSharing - ok

21:28:20.0474 4452  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys

21:28:20.0475 4452  nfrd960 - ok

21:28:20.0508 4452  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys

21:28:20.0509 4452  NisDrv - ok

21:28:20.0552 4452  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe

21:28:20.0556 4452  NisSrv - ok

21:28:20.0602 4452  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll

21:28:20.0608 4452  NlaSvc - ok

21:28:20.0625 4452  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys

21:28:20.0625 4452  Npfs - ok

21:28:20.0653 4452  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll

21:28:20.0655 4452  nsi - ok

21:28:20.0665 4452  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

21:28:20.0666 4452  nsiproxy - ok

21:28:20.0728 4452  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

21:28:20.0758 4452  Ntfs - ok

21:28:20.0774 4452  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys

21:28:20.0775 4452  Null - ok

21:28:20.0803 4452  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys

21:28:20.0806 4452  nvraid - ok

21:28:20.0855 4452  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys

21:28:20.0858 4452  nvstor - ok

21:28:20.0875 4452  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

21:28:20.0878 4452  nv_agp - ok

21:28:20.0909 4452  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys

21:28:20.0911 4452  ohci1394 - ok

21:28:20.0942 4452  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

21:28:20.0945 4452  ose - ok

21:28:21.0063 4452  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

21:28:21.0155 4452  osppsvc - ok

21:28:21.0179 4452  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll

21:28:21.0184 4452  p2pimsvc - ok

21:28:21.0205 4452  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll

21:28:21.0211 4452  p2psvc - ok

21:28:21.0229 4452  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys

21:28:21.0231 4452  Parport - ok

21:28:21.0276 4452  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys

21:28:21.0277 4452  partmgr - ok

21:28:21.0285 4452  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll

21:28:21.0289 4452  PcaSvc - ok

21:28:21.0300 4452  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys

21:28:21.0303 4452  pci - ok

21:28:21.0322 4452  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys

21:28:21.0324 4452  pciide - ok

21:28:21.0346 4452  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys

21:28:21.0349 4452  pcmcia - ok

21:28:21.0363 4452  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys

21:28:21.0364 4452  pcw - ok

21:28:21.0390 4452  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

21:28:21.0397 4452  PEAUTH - ok

21:28:21.0451 4452  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll

21:28:21.0476 4452  PeerDistSvc - ok

21:28:21.0546 4452  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe

21:28:21.0548 4452  PerfHost - ok

21:28:21.0614 4452  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll

21:28:21.0628 4452  pla - ok

21:28:21.0685 4452  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

21:28:21.0692 4452  PlugPlay - ok

21:28:21.0707 4452  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll

21:28:21.0709 4452  PNRPAutoReg - ok

21:28:21.0718 4452  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll

21:28:21.0722 4452  PNRPsvc - ok

21:28:21.0775 4452  [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64         C:\Windows\system32\DRIVERS\point64.sys

21:28:21.0776 4452  Point64 - ok

21:28:21.0827 4452  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

21:28:21.0834 4452  PolicyAgent - ok

21:28:21.0852 4452  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll

21:28:21.0856 4452  Power - ok

21:28:21.0904 4452  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

21:28:21.0905 4452  PptpMiniport - ok

21:28:21.0922 4452  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys

21:28:21.0924 4452  Processor - ok

21:28:21.0964 4452  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll

21:28:21.0969 4452  ProfSvc - ok

21:28:21.0984 4452  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

21:28:21.0986 4452  ProtectedStorage - ok

21:28:22.0026 4452  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys

21:28:22.0028 4452  Psched - ok

21:28:22.0071 4452  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys

21:28:22.0100 4452  ql2300 - ok

21:28:22.0119 4452  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys

21:28:22.0122 4452  ql40xx - ok

21:28:22.0138 4452  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll

21:28:22.0144 4452  QWAVE - ok

21:28:22.0155 4452  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

21:28:22.0156 4452  QWAVEdrv - ok

21:28:22.0174 4452  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

21:28:22.0176 4452  RasAcd - ok

21:28:22.0190 4452  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys

21:28:22.0191 4452  RasAgileVpn - ok

21:28:22.0208 4452  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll

21:28:22.0211 4452  RasAuto - ok

21:28:22.0247 4452  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

21:28:22.0249 4452  Rasl2tp - ok

21:28:22.0298 4452  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll

21:28:22.0304 4452  RasMan - ok

21:28:22.0361 4452  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

21:28:22.0362 4452  RasPppoe - ok

21:28:22.0368 4452  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

21:28:22.0370 4452  RasSstp - ok

21:28:22.0386 4452  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

21:28:22.0390 4452  rdbss - ok

21:28:22.0401 4452  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys

21:28:22.0402 4452  rdpbus - ok

21:28:22.0417 4452  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

21:28:22.0418 4452  RDPCDD - ok

21:28:22.0462 4452  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys

21:28:22.0464 4452  RDPDR - ok

21:28:22.0486 4452  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

21:28:22.0487 4452  RDPENCDD - ok

21:28:22.0498 4452  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys

21:28:22.0499 4452  RDPREFMP - ok

21:28:22.0580 4452  [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

21:28:22.0582 4452  RdpVideoMiniport - ok

21:28:22.0621 4452  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

21:28:22.0624 4452  RDPWD - ok

21:28:22.0653 4452  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys

21:28:22.0655 4452  rdyboost - ok

21:28:22.0685 4452  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll

21:28:22.0688 4452  RemoteAccess - ok

21:28:22.0703 4452  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll

21:28:22.0708 4452  RemoteRegistry - ok

21:28:22.0719 4452  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll

21:28:22.0722 4452  RpcEptMapper - ok

21:28:22.0747 4452  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe

21:28:22.0749 4452  RpcLocator - ok

21:28:22.0799 4452  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll

21:28:22.0805 4452  RpcSs - ok

21:28:22.0817 4452  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

21:28:22.0819 4452  rspndr - ok

21:28:22.0868 4452  [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys

21:28:22.0871 4452  RTL8167 - ok

21:28:22.0927 4452  [ 4A06585C8673F4458E9FBBC9DDDB4D28 ] RTL8187B        C:\Windows\system32\DRIVERS\wg111v3.sys

21:28:22.0933 4452  RTL8187B - ok

21:28:22.0970 4452  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys

21:28:22.0971 4452  s3cap - ok

21:28:22.0977 4452  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe

21:28:22.0979 4452  SamSs - ok

21:28:23.0027 4452  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

21:28:23.0030 4452  sbp2port - ok

21:28:23.0043 4452  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll

21:28:23.0047 4452  SCardSvr - ok

21:28:23.0080 4452  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys

21:28:23.0081 4452  scfilter - ok

21:28:23.0148 4452  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll

21:28:23.0163 4452  Schedule - ok

21:28:23.0204 4452  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll

21:28:23.0205 4452  SCPolicySvc - ok

21:28:23.0243 4452  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

21:28:23.0248 4452  SDRSVC - ok

21:28:23.0276 4452  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys

21:28:23.0277 4452  secdrv - ok

21:28:23.0317 4452  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll

21:28:23.0320 4452  seclogon - ok

21:28:23.0325 4452  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll

21:28:23.0328 4452  SENS - ok

21:28:23.0343 4452  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll

21:28:23.0346 4452  SensrSvc - ok

21:28:23.0366 4452  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys

21:28:23.0367 4452  Serenum - ok

21:28:23.0384 4452  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys

21:28:23.0386 4452  Serial - ok

21:28:23.0422 4452  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys

21:28:23.0424 4452  sermouse - ok

21:28:23.0448 4452  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll

21:28:23.0452 4452  SessionEnv - ok

21:28:23.0495 4452  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys

21:28:23.0496 4452  sffdisk - ok

21:28:23.0509 4452  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

21:28:23.0510 4452  sffp_mmc - ok

21:28:23.0525 4452  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys

21:28:23.0527 4452  sffp_sd - ok

21:28:23.0538 4452  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys

21:28:23.0539 4452  sfloppy - ok

21:28:23.0571 4452  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll

21:28:23.0577 4452  SharedAccess - ok

21:28:23.0623 4452  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

21:28:23.0629 4452  ShellHWDetection - ok

21:28:23.0646 4452  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys

21:28:23.0647 4452  SiSRaid2 - ok

21:28:23.0662 4452  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys

21:28:23.0664 4452  SiSRaid4 - ok

21:28:23.0721 4452  [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe

21:28:23.0723 4452  SkypeUpdate - ok

21:28:23.0753 4452  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys

21:28:23.0755 4452  Smb - ok

21:28:23.0762 4452  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

21:28:23.0764 4452  SNMPTRAP - ok

21:28:23.0767 4452  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys

21:28:23.0768 4452  spldr - ok

21:28:23.0810 4452  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe

21:28:23.0817 4452  Spooler - ok

21:28:23.0888 4452  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe

21:28:23.0958 4452  sppsvc - ok

21:28:23.0965 4452  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll

21:28:23.0968 4452  sppuinotify - ok

21:28:24.0062 4452  [ 6FBEB99A5AB20BC6AD390BE2AA12CDF9 ] SpyroService    C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe

21:28:24.0063 4452  SpyroService - ok

21:28:24.0087 4452  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys

21:28:24.0093 4452  srv - ok

21:28:24.0115 4452  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

21:28:24.0121 4452  srv2 - ok

21:28:24.0152 4452  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

21:28:24.0154 4452  srvnet - ok

21:28:24.0186 4452  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

21:28:24.0191 4452  SSDPSRV - ok

21:28:24.0200 4452  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll

21:28:24.0204 4452  SstpSvc - ok

21:28:24.0258 4452  [ A97BFF59B3B983FDBDCD8AE6CF3C1E2D ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys

21:28:24.0260 4452  ssudmdm - ok

21:28:24.0300 4452  Steam Client Service - ok

21:28:24.0326 4452  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys

21:28:24.0328 4452  stexstor - ok

21:28:24.0374 4452  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll

21:28:24.0383 4452  stisvc - ok

21:28:24.0421 4452  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys

21:28:24.0421 4452  storflt - ok

21:28:24.0451 4452  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys

21:28:24.0452 4452  storvsc - ok

21:28:24.0494 4452  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys

21:28:24.0495 4452  swenum - ok

21:28:24.0520 4452  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll

21:28:24.0528 4452  swprv - ok

21:28:24.0540 4452  Synth3dVsc - ok

21:28:24.0608 4452  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll

21:28:24.0652 4452  SysMain - ok

21:28:24.0691 4452  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

21:28:24.0695 4452  TabletInputService - ok

21:28:24.0746 4452  [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys

21:28:24.0747 4452  tap0901 - ok

21:28:24.0792 4452  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll

21:28:24.0797 4452  TapiSrv - ok

21:28:24.0815 4452  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll

21:28:24.0817 4452  TBS - ok

21:28:24.0888 4452  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

21:28:24.0928 4452  Tcpip - ok

21:28:24.0967 4452  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys

21:28:24.0980 4452  TCPIP6 - ok

21:28:25.0027 4452  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

21:28:25.0029 4452  tcpipreg - ok

21:28:25.0049 4452  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

21:28:25.0050 4452  TDPIPE - ok

21:28:25.0099 4452  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

21:28:25.0100 4452  TDTCP - ok

21:28:25.0151 4452  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

21:28:25.0153 4452  tdx - ok

21:28:25.0159 4452  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys

21:28:25.0160 4452  TermDD - ok

21:28:25.0211 4452  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll

21:28:25.0222 4452  TermService - ok

21:28:25.0237 4452  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll

21:28:25.0241 4452  Themes - ok

21:28:25.0252 4452  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll

21:28:25.0254 4452  THREADORDER - ok

21:28:25.0267 4452  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll

21:28:25.0271 4452  TrkWks - ok

21:28:25.0330 4452  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

21:28:25.0333 4452  TrustedInstaller - ok

21:28:25.0381 4452  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

21:28:25.0382 4452  tssecsrv - ok

21:28:25.0406 4452  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys

21:28:25.0408 4452  TsUsbFlt - ok

21:28:25.0412 4452  tsusbhub - ok

21:28:25.0468 4452  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

21:28:25.0470 4452  tunnel - ok

21:28:25.0488 4452  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys

21:28:25.0490 4452  uagp35 - ok

21:28:25.0517 4452  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

21:28:25.0522 4452  udfs - ok

21:28:25.0545 4452  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe

21:28:25.0548 4452  UI0Detect - ok

21:28:25.0560 4452  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

21:28:25.0562 4452  uliagpkx - ok

21:28:25.0588 4452  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys

21:28:25.0589 4452  umbus - ok

21:28:25.0612 4452  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys

21:28:25.0613 4452  UmPass - ok

21:28:25.0630 4452  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll

21:28:25.0634 4452  UmRdpService - ok

21:28:25.0652 4452  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll

21:28:25.0658 4452  upnphost - ok

21:28:25.0696 4452  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

21:28:25.0698 4452  usbccgp - ok

21:28:25.0753 4452  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys

21:28:25.0755 4452  usbcir - ok

21:28:25.0793 4452  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys

21:28:25.0794 4452  usbehci - ok

21:28:25.0808 4452  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

21:28:25.0811 4452  usbhub - ok

21:28:25.0851 4452  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys

21:28:25.0852 4452  usbohci - ok

21:28:25.0864 4452  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys

21:28:25.0866 4452  usbprint - ok

21:28:25.0886 4452  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:28:25.0888 4452  USBSTOR - ok

21:28:25.0899 4452  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys

21:28:25.0900 4452  usbuhci - ok

21:28:25.0908 4452  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll

21:28:25.0912 4452  UxSms - ok

21:28:25.0918 4452  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe

21:28:25.0920 4452  VaultSvc - ok

21:28:25.0936 4452  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys

21:28:25.0937 4452  vdrvroot - ok

21:28:25.0957 4452  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe

21:28:25.0965 4452  vds - ok

21:28:25.0994 4452  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

21:28:25.0995 4452  vga - ok

21:28:26.0010 4452  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys

21:28:26.0011 4452  VgaSave - ok

21:28:26.0015 4452  VGPU - ok

21:28:26.0040 4452  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys

21:28:26.0043 4452  vhdmp - ok

21:28:26.0085 4452  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys

21:28:26.0086 4452  viaide - ok

21:28:26.0130 4452  [ 3B59BB6D10CF969DBE4DB93D9EAD7FB4 ] VKbms           C:\Windows\system32\DRIVERS\VKbms.sys

21:28:26.0130 4452  VKbms - ok

21:28:26.0176 4452  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys

21:28:26.0179 4452  vmbus - ok

21:28:26.0214 4452  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys

21:28:26.0216 4452  VMBusHID - ok

21:28:26.0226 4452  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

21:28:26.0228 4452  volmgr - ok

21:28:26.0267 4452  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

21:28:26.0272 4452  volmgrx - ok

21:28:26.0327 4452  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys

21:28:26.0331 4452  volsnap - ok

21:28:26.0348 4452  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys

21:28:26.0351 4452  vsmraid - ok

21:28:26.0392 4452  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe

21:28:26.0423 4452  VSS - ok

21:28:26.0429 4452  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys

21:28:26.0431 4452  vwifibus - ok

21:28:26.0456 4452  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys

21:28:26.0457 4452  vwififlt - ok

21:28:26.0490 4452  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll

21:28:26.0496 4452  W32Time - ok

21:28:26.0502 4452  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys

21:28:26.0504 4452  WacomPen - ok

21:28:26.0521 4452  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys

21:28:26.0523 4452  WANARP - ok

21:28:26.0526 4452  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

21:28:26.0527 4452  Wanarpv6 - ok

21:28:26.0595 4452  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe

21:28:26.0608 4452  WatAdminSvc - ok

21:28:26.0652 4452  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe

21:28:26.0680 4452  wbengine - ok

21:28:26.0708 4452  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll

21:28:26.0712 4452  WbioSrvc - ok

21:28:26.0749 4452  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll

21:28:26.0754 4452  wcncsvc - ok

21:28:26.0759 4452  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

21:28:26.0762 4452  WcsPlugInService - ok

21:28:26.0777 4452  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys

21:28:26.0778 4452  Wd - ok

21:28:26.0813 4452  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

21:28:26.0820 4452  Wdf01000 - ok

21:28:26.0834 4452  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll

21:28:26.0837 4452  WdiServiceHost - ok

21:28:26.0841 4452  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll

21:28:26.0843 4452  WdiSystemHost - ok

21:28:26.0885 4452  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll

21:28:26.0890 4452  WebClient - ok

21:28:26.0905 4452  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll

21:28:26.0909 4452  Wecsvc - ok

21:28:26.0924 4452  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll

21:28:26.0926 4452  wercplsupport - ok

21:28:26.0957 4452  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll

21:28:26.0961 4452  WerSvc - ok

21:28:26.0975 4452  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys

21:28:26.0976 4452  WfpLwf - ok

21:28:26.0992 4452  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys

21:28:26.0993 4452  WIMMount - ok

21:28:27.0010 4452  WinDefend - ok

21:28:27.0029 4452  WinHttpAutoProxySvc - ok

21:28:27.0071 4452  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

21:28:27.0075 4452  Winmgmt - ok

21:28:27.0147 4452  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll

21:28:27.0194 4452  WinRM - ok

21:28:27.0222 4452  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys

21:28:27.0223 4452  WinUsb - ok

21:28:27.0251 4452  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll

21:28:27.0261 4452  Wlansvc - ok

21:28:27.0429 4452  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

21:28:27.0477 4452  wlidsvc - ok

21:28:27.0514 4452  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys

21:28:27.0515 4452  WmiAcpi - ok

21:28:27.0549 4452  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

21:28:27.0552 4452  wmiApSrv - ok

21:28:27.0556 4452  WMPNetworkSvc - ok

21:28:27.0573 4452  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll

21:28:27.0576 4452  WPCSvc - ok

21:28:27.0589 4452  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

21:28:27.0594 4452  WPDBusEnum - ok

21:28:27.0607 4452  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

21:28:27.0608 4452  ws2ifsl - ok

21:28:27.0625 4452  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll

21:28:27.0629 4452  wscsvc - ok

21:28:27.0670 4452  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys

21:28:27.0671 4452  WSDPrintDevice - ok

21:28:27.0702 4452  [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys

21:28:27.0703 4452  WSDScan - ok

21:28:27.0708 4452  WSearch - ok

21:28:27.0780 4452  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll

21:28:27.0838 4452  wuauserv - ok

21:28:27.0886 4452  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys

21:28:27.0888 4452  WudfPf - ok

21:28:27.0918 4452  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

21:28:27.0922 4452  WUDFRd - ok

21:28:27.0961 4452  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

21:28:27.0965 4452  wudfsvc - ok

21:28:28.0013 4452  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll

21:28:28.0018 4452  WwanSvc - ok

21:28:28.0053 4452  [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys

21:28:28.0053 4452  xusb21 - ok

21:28:28.0093 4452  ================ Scan global ===============================

21:28:28.0112 4452  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

21:28:28.0158 4452  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

21:28:28.0169 4452  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

21:28:28.0194 4452  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

21:28:28.0239 4452  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

21:28:28.0245 4452  [Global] - ok

21:28:28.0246 4452  ================ Scan MBR ==================================

21:28:28.0291 4452  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

21:28:28.0476 4452  \Device\Harddisk0\DR0 - ok

21:28:28.0476 4452  ================ Scan VBR ==================================

21:28:28.0479 4452  [ 59EF1C4B649971427D51A6B9D5A78EBD ] \Device\Harddisk0\DR0\Partition1

21:28:28.0481 4452  \Device\Harddisk0\DR0\Partition1 - ok

21:28:28.0491 4452  [ 816A4BD3292B2FC60142717AB58B3827 ] \Device\Harddisk0\DR0\Partition2

21:28:28.0493 4452  \Device\Harddisk0\DR0\Partition2 - ok

21:28:28.0493 4452  ============================================================

21:28:28.0493 4452  Scan finished

21:28:28.0493 4452  ============================================================

21:28:28.0504 4172  Detected object count: 0

21:28:28.0504 4172  Actual detected object count: 0

 

 

 

 

RogueKiller V8.6.1 [Jun 25 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

 

Blog : http://tigzyrk.blogspot.com/

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Phil [Admin rights]

Mode : Scan -- Date : 06/28/2013 21:32:54

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 8 ¤¤¤

[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][File] @ : C:\Users\Phil\AppData\Local\{1b824faf-163d-e0fd-b644-8cd4008a9704}\@ [-] --> FOUND

[ZeroAccess][Folder] U : C:\Windows\Installer\{1b824faf-163d-e0fd-b644-8cd4008a9704}\U [-] --> FOUND

[ZeroAccess][Folder] U : C:\Users\Phil\AppData\Local\{1b824faf-163d-e0fd-b644-8cd4008a9704}\U [-] --> FOUND

[ZeroAccess][Folder] L : C:\Windows\Installer\{1b824faf-163d-e0fd-b644-8cd4008a9704}\L [-] --> FOUND

[ZeroAccess][Folder] L : C:\Users\Phil\AppData\Local\{1b824faf-163d-e0fd-b644-8cd4008a9704}\L [-] --> FOUND

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection : ZeroAccess ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: WDC WD7500AARS-00Y5B1 +++++

--- User ---

[MBR] 6c9fbe7676b177066193c18b0179b3b3

[bSP] a07e889862b3d67f618f512da7168b73 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 715302 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_06282013_213254.txt >>

 

 

 

 

Thanks again!

Edited by Maurice Naggar
highlights
Link to post
Share on other sites

Backdoor trojan warning:ZeroAccess / Sirefef

This system has very serious backdoor trojans. ZeroAccess / Sirefef

This is a point where you need to decide about whether to make a clean start.

According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

You are strongly advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

See this article on creating strong passwords http://www.microsoft.com/security/online-privacy/passwords-create.aspx

* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.

While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

FYI, You can read more about the ZeroAccess/Sirefef rootkit here

http://nakedsecurity.sophos.com/zeroaccess/

http://blog.eset.com/2012/06/28/zeroaccess-much-too-much-access

Let me know what you decide. :excl:

Link to post
Share on other sites

The infected computer has been powered off. I am in the process of changing passwords, etc. as you recommended. I really appreciate your assistance here. 

 

Also, I have a few laptops around the house and I THINK are but would like to verify as clean. One is running Windows 8, the other a Mac running OS10.7.5. 

 

Am I correct in thinking that I can scan the windows 8 machine using RogueKiller to determine if it has this trojan? Also, is there a similar application for Mac OSX?

Link to post
Share on other sites

Hey there,

 

OK so...After a lot of troubleshooting, thinking, etc. I think it miiiiight be possible that the trojan the scan picked up might be an old artifact of a past infection long since removed. It turns out that my internet speed problems are affecting all online devices in my home, from my mac laptop to a win 8 computer to an ipad etc. So I've ruled that out as a symptom of the trojan. More importantly, I recalled that about a year ago I had a keylogger that was successfully removed with the help of someone like yourself. I have the url of the forum thread where I was helped with that problem and I've pasted it below. If you could possibly review that and determine if the two incidents are related, that might prove useful. One of the reasons I think they're related is because one of the infected folders from the scans above has a modify date that overlaps with the forum help I received last year. (C:\Users\Phil\AppData\Local\{1b824faf-163d-e0fd-b644-8cd4008a9704})

 

http://www.spywareinfoforum.com/topic/129081-keylogger-stealing-passwords-typical-virusspyware-scanners-not-helping/

 

Once again, any and all help is greatly appreciated. Thank you for your time and energy! 

Link to post
Share on other sites

Sorry for the high number of replies. After further snooping and research, I now suspect that I what I said in my previous post is incorrect.

 

I may just resign myself to formatting and starting anew. Please just advise on what I had previously stated two posts up...

 

"Also, I have a few laptops around the house and I THINK are but would like to verify as clean. One is running Windows 8, the other a Mac running OS10.7.5. 

Am I correct in thinking that I can scan the windows 8 machine using RogueKiller to determine if it has this trojan? Also, is there a similar application for Mac OSX?"

 

Thanks for your help! 

Link to post
Share on other sites

Your thread at SWI is 3 years old. I do not see how it would be related to what you have now on this Windows 7 machine.

Doing a complete wipe / delete/ erase / and a new Windows install is the safest for the long term.

While one can run Roguekiller on WIN8, that tool alone is not a "single" determinant.

Do not mix in Win 8 machine in this topic.

Also, know that we have nothing on malware checks for Apple/iOS

It may also be possible, if all machines are really truly slow in accessing the internet, that your router harwdware has been compromised.

If you have another system you can test that with, that system should also show redirects if the router has been hacked.

Now, this usually easy to fix if it is the problem.

Using a clean system, go to the router-harware manufacturer support website.

Download the latest firmware for the router from the manufacturer's site. Go into the router's setup via your browser and copy on paper all the critical settings in the router. Disconnect all systems attached to the router, wired or wireless. Disconnect the router from any gateway (it might be the gateway with some units provided by ISPs). Disconnect the router power supply and let sit for 15 minutes.

Next, on the rear, bottom or side of the router you should see a small button marked Reset. Depress the Reset button with some small pointed object (a bent paperclip will work), and plug the modem back into the power supply. Watch the LEDs on the front of the router and when they stop flashing the router has been reset and you can release the reset button. Connect the router to the gateway and systems. Upload the latest firmware and then reenter the critical settings manually. Do not restore a previously saved settings file.

You should check the router reset steps with the router manual first, but the steps I outlined are usually what it used. If the router was hacked, that should clear out the hack and the redirects should end.

Link to post
Share on other sites

Thanks again for your assistance. 

 

Long story short, yes, I was completely off base with my thoughts about a previous infection being the cause of the positive result. 

 

I've reformatted my computer, installed all windows updates, AVG Free 2013. I sincerely doubt that the other machines as I've already run a plethora of scans on them. If I begin to suspect either is infected I can always open a new thread, for the Win 8 machine for example. 

 

I don't think my router hardware was compromised. My internet speed is still up and down, ranging anywhere from 0.5 mb/s up to 30 mb/s (on a 40 mb/s connection) on speedtest websites. However, I've spent some time on the phone with my ISP and they said that they're seeing some signal interference and they suspect some sort of hardware failure, perhaps in lines or otherwise. The router I'm using is theirs. In any case, they'll be out to check things out soon. 

 

With that said, I feel comfortable moving forward from here. I really appreciate your help. With your assistance I detected a potentially dangerous trojan, formatted, and took necessary precautions by changing passwords and such. I'm on a clean machine now and will take extra precautions in the future. 

 

Thanks! 

Link to post
Share on other sites

Print out this list for future reference.

And do practice safer usage of the computer. {For 1, make a system image backup of the now clean system. and make a periodic similar backup on some regular basis.

That will lessen the odds in your favor of needing to start from scratch in the future).

Safer practices & malware prevention

Microsoft Safety Scanner

Panda ActiveScan

  • See Six tips to help you stay safer online
  • Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !
  • We are finished here. Best regards. cool.gif
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.