Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Smart Fortress 2012 Infection on laptop [Solved]

Started by chosen072 , May 14 2012 04:27 PM

  • This topic is locked This topic is locked

#1
chosen072
Posted 14 May 2012 - 04:27 PM

chosen072

    Member

  • Member
  • PipPip
  • 94 posts
Hi My HP Laptop, vista is infected with the smart fortress 2012 virus
I tried aswMBR.exe
Malewarebyte and cure doctor but nothing is working
Below is the log to aswMBR.exe
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-14 15:47:49
-----------------------------
15:47:49.194 OS Version: Windows 6.0.6002 Service Pack 2
15:47:49.194 Number of processors: 2 586 0x6801
15:47:49.196 ComputerName: ROBINS-LT UserName: Chosen072
15:47:53.611 Initialize success
15:48:01.813 AVAST engine defs: 12051400
15:48:05.295 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
15:48:05.316 Disk 0 Vendor: ST9120822AS 3.BHE Size: 114473MB BusType: 3
15:48:05.323 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-6
15:48:05.328 Disk 1 Vendor: ST9120822AS 3.BHE Size: 114473MB BusType: 3
15:48:05.390 Disk 0 MBR read successfully
15:48:05.396 Disk 0 MBR scan
15:48:05.469 Disk 0 unknown MBR code
15:48:05.501 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 105857 MB offset 63
15:48:05.538 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8612 MB offset 216797175
15:48:05.579 Disk 0 scanning sectors +234436545
15:48:05.715 Disk 0 scanning C:\Windows\system32\drivers
15:48:31.614 File: C:\Windows\system32\drivers\netbt.sys **INFECTED** Win32:Rootkit-gen [Rtk]
15:48:56.652 AVAST engine scan C:\Windows
15:49:27.986 AVAST engine scan C:\Windows\system32
16:00:21.724 AVAST engine scan C:\Windows\system32\drivers
16:00:46.262 File: C:\Windows\system32\drivers\netbt.sys **INFECTED** Win32:Rootkit-gen [Rtk]
16:01:25.811 AVAST engine scan C:\Users\Chosen072
16:08:56.702 Disk 0 MBR has been saved successfully to "C:\Users\Chosen072\Desktop\MBR.dat"
16:08:56.717 The log file has been saved successfully to "C:\Users\Chosen072\Desktop\chozens mbrI.txt"
=========================================================================================================================
OTL Log
OTL logfile created on: 5/14/2012 6:35:49 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Chosen072\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 44.49% Memory free
4.11 Gb Paging File | 2.88 Gb Available in Paging File | 70.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.38 Gb Total Space | 34.30 Gb Free Space | 33.18% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 12.21 Gb Free Space | 10.92% Space Free | Partition Type: NTFS
Drive E: | 8.41 Gb Total Space | 1.35 Gb Free Space | 16.03% Space Free | Partition Type: NTFS

Computer Name: ROBINS-LT | User Name: Chosen072 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/14 18:35:21 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Chosen072\Desktop\OTL.exe
PRC - [2012/05/14 15:14:59 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Chosen072\Desktop\aswMBR.exe
PRC - [2012/05/14 14:42:44 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012/05/14 14:40:00 | 000,019,392 | ---- | M] () -- C:\Users\Chosen072\qgl6wo88sw.exe
PRC - [2012/05/04 14:41:36 | 027,087,944 | ---- | M] (Dropbox, Inc.) -- C:\Users\Chosen072\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/02/01 15:18:14 | 002,918,224 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Jing\Jing.exe
PRC - [2010/12/15 13:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/12/15 13:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2010/10/18 09:37:35 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\consent.exe
PRC - [2010/09/17 11:14:50 | 000,098,304 | ---- | M] (Firebird Project) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
PRC - [2010/09/17 11:14:42 | 003,735,552 | ---- | M] (Firebird Project) -- C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
PRC - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/06/26 17:21:00 | 000,757,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/14 14:40:00 | 000,019,392 | ---- | M] () -- C:\Users\Chosen072\qgl6wo88sw.exe
MOD - [2012/05/11 05:38:13 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/11 05:36:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/11 05:36:19 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll
MOD - [2012/05/11 05:36:06 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll
MOD - [2012/05/11 05:35:37 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/11 05:35:30 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012/05/11 05:35:29 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c466fbf8e50c7c11b2fa994707124290\PresentationFramework.ni.dll
MOD - [2012/05/11 05:35:08 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b4ade6954a61a7626858c123dc951ba6\PresentationCore.ni.dll
MOD - [2012/05/11 05:34:52 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/11 05:34:47 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/11 05:34:38 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/02/01 15:18:20 | 001,144,656 | ---- | M] () -- C:\Program Files\TechSmith\Jing\Recorder.dll
MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/11/03 20:14:04 | 000,054,272 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_01.dll
MOD - [2008/06/20 00:42:56 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/12/19 20:27:04 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/02/29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/12/15 13:31:20 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 13:22:42 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2010/09/17 11:14:50 | 000,098,304 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2010/09/17 11:14:42 | 003,735,552 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2010/06/01 09:07:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/09 17:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\Drivers\vdm2mjyx.sys -- (vdm2mjyx)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\CHOSEN~1\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\6d4db.sys -- (6d4db)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/01/25 16:49:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2009/12/16 17:48:51 | 000,019,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\tsk_atapi.sys -- (atapi)
DRV - [2009/12/16 16:11:04 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\uzm2mjyx.sys -- (uzm2mjyx)
DRV - [2009/11/24 19:49:48 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/07/16 08:53:18 | 000,107,776 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\gtuhs51.sys -- (GTUHSNDISIPXP)
DRV - [2009/07/16 08:51:50 | 000,067,840 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\gtuhsbus.sys -- (GTUHSBUS)
DRV - [2009/07/16 08:49:56 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\gtuhsser.sys -- (GTUHSSER)
DRV - [2009/06/26 17:21:02 | 001,956,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2009/06/10 16:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/12/04 03:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/08/22 10:05:42 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/03/03 11:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/07/10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/03 18:59:10 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2007/07/03 18:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 18:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 18:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/04/11 22:30:52 | 000,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/02/24 10:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 19:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 13:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/01/23 12:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/30 13:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 12:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {40439b93-f815-4122-8073-d03bed94c303}
IE - HKLM\..\SearchScopes\{40439b93-f815-4122-8073-d03bed94c303}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9AE845A0-B8DE-4C87-A54E-55B6FFA38502}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{C710C720-B588-4676-A61E-B8C9C166D712}: "URL" = http://search.live.c...#38;FORM=HVDUS7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {13BA74AE-E197-454E-B8DB-18B78838913A}
IE - HKCU\..\SearchScopes\{13BA74AE-E197-454E-B8DB-18B78838913A}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...s}&locale=en_US
IE - HKCU\..\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}: "URL" = http://www.fastbrows...B-9E5E79F3A0D0}
IE - HKCU\..\SearchScopes\{3BB94474-A314-4576-8AA2-2EC058F35DF5}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{40439b93-f815-4122-8073-d03bed94c303}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKCU\..\SearchScopes\{5065E8C3-F3BD-4103-80B4-2AA72165195D}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{5F4764C9-A953-44D8-BA81-4C334ADB8090}: "URL" = http://rover.ebay.co...36017972&type=3
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{6CD9BBE3-DD01-49C6-BE7D-9AC27CA79035}: "URL" = http://www.amazon.co...de=ur2&ie=UTF-8
IE - HKCU\..\SearchScopes\{9AE845A0-B8DE-4C87-A54E-55B6FFA38502}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{C710C720-B588-4676-A61E-B8C9C166D712}: "URL" = http://search.live.c...#38;FORM=HVDUS7
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://dl.ask.com/to...m=1&toolbar=GV2
IE - HKCU\..\SearchScopes\{FAB2F0FF-089C-49EA-BFBF-2EAAA16E7367}: "URL" = http://delicious.com...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Chosen072\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Chosen072\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Chosen072\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chosen072\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chosen072\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Chosen072\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/03/22 12:43:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/01/02 22:10:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/03/22 12:43:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Chosen072\Program Files\DNA [2010/01/05 16:06:52 | 000,000,000 | ---D | M]

[2009/09/29 07:22:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chosen072\AppData\Roaming\Mozilla\Extensions
[2009/03/28 08:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chosen072\AppData\Roaming\Mozilla\Extensions\[email protected]

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [hcpaui] rundll32.exe "C:\Users\CHOSEN~1\AppData\Local\Temp\hcpaui.dll",CheckTextureRequirements File not found
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found
O4 - HKLM..\Run: [stfxfg] rundll32.exe "C:\Users\CHOSEN~1\AppData\Local\Temp\stfxfg.dll",SteamGameServerStats File not found
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKCU..\Run: [qgl6wo88sw] C:\Users\Chosen072\qgl6wo88sw.exe ()
O4 - HKCU..\Run: [Spotify] "C:\Users\Chosen072\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart File not found
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Chosen072\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Chosen072\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Chosen072\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Chosen072\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\system32\wshbth.dll File not found
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C77DCEE-1FB5-4633-8DEF-A02C55F1F52B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A84C4504-3EDA-44AC-886B-C316CF2D95A3}: DhcpNameServer = 209.183.33.23 209.183.35.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0717666-99DE-4E14-B322-505B7C9031E4}: DhcpNameServer = 68.87.75.198 68.87.64.150
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (wuruteli.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chosen072\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chosen072\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/04 22:57:23 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{4e690e46-3703-11e0-967d-001b24910987}\Shell - "" = AutoRun
O33 - MountPoints2\{4e690e46-3703-11e0-967d-001b24910987}\Shell\AutoRun\command - "" = F:\HPLauncher.exe
O33 - MountPoints2\{6d93134e-7e0c-11de-bf03-001b24910987}\Shell - "" = AutoRun
O33 - MountPoints2\{6d93134e-7e0c-11de-bf03-001b24910987}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{eb794350-b445-11df-bf05-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{eb794350-b445-11df-bf05-806e6f6e6963}\Shell\AutoRun\command - "" = F:\ATTPreCopy.exe -d:OPETNAEXPCI -7
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/14 18:34:07 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Chosen072\Desktop\OTL.exe
[2012/05/14 17:43:48 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/14 17:42:22 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chosen072\Desktop\TDSSKiller.exe
[2012/05/14 17:40:32 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/05/14 17:40:17 | 004,492,858 | R--- | C] (Swearware) -- C:\Users\Chosen072\Desktop\ComboFix.exe
[2012/05/14 16:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D562B6006C2C790023F9D02830AD02
[2012/05/14 15:14:52 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Chosen072\Desktop\aswMBR.exe
[2012/05/14 14:55:12 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/05/14 14:46:17 | 000,000,000 | ---D | C] -- C:\Users\Chosen072\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Fortress 2012
[2012/05/14 14:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D562B6006C2C790023F9D0570F1C8B
[2012/05/13 19:24:42 | 000,000,000 | R--D | C] -- C:\Users\Chosen072\Dropbox
[2012/05/13 19:20:30 | 000,000,000 | R--D | C] -- C:\Users\Chosen072\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/05/13 19:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/05/13 19:19:48 | 000,000,000 | ---D | C] -- C:\Users\Chosen072\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/05/13 19:16:41 | 000,000,000 | ---D | C] -- C:\Users\Chosen072\AppData\Roaming\Dropbox
[2012/05/13 09:12:13 | 000,000,000 | ---D | C] -- C:\Users\Chosen072\AppData\Roaming\Flip Video
[2012/05/13 09:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Flip Video
[2012/05/13 09:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\Flip Video
[2012/05/10 18:39:01 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/05/10 18:39:01 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/10 18:39:01 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/05/10 18:39:01 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/05/10 18:39:00 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/05/10 18:38:46 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/10 18:38:46 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/10 18:38:45 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/10 05:43:40 | 000,000,000 | ---D | C] -- C:\Users\Chosen072\AppData\Roaming\Yahoo!
[2012/05/04 08:11:46 | 000,000,000 | ---D | C] -- C:\Users\Chosen072\Desktop\Templates
[2012/04/18 15:34:04 | 000,000,000 | ---D | C] -- C:\Users\Chosen072\AppData\Roaming\Downloaded Installations
[2012/04/15 13:02:40 | 000,000,000 | ---D | C] -- C:\Users\Chosen072\AppData\Roaming\SecondLife

========== Files - Modified Within 30 Days ==========

[2012/05/14 18:35:21 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Chosen072\Desktop\OTL.exe
[2012/05/14 18:27:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-984307550-3928441585-2128114710-1000UA.job
[2012/05/14 18:16:53 | 000,056,875 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/05/14 18:14:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 18:14:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 18:14:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/14 17:44:50 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/05/14 17:42:22 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chosen072\Desktop\TDSSKiller.exe
[2012/05/14 17:40:25 | 004,492,858 | R--- | M] (Swearware) -- C:\Users\Chosen072\Desktop\ComboFix.exe
[2012/05/14 17:26:36 | 000,081,112 | ---- | M] () -- C:\Windows\System32\drivers\7eebc29cd94c9851.sys
[2012/05/14 16:58:29 | 000,609,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/14 16:58:29 | 000,106,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/14 16:57:00 | 000,001,038 | ---- | M] () -- C:\Users\Chosen072\Desktop\Smart Fortress 2012.lnk
[2012/05/14 16:08:56 | 000,000,512 | ---- | M] () -- C:\Users\Chosen072\Desktop\MBR.dat
[2012/05/14 15:14:59 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Chosen072\Desktop\aswMBR.exe
[2012/05/14 14:42:44 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/14 14:42:44 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/05/14 14:40:00 | 000,019,392 | ---- | M] () -- C:\Users\Chosen072\qgl6wo88sw.exe
[2012/05/14 14:00:14 | 000,056,875 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/05/14 13:37:25 | 000,096,360 | ---- | M] () -- C:\Users\Chosen072\Desktop\A Simple Conversation Part I.pdf
[2012/05/14 11:27:03 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-984307550-3928441585-2128114710-1000Core.job
[2012/05/14 08:17:35 | 000,446,017 | ---- | M] () -- C:\Users\Chosen072\Desktop\photo.jpg
[2012/05/13 19:24:42 | 000,000,947 | ---- | M] () -- C:\Users\Chosen072\Desktop\Dropbox.lnk
[2012/05/13 19:20:30 | 000,000,957 | ---- | M] () -- C:\Users\Chosen072\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/05/13 13:54:38 | 000,092,160 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/13 09:11:03 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\FlipShare.lnk
[2012/05/13 08:58:56 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForChosen072.job
[2012/05/11 15:22:13 | 000,016,245 | ---- | M] () -- C:\Users\Chosen072\Desktop\GCCSA-HEADSTART_TEACHER.pdf
[2012/05/11 15:20:40 | 000,047,081 | ---- | M] () -- C:\Users\Chosen072\Desktop\CentralTXOpp_Lead_Teacher_Supv.pdf
[2012/05/11 05:31:53 | 001,811,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/09 10:28:33 | 000,000,680 | ---- | M] () -- C:\Users\Chosen072\AppData\Local\d3d9caps.dat
[2012/05/03 08:11:47 | 000,096,193 | ---- | M] () -- C:\Users\Chosen072\Desktop\A Simple Conversation.pdf
[2012/04/26 03:02:47 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/24 12:28:14 | 000,027,439 | ---- | M] () -- C:\Users\Chosen072\Desktop\bluetooth.jpg
[2012/04/19 12:25:01 | 000,063,883 | ---- | M] () -- C:\Users\Chosen072\Desktop\Business_Plan_Template.PDF

========== Files Created - No Company Name ==========

[2012/05/14 17:26:36 | 000,081,112 | ---- | C] () -- C:\Windows\System32\drivers\7eebc29cd94c9851.sys
[2012/05/14 15:26:16 | 000,000,512 | ---- | C] () -- C:\Users\Chosen072\Desktop\MBR.dat
[2012/05/14 14:46:16 | 000,001,038 | ---- | C] () -- C:\Users\Chosen072\Desktop\Smart Fortress 2012.lnk
[2012/05/14 14:41:48 | 000,019,392 | ---- | C] () -- C:\Users\Chosen072\qgl6wo88sw.exe
[2012/05/14 13:37:23 | 000,096,360 | ---- | C] () -- C:\Users\Chosen072\Desktop\A Simple Conversation Part I.pdf
[2012/05/13 19:24:42 | 000,000,947 | ---- | C] () -- C:\Users\Chosen072\Desktop\Dropbox.lnk
[2012/05/13 19:20:30 | 000,000,957 | ---- | C] () -- C:\Users\Chosen072\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/05/13 10:51:04 | 000,446,017 | ---- | C] () -- C:\Users\Chosen072\Desktop\photo.jpg
[2012/05/13 09:11:03 | 000,000,933 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlipShare.lnk
[2012/05/13 09:11:03 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\FlipShare.lnk
[2012/05/11 15:22:13 | 000,016,245 | ---- | C] () -- C:\Users\Chosen072\Desktop\GCCSA-HEADSTART_TEACHER.pdf
[2012/05/11 15:20:40 | 000,047,081 | ---- | C] () -- C:\Users\Chosen072\Desktop\CentralTXOpp_Lead_Teacher_Supv.pdf
[2012/05/03 08:11:44 | 000,096,193 | ---- | C] () -- C:\Users\Chosen072\Desktop\A Simple Conversation.pdf
[2012/04/26 03:02:44 | 000,001,788 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/24 12:29:59 | 000,027,439 | ---- | C] () -- C:\Users\Chosen072\Desktop\bluetooth.jpg
[2012/04/19 12:20:06 | 000,063,883 | ---- | C] () -- C:\Users\Chosen072\Desktop\Business_Plan_Template.PDF
[2012/03/29 18:48:46 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2010/08/31 15:06:49 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:A6CD15C3
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >



I hope someone can help me
Thanks

Edited by chosen072, 14 May 2012 - 04:52 PM.

  • 0

Advertisements

#2
maliprog
Posted 15 May 2012 - 12:02 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello chosen072 and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system
  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    MOD - [2012/05/14 14:40:00 | 000,019,392 | ---- | M] () -- C:\Users\Chosen072\qgl6wo88sw.exe
    DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\Drivers\vdm2mjyx.sys -- (vdm2mjyx)
    O4 - HKLM..\Run: [hcpaui] rundll32.exe "C:\Users\CHOSEN~1\AppData\Local\Temp\hcpaui.dll",CheckTextureRequirements File not found
    O4 - HKLM..\Run: [stfxfg] rundll32.exe "C:\Users\CHOSEN~1\AppData\Local\Temp\stfxfg.dll",SteamGameServerStats File not found
    O20 - AppInit_DLLs: (wuruteli.dll) - File not found
    O33 - MountPoints2\{4e690e46-3703-11e0-967d-001b24910987}\Shell - "" = AutoRun
    O33 - MountPoints2\{4e690e46-3703-11e0-967d-001b24910987}\Shell\AutoRun\command - "" = F:\HPLauncher.exe
    O33 - MountPoints2\{6d93134e-7e0c-11de-bf03-001b24910987}\Shell - "" = AutoRun
    O33 - MountPoints2\{6d93134e-7e0c-11de-bf03-001b24910987}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O33 - MountPoints2\{eb794350-b445-11df-bf05-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{eb794350-b445-11df-bf05-806e6f6e6963}\Shell\AutoRun\command - "" = F:\ATTPreCopy.exe -d:OPETNAEXPCI -7
    [2012/05/14 14:46:17 | 000,000,000 | ---D | C] -- C:\Users\Chosen072\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Fortress 2012
    [2012/05/14 17:26:36 | 000,081,112 | ---- | M] () -- C:\Windows\System32\drivers\7eebc29cd94c9851.sys
    [2012/05/14 16:57:00 | 000,001,038 | ---- | M] () -- C:\Users\Chosen072\Desktop\Smart Fortress 2012.lnk
    [2012/05/14 14:40:00 | 000,019,392 | ---- | M] () -- C:\Users\Chosen072\qgl6wo88sw.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Run OTL again

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Press button named None Posted Image
  • Under the Custom Scan box paste this in

/md5start
netbt.*
/md5stop
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it here to me

Step 4

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • OTL fix log
  • OTL scan log
It would be helpful if you could post each log in separate post
  • 0

#3
chosen072
Posted 15 May 2012 - 03:37 AM

chosen072

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
I ran the TDSS and below is the log. I could not run OTL. I keep receiving error messages and then oTL shuts down without opening up.

05:23:09.0364 3600 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
05:23:09.0676 3600 ============================================================
05:23:09.0676 3600 Current date / time: 2012/05/15 05:23:09.0676
05:23:09.0676 3600 SystemInfo:
05:23:09.0676 3600
05:23:09.0676 3600 OS Version: 6.0.6002 ServicePack: 2.0
05:23:09.0676 3600 Product type: Workstation
05:23:09.0676 3600 ComputerName: ROBINS-LT
05:23:09.0676 3600 UserName: Chosen072
05:23:09.0676 3600 Windows directory: C:\Windows
05:23:09.0676 3600 System windows directory: C:\Windows
05:23:09.0676 3600 Processor architecture: Intel x86
05:23:09.0676 3600 Number of processors: 2
05:23:09.0676 3600 Page size: 0x1000
05:23:09.0676 3600 Boot type: Normal boot
05:23:09.0676 3600 ============================================================
05:23:10.0987 3600 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
05:23:11.0127 3600 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
05:23:11.0127 3600 ============================================================
05:23:11.0127 3600 \Device\Harddisk0\DR0:
05:23:11.0205 3600 MBR partitions:
05:23:11.0205 3600 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xCEC0FB8
05:23:11.0205 3600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xCEC0FF7, BlocksNum 0x10D27CA
05:23:11.0205 3600 \Device\Harddisk1\DR1:
05:23:11.0221 3600 MBR partitions:
05:23:11.0221 3600 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
05:23:11.0221 3600 ============================================================
05:23:11.0252 3600 C: <-> \Device\Harddisk0\DR0\Partition0
05:23:11.0268 3600 D: <-> \Device\Harddisk1\DR1\Partition0
05:23:11.0314 3600 E: <-> \Device\Harddisk0\DR0\Partition1
05:23:11.0314 3600 ============================================================
05:23:11.0314 3600 Initialize success
05:23:11.0314 3600 ============================================================
05:23:23.0155 2868 ============================================================
05:23:23.0155 2868 Scan started
05:23:23.0155 2868 Mode: Manual; SigCheck; TDLFS;
05:23:23.0155 2868 ============================================================
05:23:24.0356 2868 6d4db - ok
05:23:24.0403 2868 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
05:23:24.0543 2868 ACPI - ok
05:23:24.0637 2868 Adobe LM Service (4ae327c9c375d985ff2a2aab92765218) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
05:23:24.0684 2868 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
05:23:24.0684 2868 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
05:23:24.0762 2868 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
05:23:24.0793 2868 adp94xx - ok
05:23:24.0855 2868 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
05:23:24.0871 2868 adpahci - ok
05:23:24.0918 2868 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
05:23:24.0933 2868 adpu160m - ok
05:23:24.0949 2868 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
05:23:24.0980 2868 adpu320 - ok
05:23:25.0027 2868 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
05:23:25.0120 2868 AeLookupSvc - ok
05:23:25.0214 2868 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
05:23:25.0292 2868 AFD - ok
05:23:25.0339 2868 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
05:23:25.0354 2868 agp440 - ok
05:23:25.0401 2868 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
05:23:25.0417 2868 aic78xx - ok
05:23:25.0448 2868 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
05:23:25.0588 2868 ALG - ok
05:23:25.0604 2868 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
05:23:25.0620 2868 aliide - ok
05:23:25.0666 2868 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
05:23:25.0682 2868 amdagp - ok
05:23:25.0698 2868 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
05:23:25.0713 2868 amdide - ok
05:23:25.0760 2868 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
05:23:26.0041 2868 AmdK7 - ok
05:23:26.0072 2868 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
05:23:26.0134 2868 AmdK8 - ok
05:23:26.0181 2868 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
05:23:26.0212 2868 Appinfo - ok
05:23:26.0322 2868 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
05:23:26.0337 2868 Apple Mobile Device - ok
05:23:26.0400 2868 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
05:23:26.0415 2868 arc - ok
05:23:26.0446 2868 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
05:23:26.0462 2868 arcsas - ok
05:23:26.0509 2868 aswMonFlt (e2851cb7dbb831888eaea46c55c05e44) C:\Windows\system32\DRIVERS\aswMonFlt.sys
05:23:26.0540 2868 aswMonFlt - ok
05:23:26.0587 2868 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
05:23:26.0665 2868 AsyncMac - ok
05:23:26.0696 2868 atapi (ce6a86407b416847e53a6d9c25a8860b) C:\Windows\system32\Drivers\tsk_atapi.sys
05:23:26.0712 2868 atapi ( UnsignedFile.Multi.Generic ) - warning
05:23:26.0712 2868 atapi - detected UnsignedFile.Multi.Generic (1)
05:23:26.0774 2868 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
05:23:26.0805 2868 AudioEndpointBuilder - ok
05:23:26.0821 2868 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
05:23:26.0852 2868 Audiosrv - ok
05:23:26.0946 2868 BCM43XV (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys
05:23:27.0024 2868 BCM43XV - ok
05:23:27.0086 2868 BCM43XX (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys
05:23:27.0180 2868 BCM43XX - ok
05:23:27.0351 2868 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
05:23:27.0460 2868 Beep - ok
05:23:27.0554 2868 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
05:23:27.0648 2868 BITS - ok
05:23:27.0648 2868 blbdrive - ok
05:23:27.0772 2868 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
05:23:27.0804 2868 Bonjour Service - ok
05:23:27.0882 2868 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
05:23:27.0944 2868 bowser - ok
05:23:27.0991 2868 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
05:23:28.0053 2868 BrFiltLo - ok
05:23:28.0100 2868 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
05:23:28.0131 2868 BrFiltUp - ok
05:23:28.0162 2868 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
05:23:28.0240 2868 Browser - ok
05:23:28.0287 2868 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
05:23:28.0350 2868 Brserid - ok
05:23:28.0381 2868 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
05:23:28.0443 2868 BrSerWdm - ok
05:23:28.0474 2868 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
05:23:28.0568 2868 BrUsbMdm - ok
05:23:28.0599 2868 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
05:23:28.0662 2868 BrUsbSer - ok
05:23:28.0708 2868 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
05:23:28.0755 2868 BthEnum - ok
05:23:28.0802 2868 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
05:23:28.0849 2868 BTHMODEM - ok
05:23:28.0880 2868 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
05:23:28.0911 2868 BthPan - ok
05:23:28.0989 2868 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
05:23:29.0083 2868 BTHPORT - ok
05:23:29.0114 2868 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
05:23:29.0161 2868 BthServ - ok
05:23:29.0192 2868 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
05:23:29.0208 2868 BTHUSB - ok
05:23:29.0270 2868 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
05:23:29.0317 2868 cdfs - ok
05:23:29.0364 2868 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
05:23:29.0426 2868 cdrom - ok
05:23:29.0457 2868 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
05:23:29.0504 2868 CertPropSvc - ok
05:23:29.0535 2868 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
05:23:29.0613 2868 circlass - ok
05:23:29.0644 2868 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
05:23:29.0676 2868 CLFS - ok
05:23:29.0738 2868 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
05:23:29.0754 2868 clr_optimization_v2.0.50727_32 - ok
05:23:29.0847 2868 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
05:23:29.0878 2868 clr_optimization_v4.0.30319_32 - ok
05:23:29.0925 2868 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
05:23:29.0988 2868 CmBatt - ok
05:23:30.0019 2868 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
05:23:30.0034 2868 cmdide - ok
05:23:30.0081 2868 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
05:23:30.0159 2868 CnxtHdAudService - ok
05:23:30.0253 2868 Com4Qlb (a5aaa656403e5e7afa9647ce73dbf944) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
05:23:30.0284 2868 Com4Qlb ( UnsignedFile.Multi.Generic ) - warning
05:23:30.0284 2868 Com4Qlb - detected UnsignedFile.Multi.Generic (1)
05:23:30.0315 2868 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
05:23:30.0331 2868 Compbatt - ok
05:23:30.0331 2868 COMSysApp - ok
05:23:30.0362 2868 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
05:23:30.0378 2868 crcdisk - ok
05:23:30.0393 2868 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
05:23:30.0487 2868 Crusoe - ok
05:23:30.0534 2868 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
05:23:30.0596 2868 CryptSvc - ok
05:23:30.0643 2868 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
05:23:30.0783 2868 DcomLaunch - ok
05:23:30.0846 2868 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
05:23:30.0892 2868 DfsC - ok
05:23:31.0048 2868 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
05:23:31.0220 2868 DFSR - ok
05:23:31.0360 2868 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
05:23:31.0485 2868 Dhcp - ok
05:23:31.0563 2868 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
05:23:31.0579 2868 disk - ok
05:23:31.0657 2868 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
05:23:31.0704 2868 Dnscache - ok
05:23:31.0750 2868 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
05:23:31.0813 2868 dot3svc - ok
05:23:31.0860 2868 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
05:23:31.0922 2868 Dot4 - ok
05:23:31.0969 2868 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
05:23:32.0016 2868 Dot4Print - ok
05:23:32.0031 2868 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
05:23:32.0078 2868 dot4usb - ok
05:23:32.0109 2868 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
05:23:32.0172 2868 DPS - ok
05:23:32.0234 2868 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
05:23:32.0265 2868 drmkaud - ok
05:23:32.0328 2868 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
05:23:32.0374 2868 DXGKrnl - ok
05:23:32.0421 2868 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
05:23:32.0499 2868 E100B - ok
05:23:32.0547 2868 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
05:23:32.0625 2868 E1G60 - ok
05:23:32.0641 2868 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
05:23:32.0687 2868 eabfiltr - ok
05:23:32.0734 2868 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
05:23:32.0781 2868 EapHost - ok
05:23:32.0859 2868 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
05:23:32.0875 2868 Ecache - ok
05:23:32.0937 2868 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
05:23:32.0999 2868 ehRecvr - ok
05:23:33.0031 2868 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
05:23:33.0062 2868 ehSched - ok
05:23:33.0077 2868 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
05:23:33.0109 2868 ehstart - ok
05:23:33.0171 2868 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
05:23:33.0218 2868 elxstor - ok
05:23:33.0280 2868 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
05:23:33.0358 2868 EMDMgmt - ok
05:23:33.0436 2868 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
05:23:33.0499 2868 EventSystem - ok
05:23:33.0545 2868 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
05:23:33.0608 2868 exfat - ok
05:23:33.0639 2868 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
05:23:33.0686 2868 fastfat - ok
05:23:33.0733 2868 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
05:23:33.0811 2868 fdc - ok
05:23:33.0857 2868 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
05:23:33.0904 2868 fdPHost - ok
05:23:33.0920 2868 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
05:23:33.0998 2868 FDResPub - ok
05:23:34.0045 2868 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
05:23:34.0060 2868 FileInfo - ok
05:23:34.0091 2868 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
05:23:34.0138 2868 Filetrace - ok
05:23:34.0263 2868 FirebirdGuardianDefaultInstance (1a18ebd87aa9fbf6efe8cfada08d0275) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
05:23:34.0279 2868 FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - warning
05:23:34.0279 2868 FirebirdGuardianDefaultInstance - detected UnsignedFile.Multi.Generic (1)
05:23:34.0450 2868 FirebirdServerDefaultInstance (53c740150c082aaf3c7d21c1d6a9ff98) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
05:23:34.0731 2868 FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - warning
05:23:34.0731 2868 FirebirdServerDefaultInstance - detected UnsignedFile.Multi.Generic (1)
05:23:34.0856 2868 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
05:23:34.0949 2868 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
05:23:34.0949 2868 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
05:23:35.0059 2868 FlipShare Service (869bde240b7fe9c7b25bd80df85641c8) C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
05:23:35.0137 2868 FlipShare Service - ok
05:23:35.0215 2868 FlipShareServer (9c330b7ddee9492373041e75da01f80c) C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
05:23:35.0308 2868 FlipShareServer ( UnsignedFile.Multi.Generic ) - warning
05:23:35.0308 2868 FlipShareServer - detected UnsignedFile.Multi.Generic (1)
05:23:35.0433 2868 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
05:23:35.0542 2868 flpydisk - ok
05:23:35.0589 2868 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
05:23:35.0620 2868 FltMgr - ok
05:23:35.0745 2868 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
05:23:35.0839 2868 FontCache - ok
05:23:35.0932 2868 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
05:23:35.0948 2868 FontCache3.0.0.0 - ok
05:23:36.0026 2868 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
05:23:36.0041 2868 fssfltr - ok
05:23:36.0166 2868 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
05:23:36.0275 2868 fsssvc - ok
05:23:36.0431 2868 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
05:23:36.0478 2868 Fs_Rec - ok
05:23:36.0665 2868 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
05:23:36.0681 2868 gagp30kx - ok
05:23:36.0790 2868 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
05:23:36.0884 2868 gpsvc - ok
05:23:36.0931 2868 GTUHSBUS (d55a64f36b429665b351133f4e1eefe5) C:\Windows\system32\DRIVERS\gtuhsbus.sys
05:23:36.0993 2868 GTUHSBUS - ok
05:23:37.0040 2868 GTUHSNDISIPXP (551b0b6b5d3b35526d7153ed0ad03001) C:\Windows\system32\DRIVERS\gtuhs51.sys
05:23:37.0071 2868 GTUHSNDISIPXP - ok
05:23:37.0087 2868 GTUHSSER (b97cad5584370cba9840f22b14d7f14c) C:\Windows\system32\DRIVERS\gtuhsser.sys
05:23:37.0133 2868 GTUHSSER - ok
05:23:37.0258 2868 gusvc (1bf044e23206fddc16891a32922d571b) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
05:23:37.0274 2868 gusvc - ok
05:23:37.0305 2868 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
05:23:37.0336 2868 HBtnKey - ok
05:23:37.0367 2868 HdAudAddService (a08f4808fb19a40792a6056848187afe) C:\Windows\system32\drivers\CHDART.sys
05:23:37.0430 2868 HdAudAddService - ok
05:23:37.0477 2868 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
05:23:37.0555 2868 HDAudBus - ok
05:23:37.0586 2868 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
05:23:37.0664 2868 HidBth - ok
05:23:37.0679 2868 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
05:23:37.0726 2868 HidIr - ok
05:23:37.0757 2868 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
05:23:37.0773 2868 hidserv - ok
05:23:37.0820 2868 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
05:23:37.0835 2868 HidUsb - ok
05:23:37.0882 2868 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
05:23:37.0929 2868 hkmsvc - ok
05:23:38.0038 2868 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
05:23:38.0054 2868 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
05:23:38.0054 2868 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
05:23:38.0085 2868 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
05:23:38.0101 2868 HpCISSs - ok
05:23:38.0163 2868 hpqcxs08 (ed377b3c83fdea8d906109a085d219ba) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
05:23:38.0210 2868 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
05:23:38.0210 2868 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
05:23:38.0257 2868 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
05:23:38.0288 2868 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
05:23:38.0288 2868 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
05:23:38.0319 2868 hpqwmiex (04c1dcbb226c6ae647b794833ce3ceb6) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
05:23:38.0335 2868 hpqwmiex ( UnsignedFile.Multi.Generic ) - warning
05:23:38.0335 2868 hpqwmiex - detected UnsignedFile.Multi.Generic (1)
05:23:38.0381 2868 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
05:23:38.0444 2868 HSFHWAZL - ok
05:23:38.0491 2868 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
05:23:38.0631 2868 HSF_DPV - ok
05:23:38.0678 2868 HSXHWAZL (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
05:23:38.0709 2868 HSXHWAZL - ok
05:23:38.0771 2868 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys
05:23:38.0818 2868 HTCAND32 - ok
05:23:38.0865 2868 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
05:23:38.0943 2868 HTTP - ok
05:23:38.0974 2868 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
05:23:38.0990 2868 i2omp - ok
05:23:39.0193 2868 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
05:23:39.0317 2868 i8042prt - ok
05:23:39.0411 2868 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
05:23:39.0520 2868 ialm - ok
05:23:39.0676 2868 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
05:23:39.0723 2868 iaStorV - ok
05:23:39.0848 2868 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
05:23:39.0879 2868 IDriverT ( UnsignedFile.Multi.Generic ) - warning
05:23:39.0879 2868 IDriverT - detected UnsignedFile.Multi.Generic (1)
05:23:40.0004 2868 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
05:23:40.0066 2868 idsvc - ok
05:23:40.0207 2868 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
05:23:40.0222 2868 iirsp - ok
05:23:40.0285 2868 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
05:23:40.0363 2868 IKEEXT - ok
05:23:40.0378 2868 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
05:23:40.0394 2868 intelide - ok
05:23:40.0441 2868 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
05:23:40.0519 2868 intelppm - ok
05:23:40.0550 2868 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
05:23:40.0597 2868 IPBusEnum - ok
05:23:40.0643 2868 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
05:23:40.0706 2868 IpFilterDriver - ok
05:23:40.0753 2868 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
05:23:40.0799 2868 iphlpsvc - ok
05:23:40.0799 2868 IpInIp - ok
05:23:40.0846 2868 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
05:23:40.0924 2868 IPMIDRV - ok
05:23:40.0955 2868 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
05:23:41.0002 2868 IPNAT - ok
05:23:41.0049 2868 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
05:23:41.0096 2868 IRENUM - ok
05:23:41.0127 2868 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
05:23:41.0143 2868 isapnp - ok
05:23:41.0189 2868 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
05:23:41.0205 2868 iScsiPrt - ok
05:23:41.0236 2868 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
05:23:41.0252 2868 iteatapi - ok
05:23:41.0283 2868 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
05:23:41.0299 2868 iteraid - ok
05:23:41.0330 2868 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
05:23:41.0345 2868 kbdclass - ok
05:23:41.0377 2868 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
05:23:41.0392 2868 kbdhid - ok
05:23:41.0439 2868 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
05:23:41.0470 2868 KeyIso - ok
05:23:41.0533 2868 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
05:23:41.0548 2868 KSecDD - ok
05:23:41.0626 2868 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
05:23:41.0704 2868 KtmRm - ok
05:23:41.0735 2868 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
05:23:41.0798 2868 LanmanServer - ok
05:23:41.0860 2868 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
05:23:41.0891 2868 LanmanWorkstation - ok
05:23:42.0001 2868 LightScribeService (31d8b705dcd5f2366186e731f87c7a71) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
05:23:42.0032 2868 LightScribeService - ok
05:23:42.0094 2868 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
05:23:42.0172 2868 lltdio - ok
05:23:42.0235 2868 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
05:23:42.0313 2868 lltdsvc - ok
05:23:42.0344 2868 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
05:23:42.0406 2868 lmhosts - ok
05:23:42.0437 2868 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
05:23:42.0453 2868 LSI_FC - ok
05:23:42.0469 2868 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
05:23:42.0484 2868 LSI_SAS - ok
05:23:42.0515 2868 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
05:23:42.0531 2868 LSI_SCSI - ok
05:23:42.0578 2868 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
05:23:42.0640 2868 luafv - ok
05:23:42.0671 2868 MCSTRM - ok
05:23:42.0703 2868 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
05:23:42.0734 2868 Mcx2Svc - ok
05:23:42.0749 2868 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
05:23:42.0781 2868 mdmxsdk - ok
05:23:42.0812 2868 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
05:23:42.0827 2868 megasas - ok
05:23:42.0952 2868 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
05:23:42.0968 2868 Microsoft Office Groove Audit Service - ok
05:23:42.0999 2868 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
05:23:43.0046 2868 MMCSS - ok
05:23:43.0077 2868 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
05:23:43.0124 2868 Modem - ok
05:23:43.0155 2868 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
05:23:43.0202 2868 monitor - ok
05:23:43.0233 2868 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
05:23:43.0249 2868 mouclass - ok
05:23:43.0264 2868 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
05:23:43.0327 2868 mouhid - ok
05:23:43.0358 2868 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
05:23:43.0373 2868 MountMgr - ok
05:23:43.0389 2868 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
05:23:43.0405 2868 mpio - ok
05:23:43.0436 2868 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
05:23:43.0467 2868 mpsdrv - ok
05:23:43.0498 2868 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
05:23:43.0514 2868 Mraid35x - ok
05:23:43.0545 2868 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
05:23:43.0561 2868 MRxDAV - ok
05:23:43.0607 2868 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
05:23:43.0654 2868 mrxsmb - ok
05:23:43.0701 2868 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
05:23:43.0717 2868 mrxsmb10 - ok
05:23:43.0732 2868 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
05:23:43.0732 2868 mrxsmb20 - ok
05:23:43.0795 2868 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
05:23:43.0810 2868 msahci - ok
05:23:43.0888 2868 MSCamSvc (31e023681015c35ebfe1498b07813b87) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
05:23:43.0904 2868 MSCamSvc - ok
05:23:43.0919 2868 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
05:23:43.0935 2868 msdsm - ok
05:23:43.0966 2868 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
05:23:44.0013 2868 MSDTC - ok
05:23:44.0044 2868 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
05:23:44.0091 2868 Msfs - ok
05:23:44.0122 2868 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
05:23:44.0138 2868 msisadrv - ok
05:23:44.0153 2868 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
05:23:44.0200 2868 MSiSCSI - ok
05:23:44.0216 2868 msiserver - ok
05:23:44.0247 2868 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
05:23:44.0294 2868 MSKSSRV - ok
05:23:44.0309 2868 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
05:23:44.0356 2868 MSPCLOCK - ok
05:23:44.0356 2868 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
05:23:44.0387 2868 MSPQM - ok
05:23:44.0419 2868 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
05:23:44.0450 2868 MsRPC - ok
05:23:44.0481 2868 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
05:23:44.0497 2868 mssmbios - ok
05:23:44.0512 2868 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
05:23:44.0575 2868 MSTEE - ok
05:23:44.0606 2868 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
05:23:44.0621 2868 Mup - ok
05:23:44.0653 2868 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
05:23:44.0715 2868 napagent - ok
05:23:44.0746 2868 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
05:23:44.0777 2868 NativeWifiP - ok
05:23:44.0840 2868 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
05:23:44.0887 2868 NDIS - ok
05:23:44.0949 2868 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
05:23:44.0965 2868 NdisTapi - ok
05:23:44.0996 2868 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
05:23:45.0043 2868 Ndisuio - ok
05:23:45.0074 2868 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
05:23:45.0121 2868 NdisWan - ok
05:23:45.0152 2868 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
05:23:45.0199 2868 NDProxy - ok
05:23:45.0245 2868 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\Windows\system32\HPZinw12.dll
05:23:45.0277 2868 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
05:23:45.0277 2868 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
05:23:45.0292 2868 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
05:23:45.0339 2868 NetBIOS - ok
05:23:45.0370 2868 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
05:23:45.0417 2868 netbt - ok
05:23:45.0464 2868 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
05:23:45.0479 2868 Netlogon - ok
05:23:45.0511 2868 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
05:23:45.0589 2868 Netman - ok
05:23:45.0635 2868 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
05:23:45.0745 2868 netprofm - ok
05:23:45.0838 2868 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
05:23:45.0854 2868 NetTcpPortSharing - ok
05:23:45.0901 2868 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
05:23:45.0916 2868 nfrd960 - ok
05:23:45.0963 2868 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
05:23:46.0010 2868 NlaSvc - ok
05:23:46.0041 2868 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
05:23:46.0072 2868 Npfs - ok
05:23:46.0103 2868 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
05:23:46.0135 2868 nsi - ok
05:23:46.0166 2868 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
05:23:46.0213 2868 nsiproxy - ok
05:23:46.0275 2868 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
05:23:46.0400 2868 Ntfs - ok
05:23:46.0431 2868 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
05:23:46.0493 2868 ntrigdigi - ok
05:23:46.0556 2868 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
05:23:46.0556 2868 NuidFltr - ok
05:23:46.0587 2868 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
05:23:46.0634 2868 Null - ok
05:23:46.0712 2868 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
05:23:46.0821 2868 NVENETFD - ok
05:23:47.0195 2868 nvlddmkm (b36c3b866b0d47e2e2856ec8fd746e39) C:\Windows\system32\DRIVERS\nvlddmkm.sys
05:23:47.0929 2868 nvlddmkm - ok
05:23:48.0069 2868 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
05:23:48.0085 2868 nvraid - ok
05:23:48.0147 2868 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
05:23:48.0209 2868 nvsmu - ok
05:23:48.0241 2868 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
05:23:48.0272 2868 nvstor - ok
05:23:48.0334 2868 nvsvc (cf672c71844a3b407eb86042829bce09) C:\Windows\system32\nvvsvc.exe
05:23:48.0381 2868 nvsvc - ok
05:23:48.0412 2868 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
05:23:48.0428 2868 nv_agp - ok
05:23:48.0443 2868 NwlnkFlt - ok
05:23:48.0443 2868 NwlnkFwd - ok
05:23:48.0615 2868 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
05:23:48.0662 2868 odserv - ok
05:23:48.0709 2868 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
05:23:48.0740 2868 ohci1394 - ok
05:23:48.0818 2868 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
05:23:48.0849 2868 ose - ok
05:23:48.0911 2868 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
05:23:49.0021 2868 p2pimsvc - ok
05:23:49.0036 2868 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
05:23:49.0067 2868 p2psvc - ok
05:23:49.0114 2868 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
05:23:49.0192 2868 Parport - ok
05:23:49.0239 2868 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
05:23:49.0255 2868 partmgr - ok
05:23:49.0270 2868 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
05:23:49.0348 2868 Parvdm - ok
05:23:49.0395 2868 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
05:23:49.0457 2868 PcaSvc - ok
05:23:49.0489 2868 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
05:23:49.0504 2868 pci - ok
05:23:49.0520 2868 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
05:23:49.0535 2868 pciide - ok
05:23:49.0582 2868 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
05:23:49.0598 2868 pcmcia - ok
05:23:49.0645 2868 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
05:23:49.0676 2868 pcouffin - ok
05:23:49.0723 2868 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\Windows\system32\PCTINDIS5.SYS
05:23:49.0754 2868 PCTINDIS5 - ok
05:23:49.0832 2868 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
05:23:49.0910 2868 PEAUTH - ok
05:23:50.0003 2868 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
05:23:50.0113 2868 pla - ok
05:23:50.0253 2868 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
05:23:50.0315 2868 PlugPlay - ok
05:23:50.0347 2868 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\Windows\system32\HPZipm12.dll
05:23:50.0378 2868 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
05:23:50.0378 2868 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
05:23:50.0440 2868 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
05:23:50.0471 2868 PNRPAutoReg - ok
05:23:50.0487 2868 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
05:23:50.0534 2868 PNRPsvc - ok
05:23:50.0612 2868 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
05:23:50.0643 2868 PolicyAgent - ok
05:23:50.0721 2868 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
05:23:50.0752 2868 PptpMiniport - ok
05:23:50.0815 2868 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
05:23:50.0877 2868 Processor - ok
05:23:50.0908 2868 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
05:23:50.0971 2868 ProfSvc - ok
05:23:51.0002 2868 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
05:23:51.0033 2868 ProtectedStorage - ok
05:23:51.0080 2868 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
05:23:51.0127 2868 PSched - ok
05:23:51.0158 2868 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
05:23:51.0158 2868 PxHelp20 - ok
05:23:51.0251 2868 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
05:23:51.0283 2868 ql2300 - ok
05:23:51.0329 2868 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
05:23:51.0345 2868 ql40xx - ok
05:23:51.0501 2868 QPCapSvc (ba396d1c71934e22679d3f4dac17e7ab) C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
05:23:51.0548 2868 QPCapSvc - ok
05:23:51.0595 2868 QPSched (4b455e8c41cad3219ccf53024dcad604) C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
05:23:51.0610 2868 QPSched - ok
05:23:51.0641 2868 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
05:23:51.0704 2868 QWAVE - ok
05:23:51.0735 2868 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
05:23:51.0766 2868 QWAVEdrv - ok
05:23:51.0797 2868 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
05:23:51.0829 2868 RasAcd - ok
05:23:51.0860 2868 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
05:23:51.0891 2868 RasAuto - ok
05:23:51.0922 2868 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
05:23:51.0985 2868 Rasl2tp - ok
05:23:52.0016 2868 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
05:23:52.0063 2868 RasMan - ok
05:23:52.0094 2868 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
05:23:52.0141 2868 RasPppoe - ok
05:23:52.0172 2868 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
05:23:52.0203 2868 RasSstp - ok
05:23:52.0234 2868 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
05:23:52.0281 2868 rdbss - ok
05:23:52.0312 2868 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
05:23:52.0343 2868 RDPCDD - ok
05:23:52.0390 2868 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
05:23:52.0468 2868 rdpdr - ok
05:23:52.0468 2868 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
05:23:52.0515 2868 RDPENCDD - ok
05:23:52.0562 2868 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
05:23:52.0593 2868 RDPWD - ok
05:23:52.0624 2868 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
05:23:52.0671 2868 RemoteAccess - ok
05:23:52.0718 2868 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
05:23:52.0765 2868 RemoteRegistry - ok
05:23:52.0827 2868 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
05:23:52.0874 2868 RFCOMM - ok
05:23:52.0921 2868 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
05:23:52.0936 2868 rimmptsk - ok
05:23:52.0967 2868 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
05:23:52.0999 2868 rimsptsk - ok
05:23:53.0045 2868 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
05:23:53.0092 2868 RimVSerPort - ok
05:23:53.0108 2868 rismxdp (c663af77e2f4eabf8eb08b388d2f1f36) C:\Windows\system32\DRIVERS\rixdptsk.sys
05:23:53.0170 2868 rismxdp - ok
05:23:53.0201 2868 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
05:23:53.0248 2868 ROOTMODEM - ok
05:23:53.0373 2868 RoxMediaDB9 (08fb7d968805001c7adcbb14b0651fa2) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
05:23:53.0435 2868 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - warning
05:23:53.0435 2868 RoxMediaDB9 - detected UnsignedFile.Multi.Generic (1)
05:23:53.0467 2868 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
05:23:53.0498 2868 RpcLocator - ok
05:23:53.0607 2868 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
05:23:53.0669 2868 RpcSs - ok
05:23:53.0747 2868 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
05:23:53.0779 2868 rspndr - ok
05:23:53.0825 2868 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
05:23:53.0841 2868 SamSs - ok
05:23:53.0872 2868 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
05:23:53.0888 2868 sbp2port - ok
05:23:53.0935 2868 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
05:23:53.0981 2868 SCardSvr - ok
05:23:54.0044 2868 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
05:23:54.0137 2868 Schedule - ok
05:23:54.0184 2868 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
05:23:54.0215 2868 SCPolicySvc - ok
05:23:54.0247 2868 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
05:23:54.0293 2868 sdbus - ok
05:23:54.0340 2868 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
05:23:54.0387 2868 SDRSVC - ok
05:23:54.0481 2868 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
05:23:54.0496 2868 SeaPort - ok
05:23:54.0527 2868 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
05:23:54.0605 2868 secdrv - ok
05:23:54.0637 2868 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
05:23:54.0683 2868 seclogon - ok
05:23:54.0699 2868 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
05:23:54.0746 2868 SENS - ok
05:23:54.0761 2868 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
05:23:54.0809 2868 Serenum - ok
05:23:54.0856 2868 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
05:23:54.0918 2868 Serial - ok
05:23:54.0950 2868 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
05:23:54.0965 2868 sermouse - ok
05:23:55.0012 2868 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
05:23:55.0074 2868 SessionEnv - ok
05:23:55.0121 2868 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
05:23:55.0137 2868 sffdisk - ok
05:23:55.0168 2868 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
05:23:55.0246 2868 sffp_mmc - ok
05:23:55.0277 2868 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
05:23:55.0308 2868 sffp_sd - ok
05:23:55.0324 2868 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
05:23:55.0386 2868 sfloppy - ok
05:23:55.0464 2868 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
05:23:55.0511 2868 ShellHWDetection - ok
05:23:55.0542 2868 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
05:23:55.0558 2868 sisagp - ok
05:23:55.0574 2868 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
05:23:55.0589 2868 SiSRaid2 - ok
05:23:55.0620 2868 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
05:23:55.0620 2868 SiSRaid4 - ok
05:23:55.0683 2868 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
05:23:55.0714 2868 SkypeUpdate - ok
05:23:55.0886 2868 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
05:23:56.0182 2868 slsvc - ok
05:23:56.0307 2868 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
05:23:56.0385 2868 SLUINotify - ok
05:23:56.0447 2868 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
05:23:56.0494 2868 Smb - ok
05:23:56.0556 2868 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
05:23:56.0572 2868 SNMPTRAP - ok
05:23:56.0603 2868 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
05:23:56.0619 2868 spldr - ok
05:23:56.0650 2868 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
05:23:56.0712 2868 Spooler - ok
05:23:56.0775 2868 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
05:23:56.0853 2868 srv - ok
05:23:56.0931 2868 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
05:23:56.0993 2868 srv2 - ok
05:23:57.0009 2868 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
05:23:57.0040 2868 srvnet - ok
05:23:57.0071 2868 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\Windows\system32\DRIVERS\sscdbus.sys
05:23:57.0102 2868 sscdbus - ok
05:23:57.0134 2868 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\Windows\system32\DRIVERS\sscdmdfl.sys
05:23:57.0180 2868 sscdmdfl - ok
05:23:57.0212 2868 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\Windows\system32\DRIVERS\sscdmdm.sys
05:23:57.0243 2868 sscdmdm - ok
05:23:57.0274 2868 sscdserd (9fa66e361a99f8920c7609bae6814a0e) C:\Windows\system32\DRIVERS\sscdserd.sys
05:23:57.0305 2868 sscdserd - ok
05:23:57.0336 2868 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
05:23:57.0383 2868 SSDPSRV - ok
05:23:57.0430 2868 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
05:23:57.0477 2868 SstpSvc - ok
05:23:57.0524 2868 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
05:23:57.0586 2868 stisvc - ok
05:23:57.0695 2868 stllssvr (a9a23c8af361f7a93fd632e91a8c346f) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
05:23:57.0711 2868 stllssvr - ok
05:23:57.0742 2868 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
05:23:57.0758 2868 swenum - ok
05:23:57.0804 2868 swmsflt (57bbaef27dc790160245b43eb6dcd576) C:\Windows\System32\drivers\swmsflt.sys
05:23:57.0804 2868 swmsflt - ok
05:23:57.0868 2868 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
05:23:57.0899 2868 swprv - ok
05:23:57.0946 2868 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
05:23:57.0961 2868 Symc8xx - ok
05:23:57.0977 2868 SymIMMP - ok
05:23:58.0008 2868 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
05:23:58.0024 2868 Sym_hi - ok
05:23:58.0039 2868 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
05:23:58.0055 2868 Sym_u3 - ok
05:23:58.0102 2868 SynTP (964524a9edcce945e82419abe9db94ee) C:\Windows\system32\DRIVERS\SynTP.sys
05:23:58.0133 2868 SynTP - ok
05:23:58.0180 2868 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
05:23:58.0242 2868 SysMain - ok
05:23:58.0273 2868 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
05:23:58.0289 2868 TabletInputService - ok
05:23:58.0336 2868 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
05:23:58.0398 2868 TapiSrv - ok
05:23:58.0429 2868 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
05:23:58.0476 2868 TBS - ok
05:23:58.0554 2868 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
05:23:58.0585 2868 Tcpip - ok
05:23:58.0601 2868 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
05:23:58.0648 2868 Tcpip6 - ok
05:23:58.0695 2868 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
05:23:58.0710 2868 tcpipreg - ok
05:23:58.0741 2868 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
05:23:58.0788 2868 TDPIPE - ok
05:23:58.0819 2868 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
05:23:58.0851 2868 TDTCP - ok
05:23:58.0883 2868 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
05:23:58.0898 2868 tdx - ok
05:23:58.0930 2868 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
05:23:58.0945 2868 TermDD - ok
05:23:58.0992 2868 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
05:23:59.0086 2868 TermService - ok
05:23:59.0148 2868 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
05:23:59.0164 2868 Themes - ok
05:23:59.0210 2868 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
05:23:59.0242 2868 THREADORDER - ok
05:23:59.0273 2868 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
05:23:59.0320 2868 TrkWks - ok
05:23:59.0382 2868 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
05:23:59.0413 2868 TrustedInstaller - ok
05:23:59.0444 2868 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
05:23:59.0491 2868 tssecsrv - ok
05:23:59.0522 2868 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
05:23:59.0538 2868 tunmp - ok
05:23:59.0585 2868 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
05:23:59.0616 2868 tunnel - ok
05:23:59.0663 2868 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
05:23:59.0678 2868 uagp35 - ok
05:23:59.0725 2868 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
05:23:59.0756 2868 udfs - ok
05:23:59.0788 2868 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
05:23:59.0834 2868 UI0Detect - ok
05:23:59.0850 2868 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
05:23:59.0866 2868 uliagpkx - ok
05:23:59.0881 2868 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
05:23:59.0912 2868 uliahci - ok
05:23:59.0928 2868 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
05:23:59.0944 2868 UlSata - ok
05:23:59.0975 2868 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
05:23:59.0990 2868 ulsata2 - ok
05:24:00.0022 2868 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
05:24:00.0068 2868 umbus - ok
05:24:00.0115 2868 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
05:24:00.0162 2868 upnphost - ok
05:24:00.0209 2868 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
05:24:00.0240 2868 USBAAPL - ok
05:24:00.0287 2868 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
05:24:00.0318 2868 usbaudio - ok
05:24:00.0349 2868 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
05:24:00.0380 2868 usbccgp - ok
05:24:00.0427 2868 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
05:24:00.0490 2868 usbcir - ok
05:24:00.0521 2868 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
05:24:00.0552 2868 usbehci - ok
05:24:00.0583 2868 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
05:24:00.0630 2868 usbhub - ok
05:24:00.0677 2868 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
05:24:00.0692 2868 usbohci - ok
05:24:00.0724 2868 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
05:24:00.0770 2868 usbprint - ok
05:24:00.0833 2868 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
05:24:00.0848 2868 usbscan - ok
05:24:00.0880 2868 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
05:24:00.0926 2868 USBSTOR - ok
05:24:00.0958 2868 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
05:24:01.0036 2868 usbuhci - ok
05:24:01.0067 2868 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
05:24:01.0114 2868 usbvideo - ok
05:24:01.0145 2868 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
05:24:01.0192 2868 UxSms - ok
05:24:01.0223 2868 uzm2mjyx (d565ad44c6c4d934afad3ca4196b09aa) C:\Windows\system32\Drivers\uzm2mjyx.sys
05:24:01.0238 2868 uzm2mjyx ( UnsignedFile.Multi.Generic ) - warning
05:24:01.0238 2868 uzm2mjyx - detected UnsignedFile.Multi.Generic (1)
05:24:01.0254 2868 vdm2mjyx - ok
05:24:01.0301 2868 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
05:24:01.0394 2868 vds - ok
05:24:01.0472 2868 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
05:24:01.0566 2868 vga - ok
05:24:01.0597 2868 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
05:24:01.0644 2868 VgaSave - ok
05:24:01.0660 2868 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
05:24:01.0675 2868 viaagp - ok
05:24:01.0691 2868 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
05:24:01.0753 2868 ViaC7 - ok
05:24:01.0784 2868 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
05:24:01.0784 2868 viaide - ok
05:24:01.0816 2868 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
05:24:01.0847 2868 volmgr - ok
05:24:01.0878 2868 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
05:24:01.0925 2868 volmgrx - ok
05:24:01.0956 2868 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
05:24:01.0987 2868 volsnap - ok
05:24:02.0018 2868 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
05:24:02.0034 2868 vsmraid - ok
05:24:02.0112 2868 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
05:24:02.0299 2868 VSS - ok
05:24:02.0408 2868 VX1000 (2fbf9e882fc28a315a86aa1f831c144e) C:\Windows\system32\DRIVERS\VX1000.sys
05:24:02.0642 2868 VX1000 - ok
05:24:02.0767 2868 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
05:24:02.0845 2868 W32Time - ok
05:24:02.0923 2868 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
05:24:03.0001 2868 WacomPen - ok
05:24:03.0048 2868 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
05:24:03.0079 2868 Wanarp - ok
05:24:03.0095 2868 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
05:24:03.0110 2868 Wanarpv6 - ok
05:24:03.0157 2868 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
05:24:03.0204 2868 wcncsvc - ok
05:24:03.0251 2868 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
05:24:03.0313 2868 WcsPlugInService - ok
05:24:03.0360 2868 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
05:24:03.0391 2868 Wd - ok
05:24:03.0438 2868 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
05:24:03.0485 2868 Wdf01000 - ok
05:24:03.0500 2868 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
05:24:03.0563 2868 WdiServiceHost - ok
05:24:03.0563 2868 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
05:24:03.0594 2868 WdiSystemHost - ok
05:24:03.0625 2868 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
05:24:03.0688 2868 WebClient - ok
05:24:03.0719 2868 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
05:24:03.0750 2868 Wecsvc - ok
05:24:03.0781 2868 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
05:24:03.0828 2868 wercplsupport - ok
05:24:03.0859 2868 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
05:24:03.0922 2868 WerSvc - ok
05:24:04.0000 2868 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
05:24:04.0124 2868 winachsf - ok
05:24:04.0218 2868 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
05:24:04.0265 2868 WinDefend - ok
05:24:04.0280 2868 WinHttpAutoProxySvc - ok
05:24:04.0343 2868 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
05:24:04.0390 2868 Winmgmt - ok
05:24:04.0452 2868 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
05:24:04.0546 2868 WinRM - ok
05:24:04.0670 2868 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
05:24:04.0795 2868 Wlansvc - ok
05:24:04.0998 2868 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
05:24:05.0294 2868 wlidsvc - ok
05:24:05.0419 2868 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
05:24:05.0450 2868 WmiAcpi - ok
05:24:05.0513 2868 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
05:24:05.0544 2868 wmiApSrv - ok
05:24:05.0653 2868 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
05:24:05.0809 2868 WMPNetworkSvc - ok
05:24:05.0840 2868 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
05:24:05.0872 2868 WPCSvc - ok
05:24:05.0903 2868 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
05:24:05.0950 2868 WPDBusEnum - ok
05:24:06.0012 2868 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
05:24:06.0043 2868 WpdUsb - ok
05:24:06.0184 2868 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
05:24:06.0246 2868 WPFFontCache_v0400 - ok
05:24:06.0308 2868 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
05:24:06.0340 2868 ws2ifsl - ok
05:24:06.0386 2868 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
05:24:06.0418 2868 wscsvc - ok
05:24:06.0418 2868 WSearch - ok
05:24:06.0527 2868 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
05:24:06.0948 2868 wuauserv - ok
05:24:07.0120 2868 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
05:24:07.0213 2868 WUDFRd - ok
05:24:07.0244 2868 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
05:24:07.0322 2868 wudfsvc - ok
05:24:07.0338 2868 XAudio (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys
05:24:07.0369 2868 XAudio - ok
05:24:07.0400 2868 XAudioService (cda0bc78672b50c43649ff34e1fd0ff8) C:\Windows\system32\DRIVERS\xaudio.exe
05:24:07.0478 2868 XAudioService - ok
05:24:07.0619 2868 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
05:24:07.0650 2868 YahooAUService - ok
05:24:07.0681 2868 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
05:24:07.0744 2868 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
05:24:07.0744 2868 \Device\Harddisk0\DR0 - detected TDSS File System (1)
05:24:07.0900 2868 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
05:24:07.0946 2868 \Device\Harddisk1\DR1 - ok
05:24:07.0962 2868 Boot (0x1200) (43a2ce2abb8b1962966abef13ed47315) \Device\Harddisk0\DR0\Partition0
05:24:07.0962 2868 \Device\Harddisk0\DR0\Partition0 - ok
05:24:07.0962 2868 Boot (0x1200) (c4e277d4370c6295b4e5b070568de19f) \Device\Harddisk0\DR0\Partition1
05:24:07.0962 2868 \Device\Harddisk0\DR0\Partition1 - ok
05:24:07.0978 2868 Boot (0x1200) (00b186f81e4b527b18493107e35aaaad) \Device\Harddisk1\DR1\Partition0
05:24:07.0978 2868 \Device\Harddisk1\DR1\Partition0 - ok
05:24:07.0978 2868 ============================================================
05:24:07.0978 2868 Scan finished
05:24:07.0978 2868 ============================================================
05:24:08.0009 0172 Detected object count: 17
05:24:08.0009 0172 Actual detected object count: 17
05:24:27.0899 0172 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
05:24:27.0899 0172 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:24:27.0899 0172 atapi ( UnsignedFile.Multi.Generic ) - skipped by user
05:24:27.0899 0172 atapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:24:27.0899 0172 Com4Qlb ( UnsignedFile.Multi.Generic ) - skipped by user
05:24:27.0899 0172 Com4Qlb ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:24:27.0899 0172 FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - skipped by user
05:24:27.0899 0172 FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:24:27.0899 0172 FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - skipped by user
05:24:27.0899 0172 FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:24:27.0899 0172 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
05:24:27.0899 0172 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:24:27.0914 0172 FlipShareServer ( UnsignedFile.Multi.Generic ) - skipped by user
05:24:27.0914 0172 FlipShareServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:24:27.0914 0172 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
05:24:27.0914 0172 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:24:27.0914 0172 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
05:24:27.0930 0172 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:24:27.0930 0172 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
05:24:27.0930 0172 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:24:27.0946 0172 hpqwmiex ( UnsignedFile.Multi.Generic ) - skipped by user
05:24:27.0946 0172 hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:24:27.0946 0172 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
05:24:27.0946 0172 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:24:27.0961 0172 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
05:24:27.0961 0172 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:24:27.0961 0172 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
05:24:27.0961 0172 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:24:27.0961 0172 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - skipped by user
05:24:27.0961 0172 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:24:27.0961 0172 uzm2mjyx ( UnsignedFile.Multi.Generic ) - skipped by user
05:24:27.0961 0172 uzm2mjyx ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:24:27.0977 0172 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
05:24:27.0977 0172 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
05:24:39.0895 2368 Deinitialize success
thank you
  • 0

#4
maliprog
Posted 15 May 2012 - 03:56 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
We need to disable malware processes on your system first

  • Download TheKiller to your Desktop
  • Note that TheKiller is renamed as explorer.exe
  • Run it by double click (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Press OK button after program finish
  • Do not restart your system after this step
NOTE: If malware blocks TheKiller from running please try to run it several more times

Now try to run OTL fix and scan.
  • 0

#5
chosen072
Posted 15 May 2012 - 04:19 AM

chosen072

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
I ran The Killer a few times and it left the message all done
I did not restart my system
but OTL is not opening up
  • 0

#6
maliprog
Posted 15 May 2012 - 04:26 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Let's try these steps.

Step 1

Run TDSSKiller one more time.
After the scan select Delete option for \Device\Harddisk0\DR0 ( TDSS File System )
Post log after the scan as you did last time.

Step 2

Download Combofix from the link below but rename it to svchost.exe before saving it to your desktop. To do this you must right click on link and choose Save as... . Now enter svchost.exe for the name and save it to your desktop.


Combofix

==================================


Double click on the renamed ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#7
chosen072
Posted 15 May 2012 - 05:20 AM

chosen072

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Combofix Log
ComboFix 12-05-15.03 - Chosen072 05/15/2012 6:49.6.2 - x86
Running from: c:\users\Chosen072\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Chosen072\AppData\Roaming\D7F7BB
c:\users\Chosen072\AppData\Roaming\pic08.exe
c:\windows\$NtUninstallKB55429$
c:\windows\$NtUninstallKB55429$\2361873474\L\qnbwvoto
c:\windows\Fonts\eurostile.ttf
.
.
((((((((((((((((((((((((( Files Created from 2012-04-15 to 2012-05-15 )))))))))))))))))))))))))))))))
.
.
2012-05-15 11:01 . 2012-05-15 11:11 -------- d-----w- c:\users\Chosen072\AppData\Local\temp
2012-05-15 11:01 . 2012-05-15 11:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-15 11:01 . 2012-05-15 11:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-15 11:01 . 2012-05-15 11:01 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-05-15 11:01 . 2012-05-15 11:01 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-05-15 07:57 . 2012-04-18 07:06 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3EB007F-D67F-4CFD-A2CF-3592D3CC3897}\mpengine.dll
2012-05-14 22:58 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-14 22:04 . 2012-05-14 22:04 -------- d-----w- c:\windows\system32\config\systemprofile\DoctorWeb
2012-05-14 21:43 . 2012-05-15 10:31 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-14 20:53 . 2012-05-14 23:06 -------- d-----w- c:\programdata\F4D562B6006C2C790023F9D02830AD02
2012-05-14 18:55 . 2012-05-14 18:55 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-05-14 18:42 . 2012-05-14 23:06 -------- d-----w- c:\programdata\F4D562B6006C2C790023F9D0570F1C8B
2012-05-13 23:24 . 2012-05-15 10:04 -------- d-----r- c:\users\Chosen072\Dropbox
2012-05-13 23:20 . 2012-05-13 23:20 -------- d-----w- c:\program files\Dropbox
2012-05-13 23:16 . 2012-05-15 10:04 -------- d-----w- c:\users\Chosen072\AppData\Roaming\Dropbox
2012-05-13 13:12 . 2012-05-13 13:12 -------- d-----w- c:\users\Chosen072\AppData\Roaming\Flip Video
2012-05-13 13:11 . 2012-05-13 13:11 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Flip Video
2012-05-13 13:10 . 2012-05-13 13:11 -------- d-----w- c:\programdata\Flip Video
2012-05-13 13:10 . 2012-05-13 13:10 -------- d-----w- c:\program files\Flip Video
2012-05-10 22:38 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 22:38 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 22:38 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 09:43 . 2012-05-10 09:43 -------- d-----w- c:\users\Chosen072\AppData\Roaming\Yahoo!
2012-05-08 16:09 . 2012-05-08 16:09 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-18 19:34 . 2012-04-18 19:34 -------- d-----w- c:\users\Chosen072\AppData\Roaming\Downloaded Installations
2012-04-15 17:02 . 2012-05-12 05:49 -------- d-----w- c:\users\Chosen072\AppData\Roaming\SecondLife
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-14 21:45 . 2009-09-17 20:57 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-05-14 18:42 . 2012-04-12 12:11 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-14 18:42 . 2012-02-21 13:38 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-29 15:11 . 2012-04-12 13:17 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-12 13:17 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-12 13:17 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-12 13:17 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18 . 2012-04-12 13:18 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 13:18 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 13:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 13:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 14:18 . 2009-11-13 20:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 14:27 . 2012-02-15 14:27 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-15 14:27 . 2012-02-15 14:27 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-15 14:27 . 2012-02-15 14:27 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-15 14:27 . 2012-02-15 14:27 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-15 14:27 . 2012-02-15 14:27 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-15 14:27 . 2012-02-15 14:27 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-15 14:27 . 2012-02-15 14:27 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-15 14:27 . 2012-02-15 14:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-15 14:27 . 2012-02-15 14:27 367104 ----a-w- c:\windows\system32\html.iec
2012-02-15 14:27 . 2012-02-15 14:27 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-15 14:27 . 2012-02-15 14:27 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-15 14:27 . 2012-02-15 14:27 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-15 14:27 . 2012-02-15 14:27 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-15 14:27 . 2012-02-15 14:27 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-15 14:27 . 2012-02-15 14:27 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-15 14:27 . 2012-02-15 14:27 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-15 14:27 . 2012-02-15 14:27 101888 ----a-w- c:\windows\system32\admparse.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Chosen072\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Chosen072\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Chosen072\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Chosen072\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2012-02-01 2918224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"VX1000"="c:\windows\vVX1000.exe" [2009-06-26 757248]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
.
c:\users\Chosen072\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Chosen072\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-4 27087944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Chosen072^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Chosen072\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-12 23:45 323392 ----a-w- c:\users\Chosen072\Program Files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 23:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 12:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 02:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-03-20 22:23 1773568 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-06-02 07:28 81920 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Connectivity Suite]
2009-11-19 20:19 598016 ----a-r- c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-20 00:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2009-06-26 21:21 757248 ----a-w- c:\windows\vVX1000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-18]
"EnableNotifications\\Ref"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-984307550-3928441585-2128114710-1000]
"EnableNotifications\\Ref"=dword:00000001
.
R1 6d4db;qgl6wo88sw.exe;c:\windows\system32\drivers\6d4db.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPNAT
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2012-02-15 14:27 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-984307550-3928441585-2128114710-1000Core.job
- c:\users\Chosen072\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-09 15:21]
.
2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-984307550-3928441585-2128114710-1000UA.job
- c:\users\Chosen072\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-09 15:21]
.
2012-05-13 c:\windows\Tasks\HPCeeScheduleForChosen072.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-08-05 21:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Chosen072\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Chosen072\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Spotify - c:\users\Chosen072\AppData\Roaming\Spotify\Spotify.exe
SafeBoot-41754078.sys
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-15 07:12
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-984307550-3928441585-2128114710-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{512A992F-A1BF-36D1-4C52-BD7F0433CA4E}*]
@Allowed: (Read) (RestrictedCode)
"iaecppoehmngfgflmk"=hex:6a,61,70,6f,67,62,64,70,6c,70,6c,61,69,66,6d,69,68,6c,
65,63,00,01
"haocbfiibadpimme"=hex:6a,61,61,70,64,62,65,67,62,65,64,6d,67,62,6e,64,69,61,
62,70,00,00
"iaabmnigpaidbaohmg"=hex:63,61,70,6f,6e,63,00,7f
"dbgpfjcmemlpokccjckiiekhdiiobhpcdffjmmgj"=hex:68,61,68,6d,6f,67,6e,61,68,66,
66,6f,6d,63,65,6b,00,00
"jbgpfjcmemlpokccjckibchmoankajkmgepdkcjlpghkddjnnfbg"=hex:68,61,68,6d,6f,67,
6e,61,68,66,66,6f,6d,63,65,6b,00,00
"dbgpfjcmemlpokccjckidcljpgkigbepdpppclmc"=hex:69,62,6f,69,66,6f,6c,67,62,6e,
65,64,6a,70,65,65,61,62,6a,70,62,61,67,6e,70,6c,64,68,6c,61,64,68,6b,68,64,\
"dbcponffomcdafmplfilhmiglbjaiodppbdjjdkk"=hex:6a,62,65,63,6e,65,6b,6c,6e,67,
6d,64,64,64,63,6e,6d,6b,6a,6e,6b,6b,67,68,6d,70,69,6f,69,6a,6b,6a,64,66,65,\
"jbcponffomcdafmplfilinmegihealmodihlbbgmnaablbkgojdi"=hex:6f,61,66,70,69,6a,
6b,64,6e,6a,68,6f,6c,69,6f,6c,68,6f,62,66,6d,6f,67,69,6c,68,65,6b,64,6d,00,\
"dbcponffomcdafmplfilonhfnadehdokeaklgemo"=hex:6f,62,6f,69,6f,6c,63,65,6c,68,
63,66,66,62,69,6b,65,6c,69,63,61,61,6a,61,66,6a,6b,68,6d,66,68,6c,64,62,6d,\
.
[HKEY_USERS\S-1-5-21-984307550-3928441585-2128114710-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CB4D22C0-3DD0-5EAD-8C01-4DF0047865E2}*]
"hadbnnbaembamogc"=hex:6a,61,6e,69,63,66,6c,6b,68,70,6a,64,67,6c,6e,6b,62,63,
6a,69,00,08
"iancnccpealbhjjdmm"=hex:62,61,68,69,00,d0
"iabckeglkehadibmhm"=hex:6a,61,6e,69,67,64,70,6c,6b,63,63,67,65,6d,6d,67,6c,6b,
61,6c,00,01
"dblihlkjhphgppedgoeedmpjnhbcahaailjfopio"=hex:68,61,61,64,70,68,62,69,6a,6e,
63,64,6d,6a,6a,6e,00,05
"jblihlkjhphgppedgoeeclfgnaofdlkhbjepokaogkdncnnfgkmf"=hex:68,61,61,64,70,68,
62,69,6a,6e,63,64,6d,6a,6a,6e,00,05
"dblihlkjhphgppedgoeeemecncgjhpceeleghimj"=hex:6a,61,64,70,69,70,67,68,6d,6b,
64,6d,61,69,66,61,6a,69,69,6e,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4076)
c:\users\Chosen072\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Firebird\Firebird_2_5\bin\fbguard.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Firebird\Firebird_2_5\bin\fbserver.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-05-15 07:17:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-15 11:17
.
Pre-Run: 37,065,121,792 bytes free
Post-Run: 36,933,062,656 bytes free
.
- - End Of File - - 5776D2D54A516758E3512A1A16ABFE69
  • 0

#8
chosen072
Posted 15 May 2012 - 05:22 AM

chosen072

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Here is the TDSS Log

06:29:41.0763 4004 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
06:29:42.0121 4004 ============================================================
06:29:42.0121 4004 Current date / time: 2012/05/15 06:29:42.0121
06:29:42.0121 4004 SystemInfo:
06:29:42.0121 4004
06:29:42.0121 4004 OS Version: 6.0.6002 ServicePack: 2.0
06:29:42.0121 4004 Product type: Workstation
06:29:42.0121 4004 ComputerName: ROBINS-LT
06:29:42.0121 4004 UserName: Chosen072
06:29:42.0121 4004 Windows directory: C:\Windows
06:29:42.0121 4004 System windows directory: C:\Windows
06:29:42.0121 4004 Processor architecture: Intel x86
06:29:42.0121 4004 Number of processors: 2
06:29:42.0121 4004 Page size: 0x1000
06:29:42.0121 4004 Boot type: Normal boot
06:29:42.0121 4004 ============================================================
06:29:43.0677 4004 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
06:29:45.0532 4004 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
06:29:45.0538 4004 ============================================================
06:29:45.0538 4004 \Device\Harddisk0\DR0:
06:29:45.0617 4004 MBR partitions:
06:29:45.0617 4004 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xCEC0FB8
06:29:45.0617 4004 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xCEC0FF7, BlocksNum 0x10D27CA
06:29:45.0617 4004 \Device\Harddisk1\DR1:
06:29:45.0633 4004 MBR partitions:
06:29:45.0633 4004 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
06:29:45.0633 4004 ============================================================
06:29:45.0664 4004 C: <-> \Device\Harddisk0\DR0\Partition0
06:29:45.0695 4004 D: <-> \Device\Harddisk1\DR1\Partition0
06:29:45.0726 4004 E: <-> \Device\Harddisk0\DR0\Partition1
06:29:45.0726 4004 ============================================================
06:29:45.0726 4004 Initialize success
06:29:45.0726 4004 ============================================================
06:30:05.0242 3916 ============================================================
06:30:05.0242 3916 Scan started
06:30:05.0242 3916 Mode: Manual; TDLFS;
06:30:05.0242 3916 ============================================================
06:30:06.0162 3916 6d4db - ok
06:30:06.0240 3916 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
06:30:06.0240 3916 ACPI - ok
06:30:06.0318 3916 Adobe LM Service (4ae327c9c375d985ff2a2aab92765218) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
06:30:06.0318 3916 Adobe LM Service - ok
06:30:06.0381 3916 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
06:30:06.0381 3916 adp94xx - ok
06:30:06.0428 3916 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
06:30:06.0428 3916 adpahci - ok
06:30:06.0443 3916 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
06:30:06.0459 3916 adpu160m - ok
06:30:06.0474 3916 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
06:30:06.0474 3916 adpu320 - ok
06:30:06.0521 3916 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
06:30:06.0521 3916 AeLookupSvc - ok
06:30:06.0599 3916 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
06:30:06.0615 3916 AFD - ok
06:30:06.0693 3916 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
06:30:06.0693 3916 agp440 - ok
06:30:06.0740 3916 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
06:30:06.0740 3916 aic78xx - ok
06:30:06.0755 3916 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
06:30:06.0755 3916 ALG - ok
06:30:06.0802 3916 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
06:30:06.0802 3916 aliide - ok
06:30:06.0849 3916 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
06:30:06.0849 3916 amdagp - ok
06:30:06.0880 3916 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
06:30:06.0880 3916 amdide - ok
06:30:06.0911 3916 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
06:30:06.0911 3916 AmdK7 - ok
06:30:07.0083 3916 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
06:30:07.0083 3916 AmdK8 - ok
06:30:07.0130 3916 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
06:30:07.0130 3916 Appinfo - ok
06:30:07.0239 3916 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
06:30:07.0239 3916 Apple Mobile Device - ok
06:30:07.0301 3916 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
06:30:07.0301 3916 arc - ok
06:30:07.0332 3916 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
06:30:07.0332 3916 arcsas - ok
06:30:07.0379 3916 aswMonFlt (e2851cb7dbb831888eaea46c55c05e44) C:\Windows\system32\DRIVERS\aswMonFlt.sys
06:30:07.0379 3916 aswMonFlt - ok
06:30:07.0426 3916 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
06:30:07.0426 3916 AsyncMac - ok
06:30:07.0457 3916 atapi (ce6a86407b416847e53a6d9c25a8860b) C:\Windows\system32\Drivers\tsk_atapi.sys
06:30:07.0457 3916 atapi - ok
06:30:07.0520 3916 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
06:30:07.0520 3916 AudioEndpointBuilder - ok
06:30:07.0535 3916 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
06:30:07.0535 3916 Audiosrv - ok
06:30:07.0613 3916 BCM43XV (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys
06:30:07.0629 3916 BCM43XV - ok
06:30:07.0660 3916 BCM43XX (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys
06:30:07.0676 3916 BCM43XX - ok
06:30:07.0816 3916 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
06:30:07.0816 3916 Beep - ok
06:30:07.0910 3916 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
06:30:07.0925 3916 BITS - ok
06:30:07.0925 3916 blbdrive - ok
06:30:08.0034 3916 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
06:30:08.0050 3916 Bonjour Service - ok
06:30:08.0097 3916 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
06:30:08.0097 3916 bowser - ok
06:30:08.0144 3916 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
06:30:08.0144 3916 BrFiltLo - ok
06:30:08.0175 3916 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
06:30:08.0175 3916 BrFiltUp - ok
06:30:08.0206 3916 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
06:30:08.0206 3916 Browser - ok
06:30:08.0253 3916 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
06:30:08.0253 3916 Brserid - ok
06:30:08.0268 3916 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
06:30:08.0268 3916 BrSerWdm - ok
06:30:08.0300 3916 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
06:30:08.0300 3916 BrUsbMdm - ok
06:30:08.0315 3916 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
06:30:08.0315 3916 BrUsbSer - ok
06:30:08.0362 3916 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
06:30:08.0362 3916 BthEnum - ok
06:30:08.0393 3916 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
06:30:08.0393 3916 BTHMODEM - ok
06:30:08.0424 3916 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
06:30:08.0424 3916 BthPan - ok
06:30:08.0487 3916 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
06:30:08.0502 3916 BTHPORT - ok
06:30:08.0534 3916 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
06:30:08.0534 3916 BthServ - ok
06:30:08.0565 3916 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
06:30:08.0565 3916 BTHUSB - ok
06:30:08.0627 3916 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
06:30:08.0627 3916 cdfs - ok
06:30:08.0690 3916 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
06:30:08.0690 3916 cdrom - ok
06:30:08.0721 3916 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
06:30:08.0721 3916 CertPropSvc - ok
06:30:08.0752 3916 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
06:30:08.0752 3916 circlass - ok
06:30:08.0799 3916 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
06:30:08.0799 3916 CLFS - ok
06:30:08.0877 3916 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:30:08.0877 3916 clr_optimization_v2.0.50727_32 - ok
06:30:08.0939 3916 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:30:08.0939 3916 clr_optimization_v4.0.30319_32 - ok
06:30:08.0986 3916 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
06:30:08.0986 3916 CmBatt - ok
06:30:09.0002 3916 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
06:30:09.0002 3916 cmdide - ok
06:30:09.0048 3916 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
06:30:09.0048 3916 CnxtHdAudService - ok
06:30:09.0173 3916 Com4Qlb (a5aaa656403e5e7afa9647ce73dbf944) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
06:30:09.0173 3916 Com4Qlb - ok
06:30:09.0204 3916 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
06:30:09.0204 3916 Compbatt - ok
06:30:09.0204 3916 COMSysApp - ok
06:30:09.0251 3916 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
06:30:09.0251 3916 crcdisk - ok
06:30:09.0282 3916 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
06:30:09.0282 3916 Crusoe - ok
06:30:09.0329 3916 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
06:30:09.0329 3916 CryptSvc - ok
06:30:09.0392 3916 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
06:30:09.0392 3916 DcomLaunch - ok
06:30:09.0454 3916 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
06:30:09.0454 3916 DfsC - ok
06:30:09.0579 3916 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
06:30:09.0610 3916 DFSR - ok
06:30:09.0735 3916 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
06:30:09.0750 3916 Dhcp - ok
06:30:09.0828 3916 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
06:30:09.0844 3916 disk - ok
06:30:09.0906 3916 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
06:30:09.0906 3916 Dnscache - ok
06:30:09.0953 3916 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
06:30:09.0969 3916 dot3svc - ok
06:30:10.0016 3916 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
06:30:10.0016 3916 Dot4 - ok
06:30:10.0031 3916 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
06:30:10.0031 3916 Dot4Print - ok
06:30:10.0062 3916 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
06:30:10.0062 3916 dot4usb - ok
06:30:10.0094 3916 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
06:30:10.0109 3916 DPS - ok
06:30:10.0140 3916 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
06:30:10.0156 3916 drmkaud - ok
06:30:10.0218 3916 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
06:30:10.0234 3916 DXGKrnl - ok
06:30:10.0281 3916 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
06:30:10.0281 3916 E100B - ok
06:30:10.0328 3916 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
06:30:10.0328 3916 E1G60 - ok
06:30:10.0359 3916 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
06:30:10.0359 3916 eabfiltr - ok
06:30:10.0390 3916 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
06:30:10.0390 3916 EapHost - ok
06:30:10.0452 3916 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
06:30:10.0452 3916 Ecache - ok
06:30:10.0515 3916 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
06:30:10.0515 3916 ehRecvr - ok
06:30:10.0546 3916 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
06:30:10.0562 3916 ehSched - ok
06:30:10.0577 3916 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
06:30:10.0577 3916 ehstart - ok
06:30:10.0624 3916 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
06:30:10.0624 3916 elxstor - ok
06:30:10.0686 3916 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
06:30:10.0702 3916 EMDMgmt - ok
06:30:10.0749 3916 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
06:30:10.0749 3916 EventSystem - ok
06:30:10.0796 3916 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
06:30:10.0811 3916 exfat - ok
06:30:10.0842 3916 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
06:30:10.0858 3916 fastfat - ok
06:30:10.0905 3916 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
06:30:10.0905 3916 fdc - ok
06:30:10.0920 3916 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
06:30:10.0936 3916 fdPHost - ok
06:30:10.0967 3916 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
06:30:10.0967 3916 FDResPub - ok
06:30:10.0998 3916 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
06:30:10.0998 3916 FileInfo - ok
06:30:11.0031 3916 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
06:30:11.0031 3916 Filetrace - ok
06:30:11.0124 3916 FirebirdGuardianDefaultInstance (1a18ebd87aa9fbf6efe8cfada08d0275) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
06:30:11.0124 3916 FirebirdGuardianDefaultInstance - ok
06:30:11.0265 3916 FirebirdServerDefaultInstance (53c740150c082aaf3c7d21c1d6a9ff98) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
06:30:11.0389 3916 FirebirdServerDefaultInstance - ok
06:30:11.0467 3916 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
06:30:11.0483 3916 FLEXnet Licensing Service - ok
06:30:11.0545 3916 FlipShare Service (869bde240b7fe9c7b25bd80df85641c8) C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
06:30:11.0561 3916 FlipShare Service - ok
06:30:11.0639 3916 FlipShareServer (9c330b7ddee9492373041e75da01f80c) C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
06:30:11.0655 3916 FlipShareServer - ok
06:30:11.0795 3916 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
06:30:11.0795 3916 flpydisk - ok
06:30:11.0826 3916 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
06:30:11.0826 3916 FltMgr - ok
06:30:11.0935 3916 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
06:30:11.0951 3916 FontCache - ok
06:30:11.0998 3916 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
06:30:11.0998 3916 FontCache3.0.0.0 - ok
06:30:12.0045 3916 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
06:30:12.0045 3916 fssfltr - ok
06:30:12.0201 3916 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
06:30:12.0279 3916 fsssvc - ok
06:30:12.0450 3916 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
06:30:12.0450 3916 Fs_Rec - ok
06:30:12.0497 3916 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
06:30:12.0497 3916 gagp30kx - ok
06:30:12.0575 3916 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
06:30:12.0591 3916 gpsvc - ok
06:30:12.0637 3916 GTUHSBUS (d55a64f36b429665b351133f4e1eefe5) C:\Windows\system32\DRIVERS\gtuhsbus.sys
06:30:12.0637 3916 GTUHSBUS - ok
06:30:12.0669 3916 GTUHSNDISIPXP (551b0b6b5d3b35526d7153ed0ad03001) C:\Windows\system32\DRIVERS\gtuhs51.sys
06:30:12.0669 3916 GTUHSNDISIPXP - ok
06:30:12.0715 3916 GTUHSSER (b97cad5584370cba9840f22b14d7f14c) C:\Windows\system32\DRIVERS\gtuhsser.sys
06:30:12.0715 3916 GTUHSSER - ok
06:30:12.0809 3916 gusvc (1bf044e23206fddc16891a32922d571b) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
06:30:12.0825 3916 gusvc - ok
06:30:12.0856 3916 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
06:30:12.0856 3916 HBtnKey - ok
06:30:12.0887 3916 HdAudAddService (a08f4808fb19a40792a6056848187afe) C:\Windows\system32\drivers\CHDART.sys
06:30:12.0887 3916 HdAudAddService - ok
06:30:12.0949 3916 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
06:30:12.0949 3916 HDAudBus - ok
06:30:12.0981 3916 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
06:30:12.0981 3916 HidBth - ok
06:30:12.0996 3916 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
06:30:12.0996 3916 HidIr - ok
06:30:13.0027 3916 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
06:30:13.0027 3916 hidserv - ok
06:30:13.0074 3916 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
06:30:13.0074 3916 HidUsb - ok
06:30:13.0105 3916 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
06:30:13.0105 3916 hkmsvc - ok
06:30:13.0215 3916 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
06:30:13.0230 3916 HP Health Check Service - ok
06:30:13.0261 3916 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
06:30:13.0261 3916 HpCISSs - ok
06:30:13.0339 3916 hpqcxs08 (ed377b3c83fdea8d906109a085d219ba) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
06:30:13.0339 3916 hpqcxs08 - ok
06:30:13.0386 3916 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
06:30:13.0386 3916 hpqddsvc - ok
06:30:13.0417 3916 hpqwmiex (04c1dcbb226c6ae647b794833ce3ceb6) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
06:30:13.0433 3916 hpqwmiex - ok
06:30:13.0480 3916 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
06:30:13.0495 3916 HSFHWAZL - ok
06:30:13.0558 3916 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
06:30:13.0558 3916 HSF_DPV - ok
06:30:13.0589 3916 HSXHWAZL (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
06:30:13.0605 3916 HSXHWAZL - ok
06:30:13.0651 3916 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys
06:30:13.0651 3916 HTCAND32 - ok
06:30:13.0698 3916 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
06:30:13.0698 3916 HTTP - ok
06:30:13.0729 3916 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
06:30:13.0729 3916 i2omp - ok
06:30:13.0776 3916 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
06:30:13.0776 3916 i8042prt - ok
06:30:13.0870 3916 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
06:30:13.0885 3916 ialm - ok
06:30:14.0010 3916 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
06:30:14.0010 3916 iaStorV - ok
06:30:14.0119 3916 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
06:30:14.0135 3916 IDriverT - ok
06:30:14.0229 3916 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:30:14.0260 3916 idsvc - ok
06:30:14.0369 3916 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
06:30:14.0369 3916 iirsp - ok
06:30:14.0416 3916 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
06:30:14.0416 3916 IKEEXT - ok
06:30:14.0447 3916 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
06:30:14.0447 3916 intelide - ok
06:30:14.0494 3916 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
06:30:14.0494 3916 intelppm - ok
06:30:14.0525 3916 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
06:30:14.0525 3916 IPBusEnum - ok
06:30:14.0587 3916 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:30:14.0587 3916 IpFilterDriver - ok
06:30:14.0634 3916 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
06:30:14.0634 3916 iphlpsvc - ok
06:30:14.0650 3916 IpInIp - ok
06:30:14.0681 3916 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
06:30:14.0681 3916 IPMIDRV - ok
06:30:14.0728 3916 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
06:30:14.0728 3916 IPNAT - ok
06:30:14.0759 3916 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
06:30:14.0759 3916 IRENUM - ok
06:30:14.0790 3916 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
06:30:14.0806 3916 isapnp - ok
06:30:14.0868 3916 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
06:30:14.0868 3916 iScsiPrt - ok
06:30:14.0884 3916 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
06:30:14.0884 3916 iteatapi - ok
06:30:14.0915 3916 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
06:30:14.0915 3916 iteraid - ok
06:30:14.0962 3916 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
06:30:14.0962 3916 kbdclass - ok
06:30:14.0977 3916 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
06:30:14.0977 3916 kbdhid - ok
06:30:15.0024 3916 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
06:30:15.0024 3916 KeyIso - ok
06:30:15.0087 3916 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
06:30:15.0102 3916 KSecDD - ok
06:30:15.0149 3916 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
06:30:15.0149 3916 KtmRm - ok
06:30:15.0180 3916 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
06:30:15.0180 3916 LanmanServer - ok
06:30:15.0227 3916 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
06:30:15.0227 3916 LanmanWorkstation - ok
06:30:15.0336 3916 LightScribeService (31d8b705dcd5f2366186e731f87c7a71) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
06:30:15.0336 3916 LightScribeService - ok
06:30:15.0414 3916 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
06:30:15.0414 3916 lltdio - ok
06:30:15.0461 3916 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
06:30:15.0477 3916 lltdsvc - ok
06:30:15.0508 3916 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
06:30:15.0508 3916 lmhosts - ok
06:30:15.0555 3916 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
06:30:15.0555 3916 LSI_FC - ok
06:30:15.0570 3916 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
06:30:15.0586 3916 LSI_SAS - ok
06:30:15.0617 3916 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
06:30:15.0617 3916 LSI_SCSI - ok
06:30:15.0648 3916 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
06:30:15.0648 3916 luafv - ok
06:30:15.0679 3916 MCSTRM - ok
06:30:15.0711 3916 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
06:30:15.0711 3916 Mcx2Svc - ok
06:30:15.0742 3916 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
06:30:15.0742 3916 mdmxsdk - ok
06:30:15.0757 3916 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
06:30:15.0757 3916 megasas - ok
06:30:15.0882 3916 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
06:30:15.0882 3916 Microsoft Office Groove Audit Service - ok
06:30:15.0945 3916 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
06:30:15.0945 3916 MMCSS - ok
06:30:15.0991 3916 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
06:30:15.0991 3916 Modem - ok
06:30:16.0023 3916 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
06:30:16.0023 3916 monitor - ok
06:30:16.0054 3916 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
06:30:16.0054 3916 mouclass - ok
06:30:16.0069 3916 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
06:30:16.0069 3916 mouhid - ok
06:30:16.0085 3916 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
06:30:16.0085 3916 MountMgr - ok
06:30:16.0101 3916 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
06:30:16.0101 3916 mpio - ok
06:30:16.0132 3916 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
06:30:16.0132 3916 mpsdrv - ok
06:30:16.0147 3916 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
06:30:16.0147 3916 Mraid35x - ok
06:30:16.0194 3916 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
06:30:16.0194 3916 MRxDAV - ok
06:30:16.0241 3916 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
06:30:16.0241 3916 mrxsmb - ok
06:30:16.0257 3916 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:30:16.0257 3916 mrxsmb10 - ok
06:30:16.0288 3916 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:30:16.0288 3916 mrxsmb20 - ok
06:30:16.0303 3916 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
06:30:16.0303 3916 msahci - ok
06:30:16.0381 3916 MSCamSvc (31e023681015c35ebfe1498b07813b87) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
06:30:16.0381 3916 MSCamSvc - ok
06:30:16.0397 3916 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
06:30:16.0397 3916 msdsm - ok
06:30:16.0444 3916 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
06:30:16.0444 3916 MSDTC - ok
06:30:16.0475 3916 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
06:30:16.0475 3916 Msfs - ok
06:30:16.0522 3916 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
06:30:16.0522 3916 msisadrv - ok
06:30:16.0553 3916 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
06:30:16.0553 3916 MSiSCSI - ok
06:30:16.0569 3916 msiserver - ok
06:30:16.0631 3916 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
06:30:16.0631 3916 MSKSSRV - ok
06:30:16.0647 3916 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
06:30:16.0647 3916 MSPCLOCK - ok
06:30:16.0678 3916 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
06:30:16.0678 3916 MSPQM - ok
06:30:16.0709 3916 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
06:30:16.0709 3916 MsRPC - ok
06:30:16.0740 3916 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
06:30:16.0740 3916 mssmbios - ok
06:30:16.0771 3916 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
06:30:16.0771 3916 MSTEE - ok
06:30:16.0787 3916 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
06:30:16.0787 3916 Mup - ok
06:30:16.0834 3916 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
06:30:16.0834 3916 napagent - ok
06:30:16.0896 3916 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
06:30:16.0896 3916 NativeWifiP - ok
06:30:16.0943 3916 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
06:30:16.0943 3916 NDIS - ok
06:30:16.0974 3916 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
06:30:16.0974 3916 NdisTapi - ok
06:30:16.0990 3916 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
06:30:16.0990 3916 Ndisuio - ok
06:30:17.0037 3916 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
06:30:17.0037 3916 NdisWan - ok
06:30:17.0068 3916 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
06:30:17.0068 3916 NDProxy - ok
06:30:17.0099 3916 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\Windows\system32\HPZinw12.dll
06:30:17.0115 3916 Net Driver HPZ12 - ok
06:30:17.0115 3916 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
06:30:17.0115 3916 NetBIOS - ok
06:30:17.0161 3916 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
06:30:17.0161 3916 netbt - ok
06:30:17.0208 3916 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
06:30:17.0208 3916 Netlogon - ok
06:30:17.0255 3916 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
06:30:17.0255 3916 Netman - ok
06:30:17.0302 3916 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
06:30:17.0302 3916 netprofm - ok
06:30:17.0395 3916 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:30:17.0411 3916 NetTcpPortSharing - ok
06:30:17.0442 3916 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
06:30:17.0442 3916 nfrd960 - ok
06:30:17.0473 3916 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
06:30:17.0473 3916 NlaSvc - ok
06:30:17.0505 3916 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
06:30:17.0505 3916 Npfs - ok
06:30:17.0520 3916 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
06:30:17.0520 3916 nsi - ok
06:30:17.0567 3916 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
06:30:17.0567 3916 nsiproxy - ok
06:30:17.0629 3916 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
06:30:17.0676 3916 Ntfs - ok
06:30:17.0707 3916 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
06:30:17.0707 3916 ntrigdigi - ok
06:30:17.0754 3916 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
06:30:17.0754 3916 NuidFltr - ok
06:30:17.0770 3916 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
06:30:17.0770 3916 Null - ok
06:30:17.0832 3916 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
06:30:17.0848 3916 NVENETFD - ok
06:30:18.0160 3916 nvlddmkm (b36c3b866b0d47e2e2856ec8fd746e39) C:\Windows\system32\DRIVERS\nvlddmkm.sys
06:30:18.0222 3916 nvlddmkm - ok
06:30:18.0347 3916 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
06:30:18.0347 3916 nvraid - ok
06:30:18.0394 3916 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
06:30:18.0394 3916 nvsmu - ok
06:30:18.0425 3916 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
06:30:18.0425 3916 nvstor - ok
06:30:18.0456 3916 nvsvc (cf672c71844a3b407eb86042829bce09) C:\Windows\system32\nvvsvc.exe
06:30:18.0472 3916 nvsvc - ok
06:30:18.0503 3916 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
06:30:18.0503 3916 nv_agp - ok
06:30:18.0503 3916 NwlnkFlt - ok
06:30:18.0519 3916 NwlnkFwd - ok
06:30:18.0690 3916 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
06:30:18.0706 3916 odserv - ok
06:30:18.0753 3916 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
06:30:18.0753 3916 ohci1394 - ok
06:30:18.0815 3916 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:30:18.0815 3916 ose - ok
06:30:18.0877 3916 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
06:30:18.0893 3916 p2pimsvc - ok
06:30:18.0909 3916 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
06:30:18.0909 3916 p2psvc - ok
06:30:18.0940 3916 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
06:30:18.0940 3916 Parport - ok
06:30:18.0987 3916 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
06:30:18.0987 3916 partmgr - ok
06:30:19.0002 3916 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
06:30:19.0002 3916 Parvdm - ok
06:30:19.0033 3916 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
06:30:19.0033 3916 PcaSvc - ok
06:30:19.0080 3916 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
06:30:19.0080 3916 pci - ok
06:30:19.0096 3916 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
06:30:19.0096 3916 pciide - ok
06:30:19.0127 3916 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
06:30:19.0127 3916 pcmcia - ok
06:30:19.0174 3916 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
06:30:19.0174 3916 pcouffin - ok
06:30:19.0236 3916 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\Windows\system32\PCTINDIS5.SYS
06:30:19.0236 3916 PCTINDIS5 - ok
06:30:19.0299 3916 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
06:30:19.0314 3916 PEAUTH - ok
06:30:19.0408 3916 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
06:30:19.0439 3916 pla - ok
06:30:19.0548 3916 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
06:30:19.0548 3916 PlugPlay - ok
06:30:19.0595 3916 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\Windows\system32\HPZipm12.dll
06:30:19.0595 3916 Pml Driver HPZ12 - ok
06:30:19.0657 3916 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
06:30:19.0673 3916 PNRPAutoReg - ok
06:30:19.0673 3916 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
06:30:19.0689 3916 PNRPsvc - ok
06:30:19.0704 3916 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
06:30:19.0720 3916 PolicyAgent - ok
06:30:19.0782 3916 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
06:30:19.0782 3916 PptpMiniport - ok
06:30:19.0813 3916 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
06:30:19.0829 3916 Processor - ok
06:30:19.0860 3916 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
06:30:19.0860 3916 ProfSvc - ok
06:30:19.0907 3916 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
06:30:19.0907 3916 ProtectedStorage - ok
06:30:19.0938 3916 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
06:30:19.0938 3916 PSched - ok
06:30:19.0969 3916 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
06:30:19.0969 3916 PxHelp20 - ok
06:30:20.0032 3916 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
06:30:20.0047 3916 ql2300 - ok
06:30:20.0063 3916 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
06:30:20.0063 3916 ql40xx - ok
06:30:20.0219 3916 QPCapSvc (ba396d1c71934e22679d3f4dac17e7ab) C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
06:30:20.0219 3916 QPCapSvc - ok
06:30:20.0266 3916 QPSched (4b455e8c41cad3219ccf53024dcad604) C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
06:30:20.0266 3916 QPSched - ok
06:30:20.0328 3916 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
06:30:20.0344 3916 QWAVE - ok
06:30:20.0375 3916 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
06:30:20.0375 3916 QWAVEdrv - ok
06:30:20.0406 3916 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
06:30:20.0406 3916 RasAcd - ok
06:30:20.0437 3916 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
06:30:20.0453 3916 RasAuto - ok
06:30:20.0484 3916 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
06:30:20.0484 3916 Rasl2tp - ok
06:30:20.0531 3916 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
06:30:20.0531 3916 RasMan - ok
06:30:20.0562 3916 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
06:30:20.0562 3916 RasPppoe - ok
06:30:20.0593 3916 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
06:30:20.0609 3916 RasSstp - ok
06:30:20.0640 3916 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
06:30:20.0640 3916 rdbss - ok
06:30:20.0671 3916 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
06:30:20.0687 3916 RDPCDD - ok
06:30:20.0718 3916 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
06:30:20.0734 3916 rdpdr - ok
06:30:20.0734 3916 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
06:30:20.0734 3916 RDPENCDD - ok
06:30:20.0781 3916 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
06:30:20.0796 3916 RDPWD - ok
06:30:20.0827 3916 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
06:30:20.0827 3916 RemoteAccess - ok
06:30:20.0859 3916 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
06:30:20.0859 3916 RemoteRegistry - ok
06:30:20.0921 3916 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
06:30:20.0921 3916 RFCOMM - ok
06:30:20.0968 3916 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
06:30:20.0968 3916 rimmptsk - ok
06:30:20.0968 3916 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
06:30:20.0968 3916 rimsptsk - ok
06:30:21.0015 3916 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
06:30:21.0030 3916 RimVSerPort - ok
06:30:21.0030 3916 rismxdp (c663af77e2f4eabf8eb08b388d2f1f36) C:\Windows\system32\DRIVERS\rixdptsk.sys
06:30:21.0030 3916 rismxdp - ok
06:30:21.0077 3916 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
06:30:21.0077 3916 ROOTMODEM - ok
06:30:21.0233 3916 RoxMediaDB9 (08fb7d968805001c7adcbb14b0651fa2) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
06:30:21.0280 3916 RoxMediaDB9 - ok
06:30:21.0327 3916 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
06:30:21.0342 3916 RpcLocator - ok
06:30:21.0405 3916 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
06:30:21.0420 3916 RpcSs - ok
06:30:21.0483 3916 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
06:30:21.0483 3916 rspndr - ok
06:30:21.0514 3916 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
06:30:21.0514 3916 SamSs - ok
06:30:21.0561 3916 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
06:30:21.0561 3916 sbp2port - ok
06:30:21.0592 3916 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
06:30:21.0607 3916 SCardSvr - ok
06:30:21.0670 3916 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
06:30:21.0670 3916 Schedule - ok
06:30:21.0701 3916 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
06:30:21.0701 3916 SCPolicySvc - ok
06:30:21.0732 3916 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
06:30:21.0732 3916 sdbus - ok
06:30:21.0763 3916 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
06:30:21.0779 3916 SDRSVC - ok
06:30:21.0873 3916 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
06:30:21.0873 3916 SeaPort - ok
06:30:21.0904 3916 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
06:30:21.0919 3916 secdrv - ok
06:30:21.0951 3916 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
06:30:21.0951 3916 seclogon - ok
06:30:21.0982 3916 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
06:30:21.0982 3916 SENS - ok
06:30:21.0997 3916 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
06:30:21.0997 3916 Serenum - ok
06:30:22.0029 3916 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
06:30:22.0029 3916 Serial - ok
06:30:22.0075 3916 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
06:30:22.0075 3916 sermouse - ok
06:30:22.0107 3916 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
06:30:22.0107 3916 SessionEnv - ok
06:30:22.0138 3916 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
06:30:22.0138 3916 sffdisk - ok
06:30:22.0153 3916 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
06:30:22.0153 3916 sffp_mmc - ok
06:30:22.0185 3916 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
06:30:22.0185 3916 sffp_sd - ok
06:30:22.0200 3916 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
06:30:22.0200 3916 sfloppy - ok
06:30:22.0263 3916 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
06:30:22.0263 3916 ShellHWDetection - ok
06:30:22.0294 3916 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
06:30:22.0294 3916 sisagp - ok
06:30:22.0309 3916 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
06:30:22.0309 3916 SiSRaid2 - ok
06:30:22.0341 3916 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
06:30:22.0341 3916 SiSRaid4 - ok
06:30:22.0403 3916 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
06:30:22.0403 3916 SkypeUpdate - ok
06:30:22.0559 3916 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
06:30:22.0590 3916 slsvc - ok
06:30:22.0699 3916 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
06:30:22.0715 3916 SLUINotify - ok
06:30:22.0777 3916 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
06:30:22.0777 3916 Smb - ok
06:30:22.0824 3916 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
06:30:22.0840 3916 SNMPTRAP - ok
06:30:22.0871 3916 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
06:30:22.0871 3916 spldr - ok
06:30:22.0902 3916 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
06:30:22.0918 3916 Spooler - ok
06:30:22.0980 3916 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
06:30:22.0980 3916 srv - ok
06:30:23.0043 3916 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
06:30:23.0058 3916 srv2 - ok
06:30:23.0074 3916 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
06:30:23.0074 3916 srvnet - ok
06:30:23.0105 3916 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\Windows\system32\DRIVERS\sscdbus.sys
06:30:23.0105 3916 sscdbus - ok
06:30:23.0136 3916 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\Windows\system32\DRIVERS\sscdmdfl.sys
06:30:23.0152 3916 sscdmdfl - ok
06:30:23.0167 3916 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\Windows\system32\DRIVERS\sscdmdm.sys
06:30:23.0167 3916 sscdmdm - ok
06:30:23.0183 3916 sscdserd (9fa66e361a99f8920c7609bae6814a0e) C:\Windows\system32\DRIVERS\sscdserd.sys
06:30:23.0183 3916 sscdserd - ok
06:30:23.0214 3916 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
06:30:23.0230 3916 SSDPSRV - ok
06:30:23.0277 3916 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
06:30:23.0292 3916 SstpSvc - ok
06:30:23.0323 3916 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
06:30:23.0339 3916 stisvc - ok
06:30:23.0433 3916 stllssvr (a9a23c8af361f7a93fd632e91a8c346f) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
06:30:23.0433 3916 stllssvr - ok
06:30:23.0479 3916 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
06:30:23.0479 3916 swenum - ok
06:30:23.0511 3916 swmsflt (57bbaef27dc790160245b43eb6dcd576) C:\Windows\System32\drivers\swmsflt.sys
06:30:23.0511 3916 swmsflt - ok
06:30:23.0573 3916 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
06:30:23.0589 3916 swprv - ok
06:30:23.0620 3916 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
06:30:23.0635 3916 Symc8xx - ok
06:30:23.0651 3916 SymIMMP - ok
06:30:23.0682 3916 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
06:30:23.0682 3916 Sym_hi - ok
06:30:23.0713 3916 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
06:30:23.0713 3916 Sym_u3 - ok
06:30:23.0760 3916 SynTP (964524a9edcce945e82419abe9db94ee) C:\Windows\system32\DRIVERS\SynTP.sys
06:30:23.0760 3916 SynTP - ok
06:30:23.0807 3916 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
06:30:23.0807 3916 SysMain - ok
06:30:23.0838 3916 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
06:30:23.0854 3916 TabletInputService - ok
06:30:23.0885 3916 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
06:30:23.0885 3916 TapiSrv - ok
06:30:23.0916 3916 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
06:30:23.0916 3916 TBS - ok
06:30:24.0010 3916 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
06:30:24.0010 3916 Tcpip - ok
06:30:24.0025 3916 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
06:30:24.0041 3916 Tcpip6 - ok
06:30:24.0072 3916 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
06:30:24.0072 3916 tcpipreg - ok
06:30:24.0103 3916 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
06:30:24.0103 3916 TDPIPE - ok
06:30:24.0150 3916 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
06:30:24.0150 3916 TDTCP - ok
06:30:24.0181 3916 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
06:30:24.0181 3916 tdx - ok
06:30:24.0213 3916 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
06:30:24.0213 3916 TermDD - ok
06:30:24.0259 3916 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
06:30:24.0275 3916 TermService - ok
06:30:24.0337 3916 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
06:30:24.0337 3916 Themes - ok
06:30:24.0369 3916 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
06:30:24.0369 3916 THREADORDER - ok
06:30:24.0400 3916 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
06:30:24.0415 3916 TrkWks - ok
06:30:24.0493 3916 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
06:30:24.0493 3916 TrustedInstaller - ok
06:30:24.0525 3916 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
06:30:24.0525 3916 tssecsrv - ok
06:30:24.0540 3916 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
06:30:24.0556 3916 tunmp - ok
06:30:24.0587 3916 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
06:30:24.0587 3916 tunnel - ok
06:30:24.0618 3916 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
06:30:24.0618 3916 uagp35 - ok
06:30:24.0665 3916 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
06:30:24.0681 3916 udfs - ok
06:30:24.0727 3916 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
06:30:24.0727 3916 UI0Detect - ok
06:30:24.0743 3916 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
06:30:24.0743 3916 uliagpkx - ok
06:30:24.0774 3916 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
06:30:24.0774 3916 uliahci - ok
06:30:24.0790 3916 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
06:30:24.0790 3916 UlSata - ok
06:30:24.0821 3916 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
06:30:24.0821 3916 ulsata2 - ok
06:30:24.0868 3916 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
06:30:24.0868 3916 umbus - ok
06:30:24.0899 3916 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
06:30:24.0915 3916 upnphost - ok
06:30:24.0961 3916 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
06:30:24.0961 3916 USBAAPL - ok
06:30:25.0008 3916 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
06:30:25.0008 3916 usbaudio - ok
06:30:25.0039 3916 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
06:30:25.0039 3916 usbccgp - ok
06:30:25.0086 3916 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
06:30:25.0086 3916 usbcir - ok
06:30:25.0133 3916 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
06:30:25.0133 3916 usbehci - ok
06:30:25.0164 3916 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
06:30:25.0180 3916 usbhub - ok
06:30:25.0180 3916 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
06:30:25.0180 3916 usbohci - ok
06:30:25.0211 3916 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
06:30:25.0211 3916 usbprint - ok
06:30:25.0258 3916 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
06:30:25.0258 3916 usbscan - ok
06:30:25.0289 3916 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:30:25.0289 3916 USBSTOR - ok
06:30:25.0320 3916 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
06:30:25.0320 3916 usbuhci - ok
06:30:25.0351 3916 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
06:30:25.0351 3916 usbvideo - ok
06:30:25.0367 3916 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
06:30:25.0383 3916 UxSms - ok
06:30:25.0414 3916 uzm2mjyx (d565ad44c6c4d934afad3ca4196b09aa) C:\Windows\system32\Drivers\uzm2mjyx.sys
06:30:25.0414 3916 uzm2mjyx - ok
06:30:25.0429 3916 vdm2mjyx - ok
06:30:25.0492 3916 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
06:30:25.0492 3916 vds - ok
06:30:25.0539 3916 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
06:30:25.0539 3916 vga - ok
06:30:25.0570 3916 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
06:30:25.0570 3916 VgaSave - ok
06:30:25.0601 3916 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
06:30:25.0601 3916 viaagp - ok
06:30:25.0632 3916 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
06:30:25.0632 3916 ViaC7 - ok
06:30:25.0663 3916 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
06:30:25.0663 3916 viaide - ok
06:30:25.0695 3916 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
06:30:25.0695 3916 volmgr - ok
06:30:25.0741 3916 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
06:30:25.0741 3916 volmgrx - ok
06:30:25.0773 3916 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
06:30:25.0788 3916 volsnap - ok
06:30:25.0804 3916 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
06:30:25.0804 3916 vsmraid - ok
06:30:25.0882 3916 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
06:30:25.0897 3916 VSS - ok
06:30:25.0991 3916 VX1000 (2fbf9e882fc28a315a86aa1f831c144e) C:\Windows\system32\DRIVERS\VX1000.sys
06:30:26.0007 3916 VX1000 - ok
06:30:26.0147 3916 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
06:30:26.0163 3916 W32Time - ok
06:30:26.0241 3916 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
06:30:26.0241 3916 WacomPen - ok
06:30:26.0287 3916 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
06:30:26.0287 3916 Wanarp - ok
06:30:26.0303 3916 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
06:30:26.0303 3916 Wanarpv6 - ok
06:30:26.0365 3916 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
06:30:26.0381 3916 wcncsvc - ok
06:30:26.0428 3916 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
06:30:26.0443 3916 WcsPlugInService - ok
06:30:26.0490 3916 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
06:30:26.0490 3916 Wd - ok
06:30:26.0537 3916 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
06:30:26.0537 3916 Wdf01000 - ok
06:30:26.0568 3916 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
06:30:26.0568 3916 WdiServiceHost - ok
06:30:26.0584 3916 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
06:30:26.0584 3916 WdiSystemHost - ok
06:30:26.0615 3916 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
06:30:26.0615 3916 WebClient - ok
06:30:26.0646 3916 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
06:30:26.0662 3916 Wecsvc - ok
06:30:26.0693 3916 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
06:30:26.0693 3916 wercplsupport - ok
06:30:26.0724 3916 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
06:30:26.0724 3916 WerSvc - ok
06:30:26.0802 3916 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
06:30:26.0818 3916 winachsf - ok
06:30:26.0896 3916 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
06:30:26.0896 3916 WinDefend - ok
06:30:26.0911 3916 WinHttpAutoProxySvc - ok
06:30:26.0989 3916 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
06:30:26.0989 3916 Winmgmt - ok
06:30:27.0052 3916 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
06:30:27.0067 3916 WinRM - ok
06:30:27.0130 3916 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
06:30:27.0145 3916 Wlansvc - ok
06:30:27.0333 3916 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
06:30:27.0395 3916 wlidsvc - ok
06:30:27.0520 3916 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
06:30:27.0520 3916 WmiAcpi - ok
06:30:27.0582 3916 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
06:30:27.0582 3916 wmiApSrv - ok
06:30:27.0691 3916 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
06:30:27.0707 3916 WMPNetworkSvc - ok
06:30:27.0738 3916 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
06:30:27.0738 3916 WPCSvc - ok
06:30:27.0785 3916 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
06:30:27.0785 3916 WPDBusEnum - ok
06:30:27.0863 3916 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
06:30:27.0863 3916 WpdUsb - ok
06:30:28.0003 3916 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
06:30:28.0019 3916 WPFFontCache_v0400 - ok
06:30:28.0066 3916 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
06:30:28.0066 3916 ws2ifsl - ok
06:30:28.0113 3916 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
06:30:28.0113 3916 wscsvc - ok
06:30:28.0128 3916 WSearch - ok
06:30:28.0222 3916 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
06:30:28.0237 3916 wuauserv - ok
06:30:28.0378 3916 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
06:30:28.0378 3916 WUDFRd - ok
06:30:28.0409 3916 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
06:30:28.0409 3916 wudfsvc - ok
06:30:28.0440 3916 XAudio (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys
06:30:28.0440 3916 XAudio - ok
06:30:28.0456 3916 XAudioService (cda0bc78672b50c43649ff34e1fd0ff8) C:\Windows\system32\DRIVERS\xaudio.exe
06:30:28.0471 3916 XAudioService - ok
06:30:28.0596 3916 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
06:30:28.0627 3916 YahooAUService - ok
06:30:28.0690 3916 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
06:30:28.0783 3916 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
06:30:28.0783 3916 \Device\Harddisk0\DR0 - detected TDSS File System (1)
06:30:28.0955 3916 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
06:30:29.0017 3916 \Device\Harddisk1\DR1 - ok
06:30:29.0033 3916 Boot (0x1200) (43a2ce2abb8b1962966abef13ed47315) \Device\Harddisk0\DR0\Partition0
06:30:29.0033 3916 \Device\Harddisk0\DR0\Partition0 - ok
06:30:29.0049 3916 Boot (0x1200) (c4e277d4370c6295b4e5b070568de19f) \Device\Harddisk0\DR0\Partition1
06:30:29.0064 3916 \Device\Harddisk0\DR0\Partition1 - ok
06:30:29.0064 3916 Boot (0x1200) (00b186f81e4b527b18493107e35aaaad) \Device\Harddisk1\DR1\Partition0
06:30:29.0064 3916 \Device\Harddisk1\DR1\Partition0 - ok
06:30:29.0080 3916 ============================================================
06:30:29.0080 3916 Scan finished
06:30:29.0080 3916 ============================================================
06:30:29.0127 2052 Detected object count: 1
06:30:29.0127 2052 Actual detected object count: 1
06:31:05.0755 2052 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
06:31:05.0755 2052 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
06:31:05.0755 2052 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
06:31:05.0755 2052 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
06:31:05.0755 2052 \Device\Harddisk0\DR0\TDLFS - deleted
06:31:05.0755 2052 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
  • 0

#9
maliprog
Posted 15 May 2012 - 05:35 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Can you try to run OTL fix and scan now.

If you fail rename OTL to explorer.exe and try to run it.
  • 0

#10
chosen072
Posted 15 May 2012 - 05:48 AM

chosen072

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Tired serveral times
Change name and saved in desk top but
OTL still isn't starting up for me
  • 0

Advertisements

#11
maliprog
Posted 15 May 2012 - 05:55 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. We must try... Let's continue.

Step 1

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 2

Please download Farbar Service Scanner and run it on the computer with the issue.
  • In Search box copy and past this:

    netbt.sys

  • Press Search Files button. Post log after the scan please.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step 3

Please don't forget to include these items in your reply:

  • Malwarebytes log
  • FSS log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#12
chosen072
Posted 15 May 2012 - 06:16 AM

chosen072

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
MBAM Log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.15.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Chosen072 :: ROBINS-LT [administrator]

5/15/2012 7:58:51 AM
mbam-log-2012-05-15 (07-58-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233550
Time elapsed: 7 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Chosen072\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)
  • 0

#13
chosen072
Posted 15 May 2012 - 06:22 AM

chosen072

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Farbar Log

Farbar Service Scanner Version: 11-05-2012
Ran by Chosen072 (administrator) on 15-05-2012 at 08:18:05
Windows Vista ™ Home Premium Service Pack 2 (X86)

************************************************
======== Search: "netbt.sys" =========

C:\WINDOWS\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys
[2009-09-17 16:57] - [2012-05-14 17:45] - 0185856 ____A (Microsoft Corporation) ECD64230A59CBD93C85F1CD1CAB9F3F6

C:\WINDOWS\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
[2008-09-23 18:42] - [2008-01-19 01:55] - 0184320 ____A (Microsoft Corporation) 7C5FEE5B1C5728507CD96FB4A13E7A02

C:\WINDOWS\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6000.16386_none_5e2e0665fa591691\netbt.sys
[2006-11-02 04:57] - [2006-11-02 04:57] - 0184320 ____A (Microsoft Corporation) E3A168912E7EEFC3BD3B814720D68B41

C:\WINDOWS\System32\drivers\netbt.sys
[2009-09-17 16:57] - [2012-05-14 17:45] - 0185856 ____A (Microsoft Corporation) ECD64230A59CBD93C85F1CD1CAB9F3F6

====== End Of Search ======
  • 0

#14
maliprog
Posted 15 May 2012 - 06:28 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Looking good. We still need to check your drivers and make sure they are not infected. How is you system now?

Step 1

Please run Farbar Service Scanner
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step 2

Please run aswMBR one more time like you did before and post log here for me.

Step 3

Please don't forget to include these items in your reply:

  • FSS log
  • aswMBR log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#15
chosen072
Posted 15 May 2012 - 06:33 AM

chosen072

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Thanks so much
Feeling a lot better but still cannot open the OTL for some reason

FSS Log

Farbar Service Scanner Version: 11-05-2012
Ran by Chosen072 (administrator) on 15-05-2012 at 08:31:06
Running from "C:\Users\Chosen072\Desktop"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
Checking LEGACY_MpsSvc: ATTENTION!=====> Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-10 18:39] - [2012-03-30 08:39] - 0914304 ____A (Microsoft Corporation) EE7E10BED85C312C1D5D30C435BDDA9F

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

aswMBR coming up
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP