Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

BCMiner, website redirects [Closed]

Started by kinolie21 , Aug 09 2012 07:51 PM

  • This topic is locked This topic is locked

#1
kinolie21
Posted 09 August 2012 - 07:51 PM

kinolie21

    Member

  • Member
  • PipPip
  • 33 posts
I am having a lot of problems with internet explorer, firefox and google chrome. I am getting redirected to random sites and a lot of sites are not coming up at all. I ran all the programs for google redirect and am still having problems. Also, I cannot turn on windows defender or any of the microsoft security essentials as it will not let me. When I run Malwarebytes it comes up trojan.dropper.bcminor and rootkit.0access. I hit "remove selected" but everytime I run the program, the three items are still there. Also, when I use googlechrome, it constantly send me to a red weak signatures algorithms page.

Thank you.
  • 0

Advertisements

#2
kinolie21
Posted 09 August 2012 - 08:28 PM

kinolie21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Sorry, I forgot to include my otl log. Here it is:

OTL logfile created on: 8/9/2012 10:21:51 PM - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Home\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 45.08% Memory free
7.82 Gb Paging File | 5.67 Gb Available in Paging File | 72.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.47 Gb Total Space | 383.83 Gb Free Space | 84.83% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/09 21:43:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Downloads\OTL.exe
PRC - [2012/08/03 13:45:05 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/19 03:16:36 | 000,921,664 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2010/11/06 01:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 01:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/03 13:45:05 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/06/15 09:04:14 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll
MOD - [2012/06/14 16:17:12 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/14 16:16:44 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 16:16:36 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/15 15:45:14 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll
MOD - [2012/05/13 22:56:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/13 22:55:35 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/13 22:55:29 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/13 22:55:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/13 22:55:25 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/13 22:55:20 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/02/10 11:07:35 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/20 23:24:09 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 23:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/24 23:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/12/17 16:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/12/17 16:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/12/17 16:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/03/03 00:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/19 03:16:48 | 000,995,392 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/05/19 03:16:46 | 001,335,360 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/05/19 03:16:36 | 000,921,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/11/06 01:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/11 22:26:04 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/01/11 22:26:04 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/09 20:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/11/15 02:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/07/20 18:21:50 | 000,406,336 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011/07/20 18:21:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/19 03:17:04 | 000,053,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/05/19 03:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011/05/13 04:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/04/10 15:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/24 23:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/12/28 15:06:40 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/12/10 16:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 16:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/06 19:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/29 20:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Home\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ego.thechicag...gid=100&pgid=61
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Home\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Home\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/07 18:54:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/08/07 14:00:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions
[2012/08/08 19:38:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\h1r90m6s.default\extensions
[2012/08/03 13:45:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Home\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Home\AppData\Local\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Home\AppData\Local\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Home\AppData\Local\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Unity Player (Enabled) = C:\Users\Home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Home\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

O1 HOSTS File: ([2012/08/09 14:42:21 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} https://virtualkitch...X_WEB_Win32.cab (20-20 3D Viewer for WEB)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A7664E4-F87B-4557-9A12-81BF364D7759}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/09 22:15:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/09 22:15:52 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/08/09 19:35:14 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe.4BBF86F67865858F
[2012/08/09 18:30:49 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe.CABE1809C0675B76
[2012/08/09 16:59:36 | 057,442,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/08/09 16:59:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2012/08/09 16:16:25 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\backups
[2012/08/09 16:02:25 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Malwarebytes
[2012/08/09 16:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/09 16:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/09 16:02:16 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/09 16:02:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/09 16:00:46 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Home\Desktop\HiJackThis.exe
[2012/08/09 15:59:12 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Home\Desktop\mbam-setup.exe
[2012/08/09 15:11:40 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/09 15:01:01 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\GooredFix Backups
[2012/08/09 14:42:19 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/08/09 14:42:01 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\How to fix Google Redirects - Geeks to Go Forums_files
[2012/08/09 14:38:24 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Home\Desktop\GooredFix.exe
[2012/08/09 13:44:37 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/08/08 23:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2012/08/07 18:45:20 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/08/07 10:06:27 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/08/06 07:48:09 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Chicago
[2012/08/03 13:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/07/31 12:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/31 12:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/31 12:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/31 12:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/07/31 12:07:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/07/30 17:11:26 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Google
[2012/07/29 00:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/07/29 00:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\CodecUpdate
[2012/07/29 00:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Codecv
[2012/07/29 00:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/07/12 12:16:35 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/12 12:16:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/12 12:16:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/12 12:16:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/12 12:16:33 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/12 12:16:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/12 12:16:32 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/12 12:16:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/12 12:16:31 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/12 12:16:31 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/12 12:16:31 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/12 12:16:31 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/12 12:16:31 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 09:50:36 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/11 09:50:36 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/11 09:50:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 09:50:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 09:50:29 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[1 C:\Users\Home\Documents\*.tmp files -> C:\Users\Home\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/09 21:29:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-586038390-3885400819-1670095415-1001UA.job
[2012/08/09 21:06:01 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/09 21:06:01 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/09 20:58:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/09 20:58:42 | 3148,222,464 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/09 19:40:59 | 000,778,660 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/09 19:40:59 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/09 19:40:59 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/09 19:35:14 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe.4BBF86F67865858F
[2012/08/09 18:32:32 | 000,001,439 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/09 18:30:49 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe.CABE1809C0675B76
[2012/08/09 16:02:17 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/09 16:00:49 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Home\Desktop\HiJackThis.exe
[2012/08/09 16:00:46 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Home\Desktop\mbam-setup.exe
[2012/08/09 14:42:21 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/09 14:42:01 | 000,120,063 | ---- | M] () -- C:\Users\Home\Desktop\How to fix Google Redirects - Geeks to Go Forums.htm
[2012/08/09 14:38:24 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Home\Desktop\GooredFix.exe
[2012/08/09 14:29:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-586038390-3885400819-1670095415-1001Core.job
[2012/08/09 13:44:41 | 000,002,362 | ---- | M] () -- C:\Users\Home\Desktop\Google Chrome.lnk
[2012/08/08 20:16:51 | 459,293,596 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/07 12:15:50 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/08/03 16:23:57 | 000,168,019 | ---- | M] () -- C:\Users\Home\Documents\asurion.pdf
[2012/08/03 16:19:18 | 000,093,157 | ---- | M] () -- C:\Users\Home\Documents\Drivers License.pdf
[2012/07/31 12:28:36 | 000,002,515 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/07/31 12:28:36 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/07/31 12:22:55 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/31 12:07:23 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/07/29 00:00:43 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/29 00:00:43 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/13 09:40:46 | 000,414,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Users\Home\Documents\*.tmp files -> C:\Users\Home\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/09 22:11:53 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{52af3419-9bde-b451-5c4d-cf333c86574d}\U\00000008.@
[2012/08/09 22:11:50 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{52af3419-9bde-b451-5c4d-cf333c86574d}\U\80000032.@
[2012/08/09 22:11:47 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{52af3419-9bde-b451-5c4d-cf333c86574d}\U\000000cb.@
[2012/08/09 19:36:57 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{52af3419-9bde-b451-5c4d-cf333c86574d}\U\80000064.@
[2012/08/09 19:36:56 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{52af3419-9bde-b451-5c4d-cf333c86574d}\U\80000000.@
[2012/08/09 19:36:55 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{52af3419-9bde-b451-5c4d-cf333c86574d}\U\00000004.@
[2012/08/09 18:32:32 | 000,001,445 | ---- | C] () -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/08/09 18:32:32 | 000,001,439 | ---- | C] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/09 18:32:32 | 000,001,411 | ---- | C] () -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/08/09 16:02:17 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/09 14:41:59 | 000,120,063 | ---- | C] () -- C:\Users\Home\Desktop\How to fix Google Redirects - Geeks to Go Forums.htm
[2012/08/09 13:44:41 | 000,002,362 | ---- | C] () -- C:\Users\Home\Desktop\Google Chrome.lnk
[2012/08/09 13:19:55 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-586038390-3885400819-1670095415-1001UA.job
[2012/08/09 13:19:54 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-586038390-3885400819-1670095415-1001Core.job
[2012/08/08 10:02:55 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{52af3419-9bde-b451-5c4d-cf333c86574d}\L\00000004.@
[2012/08/07 18:45:17 | 459,293,596 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/07 12:15:50 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012/08/03 16:23:57 | 000,168,019 | ---- | C] () -- C:\Users\Home\Documents\asurion.pdf
[2012/08/03 16:19:17 | 000,093,157 | ---- | C] () -- C:\Users\Home\Documents\Drivers License.pdf
[2012/07/31 12:22:55 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/31 12:07:23 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/17 18:51:48 | 000,002,048 | -HS- | C] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{52af3419-9bde-b451-5c4d-cf333c86574d}\@
[2012/01/17 18:51:48 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{52af3419-9bde-b451-5c4d-cf333c86574d}\@
[2012/01/17 18:51:48 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{52af3419-9bde-b451-5c4d-cf333c86574d}\@
[2012/01/11 22:23:24 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/01/11 22:23:23 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/01/11 22:23:22 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/01/11 22:23:20 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/01/11 22:23:19 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/02/10 12:10:51 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

< End of report >
  • 0

#3
Essexboy
Posted 10 August 2012 - 07:08 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there please delete your current copy of combfix.. Also what antivirus do you use ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    [2012/08/09 19:35:14 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe.4BBF86F67865858F
    [2012/08/09 18:30:49 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe.CABE1809C0675B76

    :Files
    C:\Windows\Installer\{52af3419-9bde-b451-5c4d-cf333c86574d}
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{52af3419-9bde-b451-5c4d-cf333c86574d}
    C:\Windows\System32\config\systemprofile\AppData\Local\{52af3419-9bde-b451-5c4d-cf333c86574d}
    ipconfig /flushdns /c
    netsh int ip reset c:\resetlog.txt /c
    ipconfig /release /c
    ipconfig /renew /c
    sc create BITS binpath= "c:\windows\system32\svchost.exe -k netsvcs" start= delayed-auto /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

FINALLY

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#4
kinolie21
Posted 10 August 2012 - 09:45 AM

kinolie21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Thank you sooooo much!!!! I do not use a virus program. I had McAfee, but it seemed to bog down my computer and cause more problems then good so I deleted it. I generally just run defender and if I think there is a problem, I download and run Malwarebytes. Everything seems to be working okay now. Google chrome is running correclty, I am not being redirected, and the security essentials are all running. If you don't mind me asking, which internet browser do you prefer (Explorer, Firefox, Chrome)? I have heard good and bad about all. I have attached all of my logs. Thank you again!!!

Attached Files


  • 0

#5
Essexboy
Posted 10 August 2012 - 11:45 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Personally I prefer IE9, but at the end of the day it is the one that you feel most comfortable with

As for antivirus you really do need one, I can give you a list of three different ones, in order of system impact

I am not overly happy about your MBR at the moment so I would like to check it out

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#6
kinolie21
Posted 10 August 2012 - 04:51 PM

kinolie21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Thank you!

Here is the log:


18:49:14.0279 4808 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:49:14.0669 4808 ============================================================
18:49:14.0669 4808 Current date / time: 2012/08/10 18:49:14.0669
18:49:14.0669 4808 SystemInfo:
18:49:14.0669 4808
18:49:14.0669 4808 OS Version: 6.1.7601 ServicePack: 1.0
18:49:14.0669 4808 Product type: Workstation
18:49:14.0669 4808 ComputerName: HOME-PC
18:49:14.0669 4808 UserName: Home
18:49:14.0669 4808 Windows directory: C:\Windows
18:49:14.0669 4808 System windows directory: C:\Windows
18:49:14.0669 4808 Running under WOW64
18:49:14.0669 4808 Processor architecture: Intel x64
18:49:14.0669 4808 Number of processors: 4
18:49:14.0669 4808 Page size: 0x1000
18:49:14.0669 4808 Boot type: Normal boot
18:49:14.0669 4808 ============================================================
18:49:15.0106 4808 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:49:15.0106 4808 ============================================================
18:49:15.0106 4808 \Device\Harddisk0\DR0:
18:49:15.0106 4808 MBR partitions:
18:49:15.0106 4808 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1A80000
18:49:15.0106 4808 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A94000, BlocksNum 0x388F0000
18:49:15.0106 4808 ============================================================
18:49:15.0153 4808 C: <-> \Device\Harddisk0\DR0\Partition1
18:49:15.0153 4808 ============================================================
18:49:15.0153 4808 Initialize success
18:49:15.0153 4808 ============================================================
  • 0

#7
kinolie21
Posted 10 August 2012 - 04:54 PM

kinolie21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
I think I did that incorrectly. Here is the report after the scan. The first one I copied was after the computer restarted. This one is from before.

18:49:14.0279 4808 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:49:14.0669 4808 ============================================================
18:49:14.0669 4808 Current date / time: 2012/08/10 18:49:14.0669
18:49:14.0669 4808 SystemInfo:
18:49:14.0669 4808
18:49:14.0669 4808 OS Version: 6.1.7601 ServicePack: 1.0
18:49:14.0669 4808 Product type: Workstation
18:49:14.0669 4808 ComputerName: HOME-PC
18:49:14.0669 4808 UserName: Home
18:49:14.0669 4808 Windows directory: C:\Windows
18:49:14.0669 4808 System windows directory: C:\Windows
18:49:14.0669 4808 Running under WOW64
18:49:14.0669 4808 Processor architecture: Intel x64
18:49:14.0669 4808 Number of processors: 4
18:49:14.0669 4808 Page size: 0x1000
18:49:14.0669 4808 Boot type: Normal boot
18:49:14.0669 4808 ============================================================
18:49:15.0106 4808 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:49:15.0106 4808 ============================================================
18:49:15.0106 4808 \Device\Harddisk0\DR0:
18:49:15.0106 4808 MBR partitions:
18:49:15.0106 4808 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1A80000
18:49:15.0106 4808 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A94000, BlocksNum 0x388F0000
18:49:15.0106 4808 ============================================================
18:49:15.0153 4808 C: <-> \Device\Harddisk0\DR0\Partition1
18:49:15.0153 4808 ============================================================
18:49:15.0153 4808 Initialize success
18:49:15.0153 4808 ============================================================
18:52:30.0092 0948 ============================================================
18:52:30.0092 0948 Scan started
18:52:30.0092 0948 Mode: Manual; SigCheck; TDLFS;
18:52:30.0092 0948 ============================================================
18:52:31.0480 0948 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:52:31.0823 0948 1394ohci - ok
18:52:31.0901 0948 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:52:31.0933 0948 ACPI - ok
18:52:31.0964 0948 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:52:32.0057 0948 AcpiPmi - ok
18:52:32.0151 0948 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:52:32.0167 0948 AdobeARMservice - ok
18:52:32.0213 0948 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
18:52:32.0229 0948 adp94xx - ok
18:52:32.0307 0948 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
18:52:32.0354 0948 adpahci - ok
18:52:32.0385 0948 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
18:52:32.0416 0948 adpu320 - ok
18:52:32.0447 0948 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:52:32.0681 0948 AeLookupSvc - ok
18:52:32.0775 0948 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
18:52:32.0837 0948 AESTFilters - ok
18:52:32.0900 0948 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:52:32.0947 0948 AFD - ok
18:52:33.0025 0948 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:52:33.0040 0948 agp440 - ok
18:52:33.0087 0948 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:52:33.0149 0948 ALG - ok
18:52:33.0181 0948 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:52:33.0181 0948 aliide - ok
18:52:33.0196 0948 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:52:33.0227 0948 amdide - ok
18:52:33.0243 0948 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
18:52:33.0290 0948 AmdK8 - ok
18:52:33.0305 0948 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
18:52:33.0321 0948 AmdPPM - ok
18:52:33.0352 0948 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:52:33.0383 0948 amdsata - ok
18:52:33.0415 0948 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
18:52:33.0430 0948 amdsbs - ok
18:52:33.0446 0948 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:52:33.0461 0948 amdxata - ok
18:52:33.0524 0948 ApfiltrService (24ed0eb2b2558970176ecee680f8f806) C:\Windows\system32\DRIVERS\Apfiltr.sys
18:52:33.0586 0948 ApfiltrService - ok
18:52:33.0633 0948 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:52:33.0773 0948 AppID - ok
18:52:33.0820 0948 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:52:33.0914 0948 AppIDSvc - ok
18:52:33.0945 0948 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:52:34.0023 0948 Appinfo - ok
18:52:34.0148 0948 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:52:34.0179 0948 Apple Mobile Device - ok
18:52:34.0210 0948 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
18:52:34.0241 0948 arc - ok
18:52:34.0257 0948 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
18:52:34.0288 0948 arcsas - ok
18:52:34.0397 0948 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:52:34.0444 0948 aspnet_state - ok
18:52:34.0460 0948 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:52:34.0553 0948 AsyncMac - ok
18:52:34.0694 0948 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:52:34.0709 0948 atapi - ok
18:52:34.0803 0948 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:52:34.0865 0948 AudioEndpointBuilder - ok
18:52:34.0865 0948 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:52:34.0912 0948 AudioSrv - ok
18:52:34.0959 0948 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:52:35.0006 0948 AxInstSV - ok
18:52:35.0068 0948 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
18:52:35.0115 0948 b06bdrv - ok
18:52:35.0162 0948 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:52:35.0193 0948 b57nd60a - ok
18:52:35.0240 0948 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:52:35.0302 0948 BDESVC - ok
18:52:35.0302 0948 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:52:35.0365 0948 Beep - ok
18:52:35.0458 0948 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:52:35.0521 0948 BFE - ok
18:52:35.0599 0948 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
18:52:35.0661 0948 BITS - ok
18:52:35.0723 0948 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:52:35.0770 0948 blbdrive - ok
18:52:35.0926 0948 Bluetooth Device Monitor (5ff7b9916a10e8e69e7c0d16f0b4787a) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
18:52:35.0973 0948 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning
18:52:35.0973 0948 Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)
18:52:36.0051 0948 Bluetooth Media Service (e43d73caf1023976efba1d0f0e69e271) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
18:52:36.0098 0948 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning
18:52:36.0098 0948 Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)
18:52:36.0191 0948 Bluetooth OBEX Service (20427929646784a482df34ef8c4fed23) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
18:52:36.0238 0948 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - warning
18:52:36.0238 0948 Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1)
18:52:36.0347 0948 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:52:36.0379 0948 Bonjour Service - ok
18:52:36.0488 0948 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:52:36.0550 0948 bowser - ok
18:52:36.0581 0948 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
18:52:36.0628 0948 BrFiltLo - ok
18:52:36.0628 0948 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
18:52:36.0644 0948 BrFiltUp - ok
18:52:36.0675 0948 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:52:36.0722 0948 BridgeMP - ok
18:52:36.0753 0948 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:52:36.0815 0948 Browser - ok
18:52:36.0847 0948 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:52:36.0956 0948 Brserid - ok
18:52:37.0018 0948 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:52:37.0081 0948 BrSerWdm - ok
18:52:37.0096 0948 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:52:37.0143 0948 BrUsbMdm - ok
18:52:37.0174 0948 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:52:37.0205 0948 BrUsbSer - ok
18:52:37.0237 0948 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
18:52:37.0283 0948 BthEnum - ok
18:52:37.0299 0948 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
18:52:37.0330 0948 BTHMODEM - ok
18:52:37.0361 0948 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:52:37.0408 0948 BthPan - ok
18:52:37.0471 0948 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
18:52:37.0502 0948 BTHPORT - ok
18:52:37.0549 0948 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:52:37.0627 0948 bthserv - ok
18:52:37.0642 0948 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
18:52:37.0658 0948 BTHUSB - ok
18:52:37.0705 0948 btmaudio (274e47bd9c1367bdbfa9df10c2e6c544) C:\Windows\system32\drivers\btmaud.sys
18:52:37.0767 0948 btmaudio - ok
18:52:37.0783 0948 btmaux (75eab5aaf6e9f83739249ce60b4b9c39) C:\Windows\system32\DRIVERS\btmaux.sys
18:52:37.0814 0948 btmaux - ok
18:52:37.0861 0948 btmhsf (40c6fec49d1cc4d112368a2bcd2bcbb7) C:\Windows\system32\DRIVERS\btmhsf.sys
18:52:37.0892 0948 btmhsf - ok
18:52:37.0907 0948 catchme - ok
18:52:37.0954 0948 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:52:38.0032 0948 cdfs - ok
18:52:38.0063 0948 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:52:38.0095 0948 cdrom - ok
18:52:38.0126 0948 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:52:38.0204 0948 CertPropSvc - ok
18:52:38.0235 0948 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
18:52:38.0251 0948 circlass - ok
18:52:38.0313 0948 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:52:38.0360 0948 CLFS - ok
18:52:38.0438 0948 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:52:38.0453 0948 clr_optimization_v2.0.50727_32 - ok
18:52:38.0516 0948 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:52:38.0531 0948 clr_optimization_v2.0.50727_64 - ok
18:52:38.0594 0948 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:52:38.0703 0948 clr_optimization_v4.0.30319_32 - ok
18:52:38.0781 0948 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:52:38.0843 0948 clr_optimization_v4.0.30319_64 - ok
18:52:38.0875 0948 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:52:38.0906 0948 CmBatt - ok
18:52:38.0921 0948 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:52:38.0953 0948 cmdide - ok
18:52:38.0999 0948 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
18:52:39.0062 0948 CNG - ok
18:52:39.0109 0948 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:52:39.0124 0948 Compbatt - ok
18:52:39.0155 0948 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:52:39.0202 0948 CompositeBus - ok
18:52:39.0218 0948 COMSysApp - ok
18:52:39.0265 0948 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
18:52:39.0280 0948 crcdisk - ok
18:52:39.0358 0948 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
18:52:39.0389 0948 CryptSvc - ok
18:52:39.0452 0948 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:52:39.0545 0948 DcomLaunch - ok
18:52:39.0577 0948 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:52:39.0655 0948 defragsvc - ok
18:52:39.0670 0948 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:52:39.0733 0948 DfsC - ok
18:52:39.0795 0948 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:52:39.0857 0948 Dhcp - ok
18:52:39.0889 0948 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:52:39.0951 0948 discache - ok
18:52:39.0982 0948 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
18:52:39.0998 0948 Disk - ok
18:52:40.0045 0948 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:52:40.0076 0948 Dnscache - ok
18:52:40.0123 0948 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:52:40.0216 0948 dot3svc - ok
18:52:40.0247 0948 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:52:40.0310 0948 DPS - ok
18:52:40.0341 0948 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:52:40.0372 0948 drmkaud - ok
18:52:40.0435 0948 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:52:40.0466 0948 DXGKrnl - ok
18:52:40.0497 0948 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:52:40.0559 0948 EapHost - ok
18:52:40.0700 0948 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
18:52:40.0793 0948 ebdrv - ok
18:52:40.0887 0948 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:52:40.0934 0948 EFS - ok
18:52:41.0027 0948 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:52:41.0105 0948 ehRecvr - ok
18:52:41.0121 0948 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:52:41.0137 0948 ehSched - ok
18:52:41.0215 0948 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
18:52:41.0246 0948 elxstor - ok
18:52:41.0261 0948 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:52:41.0277 0948 ErrDev - ok
18:52:41.0371 0948 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:52:41.0495 0948 EventSystem - ok
18:52:41.0745 0948 EvtEng (8b6c9924b0d333dbf76086b8258a0891) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:52:41.0823 0948 EvtEng - ok
18:52:41.0917 0948 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:52:41.0979 0948 exfat - ok
18:52:42.0010 0948 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:52:42.0057 0948 fastfat - ok
18:52:42.0119 0948 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:52:42.0151 0948 Fax - ok
18:52:42.0182 0948 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
18:52:42.0213 0948 fdc - ok
18:52:42.0260 0948 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:52:42.0307 0948 fdPHost - ok
18:52:42.0322 0948 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:52:42.0385 0948 FDResPub - ok
18:52:42.0416 0948 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:52:42.0431 0948 FileInfo - ok
18:52:42.0447 0948 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:52:42.0494 0948 Filetrace - ok
18:52:42.0509 0948 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
18:52:42.0509 0948 flpydisk - ok
18:52:42.0541 0948 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:52:42.0556 0948 FltMgr - ok
18:52:42.0619 0948 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:52:42.0697 0948 FontCache - ok
18:52:42.0790 0948 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:52:42.0821 0948 FontCache3.0.0.0 - ok
18:52:42.0853 0948 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:52:42.0884 0948 FsDepends - ok
18:52:42.0915 0948 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:52:42.0931 0948 Fs_Rec - ok
18:52:42.0977 0948 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:52:43.0009 0948 fvevol - ok
18:52:43.0024 0948 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
18:52:43.0040 0948 gagp30kx - ok
18:52:43.0087 0948 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:52:43.0102 0948 GEARAspiWDM - ok
18:52:43.0165 0948 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:52:43.0211 0948 gpsvc - ok
18:52:43.0243 0948 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:52:43.0289 0948 hcw85cir - ok
18:52:43.0336 0948 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:52:43.0367 0948 HDAudBus - ok
18:52:43.0367 0948 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
18:52:43.0383 0948 HidBatt - ok
18:52:43.0399 0948 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
18:52:43.0414 0948 HidBth - ok
18:52:43.0445 0948 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
18:52:43.0477 0948 HidIr - ok
18:52:43.0492 0948 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:52:43.0539 0948 hidserv - ok
18:52:43.0555 0948 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
18:52:43.0570 0948 HidUsb - ok
18:52:43.0617 0948 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:52:43.0695 0948 hkmsvc - ok
18:52:43.0726 0948 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:52:43.0773 0948 HomeGroupListener - ok
18:52:43.0804 0948 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:52:43.0851 0948 HomeGroupProvider - ok
18:52:43.0945 0948 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:52:43.0960 0948 HpSAMD - ok
18:52:44.0069 0948 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:52:44.0163 0948 HTTP - ok
18:52:44.0210 0948 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:52:44.0225 0948 hwpolicy - ok
18:52:44.0319 0948 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:52:44.0366 0948 i8042prt - ok
18:52:44.0459 0948 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
18:52:44.0475 0948 iaStor - ok
18:52:44.0569 0948 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
18:52:44.0584 0948 IAStorDataMgrSvc - ok
18:52:44.0647 0948 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:52:44.0693 0948 iaStorV - ok
18:52:44.0709 0948 iBtFltCoex (fc47f5cf561bf0fd897efd1a9604dccf) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
18:52:44.0725 0948 iBtFltCoex - ok
18:52:44.0834 0948 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:52:44.0865 0948 idsvc - ok
18:52:45.0333 0948 igfx (174bcac474de13b2650e444cf124828e) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:52:45.0723 0948 igfx - ok
18:52:45.0832 0948 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
18:52:45.0848 0948 iirsp - ok
18:52:45.0926 0948 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:52:45.0988 0948 IKEEXT - ok
18:52:46.0035 0948 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
18:52:46.0051 0948 IntcDAud - ok
18:52:46.0097 0948 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:52:46.0113 0948 intelide - ok
18:52:46.0144 0948 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:52:46.0175 0948 intelppm - ok
18:52:46.0207 0948 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:52:46.0285 0948 IPBusEnum - ok
18:52:46.0300 0948 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:52:46.0331 0948 IpFilterDriver - ok
18:52:46.0394 0948 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:52:46.0456 0948 iphlpsvc - ok
18:52:46.0503 0948 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:52:46.0550 0948 IPMIDRV - ok
18:52:46.0628 0948 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:52:46.0737 0948 IPNAT - ok
18:52:46.0846 0948 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
18:52:46.0877 0948 iPod Service - ok
18:52:46.0924 0948 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:52:46.0940 0948 IRENUM - ok
18:52:46.0955 0948 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:52:46.0955 0948 isapnp - ok
18:52:46.0987 0948 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:52:46.0987 0948 iScsiPrt - ok
18:52:47.0018 0948 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:52:47.0049 0948 kbdclass - ok
18:52:47.0049 0948 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:52:47.0096 0948 kbdhid - ok
18:52:47.0127 0948 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:52:47.0143 0948 KeyIso - ok
18:52:47.0174 0948 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
18:52:47.0189 0948 KSecDD - ok
18:52:47.0205 0948 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
18:52:47.0221 0948 KSecPkg - ok
18:52:47.0252 0948 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:52:47.0314 0948 ksthunk - ok
18:52:47.0361 0948 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:52:47.0423 0948 KtmRm - ok
18:52:47.0486 0948 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
18:52:47.0564 0948 LanmanServer - ok
18:52:47.0626 0948 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:52:47.0720 0948 LanmanWorkstation - ok
18:52:47.0798 0948 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:52:47.0876 0948 lltdio - ok
18:52:47.0923 0948 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:52:48.0016 0948 lltdsvc - ok
18:52:48.0032 0948 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:52:48.0063 0948 lmhosts - ok
18:52:48.0110 0948 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
18:52:48.0141 0948 LSI_FC - ok
18:52:48.0141 0948 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
18:52:48.0157 0948 LSI_SAS - ok
18:52:48.0157 0948 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
18:52:48.0172 0948 LSI_SAS2 - ok
18:52:48.0172 0948 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
18:52:48.0188 0948 LSI_SCSI - ok
18:52:48.0203 0948 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:52:48.0266 0948 luafv - ok
18:52:48.0313 0948 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:52:48.0344 0948 Mcx2Svc - ok
18:52:48.0375 0948 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
18:52:48.0391 0948 megasas - ok
18:52:48.0406 0948 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
18:52:48.0422 0948 MegaSR - ok
18:52:48.0469 0948 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
18:52:48.0484 0948 MEIx64 - ok
18:52:48.0562 0948 Microsoft SharePoint Workspace Audit Service - ok
18:52:48.0609 0948 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:52:48.0687 0948 MMCSS - ok
18:52:48.0718 0948 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:52:48.0781 0948 Modem - ok
18:52:48.0796 0948 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:52:48.0812 0948 monitor - ok
18:52:48.0843 0948 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:52:48.0859 0948 mouclass - ok
18:52:48.0905 0948 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
18:52:48.0952 0948 mouhid - ok
18:52:48.0983 0948 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:52:48.0999 0948 mountmgr - ok
18:52:49.0015 0948 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:52:49.0015 0948 mpio - ok
18:52:49.0046 0948 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:52:49.0077 0948 mpsdrv - ok
18:52:49.0155 0948 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:52:49.0233 0948 MpsSvc - ok
18:52:49.0249 0948 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:52:49.0295 0948 MRxDAV - ok
18:52:49.0327 0948 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:52:49.0373 0948 mrxsmb - ok
18:52:49.0405 0948 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:52:49.0420 0948 mrxsmb10 - ok
18:52:49.0451 0948 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:52:49.0467 0948 mrxsmb20 - ok
18:52:49.0483 0948 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:52:49.0498 0948 msahci - ok
18:52:49.0529 0948 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:52:49.0561 0948 msdsm - ok
18:52:49.0592 0948 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:52:49.0623 0948 MSDTC - ok
18:52:49.0639 0948 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:52:49.0685 0948 Msfs - ok
18:52:49.0701 0948 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:52:49.0732 0948 mshidkmdf - ok
18:52:49.0748 0948 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:52:49.0763 0948 msisadrv - ok
18:52:49.0810 0948 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:52:49.0888 0948 MSiSCSI - ok
18:52:49.0888 0948 msiserver - ok
18:52:49.0919 0948 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:52:49.0982 0948 MSKSSRV - ok
18:52:49.0982 0948 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:52:50.0013 0948 MSPCLOCK - ok
18:52:50.0029 0948 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:52:50.0060 0948 MSPQM - ok
18:52:50.0091 0948 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:52:50.0107 0948 MsRPC - ok
18:52:50.0122 0948 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:52:50.0138 0948 mssmbios - ok
18:52:50.0153 0948 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:52:50.0216 0948 MSTEE - ok
18:52:50.0216 0948 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
18:52:50.0231 0948 MTConfig - ok
18:52:50.0247 0948 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:52:50.0263 0948 Mup - ok
18:52:50.0356 0948 MyWiFiDHCPDNS (6ed8935257672f4cd04a88a0f3de093d) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
18:52:50.0372 0948 MyWiFiDHCPDNS - ok
18:52:50.0403 0948 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:52:50.0465 0948 napagent - ok
18:52:50.0497 0948 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:52:50.0528 0948 NativeWifiP - ok
18:52:50.0590 0948 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
18:52:50.0621 0948 NDIS - ok
18:52:50.0653 0948 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:52:50.0699 0948 NdisCap - ok
18:52:50.0731 0948 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:52:50.0762 0948 NdisTapi - ok
18:52:50.0777 0948 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:52:50.0809 0948 Ndisuio - ok
18:52:50.0840 0948 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:52:50.0902 0948 NdisWan - ok
18:52:50.0933 0948 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:52:50.0965 0948 NDProxy - ok
18:52:50.0996 0948 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:52:51.0058 0948 NetBIOS - ok
18:52:51.0074 0948 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:52:51.0105 0948 NetBT - ok
18:52:51.0152 0948 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:52:51.0167 0948 Netlogon - ok
18:52:51.0230 0948 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:52:51.0292 0948 Netman - ok
18:52:51.0386 0948 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:52:51.0417 0948 NetMsmqActivator - ok
18:52:51.0417 0948 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:52:51.0433 0948 NetPipeActivator - ok
18:52:51.0464 0948 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:52:51.0542 0948 netprofm - ok
18:52:51.0542 0948 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:52:51.0542 0948 NetTcpActivator - ok
18:52:51.0557 0948 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:52:51.0557 0948 NetTcpPortSharing - ok
18:52:51.0901 0948 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
18:52:52.0166 0948 NETwNs64 - ok
18:52:52.0259 0948 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
18:52:52.0291 0948 nfrd960 - ok
18:52:52.0322 0948 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:52:52.0415 0948 NlaSvc - ok
18:52:52.0431 0948 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:52:52.0462 0948 Npfs - ok
18:52:52.0493 0948 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:52:52.0556 0948 nsi - ok
18:52:52.0571 0948 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:52:52.0618 0948 nsiproxy - ok
18:52:52.0696 0948 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:52:52.0727 0948 Ntfs - ok
18:52:52.0837 0948 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:52:52.0883 0948 Null - ok
18:52:52.0946 0948 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
18:52:52.0977 0948 nusb3hub - ok
18:52:53.0008 0948 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:52:53.0055 0948 nusb3xhc - ok
18:52:53.0117 0948 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:52:53.0149 0948 nvraid - ok
18:52:53.0164 0948 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:52:53.0180 0948 nvstor - ok
18:52:53.0195 0948 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:52:53.0211 0948 nv_agp - ok
18:52:53.0211 0948 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:52:53.0258 0948 ohci1394 - ok
18:52:53.0320 0948 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:52:53.0351 0948 ose - ok
18:52:53.0617 0948 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:52:53.0804 0948 osppsvc - ok
18:52:53.0897 0948 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:52:53.0944 0948 p2pimsvc - ok
18:52:53.0991 0948 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:52:54.0022 0948 p2psvc - ok
18:52:54.0085 0948 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
18:52:54.0116 0948 Parport - ok
18:52:54.0147 0948 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:52:54.0163 0948 partmgr - ok
18:52:54.0194 0948 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:52:54.0241 0948 PcaSvc - ok
18:52:54.0272 0948 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:52:54.0287 0948 pci - ok
18:52:54.0319 0948 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:52:54.0334 0948 pciide - ok
18:52:54.0381 0948 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
18:52:54.0412 0948 pcmcia - ok
18:52:54.0412 0948 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:52:54.0428 0948 pcw - ok
18:52:54.0475 0948 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:52:54.0568 0948 PEAUTH - ok
18:52:54.0646 0948 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:52:54.0677 0948 PerfHost - ok
18:52:54.0787 0948 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:52:54.0849 0948 pla - ok
18:52:54.0911 0948 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:52:54.0958 0948 PlugPlay - ok
18:52:55.0005 0948 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:52:55.0052 0948 PNRPAutoReg - ok
18:52:55.0083 0948 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:52:55.0099 0948 PNRPsvc - ok
18:52:55.0145 0948 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:52:55.0223 0948 PolicyAgent - ok
18:52:55.0270 0948 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
18:52:55.0333 0948 Power - ok
18:52:55.0411 0948 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:52:55.0473 0948 PptpMiniport - ok
18:52:55.0489 0948 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
18:52:55.0520 0948 Processor - ok
18:52:55.0567 0948 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
18:52:55.0613 0948 ProfSvc - ok
18:52:55.0645 0948 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:52:55.0645 0948 ProtectedStorage - ok
18:52:55.0691 0948 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:52:55.0769 0948 Psched - ok
18:52:55.0863 0948 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
18:52:55.0910 0948 ql2300 - ok
18:52:55.0988 0948 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
18:52:56.0019 0948 ql40xx - ok
18:52:56.0050 0948 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:52:56.0097 0948 QWAVE - ok
18:52:56.0128 0948 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:52:56.0175 0948 QWAVEdrv - ok
18:52:56.0191 0948 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:52:56.0253 0948 RasAcd - ok
18:52:56.0269 0948 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:52:56.0315 0948 RasAgileVpn - ok
18:52:56.0347 0948 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:52:56.0409 0948 RasAuto - ok
18:52:56.0425 0948 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:52:56.0503 0948 Rasl2tp - ok
18:52:56.0549 0948 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:52:56.0596 0948 RasMan - ok
18:52:56.0627 0948 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:52:56.0674 0948 RasPppoe - ok
18:52:56.0721 0948 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:52:56.0799 0948 RasSstp - ok
18:52:56.0815 0948 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:52:56.0893 0948 rdbss - ok
18:52:56.0908 0948 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
18:52:56.0939 0948 rdpbus - ok
18:52:56.0971 0948 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:52:57.0033 0948 RDPCDD - ok
18:52:57.0033 0948 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:52:57.0080 0948 RDPENCDD - ok
18:52:57.0111 0948 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:52:57.0142 0948 RDPREFMP - ok
18:52:57.0173 0948 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
18:52:57.0205 0948 RDPWD - ok
18:52:57.0236 0948 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:52:57.0267 0948 rdyboost - ok
18:52:57.0361 0948 RegSrvc (189c5a8d2098e0aa14fd157a954b34fc) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:52:57.0407 0948 RegSrvc - ok
18:52:57.0454 0948 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:52:57.0532 0948 RemoteAccess - ok
18:52:57.0579 0948 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:52:57.0626 0948 RemoteRegistry - ok
18:52:57.0688 0948 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:52:57.0735 0948 RFCOMM - ok
18:52:57.0751 0948 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:52:57.0797 0948 RpcEptMapper - ok
18:52:57.0829 0948 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:52:57.0829 0948 RpcLocator - ok
18:52:57.0875 0948 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
18:52:57.0907 0948 RpcSs - ok
18:52:57.0953 0948 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:52:58.0031 0948 rspndr - ok
18:52:58.0078 0948 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\Windows\system32\Drivers\RtsUStor.sys
18:52:58.0094 0948 RSUSBSTOR - ok
18:52:58.0156 0948 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:52:58.0187 0948 RTL8167 - ok
18:52:58.0219 0948 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:52:58.0234 0948 SamSs - ok
18:52:58.0250 0948 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:52:58.0265 0948 sbp2port - ok
18:52:58.0297 0948 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:52:58.0359 0948 SCardSvr - ok
18:52:58.0390 0948 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:52:58.0437 0948 scfilter - ok
18:52:58.0484 0948 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:52:58.0593 0948 Schedule - ok
18:52:58.0609 0948 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:52:58.0640 0948 SCPolicySvc - ok
18:52:58.0671 0948 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:52:58.0718 0948 SDRSVC - ok
18:52:58.0780 0948 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:52:58.0858 0948 secdrv - ok
18:52:58.0874 0948 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:52:58.0921 0948 seclogon - ok
18:52:58.0952 0948 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:52:59.0014 0948 SENS - ok
18:52:59.0030 0948 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:52:59.0077 0948 SensrSvc - ok
18:52:59.0092 0948 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
18:52:59.0139 0948 Serenum - ok
18:52:59.0139 0948 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
18:52:59.0170 0948 Serial - ok
18:52:59.0186 0948 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
18:52:59.0217 0948 sermouse - ok
18:52:59.0264 0948 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:52:59.0326 0948 SessionEnv - ok
18:52:59.0357 0948 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:52:59.0373 0948 sffdisk - ok
18:52:59.0373 0948 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:52:59.0404 0948 sffp_mmc - ok
18:52:59.0404 0948 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:52:59.0420 0948 sffp_sd - ok
18:52:59.0420 0948 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
18:52:59.0435 0948 sfloppy - ok
18:52:59.0498 0948 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:52:59.0545 0948 SharedAccess - ok
18:52:59.0560 0948 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:52:59.0623 0948 ShellHWDetection - ok
18:52:59.0654 0948 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
18:52:59.0685 0948 SiSRaid2 - ok
18:52:59.0685 0948 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
18:52:59.0701 0948 SiSRaid4 - ok
18:52:59.0716 0948 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:52:59.0779 0948 Smb - ok
18:52:59.0825 0948 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:52:59.0857 0948 SNMPTRAP - ok
18:52:59.0872 0948 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:52:59.0872 0948 spldr - ok
18:52:59.0903 0948 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:52:59.0950 0948 Spooler - ok
18:53:00.0106 0948 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:53:00.0184 0948 sppsvc - ok
18:53:00.0262 0948 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:53:00.0325 0948 sppuinotify - ok
18:53:00.0387 0948 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:53:00.0434 0948 srv - ok
18:53:00.0465 0948 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:53:00.0496 0948 srv2 - ok
18:53:00.0527 0948 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:53:00.0559 0948 srvnet - ok
18:53:00.0605 0948 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:53:00.0652 0948 SSDPSRV - ok
18:53:00.0668 0948 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:53:00.0699 0948 SstpSvc - ok
18:53:00.0793 0948 STacSV (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe
18:53:00.0855 0948 STacSV - ok
18:53:00.0886 0948 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
18:53:00.0917 0948 stexstor - ok
18:53:00.0980 0948 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\Windows\system32\DRIVERS\stwrt64.sys
18:53:01.0011 0948 STHDA - ok
18:53:01.0073 0948 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:53:01.0105 0948 stisvc - ok
18:53:01.0120 0948 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:53:01.0136 0948 swenum - ok
18:53:01.0167 0948 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:53:01.0261 0948 swprv - ok
18:53:01.0339 0948 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:53:01.0401 0948 SysMain - ok
18:53:01.0479 0948 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:53:01.0526 0948 TabletInputService - ok
18:53:01.0557 0948 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:53:01.0619 0948 TapiSrv - ok
18:53:01.0635 0948 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:53:01.0666 0948 TBS - ok
18:53:01.0791 0948 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:53:01.0853 0948 Tcpip - ok
18:53:02.0025 0948 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:53:02.0103 0948 TCPIP6 - ok
18:53:02.0197 0948 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:53:02.0259 0948 tcpipreg - ok
18:53:02.0275 0948 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:53:02.0306 0948 TDPIPE - ok
18:53:02.0337 0948 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:53:02.0384 0948 TDTCP - ok
18:53:02.0415 0948 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:53:02.0462 0948 tdx - ok
18:53:02.0477 0948 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
18:53:02.0493 0948 TermDD - ok
18:53:02.0555 0948 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:53:02.0633 0948 TermService - ok
18:53:02.0649 0948 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:53:02.0680 0948 Themes - ok
18:53:02.0711 0948 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:53:02.0758 0948 THREADORDER - ok
18:53:02.0805 0948 tihub3 (68fe3d89829e27d4fd5eea7bd2c41985) C:\Windows\system32\drivers\tihub3.sys
18:53:02.0836 0948 tihub3 - ok
18:53:02.0852 0948 tixhci (0102c9633ce1f18a6ac021f28b734db5) C:\Windows\system32\drivers\tixhci.sys
18:53:02.0899 0948 tixhci - ok
18:53:02.0930 0948 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:53:03.0008 0948 TrkWks - ok
18:53:03.0055 0948 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:53:03.0117 0948 TrustedInstaller - ok
18:53:03.0148 0948 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:53:03.0211 0948 tssecsrv - ok
18:53:03.0242 0948 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:53:03.0273 0948 TsUsbFlt - ok
18:53:03.0289 0948 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
18:53:03.0304 0948 TsUsbGD - ok
18:53:03.0351 0948 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:53:03.0429 0948 tunnel - ok
18:53:03.0429 0948 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
18:53:03.0445 0948 uagp35 - ok
18:53:03.0476 0948 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:53:03.0538 0948 udfs - ok
18:53:03.0569 0948 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:53:03.0569 0948 UI0Detect - ok
18:53:03.0585 0948 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:53:03.0601 0948 uliagpkx - ok
18:53:03.0616 0948 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:53:03.0663 0948 umbus - ok
18:53:03.0679 0948 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
18:53:03.0694 0948 UmPass - ok
18:53:03.0725 0948 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:53:03.0819 0948 upnphost - ok
18:53:03.0866 0948 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
18:53:03.0913 0948 USBAAPL64 - ok
18:53:03.0944 0948 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
18:53:03.0991 0948 usbccgp - ok
18:53:04.0037 0948 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:53:04.0069 0948 usbcir - ok
18:53:04.0100 0948 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:53:04.0131 0948 usbehci - ok
18:53:04.0178 0948 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:53:04.0225 0948 usbhub - ok
18:53:04.0256 0948 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:53:04.0287 0948 usbohci - ok
18:53:04.0318 0948 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:53:04.0349 0948 usbprint - ok
18:53:04.0396 0948 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:53:04.0427 0948 usbscan - ok
18:53:04.0443 0948 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:53:04.0474 0948 USBSTOR - ok
18:53:04.0505 0948 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:53:04.0537 0948 usbuhci - ok
18:53:04.0568 0948 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
18:53:04.0583 0948 usbvideo - ok
18:53:04.0615 0948 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:53:04.0677 0948 UxSms - ok
18:53:04.0693 0948 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:53:04.0708 0948 VaultSvc - ok
18:53:04.0755 0948 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:53:04.0771 0948 vdrvroot - ok
18:53:04.0817 0948 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:53:04.0895 0948 vds - ok
18:53:04.0911 0948 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:53:04.0911 0948 vga - ok
18:53:04.0927 0948 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:53:04.0973 0948 VgaSave - ok
18:53:04.0989 0948 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:53:05.0005 0948 vhdmp - ok
18:53:05.0005 0948 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:53:05.0020 0948 viaide - ok
18:53:05.0036 0948 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:53:05.0051 0948 volmgr - ok
18:53:05.0067 0948 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:53:05.0083 0948 volmgrx - ok
18:53:05.0129 0948 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:53:05.0145 0948 volsnap - ok
18:53:05.0161 0948 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
18:53:05.0192 0948 vsmraid - ok
18:53:05.0285 0948 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:53:05.0379 0948 VSS - ok
18:53:05.0457 0948 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:53:05.0504 0948 vwifibus - ok
18:53:05.0519 0948 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:53:05.0566 0948 vwififlt - ok
18:53:05.0597 0948 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:53:05.0629 0948 vwifimp - ok
18:53:05.0675 0948 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:53:05.0722 0948 W32Time - ok
18:53:05.0738 0948 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
18:53:05.0769 0948 WacomPen - ok
18:53:05.0800 0948 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:53:05.0878 0948 WANARP - ok
18:53:05.0878 0948 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:53:05.0909 0948 Wanarpv6 - ok
18:53:06.0003 0948 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:53:06.0034 0948 WatAdminSvc - ok
18:53:06.0128 0948 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:53:06.0190 0948 wbengine - ok
18:53:06.0268 0948 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:53:06.0315 0948 WbioSrvc - ok
18:53:06.0346 0948 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:53:06.0393 0948 wcncsvc - ok
18:53:06.0409 0948 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:53:06.0424 0948 WcsPlugInService - ok
18:53:06.0471 0948 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
18:53:06.0487 0948 Wd - ok
18:53:06.0533 0948 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:53:06.0565 0948 Wdf01000 - ok
18:53:06.0580 0948 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:53:06.0658 0948 WdiServiceHost - ok
18:53:06.0674 0948 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:53:06.0689 0948 WdiSystemHost - ok
18:53:06.0721 0948 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:53:06.0767 0948 WebClient - ok
18:53:06.0799 0948 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:53:06.0877 0948 Wecsvc - ok
18:53:06.0892 0948 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:53:06.0923 0948 wercplsupport - ok
18:53:06.0955 0948 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:53:07.0017 0948 WerSvc - ok
18:53:07.0064 0948 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:53:07.0157 0948 WfpLwf - ok
18:53:07.0157 0948 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:53:07.0173 0948 WIMMount - ok
18:53:07.0235 0948 WinDefend - ok
18:53:07.0251 0948 WinHttpAutoProxySvc - ok
18:53:07.0313 0948 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:53:07.0345 0948 Winmgmt - ok
18:53:07.0454 0948 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:53:07.0516 0948 WinRM - ok
18:53:07.0641 0948 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:53:07.0688 0948 WinUsb - ok
18:53:07.0750 0948 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:53:07.0781 0948 Wlansvc - ok
18:53:07.0828 0948 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:53:07.0859 0948 WmiAcpi - ok
18:53:07.0922 0948 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:53:07.0969 0948 wmiApSrv - ok
18:53:08.0015 0948 WMPNetworkSvc - ok
18:53:08.0047 0948 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:53:08.0078 0948 WPCSvc - ok
18:53:08.0093 0948 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:53:08.0140 0948 WPDBusEnum - ok
18:53:08.0156 0948 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:53:08.0187 0948 ws2ifsl - ok
18:53:08.0234 0948 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:53:08.0296 0948 wscsvc - ok
18:53:08.0296 0948 WSearch - ok
18:53:08.0421 0948 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:53:08.0499 0948 wuauserv - ok
18:53:08.0608 0948 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:53:08.0671 0948 WudfPf - ok
18:53:08.0686 0948 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:53:08.0733 0948 WUDFRd - ok
18:53:08.0764 0948 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:53:08.0795 0948 wudfsvc - ok
18:53:08.0827 0948 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:53:08.0873 0948 WwanSvc - ok
18:53:08.0920 0948 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:53:09.0919 0948 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:53:09.0919 0948 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:53:09.0950 0948 Boot (0x1200) (cab8e376a59bf838b2027a2580896e3e) \Device\Harddisk0\DR0\Partition0
18:53:09.0950 0948 \Device\Harddisk0\DR0\Partition0 - ok
18:53:09.0965 0948 Boot (0x1200) (9fa52be5cbd45385e53557d694d8b63d) \Device\Harddisk0\DR0\Partition1
18:53:09.0965 0948 \Device\Harddisk0\DR0\Partition1 - ok
18:53:09.0981 0948 ============================================================
18:53:09.0981 0948 Scan finished
18:53:09.0981 0948 ============================================================
18:53:09.0997 4564 Detected object count: 4
18:53:09.0997 4564 Actual detected object count: 4
18:53:15.0051 4564 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
18:53:15.0051 4564 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:53:15.0051 4564 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:53:15.0051 4564 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:53:15.0051 4564 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:53:15.0051 4564 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:53:15.0051 4564 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:53:15.0051 4564 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  • 0

#8
Essexboy
Posted 11 August 2012 - 04:08 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thought so

Re-run TDSSKiller with the same parameters and when you get to this select delete :

\Device\Harddisk0\DR0 ( TDSS File System ) -

How is the computer behaving now ?
  • 0

#9
kinolie21
Posted 11 August 2012 - 07:25 AM

kinolie21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Everything is working great except windows update. I have seven important and three optional updates and everytime I hit update, the screen pops up a minute later and says the updates failed and provides code 80246008.

Thank you.
  • 0

#10
Essexboy
Posted 11 August 2012 - 08:41 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK next bit. The windows Bits service is not running. This will set all services to default so if you have disabled any you will need to redo them

Download Windows Repair (all in one) from this site

Install the programme then run

Posted Image

Go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab click start
Posted Image

Select the following items and tick restart system when finished
Posted Image
  • 0

Advertisements

#11
kinolie21
Posted 12 August 2012 - 11:04 AM

kinolie21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
I followed directions with this program, but the updates are still not installing and I am still getting error messages.
  • 0

#12
Essexboy
Posted 12 August 2012 - 12:43 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download the attached bits.reg to your desktop

Double click the file and accept the warnings
Reboot and try again
  • 0

#13
kinolie21
Posted 13 August 2012 - 07:16 AM

kinolie21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
I followed your instructions this morning and tried updating again, but they are stil failing.
  • 0

#14
Essexboy
Posted 13 August 2012 - 07:28 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I would like to try something here, could you restore your Computer to 9th August. We will need to redo some of the malware removal again.. But I would like to take a look at the malware changes prior to my fixing them

Once restored could you run a full OTL scan again please

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#15
kinolie21
Posted 13 August 2012 - 12:33 PM

kinolie21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Here are the logs. Thank you.

Attached Files


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP