Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google search result on click takes me to other search sites by malwar

Started by suneelgv , Aug 21 2012 09:37 PM

  • This topic is locked This topic is locked

#1
suneelgv
Posted 21 August 2012 - 09:37 PM

suneelgv

    Member

  • Member
  • PipPip
  • 17 posts
Hi all,

This started happening from 8/18/2012 on my Windows 7 64 bit PC. When I do a Google search in any browser (chrome,firefox), and click on search results, I am taken to a page that is not one of the results. It takes to webpages that do not have any domain name, just IP address. And sometimes it takes me to sites that are not in the search result on first page. For example, if I search for "free fax", the first result I get is "faxzero.com" but when I click on it, it takes me to "efax.com". I have followed the steps in http://www.geekstogo...ogle-redirects/ but that didn't make any difference. This problem doesn't happen always. It comes and goes. I
have attached the OTL, OTM,GooredFix, Fiddler log, and screenshot of the search page it took me to after clicking on the result. I would really appreciate any help on this malware.
Edit: Not sure if this is related, AVG is reporting high memory usage by iexplore.exe, around 240MB, which I didn't launch and there is no Internet Explorer window open. Even after killing iexplore.exe, a new one shows itself in taskmanager.

Thanks
Suneel

Attached Thumbnails

  • redirected page on click in search result in google.jpg

Attached Files


Edited by suneelgv, 21 August 2012 - 11:42 PM.

  • 0

Advertisements

#2
ali.B
Posted 21 August 2012 - 11:48 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O33 - MountPoints2\{1af2ef4a-70c2-11e1-8174-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{1af2ef4a-70c2-11e1-8174-005056c00008}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{23c5d35c-8a21-11e1-911a-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{23c5d35c-8a21-11e1-911a-005056c00008}\Shell\AutoRun\command - "" = G:\Setup.exe
[2012/06/02 13:22:18 | 000,000,000 | -HSD | M] -- C:\Users\honey\AppData\Roaming\.#
[2011/08/06 17:26:12 | 000,000,990 | -HS- | C] () -- C:\Users\honey\AppData\Roaming\systemfl.$dk

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2


  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.
  • 0

#3
suneelgv
Posted 22 August 2012 - 08:20 AM

suneelgv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thanks Ali. Really appreciate your help.

The OTL Log:

OTL logfile created on: 8/22/2012 2:51:15 AM - Run 2
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\honey\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.62 Gb Total Physical Memory | 5.84 Gb Available Physical Memory | 76.68% Memory free
15.24 Gb Paging File | 13.18 Gb Available in Paging File | 86.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 129.31 Gb Total Space | 62.28 Gb Free Space | 48.17% Space Free | Partition Type: NTFS
Drive D: | 336.35 Gb Total Space | 276.28 Gb Free Space | 82.14% Space Free | Partition Type: NTFS
Drive E: | 495.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MINIFCN-PC | User Name: honey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/21 21:36:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\honey\Downloads\OTL.exe
PRC - [2012/08/15 00:15:13 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
PRC - [2012/07/20 15:17:14 | 012,218,904 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/06/23 08:30:33 | 000,380,416 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
PRC - [2012/05/23 08:57:30 | 000,871,608 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2012/05/23 08:54:42 | 000,371,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2012/04/05 11:11:18 | 001,144,704 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/04/03 11:00:24 | 000,051,128 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/31 19:35:30 | 000,892,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
PRC - [2011/07/06 02:28:17 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2011/06/23 21:45:20 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/06/22 11:17:14 | 000,395,392 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/06/22 11:15:44 | 002,637,824 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/11/11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010/11/11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010/11/11 13:47:32 | 000,129,648 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2010/11/11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2010/11/11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010/11/02 14:27:56 | 000,221,184 | ---- | M] (Visioneer Inc.) -- C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
PRC - [2009/11/02 19:43:16 | 000,353,672 | ---- | M] (Check Point Software Technologies) -- C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/22 02:42:09 | 000,571,392 | ---- | M] () -- C:\Users\honey\AppData\Local\Temp\_MEI26522\pysqlite2._sqlite.pyd
MOD - [2012/08/22 02:42:09 | 000,263,168 | ---- | M] () -- C:\Users\honey\AppData\Local\Temp\_MEI26522\win32com.shell.shell.pyd
MOD - [2012/08/22 02:42:09 | 000,153,088 | ---- | M] () -- C:\Users\honey\AppData\Local\Temp\_MEI26522\pyexpat.pyd
MOD - [2012/08/22 02:42:09 | 000,096,256 | ---- | M] () -- C:\Users\honey\AppData\Local\Temp\_MEI26522\win32api.pyd
MOD - [2012/08/22 02:42:09 | 000,086,016 | ---- | M] () -- C:\Users\honey\AppData\Local\Temp\_MEI26522\_elementtree.pyd
MOD - [2012/08/22 02:42:09 | 000,070,656 | ---- | M] () -- C:\Users\honey\AppData\Local\Temp\_MEI26522\wx._html2.pyd
MOD - [2012/08/22 02:42:09 | 000,040,448 | ---- | M] () -- C:\Users\honey\AppData\Local\Temp\_MEI26522\_socket.pyd
MOD - [2012/08/22 02:42:09 | 000,011,776 | ---- | M] () -- C:\Users\honey\AppData\Local\Temp\_MEI26522\win32crypt.pyd
MOD - [2012/08/22 02:42:08 | 001,169,408 | ---- | M] () -- C:\Users\honey\AppData\Local\Temp\_MEI26522\wx._core_.pyd
MOD - [2012/08/22 02:42:08 | 001,056,256 | ---- | M] () -- C:\Users\honey\AppData\Local\Temp\_MEI26522\wx._controls_.pyd
MOD - [2012/08/22 02:42:08 | 001,018,368 | ---- | M] () -- C:\Users\honey\AppData\Local\Temp\_MEI26522\windows._cacheinvalidation.pyd
MOD - [2012/08/22 02:42:08 | 000,807,424 | ---- | M] () -- C:\Users\honey\AppData\Local\Temp\_MEI26522\wx._windows_.pyd
MOD - [2012/08/22 02:42:08 | 000,792,576 | ---- | M] () -- C:\Users\honey\AppData\Local\Temp\_MEI26522\wx._gdi_.pyd
MOD - [2012/08/22 02:42:08 | 000,731,136 | ---- | M] () -- C:\Users\honey\AppData\Local\Temp\_MEI26522\wx._misc_.pyd
MOD - [2012/08/22 02:42:08 | 000,645,120 | ---- | M] () -- C:\Users\honey\AppData\Local\Temp\_MEI26522\_ssl.pyd
MOD - [2012/08/22 02:42:08 | 000,585,728 | ---- | M] () -- C:\Users\honey\AppData\Local\Temp\_MEI26522\unicodedata.pyd
MOD - [2012/08/22 02:42:08 | 000,354,304 | ---- | M] () -- C:\Users\honey\AppData\Local\Temp\_MEI26522\pythoncom26.dll
MOD - [2012/08/22 02:42:08 | 000,311,808 | ---- | M] () -- C:\Users\honey\AppData\Local\Temp\_MEI26522\_hashlib.pyd
MOD - [2012/08/22 02:42:08 | 000,121,856 | ---- | M] () -- C:\Users\honey\AppData\Local\Temp\_MEI26522\wx._wizard.pyd
MOD - [2012/08/22 02:42:08 | 000,111,104 | ---- | M] () -- C:\Users\honey\AppData\Local\Temp\_MEI26522\win32file.pyd
MOD - [2012/08/22 02:42:08 | 000,110,592 | ---- | M] () -- C:\Users\honey\AppData\Local\Temp\_MEI26522\PyWinTypes26.dll
MOD - [2012/08/22 02:42:08 | 000,073,728 | ---- | M] () -- C:\Users\honey\AppData\Local\Temp\_MEI26522\_ctypes.pyd
MOD - [2012/08/22 02:42:08 | 000,039,424 | ---- | M] () -- C:\Users\honey\AppData\Local\Temp\_MEI26522\win32inet.pyd
MOD - [2012/08/22 02:42:08 | 000,036,352 | ---- | M] () -- C:\Users\honey\AppData\Local\Temp\_MEI26522\win32process.pyd
MOD - [2012/08/22 02:42:08 | 000,022,528 | ---- | M] () -- C:\Users\honey\AppData\Local\Temp\_MEI26522\win32pdh.pyd
MOD - [2012/08/22 02:42:08 | 000,017,920 | ---- | M] () -- C:\Users\honey\AppData\Local\Temp\_MEI26522\win32event.pyd
MOD - [2012/08/22 02:42:08 | 000,011,776 | ---- | M] () -- C:\Users\honey\AppData\Local\Temp\_MEI26522\select.pyd
MOD - [2012/06/30 19:10:09 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/30 19:09:34 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/30 19:07:49 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/06/30 19:07:37 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/06/23 08:30:33 | 000,380,416 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
MOD - [2012/01/31 19:36:28 | 000,884,736 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
MOD - [2012/01/31 19:35:32 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
MOD - [2012/01/31 19:34:34 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
MOD - [2012/01/31 19:33:22 | 000,018,432 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
MOD - [2012/01/31 19:33:18 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
MOD - [2012/01/31 19:33:16 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
MOD - [2012/01/31 19:33:16 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
MOD - [2012/01/31 19:33:14 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
MOD - [2012/01/31 19:33:12 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
MOD - [2012/01/31 19:31:42 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
MOD - [2012/01/31 19:31:36 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
MOD - [2012/01/31 19:31:36 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
MOD - [2012/01/31 19:31:04 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
MOD - [2011/11/17 22:06:54 | 000,798,720 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
MOD - [2011/11/17 20:47:08 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/06 02:28:17 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/06/11 13:12:16 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/03/09 00:10:20 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/16 17:10:44 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/15 16:38:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 23:08:35 | 000,147,368 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/07/13 23:08:25 | 000,375,208 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/02 12:17:40 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/11/17 22:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2011/06/22 11:18:40 | 001,191,656 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/11 13:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/11/11 13:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010/11/11 13:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/11/11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/11/02 14:27:56 | 000,221,184 | ---- | M] (Visioneer Inc.) [Auto | Running] -- C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor)
SRV - [2010/08/19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/02 19:43:16 | 000,353,672 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe -- (cpextender)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/13 23:08:25 | 000,087,488 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/05/29 18:07:59 | 000,971,360 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2012/05/29 18:07:54 | 000,210,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2012/05/29 18:07:53 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt53.sys -- (vidsflt53)
DRV:64bit: - [2012/05/29 18:07:52 | 000,275,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012/05/17 08:14:58 | 000,093,272 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/02 12:17:40 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/04/02 12:17:18 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/03/09 01:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/03/09 01:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/03/08 22:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 07:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/04/13 15:05:46 | 000,023,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/30 01:02:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 08:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 08:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 08:33:57 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 06:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010/11/20 06:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 06:07:11 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:07:04 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 06:03:43 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 04:57:43 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/11 13:49:12 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010/11/11 13:49:00 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010/11/11 13:47:12 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010/11/11 13:47:00 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010/11/11 12:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010/11/11 10:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010/11/11 10:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010/11/11 10:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010/06/09 06:02:47 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/11/02 19:43:16 | 000,161,256 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vna.sys -- (VNA)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009/06/10 15:34:35 | 000,087,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b44amd64.sys -- (bcm44amd64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/01/19 13:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV - [2012/04/02 12:17:40 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2011/08/06 17:26:14 | 000,197,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\WinVd32.sys -- (WinVd32)
DRV - [2011/07/15 06:35:20 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/08/19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1F 02 F1 12 F5 7F CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{12E29FEE-4B7D-41D5-8F14-F94451FFD935}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\honey\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\honey\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 08:57:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Fiddler2\FiddlerHook [2012/08/18 09:29:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/16 17:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/18 17:52:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/07/09 11:28:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/16 17:10:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/18 17:52:56 | 000,000,000 | ---D | M]

[2012/06/23 08:23:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\honey\AppData\Roaming\Mozilla\Extensions
[2012/06/23 08:23:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\honey\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/08/16 23:06:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\honey\AppData\Roaming\Mozilla\Firefox\Profiles\807wclxn.default\extensions
[2012/06/10 09:54:09 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\honey\AppData\Roaming\Mozilla\Firefox\Profiles\807wclxn.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2012/03/31 10:07:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\honey\AppData\Roaming\Mozilla\Firefox\Profiles\807wclxn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/05/22 20:08:14 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\honey\AppData\Roaming\Mozilla\Firefox\Profiles\807wclxn.default\extensions\[email protected]
[2012/04/28 14:32:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/25 21:45:41 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/18 09:29:06 | 000,000,000 | ---D | M] (FiddlerHook) -- C:\PROGRAM FILES (X86)\FIDDLER2\FIDDLERHOOK
[2012/08/16 23:06:15 | 000,526,553 | ---- | M] () (No name found) -- C:\USERS\HONEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\807WCLXN.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2011/08/25 11:01:21 | 000,166,004 | ---- | M] () (No name found) -- C:\USERS\HONEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\807WCLXN.DEFAULT\EXTENSIONS\{A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}.XPI
[2012/08/16 17:10:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/03 00:10:55 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/26 21:13:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/26 21:13:31 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.microsoft.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&client=ubuntu&channel=cs&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.microsoft.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\honey\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\honey\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\honey\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\honey\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\honey\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Autocomplete = on = C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecpgkdflcnofdbbkiggklcfmgbnbabhh\1.0_0\
CHR - Extension: Google Voice (by Google) = C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.3.6.8_0\
CHR - Extension: AVG Do Not Track = C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Users\honey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/22 02:38:48 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ObihaiMiddleWare] C:\Program Files (x86)\OBIHAI\mware.exe File not found
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [Acro Software Inc] C:\Users\honey\AppData\Local\Acro Software Inc\trwlwqwc.dll (Hewlett-Packard)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [googletalk] C:\Users\honey\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\honey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9:64bit: - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: jostens.com ([virtualoffice] https in Trusted sites)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.2.1)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=928 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D10AF4F-1AC8-4C86-9219-B87126B1A6B1}: DhcpNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20 - AppInit_DLLs: (C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll) - C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/22 02:38:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/21 22:15:43 | 000,000,000 | ---D | C] -- C:\Users\honey\Desktop\geeks posting
[2012/08/21 21:24:39 | 000,000,000 | ---D | C] -- C:\Users\honey\Desktop\GooredFix Backups
[2012/08/21 21:23:46 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\honey\Desktop\GooredFix.exe
[2012/08/19 13:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/08/19 13:36:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012/08/18 13:55:27 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/08/18 13:53:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/08/18 09:48:26 | 000,000,000 | ---D | C] -- C:\Users\honey\AppData\Roaming\Malwarebytes
[2012/08/18 09:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/18 09:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/18 09:48:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/18 09:48:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/18 09:29:31 | 000,000,000 | ---D | C] -- C:\Users\honey\Documents\Fiddler2
[2012/08/18 09:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fiddler2
[2012/08/18 09:15:15 | 000,000,000 | ---D | C] -- C:\Users\honey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/08/18 09:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/08/18 09:15:13 | 000,000,000 | ---D | C] -- C:\Users\honey\AppData\Roaming\Notepad++
[2012/08/18 09:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2012/08/18 00:05:06 | 000,000,000 | ---D | C] -- C:\Users\honey\AppData\Local\Acro Software Inc
[2012/01/17 14:48:12 | 001,473,608 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\honey\gotomypc_597.exe

========== Files - Modified Within 30 Days ==========

[2012/08/22 02:59:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2117389278-4087808128-1204950035-1001UA.job
[2012/08/22 02:58:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/22 02:48:36 | 000,016,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/22 02:48:36 | 000,016,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/22 02:41:30 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/22 02:41:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/22 02:38:48 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/22 02:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/21 21:23:39 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\honey\Desktop\GooredFix.exe
[2012/08/21 17:58:01 | 104,595,036 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/21 17:05:29 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2117389278-4087808128-1204950035-1001Core.job
[2012/08/19 13:36:33 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/08/18 19:34:11 | 000,424,658 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/08/18 10:37:14 | 000,018,858 | ---- | M] () -- C:\Users\honey\Desktop\Scan-120818-0001.pdf
[2012/08/18 09:48:13 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/17 17:30:44 | 000,877,050 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/17 17:30:44 | 000,730,748 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/17 17:30:44 | 000,148,282 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/16 03:24:52 | 000,350,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/13 19:23:54 | 611,575,312 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/11 00:45:21 | 000,007,629 | ---- | M] () -- C:\Users\honey\AppData\Local\Resmon.ResmonCfg
[2012/08/04 22:04:05 | 000,095,370 | ---- | M] () -- C:\Users\honey\Desktop\Suneel CR 8-4-2012.7z
[2012/08/04 09:17:39 | 000,234,420 | ---- | M] () -- C:\Users\honey\Desktop\necklace1.jpg
[2012/08/04 09:17:05 | 000,195,941 | ---- | M] () -- C:\Users\honey\Desktop\IMG_3532.JPG
[2012/08/04 09:15:57 | 000,218,242 | ---- | M] () -- C:\Users\honey\Desktop\IMG_3529.JPG
[2012/08/04 09:15:24 | 000,251,193 | ---- | M] () -- C:\Users\honey\Desktop\necklace.jpg
[2012/08/04 09:14:20 | 000,211,852 | ---- | M] () -- C:\Users\honey\Desktop\IMG_3528.JPG

========== Files Created - No Company Name ==========

[2012/08/19 13:36:33 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/08/18 10:39:15 | 000,018,858 | ---- | C] () -- C:\Users\honey\Desktop\Scan-120818-0001.pdf
[2012/08/18 09:48:13 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/18 09:29:06 | 000,001,896 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiddler2.lnk
[2012/08/04 22:04:04 | 000,095,370 | ---- | C] () -- C:\Users\honey\Desktop\Suneel CR 8-4-2012.7z
[2012/08/04 09:17:39 | 000,234,420 | ---- | C] () -- C:\Users\honey\Desktop\necklace1.jpg
[2012/08/04 09:17:05 | 000,195,941 | ---- | C] () -- C:\Users\honey\Desktop\IMG_3532.JPG
[2012/08/04 09:15:57 | 000,218,242 | ---- | C] () -- C:\Users\honey\Desktop\IMG_3529.JPG
[2012/08/04 09:15:24 | 000,251,193 | ---- | C] () -- C:\Users\honey\Desktop\necklace.jpg
[2012/08/04 09:14:20 | 000,211,852 | ---- | C] () -- C:\Users\honey\Desktop\IMG_3528.JPG
[2012/07/03 23:38:01 | 000,007,629 | ---- | C] () -- C:\Users\honey\AppData\Local\Resmon.ResmonCfg
[2012/07/01 18:34:59 | 000,000,120 | ---- | C] () -- C:\Users\honey\.asadminpass
[2012/07/01 18:34:46 | 000,000,797 | ---- | C] () -- C:\Users\honey\.asadmintruststore
[2012/03/08 23:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/08 23:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/16 18:27:34 | 000,001,832 | ---- | C] () -- C:\Users\honey\AppData\Local\SLC_honey.prx
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/12/03 01:21:09 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/23 14:46:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/06 17:26:15 | 000,012,048 | -HS- | C] () -- C:\Windows\SysWow64\sys_drv_2.dat
[2011/08/06 17:26:14 | 000,197,728 | ---- | C] () -- C:\Windows\WinVd32.sys
[2011/08/06 17:26:13 | 000,021,888 | ---- | C] () -- C:\Windows\SysWow64\WinFLdrv.sys
[2011/08/06 17:26:13 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\WinFLsrv.exe
[2011/07/30 22:52:39 | 000,003,584 | ---- | C] () -- C:\Users\honey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/08 22:02:03 | 000,000,943 | ---- | C] () -- C:\Users\honey\AppData\Roaming\coreavc.ini
[2011/06/26 09:50:50 | 000,000,793 | ---- | C] () -- C:\Users\honey\FileRead.java
[2011/06/24 13:29:52 | 000,872,580 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/05/16 13:31:44 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll

========== LOP Check ==========

[2011/07/30 08:02:30 | 000,000,000 | ---D | M] -- C:\Users\honey\AppData\Roaming\.purple
[2012/05/29 18:08:53 | 000,000,000 | ---D | M] -- C:\Users\honey\AppData\Roaming\Acronis
[2011/09/30 00:02:26 | 000,000,000 | ---D | M] -- C:\Users\honey\AppData\Roaming\AVG2012
[2011/07/30 01:28:35 | 000,000,000 | ---D | M] -- C:\Users\honey\AppData\Roaming\calibre
[2012/05/17 10:05:03 | 000,000,000 | ---D | M] -- C:\Users\honey\AppData\Roaming\ICAClient
[2011/06/23 21:27:17 | 000,000,000 | ---D | M] -- C:\Users\honey\AppData\Roaming\IrfanView
[2012/06/02 10:02:32 | 000,000,000 | ---D | M] -- C:\Users\honey\AppData\Roaming\Key Metric Software
[2012/06/16 07:55:00 | 000,000,000 | ---D | M] -- C:\Users\honey\AppData\Roaming\Mp3tag
[2012/08/18 09:15:26 | 000,000,000 | ---D | M] -- C:\Users\honey\AppData\Roaming\Notepad++
[2012/04/26 00:15:12 | 000,000,000 | ---D | M] -- C:\Users\honey\AppData\Roaming\OneTouch 4.0
[2011/06/23 21:16:51 | 000,000,000 | ---D | M] -- C:\Users\honey\AppData\Roaming\Opera
[2012/06/23 08:23:03 | 000,000,000 | ---D | M] -- C:\Users\honey\AppData\Roaming\Philips-Songbird
[2012/07/14 12:30:49 | 000,000,000 | ---D | M] -- C:\Users\honey\AppData\Roaming\Subversion
[2011/06/23 21:47:43 | 000,000,000 | ---D | M] -- C:\Users\honey\AppData\Roaming\TextPad
[2011/08/20 13:31:21 | 000,000,000 | ---D | M] -- C:\Users\honey\AppData\Roaming\Thunderbird
[2011/08/20 19:27:26 | 000,000,000 | ---D | M] -- C:\Users\honey\AppData\Roaming\TightVNC
[2012/08/22 03:02:12 | 000,000,000 | ---D | M] -- C:\Users\honey\AppData\Roaming\uTorrent
[2012/02/15 04:20:35 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by suneelgv, 22 August 2012 - 08:25 AM.

  • 0

#4
suneelgv
Posted 22 August 2012 - 08:23 AM

suneelgv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
RogueKiller logs:
RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: honey [Admin rights]
Mode: Scan -- Date: 08/22/2012 08:25:11

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Acro Software Inc (RunDLL32.exe "C:\Users\honey\AppData\Local\Acro Software Inc\trwlwqwc.dll",DllUnregisterServer) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-2117389278-4087808128-1204950035-1001[...]\Run : Acro Software Inc (RunDLL32.exe "C:\Users\honey\AppData\Local\Acro Software Inc\trwlwqwc.dll",DllUnregisterServer) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD502HJ ATA Device +++++
--- User ---
[MBR] a7278a57ffa9a5cf9db2505059552b21
[BSP] 4c9f9f1a63ef53e65cc637afc9de18b1 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 132410 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 271386624 | Size: 344425 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt




RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: honey [Admin rights]
Mode: Remove -- Date: 08/22/2012 09:42:10

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Acro Software Inc (RunDLL32.exe "C:\Users\honey\AppData\Local\Acro Software Inc\trwlwqwc.dll",DllUnregisterServer) -> DELETED
[IFEO] HKLM\[...]\Image File Execution Options : ehshell.exe ("C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect) -> DELETED
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD502HJ ATA Device +++++
--- User ---
[MBR] a7278a57ffa9a5cf9db2505059552b21
[BSP] 4c9f9f1a63ef53e65cc637afc9de18b1 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 132410 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 271386624 | Size: 344425 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Edited by suneelgv, 22 August 2012 - 08:48 AM.

  • 0

#5
ali.B
Posted 22 August 2012 - 09:37 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#6
suneelgv
Posted 22 August 2012 - 09:44 AM

suneelgv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
TDSSKiller Report:

10:41:29.0775 3992 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
10:41:30.0165 3992 ============================================================
10:41:30.0165 3992 Current date / time: 2012/08/22 10:41:30.0165
10:41:30.0165 3992 SystemInfo:
10:41:30.0165 3992
10:41:30.0165 3992 OS Version: 6.1.7601 ServicePack: 1.0
10:41:30.0165 3992 Product type: Workstation
10:41:30.0165 3992 ComputerName: MINIFCN-PC
10:41:30.0165 3992 UserName: honey
10:41:30.0165 3992 Windows directory: C:\Windows
10:41:30.0165 3992 System windows directory: C:\Windows
10:41:30.0165 3992 Running under WOW64
10:41:30.0165 3992 Processor architecture: Intel x64
10:41:30.0165 3992 Number of processors: 2
10:41:30.0165 3992 Page size: 0x1000
10:41:30.0165 3992 Boot type: Normal boot
10:41:30.0165 3992 ============================================================
10:41:31.0304 3992 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:41:31.0320 3992 ============================================================
10:41:31.0320 3992 \Device\Harddisk0\DR0:
10:41:31.0320 3992 MBR partitions:
10:41:31.0320 3992 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x32F8E
10:41:31.0320 3992 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1029D5F0
10:41:31.0320 3992 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x102D0800, BlocksNum 0x2A0B4800
10:41:31.0320 3992 ============================================================
10:41:31.0351 3992 C: <-> \Device\Harddisk0\DR0\Partition2
10:41:31.0382 3992 D: <-> \Device\Harddisk0\DR0\Partition3
10:41:31.0382 3992 ============================================================
10:41:31.0382 3992 Initialize success
10:41:31.0382 3992 ============================================================
10:42:15.0851 1252 ============================================================
10:42:15.0851 1252 Scan started
10:42:15.0851 1252 Mode: Manual; SigCheck; TDLFS;
10:42:15.0851 1252 ============================================================
10:42:16.0413 1252 ================ Scan system memory ========================
10:42:16.0413 1252 System memory - ok
10:42:16.0413 1252 ================ Scan services =============================
10:42:16.0569 1252 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:42:16.0709 1252 1394ohci - ok
10:42:16.0740 1252 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:42:16.0771 1252 ACPI - ok
10:42:16.0803 1252 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:42:16.0834 1252 AcpiPmi - ok
10:42:16.0912 1252 [ AD2596D8CF9D25CC38CD06F7347A5ED5 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
10:42:16.0959 1252 AcrSch2Svc - ok
10:42:16.0990 1252 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:42:17.0021 1252 AdobeARMservice - ok
10:42:17.0130 1252 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:42:17.0161 1252 AdobeFlashPlayerUpdateSvc - ok
10:42:17.0208 1252 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:42:17.0239 1252 adp94xx - ok
10:42:17.0271 1252 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:42:17.0317 1252 adpahci - ok
10:42:17.0349 1252 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:42:17.0380 1252 adpu320 - ok
10:42:17.0411 1252 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:42:17.0489 1252 AeLookupSvc - ok
10:42:17.0536 1252 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:42:17.0567 1252 AFD - ok
10:42:17.0598 1252 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:42:17.0629 1252 agp440 - ok
10:42:17.0645 1252 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:42:17.0676 1252 ALG - ok
10:42:17.0707 1252 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:42:17.0723 1252 aliide - ok
10:42:17.0770 1252 [ 2AED9A422EA1574C7D7EF9359A417718 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:42:17.0817 1252 AMD External Events Utility - ok
10:42:17.0863 1252 AMD FUEL Service - ok
10:42:17.0879 1252 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:42:17.0910 1252 amdide - ok
10:42:17.0926 1252 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
10:42:17.0957 1252 amdiox64 - ok
10:42:18.0004 1252 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:42:18.0035 1252 AmdK8 - ok
10:42:18.0222 1252 [ BFA5E854959D5546D8834CA61F4AD075 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:42:18.0519 1252 amdkmdag - ok
10:42:18.0581 1252 [ 92D664FFFCD9E742FB25254F7F458D88 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:42:18.0628 1252 amdkmdap - ok
10:42:18.0659 1252 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:42:18.0690 1252 AmdPPM - ok
10:42:18.0721 1252 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:42:18.0753 1252 amdsata - ok
10:42:18.0784 1252 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
10:42:18.0815 1252 amdsbs - ok
10:42:18.0831 1252 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:42:18.0846 1252 amdxata - ok
10:42:18.0877 1252 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.0 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
10:42:18.0893 1252 AODDriver4.0 - ok
10:42:18.0924 1252 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:42:19.0002 1252 AppID - ok
10:42:19.0018 1252 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:42:19.0096 1252 AppIDSvc - ok
10:42:19.0127 1252 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:42:19.0205 1252 Appinfo - ok
10:42:19.0283 1252 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:42:19.0314 1252 Apple Mobile Device - ok
10:42:19.0330 1252 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
10:42:19.0377 1252 AppMgmt - ok
10:42:19.0408 1252 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
10:42:19.0439 1252 arc - ok
10:42:19.0455 1252 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:42:19.0486 1252 arcsas - ok
10:42:19.0595 1252 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:42:19.0611 1252 aspnet_state - ok
10:42:19.0642 1252 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:42:19.0704 1252 AsyncMac - ok
10:42:19.0720 1252 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:42:19.0735 1252 atapi - ok
10:42:19.0767 1252 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
10:42:19.0798 1252 AtiHDAudioService - ok
10:42:20.0001 1252 [ BFA5E854959D5546D8834CA61F4AD075 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:42:20.0250 1252 atikmdag - ok
10:42:20.0281 1252 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:42:20.0375 1252 AudioEndpointBuilder - ok
10:42:20.0391 1252 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:42:20.0469 1252 AudioSrv - ok
10:42:20.0827 1252 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
10:42:21.0015 1252 AVGIDSAgent - ok
10:42:21.0030 1252 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
10:42:21.0061 1252 AVGIDSDriver - ok
10:42:21.0093 1252 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
10:42:21.0124 1252 AVGIDSFilter - ok
10:42:21.0202 1252 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
10:42:21.0217 1252 AVGIDSHA - ok
10:42:21.0249 1252 [ 59955B4C288DD2A8B9FD2CD5158355C5 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
10:42:21.0264 1252 Avgldx64 - ok
10:42:21.0295 1252 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
10:42:21.0327 1252 Avgmfx64 - ok
10:42:21.0358 1252 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
10:42:21.0373 1252 Avgrkx64 - ok
10:42:21.0405 1252 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
10:42:21.0436 1252 avgwd - ok
10:42:21.0467 1252 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:42:21.0514 1252 AxInstSV - ok
10:42:21.0545 1252 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
10:42:21.0607 1252 b06bdrv - ok
10:42:21.0654 1252 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:42:21.0701 1252 b57nd60a - ok
10:42:21.0826 1252 [ 2BC7C1697B633692A061A4A36ED9DFDD ] bcm44amd64 C:\Windows\system32\DRIVERS\b44amd64.sys
10:42:21.0919 1252 bcm44amd64 - ok
10:42:21.0935 1252 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:42:21.0966 1252 BDESVC - ok
10:42:21.0982 1252 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:42:22.0060 1252 Beep - ok
10:42:22.0091 1252 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:42:22.0185 1252 BFE - ok
10:42:22.0231 1252 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
10:42:22.0341 1252 BITS - ok
10:42:22.0356 1252 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:42:22.0387 1252 blbdrive - ok
10:42:22.0434 1252 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:42:22.0465 1252 Bonjour Service - ok
10:42:22.0497 1252 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:42:22.0528 1252 bowser - ok
10:42:22.0543 1252 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
10:42:22.0591 1252 BrFiltLo - ok
10:42:22.0607 1252 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
10:42:22.0638 1252 BrFiltUp - ok
10:42:22.0669 1252 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:42:22.0700 1252 Browser - ok
10:42:22.0732 1252 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:42:22.0763 1252 Brserid - ok
10:42:22.0794 1252 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:42:22.0825 1252 BrSerWdm - ok
10:42:22.0841 1252 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:42:22.0888 1252 BrUsbMdm - ok
10:42:22.0903 1252 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:42:22.0934 1252 BrUsbSer - ok
10:42:22.0966 1252 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
10:42:22.0997 1252 BthEnum - ok
10:42:23.0028 1252 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:42:23.0075 1252 BTHMODEM - ok
10:42:23.0106 1252 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:42:23.0137 1252 BthPan - ok
10:42:23.0168 1252 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
10:42:23.0200 1252 BTHPORT - ok
10:42:23.0231 1252 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:42:23.0324 1252 bthserv - ok
10:42:23.0340 1252 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
10:42:23.0387 1252 BTHUSB - ok
10:42:23.0418 1252 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:42:23.0496 1252 cdfs - ok
10:42:23.0543 1252 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:42:23.0575 1252 cdrom - ok
10:42:23.0622 1252 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:42:23.0700 1252 CertPropSvc - ok
10:42:23.0715 1252 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
10:42:23.0762 1252 circlass - ok
10:42:23.0793 1252 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:42:23.0825 1252 CLFS - ok
10:42:23.0871 1252 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:42:23.0903 1252 clr_optimization_v2.0.50727_32 - ok
10:42:23.0934 1252 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:42:23.0949 1252 clr_optimization_v2.0.50727_64 - ok
10:42:23.0996 1252 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:42:24.0027 1252 clr_optimization_v4.0.30319_32 - ok
10:42:24.0043 1252 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:42:24.0059 1252 clr_optimization_v4.0.30319_64 - ok
10:42:24.0090 1252 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
10:42:24.0121 1252 CmBatt - ok
10:42:24.0152 1252 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:42:24.0168 1252 cmdide - ok
10:42:24.0215 1252 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:42:24.0261 1252 CNG - ok
10:42:24.0293 1252 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
10:42:24.0308 1252 Compbatt - ok
10:42:24.0339 1252 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
10:42:24.0386 1252 CompositeBus - ok
10:42:24.0402 1252 COMSysApp - ok
10:42:24.0480 1252 [ DCA39DB96E3489B7229720E3F8F796FD ] cpextender C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
10:42:24.0511 1252 cpextender - ok
10:42:24.0542 1252 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:42:24.0573 1252 crcdisk - ok
10:42:24.0605 1252 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:42:24.0636 1252 CryptSvc - ok
10:42:24.0683 1252 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
10:42:24.0729 1252 CSC - ok
10:42:24.0761 1252 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
10:42:24.0807 1252 CscService - ok
10:42:24.0839 1252 [ F02D7FD231AF76C69A8F09C619DEE384 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
10:42:24.0870 1252 ctxusbm - ok
10:42:24.0901 1252 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
10:42:24.0932 1252 dc3d - ok
10:42:24.0963 1252 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:42:25.0057 1252 DcomLaunch - ok
10:42:25.0088 1252 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:42:25.0182 1252 defragsvc - ok
10:42:25.0197 1252 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:42:25.0291 1252 DfsC - ok
10:42:25.0307 1252 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:42:25.0400 1252 Dhcp - ok
10:42:25.0447 1252 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:42:25.0509 1252 discache - ok
10:42:25.0541 1252 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
10:42:25.0572 1252 Disk - ok
10:42:25.0619 1252 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
10:42:25.0650 1252 dmvsc - ok
10:42:25.0681 1252 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:42:25.0712 1252 Dnscache - ok
10:42:25.0759 1252 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:42:25.0853 1252 dot3svc - ok
10:42:25.0884 1252 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:42:25.0977 1252 DPS - ok
10:42:26.0009 1252 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:42:26.0040 1252 drmkaud - ok
10:42:26.0071 1252 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:42:26.0118 1252 DXGKrnl - ok
10:42:26.0149 1252 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:42:26.0243 1252 EapHost - ok
10:42:26.0321 1252 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
10:42:26.0445 1252 ebdrv - ok
10:42:26.0477 1252 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:42:26.0508 1252 EFS - ok
10:42:26.0555 1252 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:42:26.0601 1252 ehRecvr - ok
10:42:26.0633 1252 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:42:26.0679 1252 ehSched - ok
10:42:26.0711 1252 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:42:26.0742 1252 elxstor - ok
10:42:26.0789 1252 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:42:26.0835 1252 ErrDev - ok
10:42:26.0882 1252 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:42:26.0976 1252 EventSystem - ok
10:42:26.0991 1252 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:42:27.0085 1252 exfat - ok
10:42:27.0101 1252 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:42:27.0194 1252 fastfat - ok
10:42:27.0225 1252 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:42:27.0288 1252 Fax - ok
10:42:27.0303 1252 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
10:42:27.0335 1252 fdc - ok
10:42:27.0366 1252 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:42:27.0444 1252 fdPHost - ok
10:42:27.0459 1252 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:42:27.0553 1252 FDResPub - ok
10:42:27.0569 1252 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:42:27.0600 1252 FileInfo - ok
10:42:27.0615 1252 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:42:27.0693 1252 Filetrace - ok
10:42:27.0709 1252 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
10:42:27.0740 1252 flpydisk - ok
10:42:27.0771 1252 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:42:27.0803 1252 FltMgr - ok
10:42:27.0849 1252 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:42:27.0927 1252 FontCache - ok
10:42:27.0974 1252 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:42:27.0990 1252 FontCache3.0.0.0 - ok
10:42:28.0005 1252 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:42:28.0037 1252 FsDepends - ok
10:42:28.0068 1252 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:42:28.0083 1252 Fs_Rec - ok
10:42:28.0130 1252 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:42:28.0161 1252 fvevol - ok
10:42:28.0208 1252 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:42:28.0239 1252 gagp30kx - ok
10:42:28.0271 1252 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:42:28.0302 1252 GEARAspiWDM - ok
10:42:28.0333 1252 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:42:28.0427 1252 gpsvc - ok
10:42:28.0473 1252 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:42:28.0505 1252 gupdate - ok
10:42:28.0505 1252 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:42:28.0536 1252 gupdatem - ok
10:42:28.0567 1252 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:42:28.0598 1252 gusvc - ok
10:42:28.0614 1252 [ BA207B48AA3D9D73FD4856400F852458 ] hcmon C:\Windows\system32\drivers\hcmon.sys
10:42:28.0645 1252 hcmon - ok
10:42:28.0661 1252 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:42:28.0692 1252 hcw85cir - ok
10:42:28.0739 1252 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:42:28.0785 1252 HdAudAddService - ok
10:42:28.0817 1252 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:42:28.0848 1252 HDAudBus - ok
10:42:28.0879 1252 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
10:42:28.0926 1252 HidBatt - ok
10:42:28.0941 1252 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:42:28.0988 1252 HidBth - ok
10:42:29.0004 1252 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
10:42:29.0051 1252 HidIr - ok
10:42:29.0082 1252 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
10:42:29.0160 1252 hidserv - ok
10:42:29.0175 1252 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:42:29.0207 1252 HidUsb - ok
10:42:29.0238 1252 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:42:29.0316 1252 hkmsvc - ok
10:42:29.0347 1252 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:42:29.0394 1252 HomeGroupListener - ok
10:42:29.0425 1252 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:42:29.0472 1252 HomeGroupProvider - ok
10:42:29.0503 1252 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:42:29.0519 1252 HpSAMD - ok
10:42:29.0565 1252 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:42:29.0659 1252 HTTP - ok
10:42:29.0675 1252 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:42:29.0690 1252 hwpolicy - ok
10:42:29.0721 1252 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:42:29.0753 1252 i8042prt - ok
10:42:29.0768 1252 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:42:29.0815 1252 iaStorV - ok
10:42:29.0846 1252 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:42:29.0893 1252 idsvc - ok
10:42:29.0924 1252 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:42:29.0955 1252 iirsp - ok
10:42:29.0987 1252 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:42:30.0080 1252 IKEEXT - ok
10:42:30.0111 1252 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:42:30.0143 1252 intelide - ok
10:42:30.0158 1252 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
10:42:30.0205 1252 intelppm - ok
10:42:30.0221 1252 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:42:30.0299 1252 IPBusEnum - ok
10:42:30.0330 1252 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:42:30.0408 1252 IpFilterDriver - ok
10:42:30.0439 1252 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:42:30.0533 1252 iphlpsvc - ok
10:42:30.0579 1252 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:42:30.0642 1252 IPMIDRV - ok
10:42:30.0673 1252 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:42:30.0751 1252 IPNAT - ok
10:42:30.0813 1252 [ 4472C8825B5E41D8697D5962F47AB1C9 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:42:30.0860 1252 iPod Service - ok
10:42:30.0891 1252 [ 05360B1EA5A2ABF620D1D96EBD8BD8F1 ] irda C:\Windows\system32\DRIVERS\irda.sys
10:42:30.0923 1252 irda - ok
10:42:30.0938 1252 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:42:30.0985 1252 IRENUM - ok
10:42:31.0016 1252 [ 3848384AB383F0A8F506C4370635C1F9 ] Irmon C:\Windows\System32\irmon.dll
10:42:31.0047 1252 Irmon - ok
10:42:31.0079 1252 [ D2CA12736624BA636F8357DC3EF0757E ] irsir C:\Windows\system32\DRIVERS\irsir.sys
10:42:31.0110 1252 irsir - ok
10:42:31.0141 1252 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:42:31.0157 1252 isapnp - ok
10:42:31.0188 1252 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:42:31.0219 1252 iScsiPrt - ok
10:42:31.0250 1252 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:42:31.0281 1252 kbdclass - ok
10:42:31.0297 1252 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:42:31.0344 1252 kbdhid - ok
10:42:31.0359 1252 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:42:31.0391 1252 KeyIso - ok
10:42:31.0422 1252 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:42:31.0453 1252 KSecDD - ok
10:42:31.0469 1252 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:42:31.0500 1252 KSecPkg - ok
10:42:31.0515 1252 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:42:31.0593 1252 ksthunk - ok
10:42:31.0625 1252 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:42:31.0734 1252 KtmRm - ok
10:42:31.0765 1252 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:42:31.0859 1252 LanmanServer - ok
10:42:31.0874 1252 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:42:31.0968 1252 LanmanWorkstation - ok
10:42:31.0999 1252 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:42:32.0077 1252 lltdio - ok
10:42:32.0124 1252 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:42:32.0202 1252 lltdsvc - ok
10:42:32.0233 1252 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:42:32.0311 1252 lmhosts - ok
10:42:32.0405 1252 [ 98B0FCC176DFB711B67651BECB88C445 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
10:42:32.0436 1252 LMIGuardianSvc - ok
10:42:32.0483 1252 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
10:42:32.0498 1252 LMIInfo - ok
10:42:32.0514 1252 [ B712511029CBD68645A90A241FD6AE43 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
10:42:32.0545 1252 LMIMaint - ok
10:42:32.0576 1252 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
10:42:32.0592 1252 lmimirr - ok
10:42:32.0607 1252 LMIRfsClientNP - ok
10:42:32.0639 1252 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
10:42:32.0670 1252 LMIRfsDriver - ok
10:42:32.0685 1252 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
10:42:32.0717 1252 LogMeIn - ok
10:42:32.0748 1252 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:42:32.0779 1252 LSI_FC - ok
10:42:32.0810 1252 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:42:32.0841 1252 LSI_SAS - ok
10:42:32.0857 1252 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
10:42:32.0888 1252 LSI_SAS2 - ok
10:42:32.0904 1252 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:42:32.0935 1252 LSI_SCSI - ok
10:42:32.0951 1252 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:42:33.0029 1252 luafv - ok
10:42:33.0060 1252 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
10:42:33.0091 1252 mcdbus - ok
10:42:33.0122 1252 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:42:33.0169 1252 Mcx2Svc - ok
10:42:33.0200 1252 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
10:42:33.0216 1252 megasas - ok
10:42:33.0247 1252 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
10:42:33.0278 1252 MegaSR - ok
10:42:33.0309 1252 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:42:33.0403 1252 MMCSS - ok
10:42:33.0419 1252 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:42:33.0497 1252 Modem - ok
10:42:33.0512 1252 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:42:33.0559 1252 monitor - ok
10:42:33.0590 1252 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:42:33.0621 1252 mouclass - ok
10:42:33.0653 1252 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:42:33.0684 1252 mouhid - ok
10:42:33.0715 1252 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:42:33.0746 1252 mountmgr - ok
10:42:33.0777 1252 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:42:33.0809 1252 MozillaMaintenance - ok
10:42:33.0840 1252 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:42:33.0871 1252 mpio - ok
10:42:33.0887 1252 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:42:33.0949 1252 mpsdrv - ok
10:42:33.0996 1252 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:42:34.0089 1252 MpsSvc - ok
10:42:34.0121 1252 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:42:34.0183 1252 MRxDAV - ok
10:42:34.0199 1252 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:42:34.0245 1252 mrxsmb - ok
10:42:34.0277 1252 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:42:34.0308 1252 mrxsmb10 - ok
10:42:34.0323 1252 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:42:34.0355 1252 mrxsmb20 - ok
10:42:34.0386 1252 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:42:34.0417 1252 msahci - ok
10:42:34.0448 1252 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:42:34.0464 1252 msdsm - ok
10:42:34.0495 1252 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:42:34.0542 1252 MSDTC - ok
10:42:34.0589 1252 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:42:34.0651 1252 Msfs - ok
10:42:34.0667 1252 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:42:34.0745 1252 mshidkmdf - ok
10:42:34.0776 1252 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:42:34.0791 1252 msisadrv - ok
10:42:34.0823 1252 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:42:34.0901 1252 MSiSCSI - ok
10:42:34.0916 1252 msiserver - ok
10:42:34.0932 1252 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:42:35.0025 1252 MSKSSRV - ok
10:42:35.0041 1252 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:42:35.0119 1252 MSPCLOCK - ok
10:42:35.0135 1252 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:42:35.0228 1252 MSPQM - ok
10:42:35.0244 1252 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:42:35.0291 1252 MsRPC - ok
10:42:35.0322 1252 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:42:35.0337 1252 mssmbios - ok
10:42:35.0384 1252 MSSQL$SQLEXPRESS - ok
10:42:35.0447 1252 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
10:42:35.0478 1252 MSSQLServerADHelper100 - ok
10:42:35.0493 1252 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:42:35.0571 1252 MSTEE - ok
10:42:35.0587 1252 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
10:42:35.0618 1252 MTConfig - ok
10:42:35.0649 1252 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:42:35.0681 1252 Mup - ok
10:42:35.0712 1252 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:42:35.0821 1252 napagent - ok
10:42:35.0868 1252 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:42:35.0915 1252 NativeWifiP - ok
10:42:35.0946 1252 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
10:42:35.0993 1252 NDIS - ok
10:42:36.0024 1252 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:42:36.0086 1252 NdisCap - ok
10:42:36.0117 1252 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:42:36.0180 1252 NdisTapi - ok
10:42:36.0211 1252 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:42:36.0289 1252 Ndisuio - ok
10:42:36.0305 1252 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:42:36.0383 1252 NdisWan - ok
10:42:36.0414 1252 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:42:36.0476 1252 NDProxy - ok
10:42:36.0507 1252 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:42:36.0585 1252 NetBIOS - ok
10:42:36.0617 1252 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:42:36.0679 1252 NetBT - ok
10:42:36.0710 1252 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:42:36.0741 1252 Netlogon - ok
10:42:36.0773 1252 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:42:36.0866 1252 Netman - ok
10:42:36.0897 1252 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:42:36.0929 1252 NetMsmqActivator - ok
10:42:36.0929 1252 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:42:36.0960 1252 NetPipeActivator - ok
10:42:36.0975 1252 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:42:37.0069 1252 netprofm - ok
10:42:37.0085 1252 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:42:37.0116 1252 NetTcpActivator - ok
10:42:37.0116 1252 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:42:37.0147 1252 NetTcpPortSharing - ok
10:42:37.0163 1252 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:42:37.0194 1252 nfrd960 - ok
10:42:37.0225 1252 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:42:37.0319 1252 NlaSvc - ok
10:42:37.0334 1252 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:42:37.0412 1252 Npfs - ok
10:42:37.0428 1252 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:42:37.0506 1252 nsi - ok
10:42:37.0537 1252 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:42:37.0599 1252 nsiproxy - ok
10:42:37.0662 1252 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:42:37.0724 1252 Ntfs - ok
10:42:37.0755 1252 [ 9924BDC1882F8C92335E26483BD1FB24 ] NuidFltr C:\Windows\system32\drivers\NuidFltr.sys
10:42:37.0771 1252 NuidFltr - ok
10:42:37.0787 1252 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:42:37.0880 1252 Null - ok
10:42:37.0896 1252 nvlddmkm - ok
10:42:37.0911 1252 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:42:37.0943 1252 nvraid - ok
10:42:37.0974 1252 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:42:38.0005 1252 nvstor - ok
10:42:38.0005 1252 nvsvc - ok
10:42:38.0052 1252 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:42:38.0067 1252 nv_agp - ok
10:42:38.0145 1252 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:42:38.0192 1252 odserv - ok
10:42:38.0208 1252 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:42:38.0239 1252 ohci1394 - ok
10:42:38.0301 1252 [ 3C08F1AED2204BEB68F78314F63F6784 ] OneTouch 4.0 Monitor C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
10:42:38.0333 1252 OneTouch 4.0 Monitor ( UnsignedFile.Multi.Generic ) - warning
10:42:38.0333 1252 OneTouch 4.0 Monitor - detected UnsignedFile.Multi.Generic (1)
10:42:38.0364 1252 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:42:38.0379 1252 ose - ok
10:42:38.0411 1252 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:42:38.0473 1252 p2pimsvc - ok
10:42:38.0489 1252 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:42:38.0535 1252 p2psvc - ok
10:42:38.0567 1252 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
10:42:38.0598 1252 Parport - ok
10:42:38.0629 1252 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:42:38.0660 1252 partmgr - ok
10:42:38.0676 1252 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:42:38.0738 1252 PcaSvc - ok
10:42:38.0770 1252 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:42:38.0802 1252 pci - ok
10:42:38.0833 1252 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:42:38.0864 1252 pciide - ok
10:42:38.0880 1252 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:42:38.0911 1252 pcmcia - ok
10:42:38.0942 1252 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:42:38.0958 1252 pcw - ok
10:42:38.0989 1252 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:42:39.0082 1252 PEAUTH - ok
10:42:39.0129 1252 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:42:39.0207 1252 PeerDistSvc - ok
10:42:39.0270 1252 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:42:39.0316 1252 PerfHost - ok
10:42:39.0379 1252 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:42:39.0504 1252 pla - ok
10:42:39.0550 1252 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:42:39.0613 1252 PlugPlay - ok
10:42:39.0628 1252 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:42:39.0675 1252 PNRPAutoReg - ok
10:42:39.0691 1252 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:42:39.0738 1252 PNRPsvc - ok
10:42:39.0769 1252 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:42:39.0863 1252 PolicyAgent - ok
10:42:39.0910 1252 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:42:40.0004 1252 Power - ok
10:42:40.0035 1252 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:42:40.0113 1252 PptpMiniport - ok
10:42:40.0144 1252 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
10:42:40.0175 1252 Processor - ok
10:42:40.0207 1252 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:42:40.0253 1252 ProfSvc - ok
10:42:40.0269 1252 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:42:40.0300 1252 ProtectedStorage - ok
10:42:40.0331 1252 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:42:40.0409 1252 Psched - ok
10:42:40.0472 1252 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:42:40.0534 1252 ql2300 - ok
10:42:40.0550 1252 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:42:40.0581 1252 ql40xx - ok
10:42:40.0612 1252 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:42:40.0675 1252 QWAVE - ok
10:42:40.0690 1252 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:42:40.0737 1252 QWAVEdrv - ok
10:42:40.0753 1252 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:42:40.0831 1252 RasAcd - ok
10:42:40.0862 1252 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:42:40.0924 1252 RasAgileVpn - ok
10:42:40.0955 1252 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:42:41.0049 1252 RasAuto - ok
10:42:41.0065 1252 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:42:41.0143 1252 Rasl2tp - ok
10:42:41.0189 1252 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:42:41.0267 1252 RasMan - ok
10:42:41.0299 1252 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:42:41.0361 1252 RasPppoe - ok
10:42:41.0377 1252 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:42:41.0455 1252 RasSstp - ok
10:42:41.0486 1252 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:42:41.0564 1252 rdbss - ok
10:42:41.0595 1252 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:42:41.0626 1252 rdpbus - ok
10:42:41.0657 1252 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:42:41.0720 1252 RDPCDD - ok
10:42:41.0751 1252 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:42:41.0782 1252 RDPDR - ok
10:42:41.0813 1252 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:42:41.0891 1252 RDPENCDD - ok
10:42:41.0907 1252 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:42:41.0985 1252 RDPREFMP - ok
10:42:42.0047 1252 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:42:42.0094 1252 RdpVideoMiniport - ok
10:42:42.0110 1252 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:42:42.0141 1252 RDPWD - ok
10:42:42.0188 1252 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:42:42.0219 1252 rdyboost - ok
10:42:42.0250 1252 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:42:42.0328 1252 RemoteAccess - ok
10:42:42.0359 1252 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:42:42.0453 1252 RemoteRegistry - ok
10:42:42.0484 1252 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:42:42.0531 1252 RFCOMM - ok
10:42:42.0562 1252 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:42:42.0640 1252 RpcEptMapper - ok
10:42:42.0671 1252 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:42:42.0718 1252 RpcLocator - ok
10:42:42.0749 1252 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:42:42.0844 1252 RpcSs - ok
10:42:42.0875 1252 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
10:42:42.0906 1252 RsFx0103 - ok
10:42:42.0953 1252 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:42:43.0016 1252 rspndr - ok
10:42:43.0047 1252 [ A73ED14670220307874AD6BC2F279349 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:42:43.0094 1252 RTL8167 - ok
10:42:43.0109 1252 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:42:43.0156 1252 s3cap - ok
10:42:43.0172 1252 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:42:43.0218 1252 SamSs - ok
10:42:43.0234 1252 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:42:43.0265 1252 sbp2port - ok
10:42:43.0296 1252 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:42:43.0390 1252 SCardSvr - ok
10:42:43.0421 1252 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:42:43.0499 1252 scfilter - ok
10:42:43.0546 1252 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:42:43.0640 1252 Schedule - ok
10:42:43.0671 1252 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:42:43.0749 1252 SCPolicySvc - ok
10:42:43.0764 1252 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:42:43.0827 1252 SDRSVC - ok
10:42:43.0858 1252 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:42:43.0920 1252 secdrv - ok
10:42:43.0936 1252 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:42:44.0030 1252 seclogon - ok
10:42:44.0045 1252 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:42:44.0123 1252 SENS - ok
10:42:44.0139 1252 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:42:44.0186 1252 SensrSvc - ok
10:42:44.0217 1252 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:42:44.0248 1252 Serenum - ok
10:42:44.0279 1252 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:42:44.0310 1252 Serial - ok
10:42:44.0342 1252 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:42:44.0373 1252 sermouse - ok
10:42:44.0420 1252 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:42:44.0513 1252 SessionEnv - ok
10:42:44.0529 1252 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:42:44.0576 1252 sffdisk - ok
10:42:44.0591 1252 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:42:44.0638 1252 sffp_mmc - ok
10:42:44.0669 1252 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:42:44.0716 1252 sffp_sd - ok
10:42:44.0747 1252 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:42:44.0778 1252 sfloppy - ok
10:42:44.0810 1252 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:42:44.0903 1252 SharedAccess - ok
10:42:44.0934 1252 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:42:45.0012 1252 ShellHWDetection - ok
10:42:45.0044 1252 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
10:42:45.0075 1252 SiSRaid2 - ok
10:42:45.0090 1252 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:42:45.0122 1252 SiSRaid4 - ok
10:42:45.0184 1252 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:42:45.0215 1252 SkypeUpdate - ok
10:42:45.0246 1252 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:42:45.0309 1252 Smb - ok
10:42:45.0356 1252 [ 32CDE417100C530964E79C53B4E994CA ] snapman C:\Windows\system32\DRIVERS\snapman.sys
10:42:45.0387 1252 snapman - ok
10:42:45.0418 1252 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:42:45.0465 1252 SNMPTRAP - ok
10:42:45.0496 1252 [ 3BB48F7E33C2B76184DDF233000C09CD ] Sony SCSI Helper Service C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
10:42:45.0496 1252 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - warning
10:42:45.0496 1252 Sony SCSI Helper Service - detected UnsignedFile.Multi.Generic (1)
10:42:45.0512 1252 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:42:45.0543 1252 spldr - ok
10:42:45.0590 1252 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:42:45.0636 1252 Spooler - ok
10:42:45.0714 1252 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:42:45.0886 1252 sppsvc - ok
10:42:45.0917 1252 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:42:46.0011 1252 sppuinotify - ok
10:42:46.0120 1252 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
10:42:46.0151 1252 SQLAgent$SQLEXPRESS - ok
10:42:46.0198 1252 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
10:42:46.0229 1252 SQLBrowser - ok
10:42:46.0260 1252 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
10:42:46.0292 1252 SQLWriter - ok
10:42:46.0323 1252 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:42:46.0370 1252 srv - ok
10:42:46.0385 1252 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:42:46.0432 1252 srv2 - ok
10:42:46.0448 1252 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:42:46.0494 1252 srvnet - ok
10:42:46.0526 1252 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:42:46.0619 1252 SSDPSRV - ok
10:42:46.0682 1252 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
10:42:46.0697 1252 SSPORT - ok
10:42:46.0713 1252 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:42:46.0806 1252 SstpSvc - ok
10:42:46.0822 1252 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
10:42:46.0853 1252 stexstor - ok
10:42:46.0900 1252 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:42:46.0962 1252 stisvc - ok
10:42:46.0978 1252 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:42:47.0009 1252 storflt - ok
10:42:47.0040 1252 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
10:42:47.0072 1252 StorSvc - ok
10:42:47.0103 1252 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:42:47.0134 1252 storvsc - ok
10:42:47.0150 1252 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:42:47.0181 1252 swenum - ok
10:42:47.0196 1252 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:42:47.0306 1252 swprv - ok
10:42:47.0337 1252 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\Synth3dVsc.sys
10:42:47.0368 1252 Synth3dVsc - ok
10:42:47.0415 1252 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:42:47.0508 1252 SysMain - ok
10:42:47.0524 1252 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:42:47.0586 1252 TabletInputService - ok
10:42:47.0618 1252 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:42:47.0711 1252 TapiSrv - ok
10:42:47.0742 1252 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:42:47.0820 1252 TBS - ok
10:42:47.0898 1252 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:42:47.0961 1252 Tcpip - ok
10:42:48.0008 1252 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:42:48.0086 1252 TCPIP6 - ok
10:42:48.0117 1252 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:42:48.0210 1252 tcpipreg - ok
10:42:48.0242 1252 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:42:48.0273 1252 TDPIPE - ok
10:42:48.0304 1252 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:42:48.0335 1252 TDTCP - ok
10:42:48.0382 1252 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:42:48.0444 1252 tdx - ok
10:42:48.0476 1252 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:42:48.0507 1252 TermDD - ok
10:42:48.0522 1252 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
10:42:48.0569 1252 terminpt - ok
10:42:48.0600 1252 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:42:48.0694 1252 TermService - ok
10:42:48.0725 1252 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:42:48.0772 1252 Themes - ok
10:42:48.0803 1252 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:42:48.0881 1252 THREADORDER - ok
10:42:48.0928 1252 [ 6ADC063FD51F03EF0CAB3E716A725BD2 ] timounter C:\Windows\system32\DRIVERS\timntr.sys
10:42:48.0975 1252 timounter - ok
10:42:48.0990 1252 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:42:49.0084 1252 TrkWks - ok
10:42:49.0115 1252 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:42:49.0193 1252 TrustedInstaller - ok
10:42:49.0224 1252 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:42:49.0302 1252 tssecsrv - ok
10:42:49.0318 1252 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:42:49.0349 1252 TsUsbFlt - ok
10:42:49.0380 1252 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
10:42:49.0412 1252 TsUsbGD - ok
10:42:49.0458 1252 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
10:42:49.0490 1252 tsusbhub - ok
10:42:49.0521 1252 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:42:49.0614 1252 tunnel - ok
10:42:49.0646 1252 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:42:49.0677 1252 uagp35 - ok
10:42:49.0708 1252 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:42:49.0786 1252 udfs - ok
10:42:49.0833 1252 [ 215462AE7E6A897D675E84DD1E3B3B56 ] ufad-ws60 C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
10:42:49.0864 1252 ufad-ws60 - ok
10:42:49.0895 1252 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:42:49.0942 1252 UI0Detect - ok
10:42:49.0973 1252 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:42:50.0004 1252 uliagpkx - ok
10:42:50.0036 1252 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:42:50.0098 1252 umbus - ok
10:42:50.0129 1252 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
10:42:50.0160 1252 UmPass - ok
10:42:50.0192 1252 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
10:42:50.0238 1252 UmRdpService - ok
10:42:50.0256 1252 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:42:50.0356 1252 upnphost - ok
10:42:50.0375 1252 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:42:50.0415 1252 USBAAPL64 - ok
10:42:50.0441 1252 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:42:50.0476 1252 usbccgp - ok
10:42:50.0506 1252 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:42:50.0542 1252 usbcir - ok
10:42:50.0572 1252 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:42:50.0600 1252 usbehci - ok
10:42:50.0628 1252 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:42:50.0674 1252 usbhub - ok
10:42:50.0696 1252 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
10:42:50.0734 1252 usbohci - ok
10:42:50.0771 1252 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
10:42:50.0817 1252 usbprint - ok
10:42:50.0846 1252 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:42:50.0880 1252 usbscan - ok
10:42:50.0903 1252 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:42:50.0938 1252 USBSTOR - ok
10:42:50.0968 1252 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:42:50.0997 1252 usbuhci - ok
10:42:51.0024 1252 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:42:51.0131 1252 UxSms - ok
10:42:51.0152 1252 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:42:51.0186 1252 VaultSvc - ok
10:42:51.0208 1252 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:42:51.0231 1252 vdrvroot - ok
10:42:51.0262 1252 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:42:51.0355 1252 vds - ok
10:42:51.0371 1252 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:42:51.0418 1252 vga - ok
10:42:51.0433 1252 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:42:51.0496 1252 VgaSave - ok
10:42:51.0511 1252 VGPU - ok
10:42:51.0527 1252 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:42:51.0558 1252 vhdmp - ok
10:42:51.0574 1252 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:42:51.0605 1252 viaide - ok
10:42:51.0621 1252 [ 96A4F56CBBA3DCF5D90CDA1BC218D040 ] vididr C:\Windows\system32\DRIVERS\vididr.sys
10:42:51.0652 1252 vididr - ok
10:42:51.0699 1252 [ C69A784BEC737CD7460EBF3C3834D65E ] vidsflt53 C:\Windows\system32\DRIVERS\vsflt53.sys
10:42:51.0730 1252 vidsflt53 - ok
10:42:51.0745 1252 [ 6FC9B272B838EE8F5FA0E4A7E971154A ] VMAuthdService C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
10:42:51.0777 1252 VMAuthdService - ok
10:42:51.0808 1252 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:42:51.0839 1252 vmbus - ok
10:42:51.0855 1252 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:42:51.0886 1252 VMBusHID - ok
10:42:51.0917 1252 [ B49CB94DB99519F9DC7F77D2D1F215B5 ] vmci C:\Windows\system32\drivers\vmci.sys
10:42:51.0948 1252 vmci - ok
10:42:51.0964 1252 [ 1AF6462718E5AB0ED55014A6EF3790EF ] vmkbd C:\Windows\system32\drivers\VMkbd.sys
10:42:51.0995 1252 vmkbd - ok
10:42:52.0011 1252 [ 9D54F1339E78C95BF3D9939EBCB66378 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
10:42:52.0026 1252 VMnetAdapter - ok
10:42:52.0057 1252 [ FB54EF3AA613D2832FD3812E7CB2FC75 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
10:42:52.0073 1252 VMnetBridge - ok
10:42:52.0089 1252 VMnetDHCP - ok
10:42:52.0104 1252 [ 163B05050FCD9635242EC5206C19A182 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
10:42:52.0135 1252 VMnetuserif - ok
10:42:52.0151 1252 [ 415B167695C4B5960A13098622EF3D80 ] vmusb C:\Windows\system32\Drivers\vmusb.sys
10:42:52.0182 1252 vmusb - ok
10:42:52.0213 1252 [ F22098DBDD13C1221C274496B3E18DA7 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
10:42:52.0245 1252 VMUSBArbService - ok
10:42:52.0260 1252 VMware NAT Service - ok
10:42:52.0276 1252 [ F2A8EE62D7161E1598CDD269BF22A03D ] vmx86 C:\Windows\system32\drivers\vmx86.sys
10:42:52.0307 1252 vmx86 - ok
10:42:52.0338 1252 [ A96AFA32F73C065B9AE9D1554CDD00FC ] VNA C:\Windows\system32\DRIVERS\vna.sys
10:42:52.0369 1252 VNA - ok
10:42:52.0385 1252 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:42:52.0416 1252 volmgr - ok
10:42:52.0447 1252 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:42:52.0479 1252 volmgrx - ok
10:42:52.0510 1252 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:42:52.0541 1252 volsnap - ok
10:42:52.0557 1252 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
10:42:52.0588 1252 vpcbus - ok
10:42:52.0619 1252 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
10:42:52.0650 1252 vpcnfltr - ok
10:42:52.0681 1252 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
10:42:52.0713 1252 vpcusb - ok
10:42:52.0744 1252 [ 63F4E10873BEB4124028C6D1A66B0968 ] vpcuxd C:\Windows\system32\DRIVERS\vpcuxd.sys
10:42:52.0791 1252 vpcuxd - ok
10:42:52.0822 1252 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
10:42:52.0853 1252 vpcvmm - ok
10:42:52.0869 1252 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:42:52.0900 1252 vsmraid - ok
10:42:52.0947 1252 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:42:53.0071 1252 VSS - ok
10:42:53.0087 1252 [ E61C910E2DDF4797C1B1F9239636E894 ] vstor2-ws60 C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
10:42:53.0103 1252 vstor2-ws60 - ok
10:42:53.0134 1252 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
10:42:53.0181 1252 vwifibus - ok
10:42:53.0212 1252 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:42:53.0305 1252 W32Time - ok
10:42:53.0337 1252 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:42:53.0368 1252 WacomPen - ok
10:42:53.0399 1252 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:42:53.0477 1252 WANARP - ok
10:42:53.0493 1252 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:42:53.0555 1252 Wanarpv6 - ok
10:42:53.0633 1252 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:42:53.0695 1252 WatAdminSvc - ok
10:42:53.0758 1252 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:42:53.0836 1252 wbengine - ok
10:42:53.0867 1252 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:42:53.0914 1252 WbioSrvc - ok
10:42:53.0945 1252 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:42:54.0023 1252 wcncsvc - ok
10:42:54.0039 1252 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:42:54.0070 1252 WcsPlugInService - ok
10:42:54.0101 1252 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
10:42:54.0132 1252 Wd - ok
10:42:54.0163 1252 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
10:42:54.0179 1252 WDC_SAM - ok
10:42:54.0210 1252 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:42:54.0257 1252 Wdf01000 - ok
10:42:54.0273 1252 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:42:54.0335 1252 WdiServiceHost - ok
10:42:54.0335 1252 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:42:54.0382 1252 WdiSystemHost - ok
10:42:54.0429 1252 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:42:54.0491 1252 WebClient - ok
10:42:54.0522 1252 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:42:54.0616 1252 Wecsvc - ok
10:42:54.0647 1252 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:42:54.0741 1252 wercplsupport - ok
10:42:54.0803 1252 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:42:54.0881 1252 WerSvc - ok
10:42:54.0912 1252 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:42:54.0990 1252 WfpLwf - ok
10:42:55.0037 1252 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:42:55.0099 1252 WIMMount - ok
10:42:55.0177 1252 WinDefend - ok
10:42:55.0302 1252 [ 84D7AF0A5B2E5AC36941E5A9F33C1850 ] WinFLdrv C:\Windows\syswow64\WinFLdrv.sys
10:42:55.0349 1252 WinFLdrv - ok
10:42:55.0349 1252 WinHttpAutoProxySvc - ok
10:42:55.0396 1252 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:42:55.0474 1252 Winmgmt - ok
10:42:55.0521 1252 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:42:55.0661 1252 WinRM - ok
10:42:55.0692 1252 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:42:55.0723 1252 WinUsb - ok
10:42:55.0739 1252 [ 8938DA7B728AD4987DF3E5C0FE22A24E ] WinVd32 C:\Windows\WinVd32.sys
10:42:55.0755 1252 WinVd32 - ok
10:42:55.0801 1252 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:42:55.0879 1252 Wlansvc - ok
10:42:55.0895 1252 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:42:55.0926 1252 WmiAcpi - ok
10:42:55.0942 1252 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:42:55.0989 1252 wmiApSrv - ok
10:42:56.0004 1252 WMPNetworkSvc - ok
10:42:56.0020 1252 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:42:56.0051 1252 WPCSvc - ok
10:42:56.0082 1252 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:42:56.0129 1252 WPDBusEnum - ok
10:42:56.0145 1252 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:42:56.0238 1252 ws2ifsl - ok
10:42:56.0316 1252 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
10:42:56.0410 1252 wscsvc - ok
10:42:56.0410 1252 WSearch - ok
10:42:56.0488 1252 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:42:56.0597 1252 wuauserv - ok
10:42:56.0628 1252 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:42:56.0722 1252 WudfPf - ok
10:42:56.0753 1252 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:42:56.0847 1252 WUDFRd - ok
10:42:56.0878 1252 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:42:56.0956 1252 wudfsvc - ok
10:42:56.0992 1252 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:42:57.0070 1252 WwanSvc - ok
10:42:57.0117 1252 ================ Scan global ===============================
10:42:57.0132 1252 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:42:57.0164 1252 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:42:57.0210 1252 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:42:57.0242 1252 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:42:57.0288 1252 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:42:57.0304 1252 [Global] - ok
10:42:57.0304 1252 ================ Scan MBR ==================================
10:42:57.0320 1252 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:42:57.0491 1252 \Device\Harddisk0\DR0 - ok
10:42:57.0507 1252 ================ Scan VBR ==================================
10:42:57.0507 1252 [ 372CD0F44540B804256F641D18F8FDB9 ] \Device\Harddisk0\DR0\Partition1
10:42:57.0507 1252 \Device\Harddisk0\DR0\Partition1 - ok
10:42:57.0538 1252 [ F33AD3A117FF7D4DF1E231F659527D3F ] \Device\Harddisk0\DR0\Partition2
10:42:57.0538 1252 \Device\Harddisk0\DR0\Partition2 - ok
10:42:57.0554 1252 [ AEE717D5733865B6D052AFB7CCA103B6 ] \Device\Harddisk0\DR0\Partition3
10:42:57.0554 1252 \Device\Harddisk0\DR0\Partition3 - ok
10:42:57.0569 1252 ============================================================
10:42:57.0569 1252 Scan finished
10:42:57.0569 1252 ============================================================
10:42:57.0585 4236 Detected object count: 2
10:42:57.0585 4236 Actual detected object count: 2
10:43:26.0147 4236 OneTouch 4.0 Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
10:43:26.0147 4236 OneTouch 4.0 Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:43:26.0163 4236 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:43:26.0163 4236 Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#7
ali.B
Posted 22 August 2012 - 10:54 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces

Step 2

ESET Online Scanner


  • Click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Things i would like to see in your reply:
  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

  • 0

#8
suneelgv
Posted 22 August 2012 - 11:16 AM

suneelgv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Malwarebytes log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.22.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
honey :: MINIFCN-PC [administrator]

8/22/2012 12:11:33 PM
mbam-log-2012-08-22 (12-11-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196630
Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#9
ali.B
Posted 22 August 2012 - 11:18 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
That looks good lets wait for the Eset scan :happy:
  • 0

#10
suneelgv
Posted 22 August 2012 - 05:40 PM

suneelgv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
The scan took 6 hours to run. The ESET export:

C:\Users\honey\AppData\Local\Acro Software Inc\trwlwqwc.dll Win32/Boaxxe.G trojan cleaned by deleting - quarantined
C:\Users\honey\Desktop\RK_Quarantine\trwlwqwc.dll.vir Win32/Boaxxe.G trojan cleaned by deleting - quarantined

I don't see the Malware behaviour now. I'll keep checking for it the next two days as it doesn't come up often. Thanks a lot for your help.
  • 0

#11
ali.B
Posted 22 August 2012 - 10:42 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
let me know if you encounter any problem :happy:
  • 0

#12
suneelgv
Posted 23 August 2012 - 10:02 PM

suneelgv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thanks a lot Ali. That malware has gone for good. You saved me from reinstalling the OS from image.
  • 0

#13
ali.B
Posted 23 August 2012 - 11:54 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Congratulations your logs appear clean :thumbsup:

Reset and Re-enable your System Restore

  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste the following:
    :Commands
[clearallrestorepoints]
[createrestorepoint]
  • Click the Run Fix button at the top
  • It might ask you to reboot, if so click YES

NEXT

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes


Recommendations

See Here for a list of recommendations for free Antivirus\AntiSpyware applications.


  • Keep Your windows up to date by regularly checking their website at:
    http://windowsupdate.microsoft.com/

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.


  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here

    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

  • Click Here to learn how to keep a backup of your important files

  • FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.


Stay safe :wave:
  • 0

#14
ali.B
Posted 26 August 2012 - 02:03 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP