Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Rootkit Removed Now Only Safe Mode Boot Vista [Solved]

Started by pleased123 , Oct 18 2012 03:50 PM

This topic is locked

#1
pleased123

Posted 18 October 2012 - 03:50 PM

Member

Member
21 posts

I had Bitdefender on my PC and I did a scan and it said I had a rootkit and needed to be restarted to remove so I restarted and now normal boot goes to blue screen every time stop 0x0000007E, and safe mode works. I tried scan with updated malwarebytes in safe mode, and it comes back clean. OTS log:

OTL logfile created on: 10/18/2012 5:46:58 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 79.06% Memory free
3.86 Gb Paging File | 3.22 Gb Available in Paging File | 83.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 104.15 Gb Total Space | 17.74 Gb Free Space | 17.04% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.24 Gb Free Space | 54.96% Space Free | Partition Type: NTFS
Drive E: | 260.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/18 17:43:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2012/10/13 01:24:53 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/13 01:24:52 | 002,294,240 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/21 13:59:47 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe /service -- (VSSERV)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe /service -- (UPDATESRV)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe -- (SafeBox)
SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/08/25 20:06:21 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/03/30 08:25:18 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/30 08:24:46 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/22 06:35:16 | 000,032,768 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/13 01:24:52 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/31 02:07:21 | 000,075,064 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/25 19:58:37 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/17 14:54:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/05/24 14:14:58 | 002,360,584 | ---- | M] (Sensible Vision ) [Auto | Stopped] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
DRV:64bit: - File not found [Kernel | System | Stopped] -- c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/23 17:07:34 | 000,082,384 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (BDSandBox)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/25 15:00:36 | 000,258,736 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avchv.sys -- (avchv)
DRV:64bit: - [2011/07/19 11:35:00 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pneteth.sys -- (pneteth)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/24 10:57:54 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/03/24 10:57:54 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2010/05/25 03:59:24 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010/05/25 03:59:24 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2010/05/25 03:59:24 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/05/25 03:59:24 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2010/03/08 10:03:36 | 000,067,104 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2009/12/14 02:36:30 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/12/10 11:15:58 | 001,003,520 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/06/26 16:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/30 08:25:34 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/03/08 17:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2009/03/06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008/12/22 06:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/12/17 04:56:52 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/11/12 08:05:30 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/11/12 08:05:28 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/11/12 08:05:26 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/11/12 02:33:46 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/09/24 21:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\facap.sys -- (FACAP)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/02/06 03:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/01/29 18:46:58 | 000,036,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/01/29 17:53:52 | 000,120,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/01/29 17:53:52 | 000,092,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/01/29 17:53:52 | 000,019,880 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/01/20 22:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr)
DRV - [2011/03/24 10:57:54 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/03/24 10:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/05/27 02:34:57 | 000,027,264 | --S- | M] (The Tor Project, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\tornpf.sys -- (TORNPF)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{EC95E777-E2EE-42DF-BFE8-E28BFF46F8AA}: "URL" = http://www.google.co...1I7ADFA_enUS460
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.socks_version: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/13 01:24:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/13 01:24:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext

[2009/10/03 17:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2012/05/07 19:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cudcqmb1.default\extensions
[2010/05/13 02:14:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cudcqmb1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/27 01:30:36 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cudcqmb1.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2012/10/13 01:24:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/13 01:24:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/13 01:24:53 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/11 22:18:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/13 01:24:45 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe File not found
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://aic.lgservice...ntrol-6.1.4.cab (DjVuCtl Class)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://128.61.156.78/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.255.216.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DE8A359-2917-47B6-B3DC-84D428E6DD7B}: DhcpNameServer = 10.255.216.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {201CE528-154B-4FF3-9C6F-012E28454F0A} - MtgraphiMsf - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/01 12:48:33 | 000,014,242 | ---- | M] () - C:\AutoEnginuity.log -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 18:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{84b746c5-e469-11de-bf0b-002219df8d77}\Shell - "" = AutoRun
O33 - MountPoints2\{84b746c5-e469-11de-bf0b-002219df8d77}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/18 17:43:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2012/10/18 17:42:16 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Bitdefender
[2012/10/18 17:23:59 | 000,000,000 | ---D | C] -- C:\JRT
[2012/10/17 22:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/17 22:08:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/17 12:43:58 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Matt\tdss.exe
[2012/10/13 01:24:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/18 17:43:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2012/10/18 17:41:56 | 000,603,738 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/18 17:41:55 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/18 17:41:55 | 000,103,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/18 17:37:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/18 17:37:25 | 268,435,456 | -HS- | M] () -- C:\Windows\SysNative\temppf.sys
[2012/10/18 17:34:54 | 000,206,146 | ---- | M] () -- C:\ProgramData\1350596044.bdinstall.bin
[2012/10/18 17:34:39 | 000,008,268 | ---- | M] () -- C:\Users\Matt\AppData\Local\d3d9caps.dat
[2012/10/17 22:22:43 | 000,000,020 | ---- | M] () -- C:\Users\Matt\defogger_reenable
[2012/10/17 01:40:59 | 000,003,616 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/17 01:40:59 | 000,003,616 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/17 01:40:54 | 000,005,332 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/10/17 00:39:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/17 00:39:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/17 00:35:06 | 000,092,136 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/10/16 18:14:13 | 000,092,136 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/10/14 23:48:31 | 000,000,473 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml
[2012/10/12 17:27:22 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matt\tdss.exe
[2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/18 17:34:54 | 000,206,146 | ---- | C] () -- C:\ProgramData\1350596044.bdinstall.bin
[2012/10/17 22:22:43 | 000,000,020 | ---- | C] () -- C:\Users\Matt\defogger_reenable
[2012/10/17 01:41:48 | 268,435,456 | -HS- | C] () -- C:\Windows\SysNative\temppf.sys
[2012/10/14 23:47:39 | 000,000,473 | ---- | C] () -- C:\Windows\SysNative\checkdnsid.xml
[2012/09/17 15:17:24 | 000,512,448 | ---- | C] () -- C:\ProgramData\1347908927.bdinstall.bin
[2012/08/13 14:08:19 | 000,173,295 | ---- | C] () -- C:\Windows\hpoins46.dat
[2012/08/13 14:08:18 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2012/07/29 20:18:35 | 000,000,064 | ---- | C] () -- C:\ProgramData\-7mSoL6lNbSg5Tbr
[2012/07/29 20:18:35 | 000,000,064 | ---- | C] () -- C:\ProgramData\-7mSoL6lNbSg5Tb
[2012/07/29 20:18:31 | 000,000,368 | ---- | C] () -- C:\ProgramData\7mSoL6lNbSg5Tb
[2012/01/28 13:52:22 | 000,404,065 | ---- | C] () -- C:\Users\Matt\moms flowers
[2011/12/30 18:26:14 | 000,000,281 | ---- | C] () -- C:\Windows\EReg072.dat
[2011/10/07 19:49:13 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/08/31 02:07:29 | 000,234,536 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/08/31 02:07:21 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/08/05 09:18:56 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dvdtest10024.dat
[2011/05/09 22:08:50 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/05/09 22:08:49 | 002,340,992 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/05/09 22:08:49 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/05/09 22:08:49 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/05/09 22:08:49 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/04/14 01:45:37 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/04/14 01:45:37 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/04/14 01:45:37 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/04/14 01:40:15 | 000,039,365 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/01/27 00:16:10 | 000,722,292 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/20 07:59:36 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/27 01:14:09 | 000,092,136 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/27 01:14:02 | 000,092,136 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/24 23:56:15 | 000,050,688 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/20 15:46:31 | 000,000,386 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\wklnhst.dat
[2009/08/19 17:23:24 | 000,008,268 | ---- | C] () -- C:\Users\Matt\AppData\Local\d3d9caps.dat
[2009/08/19 17:20:18 | 000,000,732 | ---- | C] () -- C:\Users\Matt\AppData\Local\d3d9caps64.dat

========== ZeroAccess Check ==========

[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 13:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 03:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/10/20 02:18:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AVG10
[2012/10/18 17:42:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Bitdefender
[2009/08/25 22:09:49 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\com.adobe.ExMan
[2012/05/10 11:15:46 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\DAEMON Tools Lite
[2010/06/15 17:50:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Datel
[2012/03/26 22:29:37 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Dropbox
[2011/08/05 09:36:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\DVD-Cloner
[2011/07/31 19:56:21 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ImgBurn
[2011/05/27 09:28:45 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PCDr
[2012/04/17 14:32:13 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PDF Software
[2012/09/17 15:09:13 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\QuickScan
[2009/08/20 13:07:38 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Red Alert 3 Demo
[2009/08/20 15:46:32 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Template
[2012/07/29 20:32:00 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TestApp
[2012/01/07 14:31:48 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\uTorrent
[2009/09/06 14:33:41 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

#2
emeraldnzl

Posted 18 October 2012 - 05:27 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello pleased123,

Welcome to Geekstogo.

Please download Windows Repair (all in one) from this site

Install the program then run

Posted Image

Go to step 3 and allow it to run SFC
Posted Image

On the start repairs tab click start
Posted Image

Select the following items and tick restart system when finished
Posted Image

After that

Download aswMBR.exe ( 4.5mb ) to your desktop.

Double click the aswMBR.exe to run it.

Posted Image

Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Next

Please download and run ListParts by Farbar (for 32-bit system)

Please download and run ListParts64 by Farbar (for 64-bit system)

Click on Scan button.

Scan result will open in Notepad.

Post post the log (Result.txt) in your next reply.

So when you return please post
tell me if there was any change after running Windows Repair
aswMBR log
Result.txt

#3
pleased123

Posted 18 October 2012 - 10:55 PM

Member

Topic Starter
Member
21 posts

The problem still occurs the same. system file check in windows repair reported that there were some corrupted files that could not be fixed. I have attached the two logs you asked for.

Attached Files

aswMBR.txt 2.05KB 131 downloads
Result.txt 2.69KB 142 downloads

Edited by pleased123, 18 October 2012 - 11:03 PM.

#4
emeraldnzl

Posted 18 October 2012 - 11:03 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello pleased123,

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal.
ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#5
pleased123

Posted 18 October 2012 - 11:24 PM

Member

Topic Starter
Member
21 posts

combofix log attached tried to run again same result.

Attached Files

ComboFix.txt 295bytes 136 downloads

#6
emeraldnzl

Posted 19 October 2012 - 01:05 AM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello pleased123,

Some thing blocking it.

Try running ComboFix in Safe Mode.

How to boot into Safe Mode:

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, tap F8 continually.
3) If you are asked what mode to bootup in press Esc to boot in the default settings
4) Instead of Windows loading as normal, a menu should appear
5) Select the option to run Windows in Safe Mode.

Note: Please paste your logs into the thread. Don't attach them.

#7
pleased123

Posted 19 October 2012 - 10:04 AM

Member

Topic Starter
Member
21 posts

I can only boot into safe mode when combofix restarts the computer it tries to boot into normal and it blue screens like in the original post I have also tried to go into safe mode when combofix restarts the pc. Here is log again:

ComboFix 12-10-18.03 - Matt 10/19/2012 11:55:15.1.2 - x64 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.3040 [GMT -4:00]
Running from: C:\Users\Matt\Desktop\ComboFix.exe
* Created a new restore point

Overlay aborted ... Please run ComboFix once more

#8
emeraldnzl

Posted 19 October 2012 - 12:26 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello pleased123,

Rather that try and continue to use Combofix I think we should try a different approach. Let's see if we can use System Restore to restore your machine to a time before you the rootkit was signalled.

Start up your computer normally.

Go to Control Panel > System Security and under Action Center click on Restore your computer to an earlier time

Click the Open System Restore button
and on the lower left check the box Show more restore points
choose a date and time before the rootkit and click on it
click the button Next
follow the prompts to restore your computer to the earlier date and time.

If you manage to reboot normally then before you do anything else do this:

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Tell me how you get on.

#9
pleased123

Posted 19 October 2012 - 09:01 PM

Member

Topic Starter
Member
21 posts

System restore said no system restore points were created. TDSSkiller would reboot to blue screen when loaded modules was checked. I ran TDSSkiller with everything but loaded modules checked. Here is that log:

22:59:17.0199 1588 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
22:59:17.0635 1588 ============================================================
22:59:17.0635 1588 Current date / time: 2012/10/19 22:59:17.0635
22:59:17.0635 1588 SystemInfo:
22:59:17.0635 1588
22:59:17.0635 1588 OS Version: 6.0.6002 ServicePack: 2.0
22:59:17.0635 1588 Product type: Workstation
22:59:17.0635 1588 ComputerName: MATT-PC
22:59:17.0635 1588 UserName: Matt
22:59:17.0635 1588 Windows directory: C:\Windows
22:59:17.0635 1588 System windows directory: C:\Windows
22:59:17.0635 1588 Running under WOW64
22:59:17.0635 1588 Processor architecture: Intel x64
22:59:17.0635 1588 Number of processors: 2
22:59:17.0635 1588 Page size: 0x1000
22:59:17.0635 1588 Boot type: Safe boot with network
22:59:17.0635 1588 ============================================================
22:59:18.0509 1588 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:59:18.0525 1588 ============================================================
22:59:18.0525 1588 \Device\Harddisk0\DR0:
22:59:18.0525 1588 MBR partitions:
22:59:18.0525 1588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2F800, BlocksNum 0x1E00000
22:59:18.0525 1588 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E2F800, BlocksNum 0xD04C000
22:59:18.0525 1588 ============================================================
22:59:18.0525 1588 C: <-> \Device\Harddisk0\DR0\Partition2
22:59:18.0525 1588 D: <-> \Device\Harddisk0\DR0\Partition1
22:59:18.0525 1588 ============================================================
22:59:18.0525 1588 Initialize success
22:59:18.0525 1588 ============================================================
22:59:25.0357 1540 ============================================================
22:59:25.0357 1540 Scan started
22:59:25.0357 1540 Mode: Manual; SigCheck; TDLFS;
22:59:25.0357 1540 ============================================================
22:59:25.0685 1540 ================ Scan system memory ========================
22:59:25.0685 1540 System memory - ok
22:59:25.0685 1540 ================ Scan services =============================
22:59:25.0732 1540 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
22:59:25.0810 1540 ACPI - ok
22:59:25.0825 1540 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
22:59:25.0825 1540 adfs - ok
22:59:25.0841 1540 [ 57A3B9A69F14414ACE12AFD6BA701773 ] Adobe Version Cue CS4 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
22:59:25.0857 1540 Adobe Version Cue CS4 - ok
22:59:25.0857 1540 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:59:25.0872 1540 AdobeARMservice - ok
22:59:25.0888 1540 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:59:26.0137 1540 adp94xx - ok
22:59:26.0137 1540 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:59:26.0153 1540 adpahci - ok
22:59:26.0169 1540 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
22:59:26.0169 1540 adpu160m - ok
22:59:26.0184 1540 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:59:26.0200 1540 adpu320 - ok
22:59:26.0200 1540 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:59:26.0215 1540 AeLookupSvc - ok
22:59:26.0231 1540 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
22:59:26.0247 1540 AESTFilters - ok
22:59:26.0262 1540 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
22:59:26.0278 1540 AFD - ok
22:59:26.0278 1540 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:59:26.0293 1540 agp440 - ok
22:59:26.0293 1540 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
22:59:26.0309 1540 aic78xx - ok
22:59:26.0309 1540 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
22:59:26.0340 1540 ALG - ok
22:59:26.0340 1540 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys
22:59:26.0356 1540 aliide - ok
22:59:26.0356 1540 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
22:59:26.0356 1540 amdide - ok
22:59:26.0371 1540 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:59:26.0387 1540 AmdK8 - ok
22:59:26.0403 1540 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
22:59:26.0418 1540 androidusb - ok
22:59:26.0418 1540 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
22:59:26.0434 1540 Appinfo - ok
22:59:26.0434 1540 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:59:26.0449 1540 Apple Mobile Device - ok
22:59:26.0449 1540 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
22:59:26.0465 1540 arc - ok
22:59:26.0465 1540 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:59:26.0481 1540 arcsas - ok
22:59:26.0481 1540 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:59:26.0512 1540 AsyncMac - ok
22:59:26.0512 1540 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
22:59:26.0512 1540 atapi - ok
22:59:26.0527 1540 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:59:26.0559 1540 AudioEndpointBuilder - ok
22:59:26.0574 1540 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:59:26.0605 1540 AudioSrv - ok
22:59:26.0605 1540 avc3 - ok
22:59:26.0621 1540 [ 4C6BCC638798ABE1F70AFCA70D889C3F ] avchv C:\Windows\system32\DRIVERS\avchv.sys
22:59:26.0637 1540 avchv - ok
22:59:26.0637 1540 avckf - ok
22:59:26.0637 1540 [ A7C9995BA861FCE78B2CEAAE61D39FD7 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
22:59:26.0652 1540 BCM42RLY - ok
22:59:26.0668 1540 [ 912012B708A7D8E8CE2EE55AFB663DFF ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
22:59:26.0730 1540 BCM43XX - ok
22:59:26.0730 1540 BdDesktopParental - ok
22:59:26.0746 1540 BdfNdisf - ok
22:59:26.0746 1540 bdftdif - ok
22:59:26.0746 1540 [ CCAA465F33FF3CD0836AA7F4520D5025 ] BDSandBox C:\Windows\system32\drivers\bdsandbox.sys
22:59:26.0761 1540 BDSandBox - ok
22:59:26.0761 1540 BDVEDISK - ok
22:59:26.0777 1540 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
22:59:26.0808 1540 BFE - ok
22:59:26.0824 1540 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
22:59:27.0120 1540 BITS - ok
22:59:27.0120 1540 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
22:59:27.0151 1540 blbdrive - ok
22:59:27.0167 1540 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
22:59:27.0183 1540 Bonjour Service - ok
22:59:27.0198 1540 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:59:27.0198 1540 bowser - ok
22:59:27.0214 1540 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
22:59:27.0229 1540 BrFiltLo - ok
22:59:27.0229 1540 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
22:59:27.0245 1540 BrFiltUp - ok
22:59:27.0261 1540 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
22:59:27.0276 1540 Browser - ok
22:59:27.0292 1540 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
22:59:27.0323 1540 Brserid - ok
22:59:27.0339 1540 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
22:59:27.0370 1540 BrSerWdm - ok
22:59:27.0385 1540 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
22:59:27.0417 1540 BrUsbMdm - ok
22:59:27.0432 1540 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
22:59:27.0463 1540 BrUsbSer - ok
22:59:27.0463 1540 [ 09F926A0D9C0BAFD8417A4307D2ED13C ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
22:59:27.0479 1540 BthEnum - ok
22:59:27.0479 1540 [ 72F70A38BB15252EB7C4DA7BA3BD4ED1 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:59:27.0510 1540 BTHMODEM - ok
22:59:27.0510 1540 [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:59:27.0541 1540 BthPan - ok
22:59:27.0557 1540 [ E1466882252FF51EDDE48C3F7EDA2591 ] BthPort C:\Windows\system32\Drivers\BTHport.sys
22:59:27.0573 1540 BthPort - ok
22:59:27.0573 1540 [ 22E65FFD640F16968F855F5B3528D366 ] BthServ C:\Windows\System32\bthserv.dll
22:59:27.0588 1540 BthServ - ok
22:59:27.0588 1540 [ 970192CDED77A128E7E30722E5EE6B9C ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
22:59:27.0604 1540 BTHUSB - ok
22:59:27.0604 1540 [ 319C67F7D157EAAC519DCC5F29E929D0 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
22:59:27.0619 1540 btwaudio - ok
22:59:27.0619 1540 [ 0B79273C8C2846D28AAB936E7A2DBAAD ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
22:59:27.0635 1540 btwavdt - ok
22:59:27.0651 1540 [ 6C32A638EE80FD832418CE78E516FFA1 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
22:59:27.0916 1540 btwdins - ok
22:59:27.0916 1540 [ FDA1B5124E07003C3D0D279E5050485E ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
22:59:27.0931 1540 btwl2cap - ok
22:59:27.0931 1540 [ 47216D8B5F4042E6D0736BFA2E57B5DF ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
22:59:27.0931 1540 btwrchid - ok
22:59:27.0947 1540 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:59:27.0963 1540 cdfs - ok
22:59:27.0978 1540 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:59:27.0994 1540 cdrom - ok
22:59:27.0994 1540 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
22:59:28.0009 1540 CertPropSvc - ok
22:59:28.0025 1540 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:59:28.0056 1540 circlass - ok
22:59:28.0056 1540 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
22:59:28.0087 1540 CLFS - ok
22:59:28.0087 1540 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:59:28.0103 1540 clr_optimization_v2.0.50727_32 - ok
22:59:28.0103 1540 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:59:28.0119 1540 clr_optimization_v2.0.50727_64 - ok
22:59:28.0119 1540 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:59:28.0134 1540 clr_optimization_v4.0.30319_32 - ok
22:59:28.0150 1540 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:59:28.0150 1540 clr_optimization_v4.0.30319_64 - ok
22:59:28.0150 1540 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:59:28.0181 1540 CmBatt - ok
22:59:28.0181 1540 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:59:28.0197 1540 cmdide - ok
22:59:28.0197 1540 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:59:28.0212 1540 Compbatt - ok
22:59:28.0212 1540 COMSysApp - ok
22:59:28.0228 1540 cpuz130 - ok
22:59:28.0228 1540 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:59:28.0228 1540 crcdisk - ok
22:59:28.0243 1540 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:59:28.0259 1540 CryptSvc - ok
22:59:28.0275 1540 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
22:59:28.0306 1540 DcomLaunch - ok
22:59:28.0306 1540 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:59:28.0321 1540 DfsC - ok
22:59:28.0384 1540 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
22:59:28.0462 1540 DFSR - ok
22:59:28.0477 1540 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
22:59:28.0493 1540 Dhcp - ok
22:59:28.0509 1540 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
22:59:28.0509 1540 disk - ok
22:59:28.0524 1540 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:59:28.0524 1540 Dnscache - ok
22:59:28.0540 1540 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
22:59:28.0540 1540 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
22:59:28.0540 1540 DockLoginService - detected UnsignedFile.Multi.Generic (1)
22:59:28.0540 1540 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
22:59:28.0571 1540 dot3svc - ok
22:59:28.0571 1540 [ 74C02B1717740C3B8039539E23E4B53F ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
22:59:28.0602 1540 Dot4 - ok
22:59:28.0602 1540 [ 08321D1860235BF42CF2854234337AEA ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:59:28.0633 1540 Dot4Print - ok
22:59:28.0633 1540 [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
22:59:28.0665 1540 dot4usb - ok
22:59:28.0665 1540 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
22:59:28.0696 1540 DPS - ok
22:59:28.0696 1540 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:59:28.0711 1540 drmkaud - ok
22:59:28.0727 1540 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:59:28.0774 1540 DXGKrnl - ok
22:59:28.0774 1540 [ 17D40652EF3E55EEAE187A89DF40965A ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
22:59:28.0805 1540 e1express - ok
22:59:28.0821 1540 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
22:59:28.0836 1540 E1G60 - ok
22:59:28.0852 1540 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
22:59:28.0867 1540 EapHost - ok
22:59:28.0867 1540 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
22:59:28.0883 1540 Ecache - ok
22:59:28.0899 1540 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:59:28.0930 1540 ehRecvr - ok
22:59:28.0930 1540 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
22:59:28.0945 1540 ehSched - ok
22:59:28.0945 1540 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
22:59:28.0961 1540 ehstart - ok
22:59:28.0961 1540 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:59:28.0992 1540 elxstor - ok
22:59:29.0008 1540 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
22:59:29.0023 1540 EMDMgmt - ok
22:59:29.0039 1540 [ 9EAFB3B3B60B8AD958985152A9309ACA ] epmntdrv C:\Windows\system32\epmntdrv.sys
22:59:29.0039 1540 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
22:59:29.0039 1540 epmntdrv - detected UnsignedFile.Multi.Generic (1)
22:59:29.0039 1540 [ 991FAB6AA066E1214EFB5B496FB7959A ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:59:29.0055 1540 ErrDev - ok
22:59:29.0055 1540 [ FB949ED2C93C878A189039F3D7730942 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys
22:59:29.0070 1540 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
22:59:29.0070 1540 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
22:59:29.0070 1540 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
22:59:29.0117 1540 EventSystem - ok
22:59:29.0117 1540 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
22:59:29.0133 1540 exfat - ok
22:59:29.0133 1540 [ 2C1D443E14F376E8331F52F135DCA9EF ] FACAP C:\Windows\system32\DRIVERS\facap.sys
22:59:29.0148 1540 FACAP - ok
22:59:29.0179 1540 [ 4BF226EDC5E2575827E045932FF7DB8A ] FAService C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
22:59:29.0491 1540 FAService - ok
22:59:29.0491 1540 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:59:29.0523 1540 fastfat - ok
22:59:29.0523 1540 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:59:29.0554 1540 fdc - ok
22:59:29.0554 1540 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
22:59:29.0585 1540 fdPHost - ok
22:59:29.0585 1540 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
22:59:29.0632 1540 FDResPub - ok
22:59:29.0632 1540 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:59:29.0647 1540 FileInfo - ok
22:59:29.0647 1540 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:59:29.0679 1540 Filetrace - ok
22:59:29.0679 1540 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:59:29.0959 1540 FLEXnet Licensing Service - ok
22:59:29.0975 1540 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
22:59:30.0006 1540 FLEXnet Licensing Service 64 - ok
22:59:30.0022 1540 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:59:30.0053 1540 flpydisk - ok
22:59:30.0053 1540 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:59:30.0069 1540 FltMgr - ok
22:59:30.0084 1540 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
22:59:30.0365 1540 FontCache - ok
22:59:30.0381 1540 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:59:30.0381 1540 FontCache3.0.0.0 - ok
22:59:30.0396 1540 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
22:59:30.0396 1540 fssfltr - ok
22:59:30.0427 1540 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:59:30.0474 1540 fsssvc - ok
22:59:30.0474 1540 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:59:30.0490 1540 Fs_Rec - ok
22:59:30.0490 1540 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:59:30.0505 1540 gagp30kx - ok
22:59:30.0505 1540 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:59:30.0521 1540 GEARAspiWDM - ok
22:59:30.0521 1540 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
22:59:30.0521 1540 GoToAssist - ok
22:59:30.0537 1540 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
22:59:30.0583 1540 gpsvc - ok
22:59:30.0599 1540 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:59:30.0599 1540 gupdate - ok
22:59:30.0615 1540 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:59:30.0615 1540 gupdatem - ok
22:59:30.0615 1540 gzflt - ok
22:59:30.0646 1540 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:59:31.0067 1540 HDAudBus - ok
22:59:31.0067 1540 [ 39F7D79B3401BE029D8451F761D30331 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:59:31.0098 1540 HidBth - ok
22:59:31.0098 1540 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:59:31.0114 1540 HidIr - ok
22:59:31.0129 1540 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
22:59:31.0145 1540 hidserv - ok
22:59:31.0145 1540 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:59:31.0161 1540 HidUsb - ok
22:59:31.0176 1540 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
22:59:31.0192 1540 hkmsvc - ok
22:59:31.0207 1540 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
22:59:31.0207 1540 HpCISSs - ok
22:59:31.0239 1540 [ D4F91CF4DE215D6F14A06087D46725E4 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
22:59:31.0488 1540 HPSLPSVC - ok
22:59:31.0504 1540 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:59:31.0769 1540 HTTP - ok
22:59:32.0034 1540 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
22:59:32.0050 1540 i2omp - ok
22:59:32.0050 1540 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:59:32.0065 1540 i8042prt - ok
22:59:32.0081 1540 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
22:59:32.0097 1540 iaStorV - ok
22:59:32.0112 1540 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:59:32.0377 1540 idsvc - ok
22:59:32.0393 1540 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:59:32.0393 1540 iirsp - ok
22:59:32.0409 1540 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
22:59:32.0440 1540 IKEEXT - ok
22:59:32.0440 1540 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
22:59:32.0455 1540 intelide - ok
22:59:32.0455 1540 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:59:32.0487 1540 intelppm - ok
22:59:32.0487 1540 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:59:32.0518 1540 IPBusEnum - ok
22:59:32.0518 1540 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:59:32.0549 1540 IpFilterDriver - ok
22:59:32.0549 1540 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:59:32.0565 1540 iphlpsvc - ok
22:59:32.0565 1540 IpInIp - ok
22:59:32.0565 1540 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
22:59:32.0596 1540 IPMIDRV - ok
22:59:32.0596 1540 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
22:59:32.0627 1540 IPNAT - ok
22:59:32.0643 1540 [ D38469601B72D2DA4F847FC642174E21 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:59:32.0674 1540 iPod Service - ok
22:59:32.0674 1540 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:59:32.0705 1540 IRENUM - ok
22:59:32.0705 1540 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:59:32.0721 1540 isapnp - ok
22:59:32.0721 1540 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:59:32.0736 1540 iScsiPrt - ok
22:59:32.0736 1540 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
22:59:32.0752 1540 iteatapi - ok
22:59:32.0752 1540 [ E157D6B89D87A1B467ECDD66D280A1C2 ] itecir C:\Windows\system32\DRIVERS\itecir.sys
22:59:32.0767 1540 itecir - ok
22:59:32.0767 1540 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
22:59:32.0767 1540 iteraid - ok
22:59:32.0783 1540 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:59:32.0783 1540 kbdclass - ok
22:59:32.0799 1540 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:59:32.0814 1540 kbdhid - ok
22:59:32.0814 1540 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
22:59:32.0830 1540 KeyIso - ok
22:59:32.0830 1540 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:59:32.0861 1540 KSecDD - ok
22:59:32.0861 1540 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:59:32.0892 1540 ksthunk - ok
22:59:32.0908 1540 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
22:59:32.0939 1540 KtmRm - ok
22:59:32.0955 1540 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:59:32.0970 1540 LanmanServer - ok
22:59:32.0970 1540 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:59:32.0986 1540 LanmanWorkstation - ok
22:59:32.0986 1540 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:59:33.0017 1540 lltdio - ok
22:59:33.0017 1540 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:59:33.0048 1540 lltdsvc - ok
22:59:33.0064 1540 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:59:33.0079 1540 lmhosts - ok
22:59:33.0095 1540 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:59:33.0095 1540 LSI_FC - ok
22:59:33.0111 1540 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:59:33.0111 1540 LSI_SAS - ok
22:59:33.0126 1540 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:59:33.0126 1540 LSI_SCSI - ok
22:59:33.0142 1540 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
22:59:33.0157 1540 luafv - ok
22:59:33.0157 1540 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:59:33.0173 1540 MBAMProtector - ok
22:59:33.0189 1540 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:59:33.0454 1540 MBAMService - ok
22:59:33.0454 1540 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:59:33.0469 1540 Mcx2Svc - ok
22:59:33.0469 1540 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
22:59:33.0485 1540 megasas - ok
22:59:33.0485 1540 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
22:59:33.0750 1540 MegaSR - ok
22:59:33.0766 1540 Microsoft SharePoint Workspace Audit Service - ok
22:59:33.0766 1540 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
22:59:33.0797 1540 MMCSS - ok
22:59:33.0797 1540 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
22:59:33.0828 1540 Modem - ok
22:59:33.0828 1540 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:59:33.0859 1540 monitor - ok
22:59:33.0859 1540 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:59:33.0859 1540 mouclass - ok
22:59:33.0875 1540 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:59:33.0891 1540 mouhid - ok
22:59:33.0906 1540 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
22:59:33.0906 1540 MountMgr - ok
22:59:33.0922 1540 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:59:33.0922 1540 MozillaMaintenance - ok
22:59:33.0922 1540 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
22:59:33.0937 1540 mpio - ok
22:59:33.0937 1540 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:59:33.0969 1540 mpsdrv - ok
22:59:33.0969 1540 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
22:59:34.0249 1540 MpsSvc - ok
22:59:34.0249 1540 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
22:59:34.0265 1540 Mraid35x - ok
22:59:34.0265 1540 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:59:34.0281 1540 MRxDAV - ok
22:59:34.0281 1540 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:59:34.0296 1540 mrxsmb - ok
22:59:34.0296 1540 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:59:34.0312 1540 mrxsmb10 - ok
22:59:34.0312 1540 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:59:34.0327 1540 mrxsmb20 - ok
22:59:34.0327 1540 [ 730B784962D22D2C6481EAE2370E7C8C ] msahci C:\Windows\system32\drivers\msahci.sys
22:59:34.0343 1540 msahci - ok
22:59:34.0343 1540 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:59:34.0359 1540 msdsm - ok
22:59:34.0359 1540 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
22:59:34.0390 1540 MSDTC - ok
22:59:34.0390 1540 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:59:34.0421 1540 Msfs - ok
22:59:34.0421 1540 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:59:34.0437 1540 msisadrv - ok
22:59:34.0437 1540 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:59:34.0468 1540 MSiSCSI - ok
22:59:34.0468 1540 msiserver - ok
22:59:34.0468 1540 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:59:34.0499 1540 MSKSSRV - ok
22:59:34.0499 1540 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:59:34.0530 1540 MSPCLOCK - ok
22:59:34.0530 1540 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:59:34.0561 1540 MSPQM - ok
22:59:34.0561 1540 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:59:34.0577 1540 MsRPC - ok
22:59:34.0593 1540 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:59:34.0593 1540 mssmbios - ok
22:59:34.0593 1540 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:59:34.0624 1540 MSTEE - ok
22:59:34.0624 1540 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
22:59:34.0639 1540 Mup - ok
22:59:34.0655 1540 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
22:59:34.0702 1540 napagent - ok
22:59:34.0702 1540 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:59:34.0717 1540 NativeWifiP - ok
22:59:34.0733 1540 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:59:34.0998 1540 NDIS - ok
22:59:34.0998 1540 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:59:35.0029 1540 NdisTapi - ok
22:59:35.0029 1540 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:59:35.0061 1540 Ndisuio - ok
22:59:35.0061 1540 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:59:35.0076 1540 NdisWan - ok
22:59:35.0076 1540 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:59:35.0107 1540 NDProxy - ok
22:59:35.0107 1540 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:59:35.0107 1540 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:59:35.0107 1540 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:59:35.0107 1540 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:59:35.0139 1540 NetBIOS - ok
22:59:35.0154 1540 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
22:59:35.0170 1540 netbt - ok
22:59:35.0170 1540 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
22:59:35.0185 1540 Netlogon - ok
22:59:35.0185 1540 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
22:59:35.0232 1540 Netman - ok
22:59:35.0248 1540 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
22:59:35.0279 1540 netprofm - ok
22:59:35.0295 1540 [ 6491AAFC06B537AE9DD3EC9F4D16F821 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
22:59:35.0326 1540 netr28ux - ok
22:59:35.0326 1540 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:59:35.0341 1540 NetTcpPortSharing - ok
22:59:35.0341 1540 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:59:35.0357 1540 nfrd960 - ok
22:59:35.0357 1540 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
22:59:35.0388 1540 NlaSvc - ok
22:59:35.0388 1540 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:59:35.0404 1540 Npfs - ok
22:59:35.0419 1540 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
22:59:35.0435 1540 nsi - ok
22:59:35.0451 1540 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:59:35.0466 1540 nsiproxy - ok
22:59:35.0497 1540 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:59:35.0809 1540 Ntfs - ok
22:59:35.0809 1540 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
22:59:35.0841 1540 Null - ok
22:59:35.0856 1540 [ 1ABC4C478A48B3E294727CA515A94B69 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx64.sys
22:59:36.0153 1540 NVENETFD - ok
22:59:36.0168 1540 [ CB599955CE2CE9694721562F9481CD84 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
22:59:36.0168 1540 NVHDA - ok
22:59:36.0324 1540 [ E71676DA94F04B1D001AC9C5F5E72B32 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:59:36.0792 1540 nvlddmkm - ok
22:59:36.0808 1540 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:59:36.0808 1540 nvraid - ok
22:59:36.0808 1540 [ E58D81FB8616D0CB55C1E36AA0B213C9 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
22:59:36.0823 1540 nvsmu - ok
22:59:36.0823 1540 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:59:36.0839 1540 nvstor - ok
22:59:36.0839 1540 [ 662A129CEBB4C0B01F95612A7F6DCC9A ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
22:59:36.0855 1540 nvstor64 - ok
22:59:36.0855 1540 [ B33CA037C291D6F43AB7025727D1C385 ] nvsvc C:\Windows\system32\nvvsvc.exe
22:59:36.0870 1540 nvsvc - ok
22:59:36.0886 1540 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:59:36.0886 1540 nv_agp - ok
22:59:36.0901 1540 NwlnkFlt - ok
22:59:36.0901 1540 NwlnkFwd - ok
22:59:36.0901 1540 [ 404B0121AE1A75D9A63B6934EB07C258 ] OA001Ufd C:\Windows\system32\DRIVERS\OA001Ufd.sys
22:59:36.0917 1540 OA001Ufd - ok
22:59:36.0917 1540 [ 4B69D156DB42B26425AB3B172FA50D92 ] OA001Vid C:\Windows\system32\DRIVERS\OA001Vid.sys
22:59:36.0933 1540 OA001Vid - ok
22:59:36.0933 1540 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:59:36.0948 1540 ohci1394 - ok
22:59:36.0964 1540 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:59:36.0964 1540 ose - ok
22:59:37.0042 1540 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:59:37.0416 1540 osppsvc - ok
22:59:37.0447 1540 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
22:59:37.0713 1540 p2pimsvc - ok
22:59:37.0728 1540 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
22:59:38.0009 1540 p2psvc - ok
22:59:38.0009 1540 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
22:59:38.0056 1540 Parport - ok
22:59:38.0056 1540 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:59:38.0071 1540 partmgr - ok
22:59:38.0071 1540 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
22:59:38.0087 1540 PcaSvc - ok
22:59:38.0087 1540 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
22:59:38.0103 1540 pci - ok
22:59:38.0103 1540 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
22:59:38.0118 1540 pciide - ok
22:59:38.0118 1540 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:59:38.0134 1540 pcmcia - ok
22:59:38.0149 1540 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:59:38.0196 1540 PEAUTH - ok
22:59:38.0227 1540 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:59:38.0259 1540 PerfHost - ok
22:59:38.0274 1540 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
22:59:38.0571 1540 pla - ok
22:59:38.0571 1540 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:59:38.0602 1540 PlugPlay - ok
22:59:38.0602 1540 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:59:38.0602 1540 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:59:38.0602 1540 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:59:38.0617 1540 [ 8AC5649C9070674D4607301C180AB10B ] pneteth C:\Windows\system32\DRIVERS\pneteth.sys
22:59:38.0617 1540 pneteth - ok
22:59:38.0617 1540 PnkBstrA - ok
22:59:38.0633 1540 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
22:59:38.0664 1540 PNRPAutoReg - ok
22:59:38.0680 1540 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
22:59:38.0711 1540 PNRPsvc - ok
22:59:38.0727 1540 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:59:38.0758 1540 PolicyAgent - ok
22:59:38.0773 1540 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:59:38.0789 1540 PptpMiniport - ok
22:59:38.0789 1540 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
22:59:38.0820 1540 Processor - ok
22:59:38.0820 1540 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
22:59:38.0851 1540 ProfSvc - ok
22:59:38.0851 1540 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
22:59:38.0851 1540 ProtectedStorage - ok
22:59:38.0867 1540 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
22:59:38.0883 1540 PSched - ok
22:59:38.0883 1540 [ 901DBA98359966A62A6548596988E931 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
22:59:38.0898 1540 PxHlpa64 - ok
22:59:38.0914 1540 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:59:39.0210 1540 ql2300 - ok
22:59:39.0210 1540 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:59:39.0226 1540 ql40xx - ok
22:59:39.0226 1540 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
22:59:39.0241 1540 QWAVE - ok
22:59:39.0241 1540 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:59:39.0257 1540 QWAVEdrv - ok
22:59:39.0304 1540 [ 2A09A6B271D1F50ADF5E33B37D460DE6 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
22:59:39.0397 1540 R300 - ok
22:59:39.0397 1540 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:59:39.0429 1540 RasAcd - ok
22:59:39.0429 1540 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
22:59:39.0460 1540 RasAuto - ok
22:59:39.0460 1540 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:59:39.0475 1540 Rasl2tp - ok
22:59:39.0491 1540 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
22:59:39.0507 1540 RasMan - ok
22:59:39.0522 1540 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:59:39.0538 1540 RasPppoe - ok
22:59:39.0538 1540 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:59:39.0553 1540 RasSstp - ok
22:59:39.0553 1540 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:59:39.0585 1540 rdbss - ok
22:59:39.0585 1540 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:59:39.0616 1540 RDPCDD - ok
22:59:39.0616 1540 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
22:59:39.0647 1540 rdpdr - ok
22:59:39.0647 1540 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:59:39.0678 1540 RDPENCDD - ok
22:59:39.0678 1540 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:59:39.0694 1540 RDPWD - ok
22:59:39.0694 1540 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:59:39.0725 1540 RemoteAccess - ok
22:59:39.0741 1540 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:59:39.0756 1540 RemoteRegistry - ok
22:59:39.0756 1540 [ CD71E053D7260E4102D99A28F9196070 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:59:39.0787 1540 RFCOMM - ok
22:59:39.0787 1540 [ D13D70FAC45FC1DF69F88559B1F72F0A ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
22:59:39.0787 1540 rimmptsk - ok
22:59:39.0803 1540 [ BB9EDC55B0B8CB4FCD713428820E0776 ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
22:59:39.0803 1540 rimsptsk - ok
22:59:39.0803 1540 [ 481C3FDEACAAE04B74C58288DBC91DF9 ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
22:59:39.0819 1540 rismxdp - ok
22:59:39.0819 1540 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
22:59:39.0834 1540 RpcLocator - ok
22:59:39.0850 1540 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
22:59:39.0881 1540 RpcSs - ok
22:59:39.0881 1540 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:59:39.0912 1540 rspndr - ok
22:59:39.0912 1540 SafeBox - ok
22:59:39.0928 1540 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
22:59:39.0928 1540 SamSs - ok
22:59:39.0943 1540 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:59:39.0943 1540 sbp2port - ok
22:59:39.0959 1540 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:59:39.0975 1540 SCardSvr - ok
22:59:39.0990 1540 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
22:59:40.0271 1540 Schedule - ok
22:59:40.0271 1540 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:59:40.0302 1540 SCPolicySvc - ok
22:59:40.0302 1540 [ BE100BC2BE2513314C717BB2C4CFFF10 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
22:59:40.0318 1540 sdbus - ok
22:59:40.0333 1540 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:59:40.0333 1540 SDRSVC - ok
22:59:40.0349 1540 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
22:59:40.0349 1540 SeaPort - ok
22:59:40.0365 1540 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:59:40.0396 1540 secdrv - ok
22:59:40.0411 1540 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
22:59:40.0427 1540 seclogon - ok
22:59:40.0443 1540 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
22:59:40.0458 1540 SENS - ok
22:59:40.0458 1540 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
22:59:40.0505 1540 Serenum - ok
22:59:40.0505 1540 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
22:59:40.0552 1540 Serial - ok
22:59:40.0552 1540 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:59:40.0583 1540 sermouse - ok
22:59:40.0583 1540 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
22:59:40.0614 1540 SessionEnv - ok
22:59:40.0614 1540 [ 3A19C899BCF0EA24CFEC2038E6A489DB ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
22:59:40.0645 1540 sffdisk - ok
22:59:40.0645 1540 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:59:40.0677 1540 sffp_mmc - ok
22:59:40.0677 1540 [ FDCA63A2EEE528585EB66CEAC183EC22 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
22:59:40.0692 1540 sffp_sd - ok
22:59:40.0692 1540 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:59:40.0739 1540 sfloppy - ok
22:59:40.0770 1540 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
22:59:40.0833 1540 SftService - ok
22:59:40.0833 1540 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:59:40.0879 1540 SharedAccess - ok
22:59:40.0879 1540 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:59:40.0895 1540 ShellHWDetection - ok
22:59:40.0895 1540 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
22:59:40.0911 1540 SiSRaid2 - ok
22:59:40.0911 1540 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:59:40.0926 1540 SiSRaid4 - ok
22:59:40.0957 1540 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
22:59:41.0051 1540 slsvc - ok
22:59:41.0051 1540 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
22:59:41.0067 1540 SLUINotify - ok
22:59:41.0082 1540 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:59:41.0098 1540 Smb - ok
22:59:41.0098 1540 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:59:41.0113 1540 SNMPTRAP - ok
22:59:41.0113 1540 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
22:59:41.0129 1540 spldr - ok
22:59:41.0129 1540 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
22:59:41.0145 1540 Spooler - ok
22:59:41.0160 1540 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
22:59:41.0191 1540 sptd - ok
22:59:41.0191 1540 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
22:59:41.0223 1540 srv - ok
22:59:41.0223 1540 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:59:41.0238 1540 srv2 - ok
22:59:41.0238 1540 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:59:41.0254 1540 srvnet - ok
22:59:41.0254 1540 [ 866F8212EF7E75BAC8BCA03331E30CB4 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
22:59:41.0269 1540 ssadbus - ok
22:59:41.0269 1540 [ 73E2BA39E7EB024DC686412E2E924A74 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
22:59:41.0285 1540 ssadmdfl - ok
22:59:41.0285 1540 [ 74B032D6C1E36AE2F790752FDE8CE055 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
22:59:41.0301 1540 ssadmdm - ok
22:59:41.0301 1540 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:59:41.0332 1540 SSDPSRV - ok
22:59:41.0332 1540 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:59:41.0347 1540 SstpSvc - ok
22:59:41.0379 1540 [ C5DF63AE2693C9B6B01B4A2E6C1C64AC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
22:59:41.0379 1540 STacSV - ok
22:59:41.0394 1540 [ BA16447226ABFD342E130D2F24F73D32 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
22:59:41.0410 1540 STHDA - ok
22:59:41.0425 1540 [ 14B4DB4381E4A55F570D8BB699B791D6 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
22:59:41.0441 1540 StillCam - ok
22:59:41.0457 1540 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
22:59:41.0472 1540 stisvc - ok
22:59:41.0488 1540 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
22:59:41.0488 1540 stllssvr - ok
22:59:41.0488 1540 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:59:41.0503 1540 swenum - ok
22:59:41.0519 1540 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
22:59:41.0550 1540 swprv - ok
22:59:41.0550 1540 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
22:59:41.0566 1540 Symc8xx - ok
22:59:41.0566 1540 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
22:59:41.0581 1540 Sym_hi - ok
22:59:41.0581 1540 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
22:59:41.0581 1540 Sym_u3 - ok
22:59:41.0597 1540 [ 79A93EC9D224B1F43C0E2F023D61DCA3 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:59:41.0613 1540 SynTP - ok
22:59:41.0628 1540 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
22:59:41.0659 1540 SysMain - ok
22:59:41.0659 1540 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:59:41.0675 1540 TabletInputService - ok
22:59:41.0691 1540 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:59:41.0706 1540 TapiSrv - ok
22:59:41.0706 1540 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
22:59:41.0737 1540 TBS - ok
22:59:41.0769 1540 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:59:42.0065 1540 Tcpip - ok
22:59:42.0096 1540 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
22:59:42.0393 1540 Tcpip6 - ok
22:59:42.0393 1540 [ FD8FDE859E38E40A20085EBB0C22B416 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:59:42.0408 1540 tcpipreg - ok
22:59:42.0408 1540 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:59:42.0424 1540 TDPIPE - ok
22:59:42.0439 1540 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:59:42.0455 1540 TDTCP - ok
22:59:42.0471 1540 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:59:42.0486 1540 tdx - ok
22:59:42.0486 1540 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:59:42.0502 1540 TermDD - ok
22:59:42.0517 1540 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
22:59:42.0549 1540 TermService - ok
22:59:42.0564 1540 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
22:59:42.0580 1540 Themes - ok
22:59:42.0580 1540 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
22:59:42.0611 1540 THREADORDER - ok
22:59:42.0611 1540 TORNPF - ok
22:59:42.0611 1540 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
22:59:42.0642 1540 TrkWks - ok
22:59:42.0642 1540 trufos - ok
22:59:42.0642 1540 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:59:42.0673 1540 TrustedInstaller - ok
22:59:42.0689 1540 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:59:42.0705 1540 tssecsrv - ok
22:59:42.0720 1540 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
22:59:42.0720 1540 tunmp - ok
22:59:42.0720 1540 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:59:42.0736 1540 tunnel - ok
22:59:42.0736 1540 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:59:42.0751 1540 uagp35 - ok
22:59:42.0751 1540 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:59:42.0783 1540 udfs - ok
22:59:42.0783 1540 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:59:42.0814 1540 UI0Detect - ok
22:59:42.0814 1540 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:59:42.0829 1540 uliagpkx - ok
22:59:42.0829 1540 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
22:59:42.0845 1540 uliahci - ok
22:59:42.0861 1540 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
22:59:42.0861 1540 UlSata - ok
22:59:42.0876 1540 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
22:59:42.0876 1540 ulsata2 - ok
22:59:42.0876 1540 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:59:42.0907 1540 umbus - ok
22:59:42.0907 1540 [ 01ABE05C401E70795B43A8933B44831E ] UMPass C:\Windows\system32\DRIVERS\umpass.sys
22:59:42.0939 1540 UMPass - ok
22:59:42.0939 1540 UPDATESRV - ok
22:59:42.0954 1540 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
22:59:43.0219 1540 upnphost - ok
22:59:43.0219 1540 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:59:43.0235 1540 USBAAPL64 - ok
22:59:43.0235 1540 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:59:43.0251 1540 usbccgp - ok
22:59:43.0266 1540 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:59:43.0297 1540 usbcir - ok
22:59:43.0313 1540 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:59:43.0329 1540 usbehci - ok
22:59:43.0329 1540 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:59:43.0360 1540 usbhub - ok
22:59:43.0360 1540 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:59:43.0375 1540 usbohci - ok
22:59:43.0375 1540 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:59:43.0407 1540 usbprint - ok
22:59:43.0407 1540 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:59:43.0438 1540 usbscan - ok
22:59:43.0438 1540 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:59:43.0453 1540 USBSTOR - ok
22:59:43.0453 1540 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:59:43.0485 1540 usbuhci - ok
22:59:43.0485 1540 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
22:59:43.0500 1540 UxSms - ok
22:59:43.0516 1540 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
22:59:43.0547 1540 vds - ok
22:59:43.0547 1540 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:59:43.0578 1540 vga - ok
22:59:43.0578 1540 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:59:43.0609 1540 VgaSave - ok
22:59:43.0609 1540 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
22:59:43.0625 1540 viaide - ok
22:59:43.0625 1540 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:59:43.0641 1540 volmgr - ok
22:59:43.0656 1540 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:59:43.0672 1540 volmgrx - ok
22:59:43.0687 1540 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:59:43.0703 1540 volsnap - ok
22:59:43.0719 1540 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:59:43.0734 1540 vsmraid - ok
22:59:43.0750 1540 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
22:59:43.0812 1540 VSS - ok
22:59:43.0812 1540 VSSERV - ok
22:59:43.0828 1540 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
22:59:44.0093 1540 W32Time - ok
22:59:44.0093 1540 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:59:44.0140 1540 WacomPen - ok
22:59:44.0140 1540 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
22:59:44.0155 1540 Wanarp - ok
22:59:44.0155 1540 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:59:44.0187 1540 Wanarpv6 - ok
22:59:44.0202 1540 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:59:44.0218 1540 wcncsvc - ok
22:59:44.0218 1540 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:59:44.0249 1540 WcsPlugInService - ok
22:59:44.0249 1540 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
22:59:44.0265 1540 Wd - ok
22:59:44.0280 1540 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:59:44.0311 1540 Wdf01000 - ok
22:59:44.0311 1540 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:59:44.0343 1540 WdiServiceHost - ok
22:59:44.0343 1540 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:59:44.0374 1540 WdiSystemHost - ok
22:59:44.0374 1540 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
22:59:44.0389 1540 WebClient - ok
22:59:44.0405 1540 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:59:44.0421 1540 Wecsvc - ok
22:59:44.0421 1540 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:59:44.0436 1540 wercplsupport - ok
22:59:44.0436 1540 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
22:59:44.0467 1540 WerSvc - ok
22:59:44.0467 1540 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
22:59:44.0483 1540 WimFltr - ok
22:59:44.0483 1540 WinDefend - ok
22:59:44.0483 1540 WinHttpAutoProxySvc - ok
22:59:44.0499 1540 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:59:44.0514 1540 Winmgmt - ok
22:59:44.0561 1540 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
22:59:44.0608 1540 WinRM - ok
22:59:44.0623 1540 [ 7F2F9E48566B2087F2AAAD258CB2A8D4 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
22:59:44.0639 1540 WinUSB - ok
22:59:44.0655 1540 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:59:44.0686 1540 Wlansvc - ok
22:59:44.0686 1540 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:59:44.0701 1540 wlcrasvc - ok
22:59:44.0733 1540 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:59:44.0795 1540 wlidsvc - ok
22:59:44.0795 1540 wltrysvc - ok
22:59:44.0811 1540 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:59:44.0811 1540 WmiAcpi - ok
22:59:44.0826 1540 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:59:44.0842 1540 wmiApSrv - ok
22:59:44.0842 1540 WMPNetworkSvc - ok
22:59:44.0857 1540 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:59:44.0873 1540 WPCSvc - ok
22:59:44.0873 1540 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:59:44.0889 1540 WPDBusEnum - ok
22:59:44.0889 1540 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
22:59:44.0904 1540 WpdUsb - ok
22:59:44.0920 1540 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:59:44.0967 1540 WPFFontCache_v0400 - ok
22:59:44.0967 1540 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:59:44.0998 1540 ws2ifsl - ok
22:59:44.0998 1540 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
22:59:45.0013 1540 wscsvc - ok
22:59:45.0013 1540 WSearch - ok
22:59:45.0060 1540 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:59:45.0123 1540 wuauserv - ok
22:59:45.0138 1540 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:59:45.0169 1540 WUDFRd - ok
22:59:45.0169 1540 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:59:45.0201 1540 wudfsvc - ok
22:59:45.0201 1540 ================ Scan global ===============================
22:59:45.0216 1540 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
22:59:45.0216 1540 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
22:59:45.0232 1540 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
22:59:45.0247 1540 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
22:59:45.0247 1540 [Global] - ok
22:59:45.0247 1540 ================ Scan MBR ==================================
22:59:45.0247 1540 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:59:45.0497 1540 \Device\Harddisk0\DR0 - ok
22:59:45.0497 1540 ================ Scan VBR ==================================
22:59:45.0497 1540 [ 2F5C7CD0C88394ED0BABA75DC80B4831 ] \Device\Harddisk0\DR0\Partition1
22:59:45.0497 1540 \Device\Harddisk0\DR0\Partition1 - ok
22:59:45.0497 1540 [ 20634A22DE3D632E2ED0D6E608B82813 ] \Device\Harddisk0\DR0\Partition2
22:59:45.0497 1540 \Device\Harddisk0\DR0\Partition2 - ok
22:59:45.0497 1540 ============================================================
22:59:45.0497 1540 Scan finished
22:59:45.0497 1540 ============================================================
22:59:45.0513 1564 Detected object count: 5
22:59:45.0513 1564 Actual detected object count: 5
22:59:47.0525 1564 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
22:59:47.0525 1564 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:59:47.0525 1564 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:59:47.0525 1564 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:59:47.0525 1564 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:59:47.0525 1564 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:59:47.0525 1564 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:59:47.0525 1564 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:59:47.0525 1564 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:59:47.0525 1564 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:59:51.0316 2024 Deinitialize success

#10
emeraldnzl

Posted 19 October 2012 - 09:14 PM

GeekU Instructor

GeekU Moderator
20,051 posts

System restore said no system restore points were created.

Hmm... and ComboFix is being blocked. Maybe your anti-virus or maybe something else.

Try renaming ComboFix.

Firstly uninstall your existing version:

Start > run and type cmd > ok. Type cd Desktop at the command prompt > Enter. The prompt will show you are on at your Desktop folder.
Type combofix /Uninstall and then press Enter key. Remember the space between the x and the / is needed.

After that

Download Combofix from of the link below. You must rename it before saving it. Save it to your desktop.

Link

Posted Image

Rename ComboFix to Confuse.exe

--------------------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

Double click on Confuse.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for review.

#11
pleased123

Posted 20 October 2012 - 12:49 AM

Member

Topic Starter
Member
21 posts

combofix did same thing when renamed reboots to blue screen. Here is log:

ComboFix 12-10-19.01 - Matt 10/20/2012 2:39:46.1.2 - x64 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.3025 [GMT -4:00]
Running from: C:\Users\Matt\Desktop\Confuse.exe
* Created a new restore point

Overlay aborted ... Please run ComboFix once more

#12
emeraldnzl

Posted 20 October 2012 - 01:07 AM

GeekU Instructor

GeekU Moderator
20,051 posts

Download RogueKiller to your desktop

Note: This is a French tool so don't be surprised when you find the page displays with some French.

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
Wait until Prescan has finished...
Click on Scan
Wait for the scan to finish.
The report is created on your desktop.
Click on the Delete button
The report is created on your desktop.
Next click on the ShortcutsFix button.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of all the RKreport.txt files from your desktop in your next Reply.

#13
pleased123

Posted 20 October 2012 - 01:18 AM

Member

Topic Starter
Member
21 posts

I just want to say thank you for all your help and patience. I have three logs from roguekiller. Here they are:

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Safe mode with network support
User : Matt [Admin rights]
Mode : Scan -- Date : 10/20/2012 03:12:27

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SSD RBX Seri SCSI Disk Device +++++
--- User ---
[MBR] 858d479ca421b5c1769856f7bc89cb83
[BSP] 321b436c2ff5868188de9e46bdd47cb2 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 94 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 194560 | Size: 15360 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31651840 | Size: 106648 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Safe mode with network support
User : Matt [Admin rights]
Mode : Remove -- Date : 10/20/2012 03:12:34

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG SSD RBX Seri SCSI Disk Device +++++
--- User ---
[MBR] 858d479ca421b5c1769856f7bc89cb83
[BSP] 321b436c2ff5868188de9e46bdd47cb2 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 94 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 194560 | Size: 15360 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31651840 | Size: 106648 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Safe mode with network support
User : Matt [Admin rights]
Mode : Shortcuts HJfix -- Date : 10/20/2012 03:12:57

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\Default\NTUSER.DAT

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 1 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 127 / Fail 0
My documents: Success 1 / Fail 1
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 4 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 286 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#14
emeraldnzl

Posted 20 October 2012 - 01:24 AM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello again pleased123,

I just want to say thank you for all your help and patience.

Your welcome.

Moving on now

Please download Farbar Service Scanner and run.

Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center
Windows Update

[*]Press Scan
[*]A log (FSS.txt) will be created in the same directory the tool is run.
[*]Copy and paste the log back here.
[/list]

#15
pleased123

Posted 20 October 2012 - 01:28 AM

Member

Topic Starter
Member
21 posts

Here is FSS log:

Farbar Service Scanner Version: 19-10-2012
Ran by Matt (administrator) on 20-10-2012 at 03:26:59
Running from "C:\Users\Matt\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-12-04 00:07] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-16 13:15] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-09 22:38] - [2012-03-30 08:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A

C:\Windows\System32\dnsrslvr.dll
[2011-04-14 19:39] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-12-04 00:08] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-12-04 00:07] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-12-04 00:08] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-12-04 00:07] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-12-04 00:07] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-12-04 00:08] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-12-04 00:08] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-10-10 15:20] - [2012-06-01 20:20] - 0174592 ____A (Microsoft Corporation) CA78B312C44E4D52E842C2C8BD48E452

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-12-04 00:08] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF

**** End of log ****