Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cannot open exe files :(


  • Please log in to reply

#1
Fatie32

Fatie32

    Member

  • Member
  • PipPipPip
  • 122 posts
Okay can only open exes in safe mode need some help please mom needs her laptop back asap.

OTL logfile created on: 12/20/2012 9:33:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mikey\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.98 Gb Available Physical Memory | 79.57% Memory free
7.49 Gb Paging File | 6.71 Gb Available in Paging File | 89.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 390.53 Gb Total Space | 248.96 Gb Free Space | 63.75% Space Free | Partition Type: NTFS

Computer Name: MIKEY-PC | User Name: Mikey | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/20 21:33:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mikey\Downloads\OTL.com


========== Modules (No Company Name) ==========

MOD - [2012/12/20 08:55:33 | 004,537,856 | ---- | M] () -- C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.3.0\libGLESv2.dll
MOD - [2012/12/20 08:55:33 | 000,100,864 | ---- | M] () -- C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.3.0\libEGL.dll
MOD - [2012/12/04 19:15:15 | 012,456,040 | ---- | M] () -- C:\Users\Mikey\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012/12/04 19:15:15 | 000,460,904 | ---- | M] () -- C:\Users\Mikey\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/04 19:15:14 | 004,008,040 | ---- | M] () -- C:\Users\Mikey\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/04 19:14:21 | 000,157,304 | ---- | M] () -- C:\Users\Mikey\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/04 19:14:20 | 000,275,576 | ---- | M] () -- C:\Users\Mikey\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/04 19:14:19 | 002,168,952 | ---- | M] () -- C:\Users\Mikey\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/04/05 20:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/04/05 20:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/05/13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/07/22 01:19:24 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 01:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/12/11 12:35:30 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/05 23:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/05 23:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 19:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 06:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/13 09:00:08 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/07/22 01:19:24 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/09/22 01:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 14:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 45 1E 77 4B 65 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mikey\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mikey\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mikey\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mikey\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mikey\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Mikey\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\RunOnce: [Report] C:\AdwCleaner[S1].txt ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4603D467-0E93-4F73-BCCD-67E150E096DE}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6389739B-7B87-41D1-9BF4-C02488C28CC7}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BED1F05-90F6-4330-8B07-15FB83AFDDCF}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cec635ee-ceaa-11e1-a839-c80aa9da0020}\Shell - "" = AutoRun
O33 - MountPoints2\{cec635ee-ceaa-11e1-a839-c80aa9da0020}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/20 07:51:49 | 000,000,000 | ---D | C] -- C:\Users\Mikey\AppData\Roaming\Malwarebytes
[2012/12/20 07:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/20 07:51:41 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/20 07:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/20 07:51:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/14 10:24:48 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012/12/14 10:24:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP490 series
[2012/12/14 10:24:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ

========== Files - Modified Within 30 Days ==========

[2012/12/20 21:32:44 | 000,736,514 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/20 21:32:44 | 000,630,986 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/20 21:32:44 | 000,109,104 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/20 21:28:17 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/12/20 21:28:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/20 21:28:06 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/20 21:05:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3824746156-1190010203-432143418-1004UA.job
[2012/12/20 20:48:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3824746156-1190010203-432143418-1001UA.job
[2012/12/20 20:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/20 20:14:20 | 000,019,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/20 20:14:20 | 000,019,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/20 07:51:42 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/19 18:05:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3824746156-1190010203-432143418-1004Core.job
[2012/12/19 11:48:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3824746156-1190010203-432143418-1001Core.job
[2012/12/12 03:20:56 | 000,416,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/12/20 07:51:42 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/14 10:25:24 | 000,012,544 | ---- | C] () -- C:\Windows\SysWow64\CNC173CD.TBL
[2012/12/14 10:25:24 | 000,012,544 | ---- | C] () -- C:\Windows\SysNative\CNC173CD.TBL
[2012/07/17 15:45:49 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/06/29 14:10:59 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/06/26 22:38:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/04/05 19:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 19:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/11 20:19:34 | 000,000,000 | ---D | M] -- C:\Users\Mikey\AppData\Roaming\Canneverbe Limited
[2012/07/16 14:32:12 | 000,000,000 | ---D | M] -- C:\Users\Mikey\AppData\Roaming\Foxit Software
[2012/07/27 09:28:06 | 000,000,000 | ---D | M] -- C:\Users\Mikey\AppData\Roaming\SystemRequirementsLab
[2012/06/29 14:53:09 | 000,000,000 | ---D | M] -- C:\Users\Mikey\AppData\Roaming\TightVNC
[2012/11/29 18:33:06 | 000,000,000 | ---D | M] -- C:\Users\Mikey\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >


THANKS IN ADVANCE!
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
OTL is not showing me how they are doing it. Let's see if any of the scans will pick it up: (I think they will all work in Safe Mode with Networking but if something won't run just skip to the next.

Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

Does it finish without complaining that it can't fix something?

If it still won't work in regular mode try:

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

msconfig

Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains. Go to Startup tab and uncheck everything. OK and
reboot. If it doesn't let you run exe files in regular mode then go back into msconfig and recheck the
things you turned off. If it helps then go back and turn on a few items each
time until you find the culprit. (msconfig's window will pop up at every regular boot. You can minimize it while you check things.)

Ron
  • 0

#3
Fatie32

Fatie32

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-21 06:26:19
-----------------------------
06:26:19.795 OS Version: Windows x64 6.1.7601 Service Pack 1
06:26:19.795 Number of processors: 3 586 0x503
06:26:19.795 ComputerName: MIKEY-PC UserName: Mikey
06:26:26.468 Initialize success
06:27:27.434 AVAST engine defs: 12122100
06:27:36.372 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
06:27:36.372 Disk 0 Vendor: ST9640320AS 0001HPM1 Size: 610480MB BusType: 11
06:27:36.387 Disk 0 MBR read successfully
06:27:36.403 Disk 0 MBR scan
06:27:36.403 Disk 0 unknown MBR code
06:27:36.403 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
06:27:36.419 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 399900 MB offset 206848
06:27:36.434 Disk 0 Partition - 00 05 Extended 210478 MB offset 819204094
06:27:36.450 Disk 0 Partition 3 00 83 Linux 206643 MB offset 819204096
06:27:36.465 Disk 0 Partition - 00 05 Extended 3835 MB offset 1242408960
06:27:36.528 Disk 0 scanning C:\Windows\system32\drivers
06:27:50.965 Service scanning
06:28:28.494 Modules scanning
06:28:35.514 AVAST engine scan C:\Windows
06:28:38.525 AVAST engine scan C:\Windows\system32
06:32:06.863 AVAST engine scan C:\Windows\system32\drivers
06:32:20.248 AVAST engine scan C:\Users\Mikey
06:33:40.619 AVAST engine scan C:\ProgramData
06:34:10.571 Scan finished successfully
06:39:51.432 Disk 0 MBR has been saved successfully to "C:\Users\Mikey\Desktop\MBR.dat"
06:39:51.432 The log file has been saved successfully to "C:\Users\Mikey\Desktop\aswMBR.txt"






ComboFix 12-12-20.02 - Mikey 12/21/2012 6:43.1.3 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2951 [GMT -6:00]
Running from: c:\users\Mikey\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mikey\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F74280D4-E6C5-4A39-8346-3B2D21542C7B}.xps
c:\users\Mommy\AppData\Local\chroxgeg.exe
c:\users\Mommy\AppData\Roaming\matwi.dll
c:\users\Mommy\AppData\Roaming\mshsiz.dll
c:\users\Mommy\AppData\Roaming\wetpi.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-11-21 to 2012-12-21 )))))))))))))))))))))))))))))))
.
.
2012-12-21 12:47 . 2012-12-21 12:47 -------- d-----w- c:\users\Mommy\AppData\Local\temp
2012-12-21 12:47 . 2012-12-21 12:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-21 12:46 . 2012-12-21 12:46 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{754D2878-89ED-4DA3-9E22-3E7EE9C82B6B}\offreg.dll
2012-12-21 11:31 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{754D2878-89ED-4DA3-9E22-3E7EE9C82B6B}\mpengine.dll
2012-12-20 13:51 . 2012-12-20 13:51 -------- d-----w- c:\users\Mikey\AppData\Roaming\Malwarebytes
2012-12-20 13:51 . 2012-12-20 13:51 -------- d-----w- c:\programdata\Malwarebytes
2012-12-20 13:51 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-20 13:51 . 2012-12-20 13:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-14 16:25 . 2009-04-03 22:01 1321984 ----a-w- c:\windows\system32\CNC490C.dll
2012-12-14 16:25 . 2009-04-03 22:00 92672 ----a-w- c:\windows\system32\CNC490I.dll
2012-12-14 16:25 . 2009-04-03 21:57 106496 ----a-w- c:\windows\SysWow64\CNC490U.dll
2012-12-14 16:25 . 2009-03-11 17:36 328192 ----a-w- c:\windows\system32\CNC490L.dll
2012-12-14 16:25 . 2009-03-11 17:34 303104 ----a-w- c:\windows\SysWow64\CNC490L.dll
2012-12-14 16:25 . 2008-08-26 00:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll
2012-12-14 16:25 . 2008-08-26 00:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
2012-12-14 16:24 . 2012-12-14 16:24 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-12-14 16:24 . 2012-12-14 16:24 -------- d--h--w- c:\programdata\CanonBJ
2012-12-14 16:24 . 2010-04-24 11:00 83968 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP9Y.DLL
2012-12-14 16:24 . 2010-04-24 11:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD9Y.DLL
2012-12-14 16:24 . 2010-04-24 11:00 336896 ----a-w- c:\windows\system32\CNMLM9Y.DLL
2012-12-12 08:30 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 08:30 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-12 08:30 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-23 03:18 . 2012-11-23 03:18 -------- d-----w- c:\users\Mommy\AppData\Local\Diagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 09:01 . 2012-06-27 15:08 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-11 18:35 . 2012-06-30 15:11 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-11 18:35 . 2012-06-30 15:11 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-16 08:38 . 2012-11-27 18:33 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 18:33 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 18:33 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-16 07:57 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-16 07:57 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-16 07:57 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-16 07:57 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-12 08:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-16 07:57 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-16 07:57 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-16 07:57 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-16 07:57 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-16 07:57 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-16 07:57 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-16 07:57 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-16 07:57 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-16 07:57 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-16 07:57 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-16 07:57 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47 . 2012-11-16 07:57 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-16 07:57 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-27 1255736]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-30 18:35]
.
2012-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3824746156-1190010203-432143418-1001Core.job
- c:\users\Mikey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-27 04:33]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3824746156-1190010203-432143418-1001UA.job
- c:\users\Mikey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-27 04:33]
.
2012-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3824746156-1190010203-432143418-1004Core.job
- c:\users\Mommy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-11 22:45]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3824746156-1190010203-432143418-1004UA.job
- c:\users\Mommy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-11 22:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-22 487424]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6389739B-7B87-41D1-9BF4-C02488C28CC7}: NameServer = 8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-21 06:49:21
ComboFix-quarantined-files.txt 2012-12-21 12:49
.
Pre-Run: 291,686,137,856 bytes free
Post-Run: 292,219,936,768 bytes free
.
- - End Of File - - ECB878A03486E474744ACD1A291A1907









06:52:40.0542 1096 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
06:52:40.0932 1096 ============================================================
06:52:40.0932 1096 Current date / time: 2012/12/21 06:52:40.0932
06:52:40.0932 1096 SystemInfo:
06:52:40.0932 1096
06:52:40.0932 1096 OS Version: 6.1.7601 ServicePack: 1.0
06:52:40.0932 1096 Product type: Workstation
06:52:40.0932 1096 ComputerName: MIKEY-PC
06:52:40.0932 1096 UserName: Mikey
06:52:40.0932 1096 Windows directory: C:\Windows
06:52:40.0932 1096 System windows directory: C:\Windows
06:52:40.0932 1096 Running under WOW64
06:52:40.0932 1096 Processor architecture: Intel x64
06:52:40.0932 1096 Number of processors: 3
06:52:40.0932 1096 Page size: 0x1000
06:52:40.0932 1096 Boot type: Safe boot with network
06:52:40.0932 1096 ============================================================
06:52:41.0883 1096 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
06:52:41.0899 1096 ============================================================
06:52:41.0899 1096 \Device\Harddisk0\DR0:
06:52:41.0899 1096 MBR partitions:
06:52:41.0899 1096 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
06:52:41.0899 1096 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x30D0E000
06:52:41.0930 1096 ============================================================
06:52:41.0977 1096 C: <-> \Device\Harddisk0\DR0\Partition2
06:52:41.0977 1096 ============================================================
06:52:41.0977 1096 Initialize success
06:52:41.0977 1096 ============================================================
06:52:49.0137 1372 ============================================================
06:52:49.0137 1372 Scan started
06:52:49.0137 1372 Mode: Manual; SigCheck; TDLFS;
06:52:49.0137 1372 ============================================================
06:52:49.0652 1372 ================ Scan system memory ========================
06:52:49.0652 1372 System memory - ok
06:52:49.0652 1372 ================ Scan services =============================
06:52:49.0824 1372 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
06:52:49.0902 1372 1394ohci - ok
06:52:49.0949 1372 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
06:52:49.0964 1372 Accelerometer - ok
06:52:49.0995 1372 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
06:52:50.0011 1372 ACPI - ok
06:52:50.0042 1372 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
06:52:50.0105 1372 AcpiPmi - ok
06:52:50.0198 1372 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
06:52:50.0214 1372 AdobeFlashPlayerUpdateSvc - ok
06:52:50.0261 1372 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
06:52:50.0276 1372 adp94xx - ok
06:52:50.0307 1372 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
06:52:50.0323 1372 adpahci - ok
06:52:50.0354 1372 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
06:52:50.0354 1372 adpu320 - ok
06:52:50.0385 1372 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
06:52:50.0463 1372 AeLookupSvc - ok
06:52:50.0651 1372 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
06:52:50.0697 1372 AESTFilters - ok
06:52:50.0744 1372 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
06:52:50.0791 1372 AFD - ok
06:52:50.0822 1372 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
06:52:50.0838 1372 agp440 - ok
06:52:50.0869 1372 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
06:52:50.0900 1372 ALG - ok
06:52:50.0947 1372 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
06:52:50.0947 1372 aliide - ok
06:52:50.0994 1372 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
06:52:51.0087 1372 AMD External Events Utility - ok
06:52:51.0134 1372 AMD FUEL Service - ok
06:52:51.0165 1372 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
06:52:51.0181 1372 amdide - ok
06:52:51.0181 1372 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
06:52:51.0197 1372 amdiox64 - ok
06:52:51.0243 1372 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
06:52:51.0259 1372 AmdK8 - ok
06:52:51.0477 1372 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
06:52:51.0633 1372 amdkmdag - ok
06:52:51.0680 1372 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
06:52:51.0711 1372 amdkmdap - ok
06:52:51.0743 1372 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
06:52:51.0758 1372 AmdPPM - ok
06:52:51.0805 1372 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
06:52:51.0821 1372 amdsata - ok
06:52:51.0852 1372 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
06:52:51.0852 1372 amdsbs - ok
06:52:51.0867 1372 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
06:52:51.0883 1372 amdxata - ok
06:52:51.0914 1372 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
06:52:51.0914 1372 AODDriver4.1 - ok
06:52:51.0977 1372 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
06:52:52.0008 1372 AppID - ok
06:52:52.0039 1372 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
06:52:52.0070 1372 AppIDSvc - ok
06:52:52.0086 1372 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
06:52:52.0133 1372 Appinfo - ok
06:52:52.0195 1372 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
06:52:52.0211 1372 arc - ok
06:52:52.0226 1372 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
06:52:52.0242 1372 arcsas - ok
06:52:52.0257 1372 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
06:52:52.0304 1372 AsyncMac - ok
06:52:52.0320 1372 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
06:52:52.0335 1372 atapi - ok
06:52:52.0398 1372 [ 38562A6A9CB10844759EAF2B01A7FCD3 ] athr C:\Windows\system32\DRIVERS\athrx.sys
06:52:52.0445 1372 athr - ok
06:52:52.0507 1372 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
06:52:52.0523 1372 AtiHDAudioService - ok
06:52:52.0725 1372 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
06:52:52.0850 1372 atikmdag - ok
06:52:52.0897 1372 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
06:52:52.0944 1372 AudioEndpointBuilder - ok
06:52:52.0975 1372 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
06:52:53.0006 1372 AudioSrv - ok
06:52:53.0084 1372 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
06:52:53.0115 1372 AxInstSV - ok
06:52:53.0131 1372 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
06:52:53.0162 1372 b06bdrv - ok
06:52:53.0209 1372 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
06:52:53.0225 1372 b57nd60a - ok
06:52:53.0287 1372 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
06:52:53.0303 1372 BDESVC - ok
06:52:53.0334 1372 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
06:52:53.0381 1372 Beep - ok
06:52:53.0427 1372 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
06:52:53.0474 1372 BFE - ok
06:52:53.0505 1372 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
06:52:53.0552 1372 BITS - ok
06:52:53.0583 1372 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
06:52:53.0615 1372 blbdrive - ok
06:52:53.0661 1372 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
06:52:53.0677 1372 bowser - ok
06:52:53.0693 1372 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
06:52:53.0739 1372 BrFiltLo - ok
06:52:53.0786 1372 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
06:52:53.0786 1372 BrFiltUp - ok
06:52:53.0817 1372 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
06:52:53.0849 1372 BridgeMP - ok
06:52:53.0880 1372 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
06:52:53.0895 1372 Browser - ok
06:52:53.0911 1372 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
06:52:53.0927 1372 Brserid - ok
06:52:53.0958 1372 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
06:52:53.0989 1372 BrSerWdm - ok
06:52:54.0005 1372 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
06:52:54.0036 1372 BrUsbMdm - ok
06:52:54.0051 1372 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
06:52:54.0051 1372 BrUsbSer - ok
06:52:54.0083 1372 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
06:52:54.0098 1372 BTHMODEM - ok
06:52:54.0129 1372 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
06:52:54.0192 1372 bthserv - ok
06:52:54.0239 1372 catchme - ok
06:52:54.0254 1372 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
06:52:54.0301 1372 cdfs - ok
06:52:54.0348 1372 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
06:52:54.0395 1372 cdrom - ok
06:52:54.0441 1372 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
06:52:54.0473 1372 CertPropSvc - ok
06:52:54.0504 1372 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
06:52:54.0535 1372 circlass - ok
06:52:54.0582 1372 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
06:52:54.0597 1372 CLFS - ok
06:52:54.0675 1372 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:52:54.0675 1372 clr_optimization_v2.0.50727_32 - ok
06:52:54.0738 1372 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:52:54.0738 1372 clr_optimization_v2.0.50727_64 - ok
06:52:54.0800 1372 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:52:54.0816 1372 clr_optimization_v4.0.30319_32 - ok
06:52:54.0863 1372 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:52:54.0863 1372 clr_optimization_v4.0.30319_64 - ok
06:52:54.0894 1372 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
06:52:54.0909 1372 CmBatt - ok
06:52:54.0941 1372 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
06:52:54.0941 1372 cmdide - ok
06:52:54.0987 1372 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
06:52:55.0003 1372 CNG - ok
06:52:55.0050 1372 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
06:52:55.0050 1372 Compbatt - ok
06:52:55.0097 1372 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
06:52:55.0112 1372 CompositeBus - ok
06:52:55.0128 1372 COMSysApp - ok
06:52:55.0175 1372 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
06:52:55.0175 1372 crcdisk - ok
06:52:55.0206 1372 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
06:52:55.0221 1372 CryptSvc - ok
06:52:55.0268 1372 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
06:52:55.0299 1372 DcomLaunch - ok
06:52:55.0346 1372 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
06:52:55.0393 1372 defragsvc - ok
06:52:55.0424 1372 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
06:52:55.0455 1372 DfsC - ok
06:52:55.0502 1372 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
06:52:55.0533 1372 Dhcp - ok
06:52:55.0565 1372 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
06:52:55.0611 1372 discache - ok
06:52:55.0658 1372 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
06:52:55.0674 1372 Disk - ok
06:52:55.0705 1372 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
06:52:55.0721 1372 Dnscache - ok
06:52:55.0752 1372 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
06:52:55.0799 1372 dot3svc - ok
06:52:55.0814 1372 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
06:52:55.0861 1372 DPS - ok
06:52:55.0877 1372 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
06:52:55.0908 1372 drmkaud - ok
06:52:55.0955 1372 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
06:52:55.0986 1372 DXGKrnl - ok
06:52:56.0033 1372 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
06:52:56.0064 1372 EapHost - ok
06:52:56.0142 1372 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
06:52:56.0173 1372 ebdrv - ok
06:52:56.0204 1372 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
06:52:56.0220 1372 EFS - ok
06:52:56.0298 1372 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
06:52:56.0329 1372 ehRecvr - ok
06:52:56.0345 1372 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
06:52:56.0360 1372 ehSched - ok
06:52:56.0391 1372 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
06:52:56.0407 1372 elxstor - ok
06:52:56.0438 1372 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
06:52:56.0454 1372 ErrDev - ok
06:52:56.0501 1372 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
06:52:56.0547 1372 EventSystem - ok
06:52:56.0563 1372 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
06:52:56.0594 1372 exfat - ok
06:52:56.0625 1372 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
06:52:56.0657 1372 fastfat - ok
06:52:56.0719 1372 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
06:52:56.0750 1372 Fax - ok
06:52:56.0766 1372 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
06:52:56.0781 1372 fdc - ok
06:52:56.0813 1372 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
06:52:56.0844 1372 fdPHost - ok
06:52:56.0859 1372 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
06:52:56.0922 1372 FDResPub - ok
06:52:56.0953 1372 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
06:52:56.0969 1372 FileInfo - ok
06:52:56.0984 1372 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
06:52:57.0015 1372 Filetrace - ok
06:52:57.0047 1372 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
06:52:57.0062 1372 flpydisk - ok
06:52:57.0093 1372 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
06:52:57.0109 1372 FltMgr - ok
06:52:57.0156 1372 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
06:52:57.0187 1372 FontCache - ok
06:52:57.0234 1372 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:52:57.0249 1372 FontCache3.0.0.0 - ok
06:52:57.0265 1372 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
06:52:57.0265 1372 FsDepends - ok
06:52:57.0296 1372 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
06:52:57.0312 1372 Fs_Rec - ok
06:52:57.0359 1372 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
06:52:57.0374 1372 fvevol - ok
06:52:57.0405 1372 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
06:52:57.0405 1372 gagp30kx - ok
06:52:57.0452 1372 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
06:52:57.0515 1372 gpsvc - ok
06:52:57.0530 1372 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
06:52:57.0561 1372 hcw85cir - ok
06:52:57.0593 1372 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
06:52:57.0608 1372 HdAudAddService - ok
06:52:57.0624 1372 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
06:52:57.0655 1372 HDAudBus - ok
06:52:57.0686 1372 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
06:52:57.0717 1372 HidBatt - ok
06:52:57.0733 1372 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
06:52:57.0764 1372 HidBth - ok
06:52:57.0780 1372 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
06:52:57.0811 1372 HidIr - ok
06:52:57.0842 1372 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
06:52:57.0889 1372 hidserv - ok
06:52:57.0936 1372 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
06:52:57.0951 1372 HidUsb - ok
06:52:57.0983 1372 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
06:52:58.0014 1372 hkmsvc - ok
06:52:58.0045 1372 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
06:52:58.0076 1372 HomeGroupListener - ok
06:52:58.0107 1372 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
06:52:58.0123 1372 HomeGroupProvider - ok
06:52:58.0154 1372 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
06:52:58.0154 1372 hpdskflt - ok
06:52:58.0185 1372 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
06:52:58.0201 1372 HpSAMD - ok
06:52:58.0217 1372 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
06:52:58.0217 1372 hpsrv - ok
06:52:58.0279 1372 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
06:52:58.0326 1372 HTTP - ok
06:52:58.0341 1372 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
06:52:58.0357 1372 hwpolicy - ok
06:52:58.0388 1372 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
06:52:58.0404 1372 i8042prt - ok
06:52:58.0451 1372 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
06:52:58.0466 1372 iaStorV - ok
06:52:58.0544 1372 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:52:58.0560 1372 idsvc - ok
06:52:58.0607 1372 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
06:52:58.0607 1372 iirsp - ok
06:52:58.0669 1372 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
06:52:58.0716 1372 IKEEXT - ok
06:52:58.0763 1372 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
06:52:58.0763 1372 intelide - ok
06:52:58.0809 1372 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
06:52:58.0825 1372 intelppm - ok
06:52:58.0856 1372 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
06:52:58.0903 1372 IPBusEnum - ok
06:52:58.0934 1372 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:52:58.0981 1372 IpFilterDriver - ok
06:52:59.0028 1372 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
06:52:59.0075 1372 iphlpsvc - ok
06:52:59.0106 1372 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
06:52:59.0121 1372 IPMIDRV - ok
06:52:59.0168 1372 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
06:52:59.0215 1372 IPNAT - ok
06:52:59.0231 1372 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
06:52:59.0262 1372 IRENUM - ok
06:52:59.0277 1372 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
06:52:59.0293 1372 isapnp - ok
06:52:59.0324 1372 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
06:52:59.0324 1372 iScsiPrt - ok
06:52:59.0371 1372 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
06:52:59.0371 1372 kbdclass - ok
06:52:59.0418 1372 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
06:52:59.0433 1372 kbdhid - ok
06:52:59.0449 1372 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
06:52:59.0465 1372 KeyIso - ok
06:52:59.0496 1372 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
06:52:59.0496 1372 KSecDD - ok
06:52:59.0511 1372 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
06:52:59.0527 1372 KSecPkg - ok
06:52:59.0558 1372 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
06:52:59.0589 1372 ksthunk - ok
06:52:59.0636 1372 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
06:52:59.0683 1372 KtmRm - ok
06:52:59.0714 1372 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
06:52:59.0761 1372 LanmanServer - ok
06:52:59.0792 1372 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
06:52:59.0839 1372 LanmanWorkstation - ok
06:52:59.0855 1372 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
06:52:59.0901 1372 lltdio - ok
06:52:59.0933 1372 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
06:52:59.0995 1372 lltdsvc - ok
06:53:00.0011 1372 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
06:53:00.0057 1372 lmhosts - ok
06:53:00.0089 1372 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
06:53:00.0104 1372 LSI_FC - ok
06:53:00.0120 1372 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
06:53:00.0135 1372 LSI_SAS - ok
06:53:00.0135 1372 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
06:53:00.0151 1372 LSI_SAS2 - ok
06:53:00.0167 1372 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
06:53:00.0182 1372 LSI_SCSI - ok
06:53:00.0213 1372 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
06:53:00.0260 1372 luafv - ok
06:53:00.0276 1372 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
06:53:00.0307 1372 Mcx2Svc - ok
06:53:00.0323 1372 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
06:53:00.0338 1372 megasas - ok
06:53:00.0369 1372 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
06:53:00.0385 1372 MegaSR - ok
06:53:00.0447 1372 Microsoft SharePoint Workspace Audit Service - ok
06:53:00.0479 1372 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
06:53:00.0525 1372 MMCSS - ok
06:53:00.0541 1372 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
06:53:00.0588 1372 Modem - ok
06:53:00.0603 1372 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
06:53:00.0635 1372 monitor - ok
06:53:00.0666 1372 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
06:53:00.0666 1372 mouclass - ok
06:53:00.0713 1372 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
06:53:00.0728 1372 mouhid - ok
06:53:00.0759 1372 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
06:53:00.0775 1372 mountmgr - ok
06:53:00.0822 1372 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
06:53:00.0822 1372 mpio - ok
06:53:00.0869 1372 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
06:53:00.0900 1372 mpsdrv - ok
06:53:00.0947 1372 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
06:53:00.0993 1372 MpsSvc - ok
06:53:01.0040 1372 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
06:53:01.0056 1372 MRxDAV - ok
06:53:01.0087 1372 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
06:53:01.0134 1372 mrxsmb - ok
06:53:01.0149 1372 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:53:01.0181 1372 mrxsmb10 - ok
06:53:01.0212 1372 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:53:01.0243 1372 mrxsmb20 - ok
06:53:01.0259 1372 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
06:53:01.0274 1372 msahci - ok
06:53:01.0290 1372 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
06:53:01.0305 1372 msdsm - ok
06:53:01.0321 1372 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
06:53:01.0337 1372 MSDTC - ok
06:53:01.0368 1372 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
06:53:01.0415 1372 Msfs - ok
06:53:01.0430 1372 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
06:53:01.0477 1372 mshidkmdf - ok
06:53:01.0508 1372 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
06:53:01.0524 1372 msisadrv - ok
06:53:01.0571 1372 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
06:53:01.0617 1372 MSiSCSI - ok
06:53:01.0617 1372 msiserver - ok
06:53:01.0649 1372 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
06:53:01.0680 1372 MSKSSRV - ok
06:53:01.0711 1372 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
06:53:01.0758 1372 MSPCLOCK - ok
06:53:01.0773 1372 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
06:53:01.0820 1372 MSPQM - ok
06:53:01.0851 1372 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
06:53:01.0867 1372 MsRPC - ok
06:53:01.0883 1372 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
06:53:01.0898 1372 mssmbios - ok
06:53:01.0929 1372 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
06:53:01.0961 1372 MSTEE - ok
06:53:01.0976 1372 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
06:53:01.0992 1372 MTConfig - ok
06:53:02.0039 1372 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
06:53:02.0054 1372 Mup - ok
06:53:02.0085 1372 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
06:53:02.0132 1372 napagent - ok
06:53:02.0179 1372 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
06:53:02.0195 1372 NativeWifiP - ok
06:53:02.0241 1372 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
06:53:02.0273 1372 NDIS - ok
06:53:02.0288 1372 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
06:53:02.0335 1372 NdisCap - ok
06:53:02.0382 1372 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
06:53:02.0413 1372 NdisTapi - ok
06:53:02.0444 1372 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
06:53:02.0491 1372 Ndisuio - ok
06:53:02.0522 1372 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
06:53:02.0553 1372 NdisWan - ok
06:53:02.0585 1372 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
06:53:02.0616 1372 NDProxy - ok
06:53:02.0647 1372 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
06:53:02.0694 1372 NetBIOS - ok
06:53:02.0741 1372 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
06:53:02.0787 1372 NetBT - ok
06:53:02.0803 1372 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
06:53:02.0819 1372 Netlogon - ok
06:53:02.0865 1372 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
06:53:02.0897 1372 Netman - ok
06:53:02.0912 1372 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
06:53:02.0975 1372 netprofm - ok
06:53:03.0006 1372 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:53:03.0006 1372 NetTcpPortSharing - ok
06:53:03.0053 1372 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
06:53:03.0053 1372 nfrd960 - ok
06:53:03.0099 1372 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
06:53:03.0115 1372 NlaSvc - ok
06:53:03.0146 1372 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
06:53:03.0177 1372 Npfs - ok
06:53:03.0193 1372 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
06:53:03.0255 1372 nsi - ok
06:53:03.0255 1372 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
06:53:03.0302 1372 nsiproxy - ok
06:53:03.0365 1372 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
06:53:03.0396 1372 Ntfs - ok
06:53:03.0411 1372 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
06:53:03.0458 1372 Null - ok
06:53:03.0489 1372 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
06:53:03.0505 1372 nvraid - ok
06:53:03.0552 1372 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
06:53:03.0552 1372 nvstor - ok
06:53:03.0583 1372 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
06:53:03.0583 1372 nv_agp - ok
06:53:03.0599 1372 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
06:53:03.0614 1372 ohci1394 - ok
06:53:03.0692 1372 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:53:03.0708 1372 ose64 - ok
06:53:03.0848 1372 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
06:53:03.0926 1372 osppsvc - ok
06:53:03.0957 1372 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
06:53:03.0973 1372 p2pimsvc - ok
06:53:03.0989 1372 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
06:53:04.0004 1372 p2psvc - ok
06:53:04.0035 1372 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
06:53:04.0051 1372 Parport - ok
06:53:04.0082 1372 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
06:53:04.0082 1372 partmgr - ok
06:53:04.0113 1372 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
06:53:04.0129 1372 PcaSvc - ok
06:53:04.0176 1372 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
06:53:04.0191 1372 pci - ok
06:53:04.0238 1372 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
06:53:04.0238 1372 pciide - ok
06:53:04.0269 1372 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
06:53:04.0285 1372 pcmcia - ok
06:53:04.0301 1372 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
06:53:04.0301 1372 pcw - ok
06:53:04.0332 1372 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
06:53:04.0394 1372 PEAUTH - ok
06:53:04.0472 1372 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
06:53:04.0503 1372 PerfHost - ok
06:53:04.0566 1372 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
06:53:04.0613 1372 pla - ok
06:53:04.0644 1372 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
06:53:04.0675 1372 PlugPlay - ok
06:53:04.0691 1372 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
06:53:04.0706 1372 PNRPAutoReg - ok
06:53:04.0753 1372 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
06:53:04.0753 1372 PNRPsvc - ok
06:53:04.0800 1372 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
06:53:04.0847 1372 PolicyAgent - ok
06:53:04.0862 1372 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
06:53:04.0909 1372 Power - ok
06:53:04.0940 1372 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
06:53:04.0987 1372 PptpMiniport - ok
06:53:05.0003 1372 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
06:53:05.0034 1372 Processor - ok
06:53:05.0065 1372 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
06:53:05.0081 1372 ProfSvc - ok
06:53:05.0096 1372 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
06:53:05.0096 1372 ProtectedStorage - ok
06:53:05.0174 1372 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
06:53:05.0205 1372 Psched - ok
06:53:05.0268 1372 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
06:53:05.0299 1372 ql2300 - ok
06:53:05.0315 1372 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
06:53:05.0330 1372 ql40xx - ok
06:53:05.0346 1372 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
06:53:05.0377 1372 QWAVE - ok
06:53:05.0377 1372 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
06:53:05.0393 1372 QWAVEdrv - ok
06:53:05.0424 1372 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
06:53:05.0471 1372 RasAcd - ok
06:53:05.0502 1372 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
06:53:05.0549 1372 RasAgileVpn - ok
06:53:05.0564 1372 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
06:53:05.0611 1372 RasAuto - ok
06:53:05.0642 1372 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
06:53:05.0689 1372 Rasl2tp - ok
06:53:05.0720 1372 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
06:53:05.0767 1372 RasMan - ok
06:53:05.0783 1372 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
06:53:05.0829 1372 RasPppoe - ok
06:53:05.0845 1372 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
06:53:05.0876 1372 RasSstp - ok
06:53:05.0907 1372 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
06:53:05.0954 1372 rdbss - ok
06:53:05.0954 1372 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
06:53:05.0985 1372 rdpbus - ok
06:53:06.0001 1372 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
06:53:06.0032 1372 RDPCDD - ok
06:53:06.0063 1372 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
06:53:06.0095 1372 RDPENCDD - ok
06:53:06.0110 1372 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
06:53:06.0141 1372 RDPREFMP - ok
06:53:06.0173 1372 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
06:53:06.0204 1372 RDPWD - ok
06:53:06.0266 1372 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
06:53:06.0266 1372 rdyboost - ok
06:53:06.0313 1372 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
06:53:06.0360 1372 RemoteAccess - ok
06:53:06.0391 1372 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
06:53:06.0438 1372 RemoteRegistry - ok
06:53:06.0453 1372 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
06:53:06.0500 1372 RpcEptMapper - ok
06:53:06.0516 1372 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
06:53:06.0531 1372 RpcLocator - ok
06:53:06.0578 1372 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
06:53:06.0625 1372 RpcSs - ok
06:53:06.0641 1372 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
06:53:06.0687 1372 rspndr - ok
06:53:06.0703 1372 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
06:53:06.0719 1372 RTL8167 - ok
06:53:06.0734 1372 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
06:53:06.0750 1372 SamSs - ok
06:53:06.0765 1372 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
06:53:06.0781 1372 sbp2port - ok
06:53:06.0812 1372 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
06:53:06.0875 1372 SCardSvr - ok
06:53:06.0906 1372 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
06:53:06.0937 1372 scfilter - ok
06:53:06.0984 1372 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
06:53:07.0031 1372 Schedule - ok
06:53:07.0062 1372 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
06:53:07.0093 1372 SCPolicySvc - ok
06:53:07.0124 1372 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
06:53:07.0140 1372 SDRSVC - ok
06:53:07.0171 1372 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
06:53:07.0233 1372 secdrv - ok
06:53:07.0265 1372 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
06:53:07.0296 1372 seclogon - ok
06:53:07.0311 1372 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
06:53:07.0358 1372 SENS - ok
06:53:07.0358 1372 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
06:53:07.0389 1372 SensrSvc - ok
06:53:07.0421 1372 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
06:53:07.0452 1372 Serenum - ok
06:53:07.0452 1372 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
06:53:07.0467 1372 Serial - ok
06:53:07.0483 1372 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
06:53:07.0514 1372 sermouse - ok
06:53:07.0577 1372 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
06:53:07.0623 1372 SessionEnv - ok
06:53:07.0655 1372 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
06:53:07.0670 1372 sffdisk - ok
06:53:07.0686 1372 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
06:53:07.0701 1372 sffp_mmc - ok
06:53:07.0717 1372 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
06:53:07.0733 1372 sffp_sd - ok
06:53:07.0764 1372 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
06:53:07.0764 1372 sfloppy - ok
06:53:07.0811 1372 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
06:53:07.0857 1372 SharedAccess - ok
06:53:07.0904 1372 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
06:53:07.0935 1372 ShellHWDetection - ok
06:53:07.0967 1372 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
06:53:07.0967 1372 SiSRaid2 - ok
06:53:07.0998 1372 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
06:53:08.0013 1372 SiSRaid4 - ok
06:53:08.0045 1372 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
06:53:08.0091 1372 Smb - ok
06:53:08.0138 1372 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
06:53:08.0169 1372 SNMPTRAP - ok
06:53:08.0185 1372 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
06:53:08.0201 1372 spldr - ok
06:53:08.0232 1372 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
06:53:08.0247 1372 Spooler - ok
06:53:08.0325 1372 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
06:53:08.0403 1372 sppsvc - ok
06:53:08.0419 1372 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
06:53:08.0481 1372 sppuinotify - ok
06:53:08.0544 1372 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
06:53:08.0575 1372 srv - ok
06:53:08.0606 1372 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
06:53:08.0637 1372 srv2 - ok
06:53:08.0684 1372 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
06:53:08.0700 1372 srvnet - ok
06:53:08.0731 1372 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
06:53:08.0778 1372 SSDPSRV - ok
06:53:08.0793 1372 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
06:53:08.0825 1372 SstpSvc - ok
06:53:08.0887 1372 [ B00068BA94F5F306911B14B425AAEB56 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
06:53:08.0903 1372 STacSV - ok
06:53:08.0934 1372 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
06:53:08.0949 1372 stexstor - ok
06:53:09.0012 1372 [ DA40D9C9CCB9836D6ABD1706935A2277 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
06:53:09.0043 1372 STHDA - ok
06:53:09.0074 1372 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
06:53:09.0121 1372 stisvc - ok
06:53:09.0137 1372 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
06:53:09.0152 1372 swenum - ok
06:53:09.0183 1372 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
06:53:09.0246 1372 swprv - ok
06:53:09.0324 1372 [ 961CFAC2A5318E212F459D651F28E0A4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
06:53:09.0355 1372 SynTP - ok
06:53:09.0417 1372 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
06:53:09.0480 1372 SysMain - ok
06:53:09.0511 1372 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
06:53:09.0527 1372 TabletInputService - ok
06:53:09.0573 1372 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
06:53:09.0620 1372 TapiSrv - ok
06:53:09.0651 1372 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
06:53:09.0683 1372 TBS - ok
06:53:09.0745 1372 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
06:53:09.0776 1372 Tcpip - ok
06:53:09.0823 1372 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
06:53:09.0870 1372 TCPIP6 - ok
06:53:09.0885 1372 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
06:53:09.0917 1372 tcpipreg - ok
06:53:09.0963 1372 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
06:53:09.0979 1372 TDPIPE - ok
06:53:10.0010 1372 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
06:53:10.0026 1372 TDTCP - ok
06:53:10.0073 1372 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
06:53:10.0104 1372 tdx - ok
06:53:10.0119 1372 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
06:53:10.0135 1372 TermDD - ok
06:53:10.0166 1372 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
06:53:10.0213 1372 TermService - ok
06:53:10.0229 1372 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
06:53:10.0244 1372 Themes - ok
06:53:10.0291 1372 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
06:53:10.0322 1372 THREADORDER - ok
06:53:10.0338 1372 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
06:53:10.0384 1372 TrkWks - ok
06:53:10.0428 1372 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
06:53:10.0478 1372 TrustedInstaller - ok
06:53:10.0514 1372 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
06:53:10.0557 1372 tssecsrv - ok
06:53:10.0602 1372 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
06:53:10.0620 1372 TsUsbFlt - ok
06:53:10.0682 1372 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
06:53:10.0725 1372 tunnel - ok
06:53:10.0745 1372 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
06:53:10.0756 1372 uagp35 - ok
06:53:10.0786 1372 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
06:53:10.0822 1372 udfs - ok
06:53:10.0854 1372 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
06:53:10.0873 1372 UI0Detect - ok
06:53:10.0901 1372 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
06:53:10.0911 1372 uliagpkx - ok
06:53:10.0927 1372 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
06:53:10.0952 1372 umbus - ok
06:53:10.0981 1372 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
06:53:11.0004 1372 UmPass - ok
06:53:11.0033 1372 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
06:53:11.0080 1372 upnphost - ok
06:53:11.0193 1372 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
06:53:11.0221 1372 usbccgp - ok
06:53:11.0251 1372 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
06:53:11.0266 1372 usbcir - ok
06:53:11.0286 1372 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
06:53:11.0316 1372 usbehci - ok
06:53:11.0419 1372 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
06:53:11.0451 1372 usbhub - ok
06:53:11.0466 1372 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
06:53:11.0497 1372 usbohci - ok
06:53:11.0529 1372 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
06:53:11.0544 1372 usbprint - ok
06:53:11.0575 1372 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
06:53:11.0607 1372 usbscan - ok
06:53:11.0622 1372 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:53:11.0638 1372 USBSTOR - ok
06:53:11.0638 1372 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
06:53:11.0669 1372 usbuhci - ok
06:53:11.0700 1372 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
06:53:11.0716 1372 usbvideo - ok
06:53:11.0747 1372 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
06:53:11.0763 1372 usb_rndisx - ok
06:53:11.0794 1372 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
06:53:11.0841 1372 UxSms - ok
06:53:11.0872 1372 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
06:53:11.0872 1372 VaultSvc - ok
06:53:11.0903 1372 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
06:53:11.0919 1372 vdrvroot - ok
06:53:11.0950 1372 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
06:53:12.0012 1372 vds - ok
06:53:12.0043 1372 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
06:53:12.0059 1372 vga - ok
06:53:12.0075 1372 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
06:53:12.0121 1372 VgaSave - ok
06:53:12.0199 1372 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
06:53:12.0215 1372 vhdmp - ok
06:53:12.0246 1372 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
06:53:12.0262 1372 viaide - ok
06:53:12.0277 1372 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
06:53:12.0293 1372 volmgr - ok
06:53:12.0324 1372 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
06:53:12.0340 1372 volmgrx - ok
06:53:12.0355 1372 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
06:53:12.0371 1372 volsnap - ok
06:53:12.0418 1372 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
06:53:12.0418 1372 vsmraid - ok
06:53:12.0480 1372 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
06:53:12.0543 1372 VSS - ok
06:53:12.0558 1372 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
06:53:12.0574 1372 vwifibus - ok
06:53:12.0589 1372 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
06:53:12.0605 1372 vwififlt - ok
06:53:12.0636 1372 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
06:53:12.0683 1372 W32Time - ok
06:53:12.0699 1372 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
06:53:12.0730 1372 WacomPen - ok
06:53:12.0823 1372 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
06:53:12.0870 1372 WANARP - ok
06:53:12.0870 1372 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
06:53:12.0917 1372 Wanarpv6 - ok
06:53:12.0964 1372 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
06:53:12.0995 1372 WatAdminSvc - ok
06:53:13.0057 1372 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
06:53:13.0073 1372 wbengine - ok
06:53:13.0104 1372 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
06:53:13.0135 1372 WbioSrvc - ok
06:53:13.0167 1372 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
06:53:13.0198 1372 wcncsvc - ok
06:53:13.0213 1372 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
06:53:13.0213 1372 WcsPlugInService - ok
06:53:13.0245 1372 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
06:53:13.0260 1372 Wd - ok
06:53:13.0291 1372 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
06:53:13.0323 1372 Wdf01000 - ok
06:53:13.0338 1372 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
06:53:13.0354 1372 WdiServiceHost - ok
06:53:13.0369 1372 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
06:53:13.0385 1372 WdiSystemHost - ok
06:53:13.0510 1372 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
06:53:13.0541 1372 WebClient - ok
06:53:13.0557 1372 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
06:53:13.0588 1372 Wecsvc - ok
06:53:13.0603 1372 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
06:53:13.0650 1372 wercplsupport - ok
06:53:13.0681 1372 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
06:53:13.0713 1372 WerSvc - ok
06:53:13.0728 1372 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
06:53:13.0759 1372 WfpLwf - ok
06:53:13.0791 1372 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
06:53:13.0791 1372 WIMMount - ok
06:53:13.0822 1372 WinDefend - ok
06:53:13.0822 1372 WinHttpAutoProxySvc - ok
06:53:13.0869 1372 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
06:53:13.0915 1372 Winmgmt - ok
06:53:13.0978 1372 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
06:53:14.0056 1372 WinRM - ok
06:53:14.0103 1372 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
06:53:14.0118 1372 WinUsb - ok
06:53:14.0149 1372 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
06:53:14.0181 1372 Wlansvc - ok
06:53:14.0196 1372 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
06:53:14.0212 1372 WmiAcpi - ok
06:53:14.0243 1372 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
06:53:14.0259 1372 wmiApSrv - ok
06:53:14.0290 1372 WMPNetworkSvc - ok
06:53:14.0321 1372 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
06:53:14.0321 1372 WPCSvc - ok
06:53:14.0352 1372 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
06:53:14.0368 1372 WPDBusEnum - ok
06:53:14.0399 1372 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
06:53:14.0446 1372 ws2ifsl - ok
06:53:14.0493 1372 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
06:53:14.0524 1372 wscsvc - ok
06:53:14.0524 1372 WSearch - ok
06:53:14.0649 1372 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
06:53:14.0695 1372 wuauserv - ok
06:53:14.0727 1372 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
06:53:14.0742 1372 WudfPf - ok
06:53:14.0758 1372 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
06:53:14.0773 1372 WUDFRd - ok
06:53:14.0805 1372 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
06:53:14.0820 1372 wudfsvc - ok
06:53:14.0851 1372 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
06:53:14.0867 1372 WwanSvc - ok
06:53:14.0898 1372 ================ Scan global ===============================
06:53:14.0914 1372 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
06:53:14.0945 1372 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
06:53:14.0945 1372 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
06:53:14.0976 1372 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
06:53:14.0992 1372 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
06:53:15.0007 1372 [Global] - ok
06:53:15.0007 1372 ================ Scan MBR ==================================
06:53:15.0023 1372 [ 8E734BD7AA1D4F7E9AF58DF495F6CF9E ] \Device\Harddisk0\DR0
06:53:15.0304 1372 \Device\Harddisk0\DR0 - ok
06:53:15.0304 1372 ================ Scan VBR ==================================
06:53:15.0351 1372 [ 281FC9A23FBF172926E3E66746B08F47 ] \Device\Harddisk0\DR0\Partition1
06:53:15.0366 1372 \Device\Harddisk0\DR0\Partition1 - ok
06:53:15.0429 1372 [ 776B2B2DEBD2D9633E647D8BB6F1327F ] \Device\Harddisk0\DR0\Partition2
06:53:15.0444 1372 \Device\Harddisk0\DR0\Partition2 - ok
06:53:15.0444 1372 ============================================================
06:53:15.0444 1372 Scan finished
06:53:15.0444 1372 ============================================================
06:53:15.0460 1768 Detected object count: 0
06:53:15.0460 1768 Actual detected object count: 0









Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.21.09

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
Mikey :: MIKEY-PC [administrator]

12/21/2012 6:54:32 AM
mbam-log-2012-12-21 (06-54-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228030
Time elapsed: 1 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




Running sfc /scannow at the moment but here is those logs im off to work in a bit so might be a few hours before i can do anything else
  • 0

#4
Fatie32

Fatie32

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
Okay i can open exes etc. now thank you! anything else youd like me to do before we end this thread?
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Unless you see other problems I think we are done and can clean up

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 9 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works. http://support.microsoft.com/kb/294871


My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP