Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Antivirus Security Pro Malware removal

Started by AltCircuit , Sep 02 2013 10:01 PM

  • Please log in to reply

#1
AltCircuit
Posted 02 September 2013 - 10:01 PM

AltCircuit

    New Member

  • Member
  • Pip
  • 3 posts
Hi,
Last night while trying to check something on the Swiss Herbal website our computer was suddenly struck with this rogue antivirus program: Antivirus Security Pro. It shut down my access to the internet, to the Task manager and the registry. While googling the problem on another computer, I found that Microsoft had a program called Windows Defender that could be burned to a CD and used as a boot disk to find and clean the problem. After several attempts I got it to boot and scan. It found a couple of things which it claimed to remove. But when I rebooted the machine, the fake antivirus was still there. In desperation, I clicked on the Microsoft Security Essentials icon on my desktop and low and behold it scanned, found the problem and removed it. Among other things, it seemed to find an siref virus. Now the Antivirus Security Pro stuff was gone and all my access to the machine in general was restored. However, when I went and looked in the registry, there were a few suspicious looking things in there. I came across this site and the recommendation made to someone to use Malware Bytes software. So I downloaded and ran that. It found two things and removed them: Trojan.Agent.ED and Hijack.SecurityCenter.

I want to be certain that I have cleaned the machine to the full extent that I can. What else can I use to check? Is there something recommended that won't slow my machine down that I can keep running to prevent these sorts of incursions?
As an aside somewhere in all this (or possibly unrelated to it) all of our tax files for our tax software (TurboTax Canada) have disappeared. I do not know if this was related to running any of the above - or how I might go about finding them. I've already set everything to show hidden and done comprehensive searches (and there is only one user setup on the machine). Probably not related to the problem at hand, but I thought I would put it out there in case it was related.

Thanks for looking into this! I've pasted in my OLT log below.

OTL logfile created on: 02/09/2013 11:40:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fernando\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 37.17% Memory free
3.98 Gb Paging File | 2.06 Gb Available in Paging File | 51.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 212.67 Gb Free Space | 71.37% Space Free | Partition Type: NTFS
Drive E: | 327.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HPPAVILION | User Name: Fernando | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/02 23:39:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fernando\Desktop\OTL.exe
PRC - [2013/08/06 22:01:23 | 000,389,016 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/13 11:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 11:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/27 16:20:02 | 000,074,408 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe
PRC - [2009/04/27 16:19:38 | 000,058,024 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmon.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2006/12/19 11:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/06 22:01:24 | 002,244,504 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2013/08/06 22:01:24 | 000,158,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2013/08/06 22:01:24 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012/08/10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/04/19 16:43:56 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxczcoms.exe -- (lxcz_device)
SRV - [2013/08/06 22:01:53 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/29 04:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2007/04/19 16:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxczcoms.exe -- (lxcz_device)
SRV - [2006/12/19 11:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009/10/07 09:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009/10/07 09:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/09/11 18:04:50 | 006,177,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2009/06/10 17:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2009/06/10 16:35:03 | 000,192,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\eFE5b32e.sys -- (E100B)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 04:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/13 07:21:20 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2009/02/13 07:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/02/13 07:18:30 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DP.sys -- (HSF_DP)
DRV:64bit: - [2006/06/17 23:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D3 DB F9 1C 3B DD CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7PRFB_enCA516
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/08/06 22:01:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/08/06 22:01:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/12/29 18:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fernando\AppData\Roaming\mozilla\Extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - Extension: YouTube = C:\Users\Fernando\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Fernando\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Fernando\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/27 17:29:55 | 000,441,100 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15160 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxczbmgr.exe] C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKCU..\Run: [Google Update] Reg Error: Value error. File not found
O4 - Startup: C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...nt/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2837C96D-D45D-4F5F-853A-9B0C1470C0AB}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\intu-tt2012 - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\intu-tt2012 {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files (x86)\TurboTax 2012\ic2012pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/02 23:39:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Fernando\Desktop\OTL.exe
[2013/09/02 12:51:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/09/02 12:35:22 | 000,000,000 | ---D | C] -- C:\Users\Fernando\AppData\Roaming\Malwarebytes
[2013/09/02 12:35:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/02 12:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/02 12:34:54 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/09/02 12:34:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/09/02 03:30:58 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2013/09/01 22:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\s33XiVgV
[2013/08/15 03:03:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/08/13 15:36:15 | 000,000,000 | ---D | C] -- C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013/08/06 22:01:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird

========== Files - Modified Within 30 Days ==========

[2013/09/02 23:39:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fernando\Desktop\OTL.exe
[2013/09/02 23:15:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/02 17:03:59 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/02 17:03:58 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/02 16:56:47 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/02 16:56:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/02 16:56:27 | 1603,112,960 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/02 12:52:21 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/09/02 12:52:09 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/02 12:52:09 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/02 12:35:07 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/02 10:50:36 | 000,000,036 | ---- | M] () -- C:\Users\Fernando\AppData\Local\housecall.guid.cache
[2013/09/01 23:16:02 | 000,729,816 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/30 22:20:10 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/30 09:19:44 | 000,058,680 | ---- | M] () -- C:\Users\Fernando\Desktop\INKY_v2_7X_b049_4pp.pdf
[2013/08/30 09:19:16 | 000,199,525 | ---- | M] () -- C:\Users\Fernando\Desktop\INKY_v2_8X_b049_1pp.pdf
[2013/08/30 09:18:42 | 000,055,682 | ---- | M] () -- C:\Users\Fernando\Desktop\INKY_v2_6M_b049_4pp.pdf
[2013/08/30 09:18:29 | 000,055,721 | ---- | M] () -- C:\Users\Fernando\Desktop\INKY_v2_6M_b050_4pp.pdf
[2013/08/30 09:18:09 | 000,199,551 | ---- | M] () -- C:\Users\Fernando\Desktop\INKY_v2_8X_b050_1pp.pdf
[2013/08/30 09:17:39 | 000,058,623 | ---- | M] () -- C:\Users\Fernando\Desktop\INKY_v2_7X_b050_4pp.pdf
[2013/08/07 22:11:53 | 000,002,114 | ---- | M] () -- C:\Users\Fernando\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk

========== Files Created - No Company Name ==========

[2013/09/02 12:35:07 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/02 10:50:36 | 000,000,036 | ---- | C] () -- C:\Users\Fernando\AppData\Local\housecall.guid.cache
[2013/08/30 09:19:44 | 000,058,680 | ---- | C] () -- C:\Users\Fernando\Desktop\INKY_v2_7X_b049_4pp.pdf
[2013/08/30 09:19:16 | 000,199,525 | ---- | C] () -- C:\Users\Fernando\Desktop\INKY_v2_8X_b049_1pp.pdf
[2013/08/30 09:18:42 | 000,055,682 | ---- | C] () -- C:\Users\Fernando\Desktop\INKY_v2_6M_b049_4pp.pdf
[2013/08/30 09:18:29 | 000,055,721 | ---- | C] () -- C:\Users\Fernando\Desktop\INKY_v2_6M_b050_4pp.pdf
[2013/08/30 09:18:09 | 000,199,551 | ---- | C] () -- C:\Users\Fernando\Desktop\INKY_v2_8X_b050_1pp.pdf
[2013/08/30 09:17:39 | 000,058,623 | ---- | C] () -- C:\Users\Fernando\Desktop\INKY_v2_7X_b050_4pp.pdf
[2013/02/27 19:27:06 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll
[2013/02/27 19:27:06 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCZinst.dll
[2013/02/27 19:27:05 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll
[2013/02/27 19:27:04 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll
[2013/02/27 19:27:04 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxczutil.dll
[2013/02/27 19:27:02 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll
[2013/02/27 19:27:02 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll
[2013/02/27 19:27:01 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczppls.exe
[2013/02/27 19:27:01 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll
[2013/02/27 19:27:00 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll
[2013/02/27 19:27:00 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczih.exe
[2013/02/27 19:27:00 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll
[2013/02/27 19:26:59 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll
[2013/02/27 19:26:59 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcoms.exe
[2013/02/27 19:26:58 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll
[2013/02/27 19:26:58 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll
[2013/02/27 19:26:57 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcfg.exe
[2013/02/10 11:31:41 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Treble Reduction
[2013/02/10 11:31:41 | 000,000,268 | RH-- | C] () -- C:\Users\Fernando\AppData\Roaming\Themes
[2013/02/10 11:31:41 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2013/02/10 11:30:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Tremolo
[2013/02/10 11:30:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Transportation
[2013/02/10 11:30:29 | 000,000,268 | RH-- | C] () -- C:\Users\Fernando\AppData\Roaming\Track Settings
[2013/02/10 11:30:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2013/02/10 11:30:28 | 000,000,268 | RH-- | C] () -- C:\Users\Fernando\AppData\Roaming\Textures
[2013/02/10 11:30:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2013/02/10 11:29:46 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Widgets
[2013/02/10 11:29:46 | 000,000,268 | RH-- | C] () -- C:\Users\Fernando\AppData\Roaming\Utilities
[2013/02/10 11:29:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT
[2013/02/10 11:29:46 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Analog Pad
[2012/12/31 14:38:31 | 000,000,437 | ---- | C] () -- C:\Windows\Lexstat.ini
[2012/12/28 23:57:39 | 000,026,044 | ---- | C] () -- C:\Users\Fernando\AppData\Roaming\Comma Separated Values (Windows).ADR
[2012/01/27 17:17:53 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/16 16:53:44 | 000,024,577 | ---- | C] () -- C:\Windows\SysWow64\meyhinh.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/01/28 12:05:58 | 000,000,000 | ---D | M] -- C:\Users\Fernando\AppData\Roaming\Auslogics
[2013/03/12 11:18:24 | 000,000,000 | ---D | M] -- C:\Users\Fernando\AppData\Roaming\Avery
[2012/01/28 11:24:25 | 000,000,000 | ---D | M] -- C:\Users\Fernando\AppData\Roaming\FrostWire
[2012/12/31 20:06:31 | 000,000,000 | ---D | M] -- C:\Users\Fernando\AppData\Roaming\Leadertech
[2013/02/10 11:41:10 | 000,000,000 | ---D | M] -- C:\Users\Fernando\AppData\Roaming\Nikon
[2013/01/04 12:00:54 | 000,000,000 | ---D | M] -- C:\Users\Fernando\AppData\Roaming\OpenOffice.org
[2013/06/05 08:50:45 | 000,000,000 | ---D | M] -- C:\Users\Fernando\AppData\Roaming\Stellarium
[2012/12/29 18:27:57 | 000,000,000 | ---D | M] -- C:\Users\Fernando\AppData\Roaming\Thunderbird
[2013/02/05 22:57:59 | 000,000,000 | ---D | M] -- C:\Users\Fernando\AppData\Roaming\webex

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
RKinner
Posted 02 September 2013 - 11:29 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
If you got an Extras log when you ran OTL, please post it.
If not: Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste the Extras log.



Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. (You may want to disable your screen saver so you can see what is going on. The estimate given at the beginning of the program is out of date. It may take an hour or more. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

If it reboots and you don't get a log, run it again. If you get an error about a registry value supposed to be deleted, just reboot and it will go away.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

If you run aswMBR again but change the A-V Scan from Quickscan to C:\ and allow the Avast Engine to download it will do a full scan but will take many hours so I usually recommend it to let it run while you sleep.

As for protection, I prefer the free Avast to MSSE. It does a good job of warning you when you hit a bad website and prevents the kind of Drive by download that got you.
  • 0

#3
AltCircuit
Posted 04 September 2013 - 12:28 PM

AltCircuit

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi,
Thank you so much for your reply!
I'm pasting all the requested log files in below. I look forward to your thoughts.

OTL Extras log:
OTL Extras logfile created on: 04/09/2013 12:33:21 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fernando\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.09% Memory free
3.98 Gb Paging File | 2.66 Gb Available in Paging File | 66.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 213.54 Gb Free Space | 71.66% Space Free | Partition Type: NTFS
Drive E: | 327.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HPPAVILION | User Name: Fernando | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0499012F-1755-4E4D-B39B-DBE15D1847D1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{063C5AE5-C95C-4EF0-9214-AC53ABF593C6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0663EE49-70AE-41C1-8C56-D9EE55348C0F}" = lport=445 | protocol=6 | dir=in | app=system |
"{0ACECAA5-07F2-4898-B3FA-9CA0B3F0ED73}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0E72D876-C79E-4C7A-A6F8-D53F45C3F7B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0F0A872B-3017-4939-8FFF-A0EF5AD28D75}" = rport=445 | protocol=6 | dir=out | app=system |
"{25FB1267-88CC-48F7-A963-3CB8018F6C3F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2CE1ADBD-B171-4533-AED2-556A5617135E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{37744490-F49C-47C9-81C1-47E8C8EF1C9D}" = lport=139 | protocol=6 | dir=in | app=system |
"{5D8A703B-0114-4759-95CD-F5530982CD73}" = rport=137 | protocol=17 | dir=out | app=system |
"{6207359C-9318-44BE-8530-D34033BECABA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{63C90ADC-0478-4E1E-9FC1-CA1A8FBAAF26}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{6BACC856-E78E-4EC2-A927-927434A33C9B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7637CE64-7C1A-45CE-A841-394D71A8411C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7DB7C8E5-0260-4516-A7B2-A2ECE2DF9972}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{852380D9-E2DE-4B64-8896-FDC38EF4A775}" = lport=137 | protocol=17 | dir=in | app=system |
"{8A4CD70A-7AD3-4267-AF0C-FE6055F06179}" = rport=139 | protocol=6 | dir=out | app=system |
"{A0C66A0C-AF46-4227-8B43-D20829CEEB85}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B1F71465-741A-467B-A56E-CBC951550F53}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B4ACF71D-9DED-4DBE-88E7-876C11722C96}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B6A4019B-2D4E-4AC1-96E0-290363C28EF8}" = rport=138 | protocol=17 | dir=out | app=system |
"{BD371E2F-B067-40E1-A1D4-E76A075A3656}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E82037E2-7A75-45B8-9379-83567B8D0360}" = lport=138 | protocol=17 | dir=in | app=system |
"{ED6462F7-96B8-4414-ABFA-F91F0B14584B}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01231C57-4D59-4B2E-A596-058133AA3374}" = protocol=58 | dir=out | [email protected],-28546 |
"{182866CF-D551-43E9-96F8-9B1097F7DA4F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{20D2369E-F458-4318-B910-706DF26FDAE7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{356FFD8D-AA28-4242-934E-5828C416E1FA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{387D8FCC-67C4-4517-85A0-AA66DC187427}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxczpswx.exe |
"{4307DFC5-06B3-4931-9B08-982C1EFF05B1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{56807A66-C0B8-4BF0-B8CA-3423CDA8D5E3}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{59AED972-2F43-43CC-A394-08720D15253A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5DD82B4A-2818-4D96-A7D7-856B0795AB2C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5DE1DCF4-E36F-4EF6-8A25-43AF9934D529}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{63B02FD2-1938-45F0-9BBA-21C67660C131}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{65720674-ADCE-4DD8-A77C-E4E26E369CA1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{68A1F96F-56E4-4AD0-9417-61763A7E59DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68B49193-3587-4BB3-BB10-7C070656CFE2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{77EADFE2-E819-4C04-8A15-9608C011885D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7F50D002-B757-4C55-B149-76713BA2A896}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe |
"{8A5085AB-CACA-44C6-9B08-2F39DC553484}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxczpswx.exe |
"{8BA89352-D7C0-487F-B068-24DD557E6C03}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9A97EE3D-5512-4E13-95D8-6866B978FB9D}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxczcoms.exe |
"{9FDD04FF-DAE9-4A47-9108-6C2A7985B6D1}" = protocol=1 | dir=in | [email protected],-28543 |
"{A6182388-4169-4AC8-87B3-714FEE469EA2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A6EFA173-C20E-445C-BA71-B0509E205D1F}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxczcoms.exe |
"{AAF94FF1-3B87-4040-8254-4373B1FFF305}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{B303A494-463C-4F5D-B655-880B1F2493BB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{B6A2A239-FBF6-48A1-8F34-C21FB386AD19}" = protocol=6 | dir=out | app=system |
"{BD1CF63D-D211-49D6-B695-03F0D31E3F28}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BE9A2662-E065-4570-A4EA-AD91C458C3CD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C84BF638-FD2E-4352-A3A0-7B9F4FFA4986}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{CD14E0CC-B2F9-4D0A-8B44-1F104E797EFC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CF269663-0695-4CB1-A540-B36F84CF37F2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D0056555-72DE-49BE-AA15-0931D35114E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1BC40D1-47C4-4EFF-8444-5155A3469899}" = protocol=1 | dir=out | [email protected],-28544 |
"{D4C5D1F7-13A8-440A-83EC-E6EE7D12A8CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5DDFA06-989F-461A-AD73-42BEB165891E}" = protocol=58 | dir=in | [email protected],-28545 |
"{D74CF96D-3C51-4899-B242-DF99BAA273F2}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe |
"{D7876427-65CB-4E0D-A9ED-8990CDFD3FF9}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{DAA50DC8-48F5-49A6-8CFD-2663E3EB4EFC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E61992EB-3DDA-4DA7-BE7F-64FC19686FD7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E64C48A5-78AE-4E10-9126-B23A6AE5C2D9}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |
"{F07DE846-3427-412D-B5ED-B020E743DB45}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbkpswx.exe |
"{F89C4A8C-3B83-4699-A01C-7A90A4E20070}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FEE5C143-248F-42C7-BB2A-A10BC7FAB313}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbkpswx.exe |
"TCP Query User{320F23AE-9F69-4066-8599-0A9E0ED4C99B}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{E59D1696-F768-4BE9-A6B4-EAF9BDD26101}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11953C65-BB4E-4CA4-B0F0-2600A4B20040}" = Picture Control Utility x64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{635BE602-BB9C-4C59-8CC5-93F9366E8A21}" = ViewNX 2
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"CutePDF Writer Installation" = CutePDF Writer 3.0
"HDMI" = Intel® Graphics Media Accelerator Driver
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.6.0 (64-bit)
"Lexmark 1200 Series" = Lexmark 1200 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Stellarium_is1" = Stellarium 0.12.1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 30
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}" = Avery Wizard 4.0
"{726DDC29-79B3-41B4-BDBF-97DF25BF1EA8}" = TurboTax 2012
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2D4CD4A-AE20-40B3-8726-8ED1C03E8C15}" = Google Drive
"{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}" = ArcSoft Panorama Maker 6
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}" = Nero 7 Ultra Edition
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"BookSmart® 3.4.3 3.4.3" = BookSmart® 3.4.3 3.4.3
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Creatures Village" = Creatures Village
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"MailStore Home_universal1" = MailStore Home 7.1.0.7815
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Thunderbird 17.0.8 (x86 en-US)" = Mozilla Thunderbird 17.0.8 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Connect 9 Add-in" = Adobe Connect 9 Add-in
"Amazon Kindle" = Amazon Kindle

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 26/08/2013 5:17:35 PM | Computer Name = HPPavilion | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16660 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: d40 Start
Time: 01ce998aa8dd0a34 Termination Time: 1217 Application Path: C:\Program Files
(x86)\Internet Explorer\IEXPLORE.EXE Report Id:

Error - 30/08/2013 12:55:54 AM | Computer Name = HPPavilion | Source = Application Error | ID = 1000
Description = Faulting application name: lxczcoms.exe, version: 6.4.24.0, time stamp:
0x4589bc70 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp:
0x51dba4e7 Exception code: 0xc0000005 Fault offset: 0x0000000000053290 Faulting process
id: 0x6a8 Faulting application start time: 0x01ce998a80c8971a Faulting application
path: C:\Windows\system32\lxczcoms.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 7304c956-1130-11e3-9433-001a92b524d6

Error - 30/08/2013 1:13:02 AM | Computer Name = HPPavilion | Source = Application Error | ID = 1000
Description = Faulting application name: FlashUtil64_11_7_700_169_ActiveX.exe, version:
11.7.700.169, time stamp: 0x5155fbd9 Faulting module name: ntdll.dll, version: 6.1.7601.18205,
time stamp: 0x51dba4e7 Exception code: 0xc0000005 Fault offset: 0x0000000000053290
Faulting
process id: 0xb1c Faulting application start time: 0x01cea53f8883305d Faulting application
path: C:\Windows\System32\Macromed\Flash\FlashUtil64_11_7_700_169_ActiveX.exe Faulting
module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: d76958c4-1132-11e3-bac0-001a92b524d6

Error - 30/08/2013 1:40:12 AM | Computer Name = HPPavilion | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 30/08/2013 1:41:21 AM | Computer Name = HPPavilion | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 30/08/2013 1:43:33 AM | Computer Name = HPPavilion | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 02/09/2013 11:09:52 AM | Computer Name = HPPavilion | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 02/09/2013 11:10:23 AM | Computer Name = HPPavilion | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 02/09/2013 11:11:14 AM | Computer Name = HPPavilion | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 02/09/2013 12:36:21 PM | Computer Name = HPPavilion | Source = Application Hang | ID = 1002
Description = The program mbam.exe version 1.75.0.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: fb8 Start Time:
01cea7fa70b024b7 Termination Time: 16 Application Path: C:\Program Files (x86)\Malwarebytes'
Anti-Malware\mbam.exe Report Id: bd270a3a-13ed-11e3-b5ed-001a92b524d6

Error - 03/09/2013 1:17:51 AM | Computer Name = HPPavilion | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 03/09/2013 1:19:07 AM | Computer Name = HPPavilion | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 04/09/2013 12:33:45 AM | Computer Name = HPPavilion | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 04/09/2013 12:35:06 AM | Computer Name = HPPavilion | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 16/07/2013 5:31:41 AM | Computer Name = HPPavilion | Source = Microsoft Antimalware | ID = 3002
Description =

Error - 17/07/2013 5:27:56 AM | Computer Name = HPPavilion | Source = Microsoft Antimalware | ID = 3002
Description =

Error - 17/07/2013 8:34:49 PM | Computer Name = HPPavilion | Source = DCOM | ID = 10016
Description =

Error - 17/07/2013 8:43:01 PM | Computer Name = HPPavilion | Source = DCOM | ID = 10016
Description =

Error - 18/07/2013 10:23:38 PM | Computer Name = HPPavilion | Source = Microsoft Antimalware | ID = 3002
Description =

Error - 18/07/2013 11:45:46 PM | Computer Name = HPPavilion | Source = DCOM | ID = 10016
Description =

Error - 15/08/2013 3:03:30 AM | Computer Name = HPPavilion | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 15/08/2013 3:03:30 AM | Computer Name = HPPavilion | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 15/08/2013 3:39:07 AM | Computer Name = HPPavilion | Source = Microsoft Antimalware | ID = 3002
Description =

Error - 30/08/2013 12:56:01 AM | Computer Name = HPPavilion | Source = Service Control Manager | ID = 7034
Description = The lxcz_device service terminated unexpectedly. It has done this
1 time(s).


< End of report >

aswMBR log:
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-04 13:04:20
-----------------------------
13:04:20.633 OS Version: Windows x64 6.1.7601 Service Pack 1
13:04:20.633 Number of processors: 2 586 0xF02
13:04:20.633 ComputerName: HPPAVILION UserName: Fernando
13:04:22.661 Initialize success
13:06:23.697 AVAST engine defs: 13090400
13:06:58.969 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:06:58.969 Disk 0 Vendor: ST332082 3.AH Size: 305245MB BusType: 8
13:06:59.172 Disk 0 MBR read successfully
13:06:59.172 Disk 0 MBR scan
13:06:59.187 Disk 0 Windows 7 default MBR code
13:06:59.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:06:59.219 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
13:06:59.328 Disk 0 scanning C:\Windows\system32\drivers
13:07:10.232 Service scanning
13:07:36.082 Modules scanning
13:07:36.768 AVAST engine scan C:\Windows
13:07:38.905 AVAST engine scan C:\Windows\system32
13:11:04.828 AVAST engine scan C:\Windows\system32\drivers
13:11:27.900 AVAST engine scan C:\Users\Fernando
13:13:20.752 Disk 0 MBR has been saved successfully to "C:\Users\Fernando\Desktop\MBR.dat"
13:13:20.767 The log file has been saved successfully to "C:\Users\Fernando\Desktop\aswMBR04092013.txt"


ComboFix log:
ComboFix 13-09-04.01 - Fernando 04/09/2013 13:21:11.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.2038.883 [GMT -4:00]
Running from: c:\users\Fernando\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-08-04 to 2013-09-04 )))))))))))))))))))))))))))))))
.
.
2013-09-04 17:26 . 2013-09-04 17:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-03 09:26 . 2013-09-03 09:26 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{99DC42DD-29E1-4CF1-846E-0D7183DBF8D4}\offreg.dll
2013-09-03 09:24 . 2013-08-20 04:46 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{99DC42DD-29E1-4CF1-846E-0D7183DBF8D4}\mpengine.dll
2013-09-02 16:35 . 2013-09-02 16:35 -------- d-----w- c:\users\Fernando\AppData\Roaming\Malwarebytes
2013-09-02 16:34 . 2013-09-02 16:34 -------- d-----w- c:\programdata\Malwarebytes
2013-09-02 16:34 . 2013-09-02 16:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-02 16:34 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-02 07:30 . 2013-09-02 07:30 -------- d-----w- c:\windows\Microsoft Antimalware
2013-09-02 02:29 . 2013-09-02 16:48 -------- d-----w- c:\programdata\s33XiVgV
2013-08-15 07:03 . 2013-08-15 07:06 -------- d-----w- c:\windows\system32\MRT
2013-08-14 18:55 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-07 02:01 . 2013-08-08 02:11 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-15 07:03 . 2012-01-15 20:15 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-08-07 08:22 . 2012-01-15 19:35 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-07-09 04:45 . 2013-08-14 18:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
.
c:\users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech QuickCam S5500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTBS26.SYS [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWBS2.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 12:16 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 21:39]
.
2013-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 21:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 363544]
"lxczbmgr.exe"="c:\program files (x86)\Lexmark 1200 Series\lxczbmgr.exe" [2009-04-27 74408]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - c:\program files (x86)\TurboTax 2012\ic2012pp.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-04 13:30:03
ComboFix-quarantined-files.txt 2013-09-04 17:30
.
Pre-Run: 229,014,409,216 bytes free
Post-Run: 229,938,290,688 bytes free
.
- - End Of File - - 20CD288787EF39ED39EB264E22FE310A
A36C5E4F47E84449FF07ED3517B43A31

TDSSKiller log first run without the Additional Options checked:
14:06:10.0432 3472 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:06:10.0838 3472 ============================================================
14:06:10.0838 3472 Current date / time: 2013/09/04 14:06:10.0838
14:06:10.0838 3472 SystemInfo:
14:06:10.0838 3472
14:06:10.0838 3472 OS Version: 6.1.7601 ServicePack: 1.0
14:06:10.0838 3472 Product type: Workstation
14:06:10.0838 3472 ComputerName: HPPAVILION
14:06:10.0838 3472 UserName: Fernando
14:06:10.0854 3472 Windows directory: C:\Windows
14:06:10.0854 3472 System windows directory: C:\Windows
14:06:10.0854 3472 Running under WOW64
14:06:10.0854 3472 Processor architecture: Intel x64
14:06:10.0854 3472 Number of processors: 2
14:06:10.0854 3472 Page size: 0x1000
14:06:10.0854 3472 Boot type: Normal boot
14:06:10.0854 3472 ============================================================
14:06:11.0556 3472 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:06:11.0571 3472 ============================================================
14:06:11.0571 3472 \Device\Harddisk0\DR0:
14:06:11.0571 3472 MBR partitions:
14:06:11.0571 3472 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:06:11.0571 3472 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
14:06:11.0571 3472 ============================================================
14:06:11.0602 3472 C: <-> \Device\Harddisk0\DR0\Partition2
14:06:11.0602 3472 ============================================================
14:06:11.0602 3472 Initialize success
14:06:11.0602 3472 ============================================================
14:06:38.0497 8180 Deinitialize success

TDSSKiller Log run with the two additional options checked:
14:06:40.0447 5800 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:06:40.0790 5800 ============================================================
14:06:40.0790 5800 Current date / time: 2013/09/04 14:06:40.0790
14:06:40.0790 5800 SystemInfo:
14:06:40.0790 5800
14:06:40.0790 5800 OS Version: 6.1.7601 ServicePack: 1.0
14:06:40.0790 5800 Product type: Workstation
14:06:40.0790 5800 ComputerName: HPPAVILION
14:06:40.0790 5800 UserName: Fernando
14:06:40.0790 5800 Windows directory: C:\Windows
14:06:40.0790 5800 System windows directory: C:\Windows
14:06:40.0790 5800 Running under WOW64
14:06:40.0790 5800 Processor architecture: Intel x64
14:06:40.0790 5800 Number of processors: 2
14:06:40.0790 5800 Page size: 0x1000
14:06:40.0790 5800 Boot type: Normal boot
14:06:40.0790 5800 ============================================================
14:06:41.0352 5800 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:06:41.0383 5800 ============================================================
14:06:41.0383 5800 \Device\Harddisk0\DR0:
14:06:41.0383 5800 MBR partitions:
14:06:41.0383 5800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:06:41.0383 5800 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
14:06:41.0383 5800 ============================================================
14:06:41.0414 5800 C: <-> \Device\Harddisk0\DR0\Partition2
14:06:41.0414 5800 ============================================================
14:06:41.0414 5800 Initialize success
14:06:41.0414 5800 ============================================================
14:07:37.0699 0272 ============================================================
14:07:37.0699 0272 Scan started
14:07:37.0699 0272 Mode: Manual;
14:07:37.0699 0272 ============================================================
14:07:37.0902 0272 ================ Scan system memory ========================
14:07:37.0902 0272 System memory - ok
14:07:37.0902 0272 ================ Scan services =============================
14:07:38.0058 0272 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:07:38.0058 0272 1394ohci - ok
14:07:38.0104 0272 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:07:38.0120 0272 ACPI - ok
14:07:38.0151 0272 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:07:38.0151 0272 AcpiPmi - ok
14:07:38.0198 0272 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:07:38.0229 0272 adp94xx - ok
14:07:38.0307 0272 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:07:38.0307 0272 adpahci - ok
14:07:38.0338 0272 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:07:38.0338 0272 adpu320 - ok
14:07:38.0370 0272 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:07:38.0370 0272 AeLookupSvc - ok
14:07:38.0416 0272 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:07:38.0432 0272 AFD - ok
14:07:38.0479 0272 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:07:38.0479 0272 agp440 - ok
14:07:38.0494 0272 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:07:38.0510 0272 ALG - ok
14:07:38.0541 0272 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:07:38.0541 0272 aliide - ok
14:07:38.0557 0272 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:07:38.0557 0272 amdide - ok
14:07:38.0604 0272 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:07:38.0604 0272 AmdK8 - ok
14:07:38.0619 0272 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:07:38.0619 0272 AmdPPM - ok
14:07:38.0666 0272 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:07:38.0666 0272 amdsata - ok
14:07:38.0697 0272 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:07:38.0697 0272 amdsbs - ok
14:07:38.0713 0272 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:07:38.0713 0272 amdxata - ok
14:07:38.0744 0272 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:07:38.0744 0272 AppID - ok
14:07:38.0775 0272 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:07:38.0775 0272 AppIDSvc - ok
14:07:38.0806 0272 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
14:07:38.0806 0272 Appinfo - ok
14:07:38.0900 0272 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:07:38.0900 0272 Apple Mobile Device - ok
14:07:38.0947 0272 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
14:07:38.0947 0272 AppMgmt - ok
14:07:38.0978 0272 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
14:07:38.0978 0272 arc - ok
14:07:39.0009 0272 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:07:39.0009 0272 arcsas - ok
14:07:39.0040 0272 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:07:39.0040 0272 AsyncMac - ok
14:07:39.0087 0272 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:07:39.0087 0272 atapi - ok
14:07:39.0150 0272 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:07:39.0181 0272 AudioEndpointBuilder - ok
14:07:39.0196 0272 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:07:39.0212 0272 AudioSrv - ok
14:07:39.0259 0272 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:07:39.0259 0272 AxInstSV - ok
14:07:39.0290 0272 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:07:39.0306 0272 b06bdrv - ok
14:07:39.0337 0272 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:07:39.0337 0272 b57nd60a - ok
14:07:39.0384 0272 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:07:39.0384 0272 BDESVC - ok
14:07:39.0399 0272 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:07:39.0399 0272 Beep - ok
14:07:39.0462 0272 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
14:07:39.0493 0272 BFE - ok
14:07:39.0524 0272 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
14:07:39.0540 0272 BITS - ok
14:07:39.0571 0272 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:07:39.0571 0272 blbdrive - ok
14:07:39.0649 0272 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:07:39.0649 0272 Bonjour Service - ok
14:07:39.0696 0272 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:07:39.0696 0272 bowser - ok
14:07:39.0711 0272 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:07:39.0711 0272 BrFiltLo - ok
14:07:39.0727 0272 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:07:39.0727 0272 BrFiltUp - ok
14:07:39.0758 0272 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
14:07:39.0758 0272 BridgeMP - ok
14:07:39.0789 0272 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:07:39.0789 0272 Browser - ok
14:07:39.0805 0272 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:07:39.0805 0272 Brserid - ok
14:07:39.0805 0272 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:07:39.0820 0272 BrSerWdm - ok
14:07:39.0820 0272 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:07:39.0820 0272 BrUsbMdm - ok
14:07:39.0836 0272 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:07:39.0836 0272 BrUsbSer - ok
14:07:39.0852 0272 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:07:39.0852 0272 BTHMODEM - ok
14:07:39.0898 0272 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:07:39.0898 0272 bthserv - ok
14:07:39.0945 0272 [ 46F088D1247E825B313200254EDD9E5B ] CAXHWBS2 C:\Windows\system32\DRIVERS\CAXHWBS2.sys
14:07:39.0945 0272 CAXHWBS2 - ok
14:07:39.0961 0272 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:07:39.0976 0272 cdfs - ok
14:07:40.0023 0272 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
14:07:40.0023 0272 cdrom - ok
14:07:40.0070 0272 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:07:40.0070 0272 CertPropSvc - ok
14:07:40.0101 0272 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:07:40.0101 0272 circlass - ok
14:07:40.0132 0272 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:07:40.0132 0272 CLFS - ok
14:07:40.0195 0272 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:07:40.0195 0272 clr_optimization_v2.0.50727_32 - ok
14:07:40.0242 0272 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:07:40.0257 0272 clr_optimization_v2.0.50727_64 - ok
14:07:40.0320 0272 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:07:40.0335 0272 clr_optimization_v4.0.30319_32 - ok
14:07:40.0351 0272 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:07:40.0366 0272 clr_optimization_v4.0.30319_64 - ok
14:07:40.0398 0272 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:07:40.0398 0272 CmBatt - ok
14:07:40.0413 0272 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:07:40.0413 0272 cmdide - ok
14:07:40.0460 0272 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
14:07:40.0460 0272 CNG - ok
14:07:40.0491 0272 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:07:40.0491 0272 Compbatt - ok
14:07:40.0522 0272 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:07:40.0522 0272 CompositeBus - ok
14:07:40.0538 0272 COMSysApp - ok
14:07:40.0554 0272 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:07:40.0554 0272 crcdisk - ok
14:07:40.0600 0272 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:07:40.0600 0272 CryptSvc - ok
14:07:40.0647 0272 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
14:07:40.0663 0272 CSC - ok
14:07:40.0725 0272 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
14:07:40.0741 0272 CscService - ok
14:07:40.0819 0272 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:07:40.0819 0272 DcomLaunch - ok
14:07:40.0850 0272 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:07:40.0866 0272 defragsvc - ok
14:07:40.0928 0272 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:07:40.0928 0272 DfsC - ok
14:07:40.0959 0272 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:07:40.0975 0272 Dhcp - ok
14:07:41.0006 0272 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:07:41.0006 0272 discache - ok
14:07:41.0022 0272 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:07:41.0022 0272 Disk - ok
14:07:41.0068 0272 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:07:41.0068 0272 Dnscache - ok
14:07:41.0100 0272 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:07:41.0115 0272 dot3svc - ok
14:07:41.0146 0272 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:07:41.0162 0272 DPS - ok
14:07:41.0193 0272 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:07:41.0193 0272 drmkaud - ok
14:07:41.0240 0272 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:07:41.0271 0272 DXGKrnl - ok
14:07:41.0302 0272 [ A6DB3A7828B456A574243066E2E77D8C ] E100B C:\Windows\system32\DRIVERS\efe5b32e.sys
14:07:41.0302 0272 E100B - ok
14:07:41.0334 0272 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:07:41.0334 0272 EapHost - ok
14:07:41.0458 0272 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:07:41.0552 0272 ebdrv - ok
14:07:41.0568 0272 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:07:41.0583 0272 EFS - ok
14:07:41.0646 0272 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:07:41.0677 0272 ehRecvr - ok
14:07:41.0708 0272 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:07:41.0708 0272 ehSched - ok
14:07:41.0739 0272 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:07:41.0755 0272 elxstor - ok
14:07:41.0770 0272 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:07:41.0770 0272 ErrDev - ok
14:07:41.0817 0272 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:07:41.0833 0272 EventSystem - ok
14:07:41.0848 0272 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:07:41.0848 0272 exfat - ok
14:07:41.0864 0272 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:07:41.0880 0272 fastfat - ok
14:07:41.0926 0272 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:07:41.0958 0272 Fax - ok
14:07:41.0989 0272 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:07:41.0989 0272 fdc - ok
14:07:42.0004 0272 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:07:42.0004 0272 fdPHost - ok
14:07:42.0020 0272 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:07:42.0020 0272 FDResPub - ok
14:07:42.0051 0272 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:07:42.0051 0272 FileInfo - ok
14:07:42.0051 0272 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:07:42.0051 0272 Filetrace - ok
14:07:42.0067 0272 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:07:42.0067 0272 flpydisk - ok
14:07:42.0114 0272 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:07:42.0129 0272 FltMgr - ok
14:07:42.0192 0272 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
14:07:42.0223 0272 FontCache - ok
14:07:42.0270 0272 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:07:42.0270 0272 FontCache3.0.0.0 - ok
14:07:42.0301 0272 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:07:42.0301 0272 FsDepends - ok
14:07:42.0332 0272 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:07:42.0332 0272 Fs_Rec - ok
14:07:42.0379 0272 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:07:42.0394 0272 fvevol - ok
14:07:42.0410 0272 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:07:42.0410 0272 gagp30kx - ok
14:07:42.0457 0272 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:07:42.0457 0272 GEARAspiWDM - ok
14:07:42.0504 0272 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:07:42.0535 0272 gpsvc - ok
14:07:42.0644 0272 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:07:42.0644 0272 gupdate - ok
14:07:42.0660 0272 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:07:42.0660 0272 gupdatem - ok
14:07:42.0706 0272 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:07:42.0706 0272 hcw85cir - ok
14:07:42.0738 0272 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:07:42.0753 0272 HdAudAddService - ok
14:07:42.0800 0272 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:07:42.0800 0272 HDAudBus - ok
14:07:42.0816 0272 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:07:42.0816 0272 HidBatt - ok
14:07:42.0831 0272 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:07:42.0831 0272 HidBth - ok
14:07:42.0847 0272 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:07:42.0847 0272 HidIr - ok
14:07:42.0862 0272 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
14:07:42.0878 0272 hidserv - ok
14:07:42.0925 0272 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:07:42.0925 0272 HidUsb - ok
14:07:42.0972 0272 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:07:42.0987 0272 hkmsvc - ok
14:07:43.0034 0272 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:07:43.0034 0272 HomeGroupListener - ok
14:07:43.0065 0272 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:07:43.0081 0272 HomeGroupProvider - ok
14:07:43.0112 0272 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:07:43.0112 0272 HpSAMD - ok
14:07:43.0190 0272 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
14:07:43.0206 0272 HsfXAudioService - ok
14:07:43.0253 0272 [ 64667D9808FD09FABEDCCF62E8F52662 ] HSF_DP C:\Windows\system32\DRIVERS\CAX_DP.sys
14:07:43.0299 0272 HSF_DP - ok
14:07:43.0362 0272 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:07:43.0393 0272 HTTP - ok
14:07:43.0440 0272 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:07:43.0440 0272 hwpolicy - ok
14:07:43.0487 0272 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:07:43.0502 0272 i8042prt - ok
14:07:43.0549 0272 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:07:43.0549 0272 iaStorV - ok
14:07:43.0611 0272 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:07:43.0627 0272 idsvc - ok
14:07:43.0799 0272 [ 89B99E3E988DFA20ABB58FF1930ADD21 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
14:07:43.0955 0272 igfx - ok
14:07:43.0986 0272 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:07:43.0986 0272 iirsp - ok
14:07:44.0048 0272 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:07:44.0064 0272 IKEEXT - ok
14:07:44.0142 0272 [ BFBABCB231628A4551DBB10D0EA25D62 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:07:44.0204 0272 IntcAzAudAddService - ok
14:07:44.0235 0272 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:07:44.0235 0272 intelide - ok
14:07:44.0267 0272 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:07:44.0267 0272 intelppm - ok
14:07:44.0298 0272 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:07:44.0313 0272 IPBusEnum - ok
14:07:44.0345 0272 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:07:44.0345 0272 IpFilterDriver - ok
14:07:44.0391 0272 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:07:44.0391 0272 iphlpsvc - ok
14:07:44.0438 0272 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:07:44.0438 0272 IPMIDRV - ok
14:07:44.0469 0272 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:07:44.0469 0272 IPNAT - ok
14:07:44.0516 0272 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:07:44.0532 0272 iPod Service - ok
14:07:44.0547 0272 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:07:44.0563 0272 IRENUM - ok
14:07:44.0579 0272 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:07:44.0594 0272 isapnp - ok
14:07:44.0610 0272 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:07:44.0610 0272 iScsiPrt - ok
14:07:44.0641 0272 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
14:07:44.0641 0272 kbdclass - ok
14:07:44.0657 0272 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:07:44.0657 0272 kbdhid - ok
14:07:44.0688 0272 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:07:44.0688 0272 KeyIso - ok
14:07:44.0735 0272 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:07:44.0735 0272 KSecDD - ok
14:07:44.0750 0272 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:07:44.0750 0272 KSecPkg - ok
14:07:44.0781 0272 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:07:44.0781 0272 ksthunk - ok
14:07:44.0813 0272 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:07:44.0828 0272 KtmRm - ok
14:07:44.0875 0272 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:07:44.0875 0272 LanmanServer - ok
14:07:44.0922 0272 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:07:44.0937 0272 LanmanWorkstation - ok
14:07:44.0969 0272 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:07:44.0969 0272 lltdio - ok
14:07:45.0000 0272 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:07:45.0015 0272 lltdsvc - ok
14:07:45.0031 0272 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:07:45.0031 0272 lmhosts - ok
14:07:45.0062 0272 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:07:45.0078 0272 LSI_FC - ok
14:07:45.0093 0272 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:07:45.0093 0272 LSI_SAS - ok
14:07:45.0109 0272 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:07:45.0109 0272 LSI_SAS2 - ok
14:07:45.0140 0272 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:07:45.0140 0272 LSI_SCSI - ok
14:07:45.0156 0272 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:07:45.0156 0272 luafv - ok
14:07:45.0171 0272 LVPr2M64 - ok
14:07:45.0218 0272 [ 986C1CB787A007BAA5F74E7D316D7246 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
14:07:45.0218 0272 LVRS64 - ok
14:07:45.0390 0272 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
14:07:45.0546 0272 LVUVC64 - ok
14:07:45.0577 0272 lxcz_device - ok
14:07:45.0608 0272 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
14:07:45.0608 0272 MBAMProtector - ok
14:07:45.0655 0272 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:07:45.0655 0272 MBAMScheduler - ok
14:07:45.0702 0272 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:07:45.0702 0272 MBAMService - ok
14:07:45.0733 0272 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:07:45.0749 0272 Mcx2Svc - ok
14:07:45.0764 0272 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:07:45.0764 0272 mdmxsdk - ok
14:07:45.0780 0272 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:07:45.0795 0272 megasas - ok
14:07:45.0827 0272 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:07:45.0827 0272 MegaSR - ok
14:07:45.0905 0272 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:07:45.0905 0272 Microsoft Office Groove Audit Service - ok
14:07:45.0936 0272 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:07:45.0951 0272 MMCSS - ok
14:07:45.0967 0272 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:07:45.0967 0272 Modem - ok
14:07:45.0998 0272 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:07:45.0998 0272 monitor - ok
14:07:46.0045 0272 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:07:46.0045 0272 mouclass - ok
14:07:46.0076 0272 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:07:46.0076 0272 mouhid - ok
14:07:46.0123 0272 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:07:46.0123 0272 mountmgr - ok
14:07:46.0185 0272 [ 6C452A07E4F72B31FB93DA153D083179 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:07:46.0185 0272 MozillaMaintenance - ok
14:07:46.0217 0272 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:07:46.0217 0272 mpio - ok
14:07:46.0248 0272 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:07:46.0263 0272 mpsdrv - ok
14:07:46.0310 0272 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:07:46.0341 0272 MpsSvc - ok
14:07:46.0373 0272 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:07:46.0373 0272 MRxDAV - ok
14:07:46.0404 0272 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:07:46.0404 0272 mrxsmb - ok
14:07:46.0419 0272 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:07:46.0435 0272 mrxsmb10 - ok
14:07:46.0451 0272 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:07:46.0451 0272 mrxsmb20 - ok
14:07:46.0482 0272 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:07:46.0482 0272 msahci - ok
14:07:46.0513 0272 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:07:46.0529 0272 msdsm - ok
14:07:46.0560 0272 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:07:46.0560 0272 MSDTC - ok
14:07:46.0591 0272 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:07:46.0591 0272 Msfs - ok
14:07:46.0607 0272 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:07:46.0607 0272 mshidkmdf - ok
14:07:46.0638 0272 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:07:46.0653 0272 msisadrv - ok
14:07:46.0685 0272 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:07:46.0685 0272 MSiSCSI - ok
14:07:46.0700 0272 msiserver - ok
14:07:46.0731 0272 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:07:46.0731 0272 MSKSSRV - ok
14:07:46.0747 0272 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:07:46.0747 0272 MSPCLOCK - ok
14:07:46.0778 0272 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:07:46.0778 0272 MSPQM - ok
14:07:46.0809 0272 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:07:46.0825 0272 MsRPC - ok
14:07:46.0872 0272 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:07:46.0872 0272 mssmbios - ok
14:07:46.0887 0272 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:07:46.0887 0272 MSTEE - ok
14:07:46.0903 0272 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:07:46.0903 0272 MTConfig - ok
14:07:46.0934 0272 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:07:46.0934 0272 Mup - ok
14:07:46.0981 0272 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:07:47.0012 0272 napagent - ok
14:07:47.0043 0272 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:07:47.0059 0272 NativeWifiP - ok
14:07:47.0184 0272 [ 3BAE2BFCB6D69E19C8373F635DD544DC ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
14:07:47.0199 0272 NBService - ok
14:07:47.0277 0272 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:07:47.0309 0272 NDIS - ok
14:07:47.0324 0272 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:07:47.0324 0272 NdisCap - ok
14:07:47.0355 0272 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:07:47.0355 0272 NdisTapi - ok
14:07:47.0418 0272 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:07:47.0418 0272 Ndisuio - ok
14:07:47.0449 0272 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:07:47.0449 0272 NdisWan - ok
14:07:47.0480 0272 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:07:47.0480 0272 NDProxy - ok
14:07:47.0527 0272 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:07:47.0527 0272 NetBIOS - ok
14:07:47.0558 0272 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:07:47.0574 0272 NetBT - ok
14:07:47.0574 0272 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:07:47.0589 0272 Netlogon - ok
14:07:47.0621 0272 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:07:47.0636 0272 Netman - ok
14:07:47.0652 0272 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:07:47.0667 0272 netprofm - ok
14:07:47.0683 0272 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:07:47.0683 0272 NetTcpPortSharing - ok
14:07:47.0714 0272 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:07:47.0714 0272 nfrd960 - ok
14:07:47.0761 0272 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:07:47.0761 0272 NlaSvc - ok
14:07:47.0855 0272 [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
14:07:47.0855 0272 NMIndexingService - ok
14:07:47.0886 0272 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:07:47.0886 0272 Npfs - ok
14:07:47.0933 0272 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:07:47.0933 0272 nsi - ok
14:07:47.0948 0272 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:07:47.0948 0272 nsiproxy - ok
14:07:48.0026 0272 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:07:48.0073 0272 Ntfs - ok
14:07:48.0104 0272 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:07:48.0104 0272 Null - ok
14:07:48.0120 0272 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:07:48.0135 0272 nvraid - ok
14:07:48.0167 0272 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:07:48.0167 0272 nvstor - ok
14:07:48.0213 0272 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:07:48.0213 0272 nv_agp - ok
14:07:48.0276 0272 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:07:48.0276 0272 odserv - ok
14:07:48.0307 0272 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:07:48.0323 0272 ohci1394 - ok
14:07:48.0354 0272 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:07:48.0354 0272 ose - ok
14:07:48.0401 0272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:07:48.0416 0272 p2pimsvc - ok
14:07:48.0447 0272 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:07:48.0463 0272 p2psvc - ok
14:07:48.0494 0272 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:07:48.0494 0272 Parport - ok
14:07:48.0541 0272 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:07:48.0541 0272 partmgr - ok
14:07:48.0557 0272 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:07:48.0572 0272 PcaSvc - ok
14:07:48.0588 0272 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:07:48.0588 0272 pci - ok
14:07:48.0635 0272 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:07:48.0635 0272 pciide - ok
14:07:48.0650 0272 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:07:48.0650 0272 pcmcia - ok
14:07:48.0666 0272 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:07:48.0681 0272 pcw - ok
14:07:48.0697 0272 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:07:48.0728 0272 PEAUTH - ok
14:07:48.0775 0272 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:07:48.0822 0272 PeerDistSvc - ok
14:07:48.0837 0272 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:07:48.0853 0272 PerfHost - ok
14:07:48.0915 0272 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:07:48.0962 0272 pla - ok
14:07:49.0009 0272 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
14:07:49.0009 0272 PLFlash DeviceIoControl Service - ok
14:07:49.0056 0272 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:07:49.0071 0272 PlugPlay - ok
14:07:49.0103 0272 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:07:49.0103 0272 PNRPAutoReg - ok
14:07:49.0134 0272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:07:49.0134 0272 PNRPsvc - ok
14:07:49.0181 0272 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:07:49.0196 0272 PolicyAgent - ok
14:07:49.0212 0272 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:07:49.0227 0272 Power - ok
14:07:49.0274 0272 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:07:49.0274 0272 PptpMiniport - ok
14:07:49.0290 0272 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:07:49.0290 0272 Processor - ok
14:07:49.0337 0272 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:07:49.0337 0272 ProfSvc - ok
14:07:49.0352 0272 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:07:49.0352 0272 ProtectedStorage - ok
14:07:49.0399 0272 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:07:49.0399 0272 Psched - ok
14:07:49.0461 0272 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:07:49.0508 0272 ql2300 - ok
14:07:49.0524 0272 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:07:49.0524 0272 ql40xx - ok
14:07:49.0555 0272 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:07:49.0555 0272 QWAVE - ok
14:07:49.0571 0272 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:07:49.0571 0272 QWAVEdrv - ok
14:07:49.0586 0272 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:07:49.0586 0272 RasAcd - ok
14:07:49.0617 0272 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:07:49.0617 0272 RasAgileVpn - ok
14:07:49.0649 0272 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:07:49.0649 0272 RasAuto - ok
14:07:49.0680 0272 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:07:49.0680 0272 Rasl2tp - ok
14:07:49.0711 0272 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:07:49.0727 0272 RasMan - ok
14:07:49.0758 0272 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:07:49.0758 0272 RasPppoe - ok
14:07:49.0773 0272 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:07:49.0773 0272 RasSstp - ok
14:07:49.0805 0272 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:07:49.0820 0272 rdbss - ok
14:07:49.0820 0272 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:07:49.0820 0272 rdpbus - ok
14:07:49.0836 0272 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:07:49.0836 0272 RDPCDD - ok
14:07:49.0883 0272 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:07:49.0883 0272 RDPDR - ok
14:07:49.0914 0272 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:07:49.0914 0272 RDPENCDD - ok
14:07:49.0945 0272 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:07:49.0945 0272 RDPREFMP - ok
14:07:50.0039 0272 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:07:50.0039 0272 RdpVideoMiniport - ok
14:07:50.0070 0272 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:07:50.0070 0272 RDPWD - ok
14:07:50.0132 0272 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:07:50.0132 0272 rdyboost - ok
14:07:50.0163 0272 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:07:50.0163 0272 RemoteAccess - ok
14:07:50.0195 0272 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:07:50.0210 0272 RemoteRegistry - ok
14:07:50.0241 0272 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:07:50.0241 0272 RpcEptMapper - ok
14:07:50.0273 0272 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:07:50.0273 0272 RpcLocator - ok
14:07:50.0319 0272 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
14:07:50.0335 0272 RpcSs - ok
14:07:50.0366 0272 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:07:50.0366 0272 rspndr - ok
14:07:50.0397 0272 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
14:07:50.0397 0272 s3cap - ok
14:07:50.0413 0272 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:07:50.0429 0272 SamSs - ok
14:07:50.0460 0272 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:07:50.0460 0272 sbp2port - ok
14:07:50.0491 0272 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:07:50.0491 0272 SCardSvr - ok
14:07:50.0522 0272 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:07:50.0538 0272 scfilter - ok
14:07:50.0585 0272 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:07:50.0616 0272 Schedule - ok
14:07:50.0663 0272 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:07:50.0663 0272 SCPolicySvc - ok
14:07:50.0709 0272 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:07:50.0709 0272 SDRSVC - ok
14:07:50.0741 0272 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:07:50.0741 0272 secdrv - ok
14:07:50.0756 0272 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:07:50.0756 0272 seclogon - ok
14:07:50.0787 0272 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
14:07:50.0787 0272 SENS - ok
14:07:50.0803 0272 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:07:50.0803 0272 SensrSvc - ok
14:07:50.0819 0272 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:07:50.0819 0272 Serenum - ok
14:07:50.0834 0272 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:07:50.0834 0272 Serial - ok
14:07:50.0850 0272 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:07:50.0865 0272 sermouse - ok
14:07:50.0912 0272 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:07:50.0912 0272 SessionEnv - ok
14:07:50.0943 0272 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:07:50.0943 0272 sffdisk - ok
14:07:50.0959 0272 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:07:50.0959 0272 sffp_mmc - ok
14:07:50.0975 0272 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:07:50.0975 0272 sffp_sd - ok
14:07:51.0006 0272 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:07:51.0006 0272 sfloppy - ok
14:07:51.0037 0272 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:07:51.0037 0272 SharedAccess - ok
14:07:51.0084 0272 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:07:51.0099 0272 ShellHWDetection - ok
14:07:51.0115 0272 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:07:51.0131 0272 SiSRaid2 - ok
14:07:51.0146 0272 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:07:51.0146 0272 SiSRaid4 - ok
14:07:51.0224 0272 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
14:07:51.0224 0272 SkypeUpdate - ok
14:07:51.0255 0272 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:07:51.0255 0272 Smb - ok
14:07:51.0302 0272 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:07:51.0302 0272 SNMPTRAP - ok
14:07:51.0333 0272 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:07:51.0333 0272 spldr - ok
14:07:51.0380 0272 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:07:51.0411 0272 Spooler - ok
14:07:51.0552 0272 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:07:51.0630 0272 sppsvc - ok
14:07:51.0661 0272 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:07:51.0661 0272 sppuinotify - ok
14:07:51.0692 0272 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:07:51.0708 0272 srv - ok
14:07:51.0739 0272 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:07:51.0739 0272 srv2 - ok
14:07:51.0755 0272 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:07:51.0770 0272 srvnet - ok
14:07:51.0786 0272 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:07:51.0801 0272 SSDPSRV - ok
14:07:51.0801 0272 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:07:51.0817 0272 SstpSvc - ok
14:07:51.0833 0272 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:07:51.0833 0272 stexstor - ok
14:07:51.0879 0272 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:07:51.0911 0272 stisvc - ok
14:07:51.0957 0272 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
14:07:51.0957 0272 storflt - ok
14:07:51.0989 0272 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:07:51.0989 0272 storvsc - ok
14:07:52.0020 0272 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:07:52.0020 0272 swenum - ok
14:07:52.0067 0272 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:07:52.0082 0272 swprv - ok
14:07:52.0098 0272 Synth3dVsc - ok
14:07:52.0176 0272 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:07:52.0223 0272 SysMain - ok
14:07:52.0269 0272 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:07:52.0269 0272 TabletInputService - ok
14:07:52.0316 0272 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:07:52.0332 0272 TapiSrv - ok
14:07:52.0347 0272 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:07:52.0363 0272 TBS - ok
14:07:52.0441 0272 [ DB74544B75566C974815E79A62433F29 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:07:52.0488 0272 Tcpip - ok
14:07:52.0550 0272 [ DB74544B75566C974815E79A62433F29 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:07:52.0566 0272 TCPIP6 - ok
14:07:52.0597 0272 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:07:52.0613 0272 tcpipreg - ok
14:07:52.0628 0272 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:07:52.0628 0272 TDPIPE - ok
14:07:52.0659 0272 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:07:52.0659 0272 TDTCP - ok
14:07:52.0706 0272 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:07:52.0722 0272 tdx - ok
14:07:52.0753 0272 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:07:52.0753 0272 TermDD - ok
14:07:52.0800 0272 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:07:52.0831 0272 TermService - ok
14:07:52.0847 0272 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:07:52.0847 0272 Themes - ok
14:07:52.0862 0272 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:07:52.0862 0272 THREADORDER - ok
14:07:52.0893 0272 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:07:52.0893 0272 TrkWks - ok
14:07:52.0940 0272 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:07:52.0940 0272 TrustedInstaller - ok
14:07:52.0987 0272 [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:07:52.0987 0272 tssecsrv - ok
14:07:53.0018 0272 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:07:53.0018 0272 TsUsbFlt - ok
14:07:53.0018 0272 tsusbhub - ok
14:07:53.0081 0272 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:07:53.0081 0272 tunnel - ok
14:07:53.0112 0272 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:07:53.0112 0272 uagp35 - ok
14:07:53.0143 0272 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:07:53.0159 0272 udfs - ok
14:07:53.0190 0272 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:07:53.0190 0272 UI0Detect - ok
14:07:53.0205 0272 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:07:53.0221 0272 uliagpkx - ok
14:07:53.0268 0272 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
14:07:53.0268 0272 umbus - ok
14:07:53.0283 0272 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:07:53.0299 0272 UmPass - ok
14:07:53.0330 0272 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
14:07:53.0330 0272 UmRdpService - ok
14:07:53.0361 0272 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:07:53.0377 0272 upnphost - ok
14:07:53.0408 0272 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:07:53.0408 0272 usbaudio - ok
14:07:53.0455 0272 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:07:53.0455 0272 usbccgp - ok
14:07:53.0486 0272 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:07:53.0486 0272 usbcir - ok
14:07:53.0502 0272 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:07:53.0502 0272 usbehci - ok
14:07:53.0533 0272 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:07:53.0533 0272 usbhub - ok
14:07:53.0549 0272 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:07:53.0549 0272 usbohci - ok
14:07:53.0564 0272 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:07:53.0580 0272 usbprint - ok
14:07:53.0611 0272 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:07:53.0611 0272 usbscan - ok
14:07:53.0627 0272 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:07:53.0627 0272 USBSTOR - ok
14:07:53.0642 0272 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:07:53.0642 0272 usbuhci - ok
14:07:53.0673 0272 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:07:53.0673 0272 UxSms - ok
14:07:53.0689 0272 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:07:53.0689 0272 VaultSvc - ok
14:07:53.0705 0272 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:07:53.0705 0272 vdrvroot - ok
14:07:53.0751 0272 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:07:53.0767 0272 vds - ok
14:07:53.0798 0272 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:07:53.0798 0272 vga - ok
14:07:53.0814 0272 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:07:53.0814 0272 VgaSave - ok
14:07:53.0829 0272 VGPU - ok
14:07:53.0861 0272 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:07:53.0861 0272 vhdmp - ok
14:07:53.0892 0272 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:07:53.0892 0272 viaide - ok
14:07:53.0939 0272 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
14:07:53.0939 0272 vmbus - ok
14:07:53.0970 0272 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
14:07:53.0970 0272 VMBusHID - ok
14:07:53.0985 0272 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:07:53.0985 0272 volmgr - ok
14:07:54.0032 0272 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:07:54.0032 0272 volmgrx - ok
14:07:54.0063 0272 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:07:54.0079 0272 volsnap - ok
14:07:54.0110 0272 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:07:54.0110 0272 vsmraid - ok
14:07:54.0173 0272 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:07:54.0235 0272 VSS - ok
14:07:54.0251 0272 [ 93132C69394A99D992095D8CFE464801 ] VST64HWBS2 C:\Windows\system32\DRIVERS\VSTBS26.SYS
14:07:54.0266 0272 VST64HWBS2 - ok
14:07:54.0313 0272 [ 02071D207A9858FBE3A48CBFD59C4A04 ] VST64_DPV C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:07:54.0344 0272 VST64_DPV - ok
14:07:54.0360 0272 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:07:54.0360 0272 vwifibus - ok
14:07:54.0407 0272 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:07:54.0422 0272 W32Time - ok
14:07:54.0453 0272 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:07:54.0453 0272 WacomPen - ok
14:07:54.0500 0272 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:07:54.0500 0272 WANARP - ok
14:07:54.0516 0272 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:07:54.0516 0272 Wanarpv6 - ok
14:07:54.0594 0272 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:07:54.0625 0272 wbengine - ok
14:07:54.0656 0272 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:07:54.0672 0272 WbioSrvc - ok
14:07:54.0719 0272 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:07:54.0734 0272 wcncsvc - ok
14:07:54.0765 0272 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:07:54.0765 0272 WcsPlugInService - ok
14:07:54.0797 0272 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:07:54.0797 0272 Wd - ok
14:07:54.0843 0272 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:07:54.0875 0272 Wdf01000 - ok
14:07:54.0890 0272 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:07:54.0906 0272 WdiServiceHost - ok
14:07:54.0906 0272 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:07:54.0906 0272 WdiSystemHost - ok
14:07:54.0953 0272 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:07:54.0953 0272 WebClient - ok
14:07:54.0968 0272 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:07:54.0984 0272 Wecsvc - ok
14:07:54.0984 0272 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:07:54.0999 0272 wercplsupport - ok
14:07:55.0015 0272 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:07:55.0031 0272 WerSvc - ok
14:07:55.0046 0272 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:07:55.0062 0272 WfpLwf - ok
14:07:55.0062 0272 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:07:55.0077 0272 WIMMount - ok
14:07:55.0124 0272 [ A6EA7A3FC4B00F48535B506DB1E86EFD ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
14:07:55.0140 0272 winachsf - ok
14:07:55.0155 0272 WinDefend - ok
14:07:55.0171 0272 WinHttpAutoProxySvc - ok
14:07:55.0218 0272 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:07:55.0218 0272 Winmgmt - ok
14:07:55.0296 0272 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:07:55.0343 0272 WinRM - ok
14:07:55.0389 0272 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:07:55.0389 0272 WinUsb - ok
14:07:55.0421 0272 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:07:55.0452 0272 Wlansvc - ok
14:07:55.0483 0272 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:07:55.0483 0272 WmiAcpi - ok
14:07:55.0514 0272 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:07:55.0530 0272 wmiApSrv - ok
14:07:55.0545 0272 WMPNetworkSvc - ok
14:07:55.0561 0272 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:07:55.0577 0272 WPCSvc - ok
14:07:55.0608 0272 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:07:55.0623 0272 WPDBusEnum - ok
14:07:55.0639 0272 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:07:55.0655 0272 ws2ifsl - ok
14:07:55.0655 0272 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
14:07:55.0670 0272 wscsvc - ok
14:07:55.0670 0272 WSearch - ok
14:07:55.0748 0272 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:07:55.0811 0272 wuauserv - ok
14:07:55.0842 0272 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:07:55.0842 0272 WudfPf - ok
14:07:55.0873 0272 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:07:55.0873 0272 WUDFRd - ok
14:07:55.0920 0272 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:07:55.0920 0272 wudfsvc - ok
14:07:55.0967 0272 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
14:07:55.0982 0272 WwanSvc - ok
14:07:56.0013 0272 [ E8F3FA126A06F8E7088F63757112A186 ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys
14:07:56.0013 0272 XAudio - ok
14:07:56.0045 0272 ================ Scan global ===============================
14:07:56.0060 0272 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:07:56.0107 0272 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:07:56.0123 0272 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:07:56.0154 0272 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:07:56.0185 0272 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:07:56.0185 0272 [Global] - ok
14:07:56.0185 0272 ================ Scan MBR ==================================
14:07:56.0201 0272 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:07:56.0606 0272 \Device\Harddisk0\DR0 - ok
14:07:56.0606 0272 ================ Scan VBR ==================================
14:07:56.0606 0272 [ C20D948B0CD3633375D6A5664670DDEB ] \Device\Harddisk0\DR0\Partition1
14:07:56.0606 0272 \Device\Harddisk0\DR0\Partition1 - ok
14:07:56.0622 0272 [ 5F826158E051C2AB74DD5FF7BCDF241B ] \Device\Harddisk0\DR0\Partition2
14:07:56.0622 0272 \Device\Harddisk0\DR0\Partition2 - ok
14:07:56.0622 0272 ============================================================
14:07:56.0622 0272 Scan finished
14:07:56.0622 0272 ============================================================
14:07:56.0637 6860 Detected object count: 0
14:07:56.0637 6860 Actual detected object count: 0
14:08:52.0423 2464 ============================================================
14:08:52.0423 2464 Scan started
14:08:52.0423 2464 Mode: Manual; SigCheck; TDLFS;
14:08:52.0423 2464 ============================================================
14:08:52.0595 2464 ================ Scan system memory ========================
14:08:52.0595 2464 System memory - ok
14:08:52.0595 2464 ================ Scan services =============================
14:08:52.0782 2464 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:08:52.0875 2464 1394ohci - ok
14:08:52.0907 2464 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:08:52.0922 2464 ACPI - ok
14:08:52.0953 2464 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:08:53.0000 2464 AcpiPmi - ok
14:08:53.0047 2464 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:08:53.0063 2464 adp94xx - ok
14:08:53.0094 2464 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:08:53.0109 2464 adpahci - ok
14:08:53.0125 2464 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:08:53.0141 2464 adpu320 - ok
14:08:53.0172 2464 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:08:53.0219 2464 AeLookupSvc - ok
14:08:53.0265 2464 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:08:53.0297 2464 AFD - ok
14:08:53.0343 2464 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:08:53.0359 2464 agp440 - ok
14:08:53.0375 2464 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:08:53.0406 2464 ALG - ok
14:08:53.0437 2464 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:08:53.0453 2464 aliide - ok
14:08:53.0453 2464 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:08:53.0468 2464 amdide - ok
14:08:53.0484 2464 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:08:53.0515 2464 AmdK8 - ok
14:08:53.0531 2464 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:08:53.0562 2464 AmdPPM - ok
14:08:53.0609 2464 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:08:53.0624 2464 amdsata - ok
14:08:53.0655 2464 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:08:53.0671 2464 amdsbs - ok
14:08:53.0687 2464 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:08:53.0702 2464 amdxata - ok
14:08:53.0733 2464 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:08:53.0796 2464 AppID - ok
14:08:53.0827 2464 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:08:53.0858 2464 AppIDSvc - ok
14:08:53.0905 2464 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
14:08:53.0936 2464 Appinfo - ok
14:08:54.0030 2464 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:08:54.0045 2464 Apple Mobile Device - ok
14:08:54.0077 2464 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
14:08:54.0123 2464 AppMgmt - ok
14:08:54.0139 2464 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
14:08:54.0155 2464 arc - ok
14:08:54.0170 2464 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:08:54.0186 2464 arcsas - ok
14:08:54.0217 2464 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:08:54.0248 2464 AsyncMac - ok
14:08:54.0279 2464 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:08:54.0295 2464 atapi - ok
14:08:54.0357 2464 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:08:54.0420 2464 AudioEndpointBuilder - ok
14:08:54.0435 2464 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:08:54.0482 2464 AudioSrv - ok
14:08:54.0513 2464 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:08:54.0576 2464 AxInstSV - ok
14:08:54.0607 2464 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:08:54.0638 2464 b06bdrv - ok
14:08:54.0669 2464 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:08:54.0701 2464 b57nd60a - ok
14:08:54.0732 2464 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:08:54.0763 2464 BDESVC - ok
14:08:54.0779 2464 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:08:54.0825 2464 Beep - ok
14:08:54.0872 2464 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
14:08:54.0935 2464 BFE - ok
14:08:54.0966 2464 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
14:08:55.0013 2464 BITS - ok
14:08:55.0044 2464 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:08:55.0059 2464 blbdrive - ok
14:08:55.0137 2464 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:08:55.0153 2464 Bonjour Service - ok
14:08:55.0184 2464 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:08:55.0231 2464 bowser - ok
14:08:55.0262 2464 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:08:55.0309 2464 BrFiltLo - ok
14:08:55.0325 2464 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:08:55.0340 2464 BrFiltUp - ok
14:08:55.0356 2464 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
14:08:55.0387 2464 BridgeMP - ok
14:08:55.0418 2464 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:08:55.0434 2464 Browser - ok
14:08:55.0449 2464 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:08:55.0481 2464 Brserid - ok
14:08:55.0496 2464 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:08:55.0527 2464 BrSerWdm - ok
14:08:55.0527 2464 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:08:55.0559 2464 BrUsbMdm - ok
14:08:55.0559 2464 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:08:55.0574 2464 BrUsbSer - ok
14:08:55.0574 2464 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:08:55.0605 2464 BTHMODEM - ok
14:08:55.0652 2464 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:08:55.0715 2464 bthserv - ok
14:08:55.0746 2464 [ 46F088D1247E825B313200254EDD9E5B ] CAXHWBS2 C:\Windows\system32\DRIVERS\CAXHWBS2.sys
14:08:55.0777 2464 CAXHWBS2 - ok
14:08:55.0793 2464 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:08:55.0855 2464 cdfs - ok
14:08:55.0886 2464 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
14:08:55.0902 2464 cdrom - ok
14:08:55.0933 2464 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:08:56.0011 2464 CertPropSvc - ok
14:08:56.0027 2464 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:08:56.0073 2464 circlass - ok
14:08:56.0105 2464 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:08:56.0120 2464 CLFS - ok
14:08:56.0167 2464 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:08:56.0183 2464 clr_optimization_v2.0.50727_32 - ok
14:08:56.0229 2464 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:08:56.0245 2464 clr_optimization_v2.0.50727_64 - ok
14:08:56.0307 2464 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:08:56.0323 2464 clr_optimization_v4.0.30319_32 - ok
14:08:56.0354 2464 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:08:56.0354 2464 clr_optimization_v4.0.30319_64 - ok
14:08:56.0385 2464 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:08:56.0417 2464 CmBatt - ok
14:08:56.0432 2464 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:08:56.0448 2464 cmdide - ok
14:08:56.0479 2464 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
14:08:56.0541 2464 CNG - ok
14:08:56.0573 2464 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:08:56.0588 2464 Compbatt - ok
14:08:56.0604 2464 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:08:56.0635 2464 CompositeBus - ok
14:08:56.0635 2464 COMSysApp - ok
14:08:56.0651 2464 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:08:56.0666 2464 crcdisk - ok
14:08:56.0713 2464 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:08:56.0729 2464 CryptSvc - ok
14:08:56.0775 2464 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
14:08:56.0822 2464 CSC - ok
14:08:56.0838 2464 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
14:08:56.0869 2464 CscService - ok
14:08:56.0916 2464 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:08:56.0963 2464 DcomLaunch - ok
14:08:57.0009 2464 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:08:57.0041 2464 defragsvc - ok
14:08:57.0072 2464 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:08:57.0134 2464 DfsC - ok
14:08:57.0165 2464 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:08:57.0197 2464 Dhcp - ok
14:08:57.0228 2464 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:08:57.0275 2464 discache - ok
14:08:57.0290 2464 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:08:57.0306 2464 Disk - ok
14:08:57.0337 2464 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:08:57.0353 2464 Dnscache - ok
14:08:57.0384 2464 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:08:57.0431 2464 dot3svc - ok
14:08:57.0477 2464 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:08:57.0524 2464 DPS - ok
14:08:57.0540 2464 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:08:57.0587 2464 drmkaud - ok
14:08:57.0649 2464 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:08:57.0680 2464 DXGKrnl - ok
14:08:57.0696 2464 [ A6DB3A7828B456A574243066E2E77D8C ] E100B C:\Windows\system32\DRIVERS\efe5b32e.sys
14:08:57.0727 2464 E100B - ok
14:08:57.0758 2464 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:08:57.0821 2464 EapHost - ok
14:08:57.0930 2464 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:08:57.0992 2464 ebdrv - ok
14:08:58.0023 2464 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:08:58.0039 2464 EFS - ok
14:08:58.0117 2464 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:08:58.0164 2464 ehRecvr - ok
14:08:58.0195 2464 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:08:58.0226 2464 ehSched - ok
14:08:58.0257 2464 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:08:58.0289 2464 elxstor - ok
14:08:58.0304 2464 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:08:58.0320 2464 ErrDev - ok
14:08:58.0351 2464 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:08:58.0398 2464 EventSystem - ok
14:08:58.0413 2464 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:08:58.0460 2464 exfat - ok
14:08:58.0491 2464 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:08:58.0538 2464 fastfat - ok
14:08:58.0585 2464 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:08:58.0632 2464 Fax - ok
14:08:58.0647 2464 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:08:58.0663 2464 fdc - ok
14:08:58.0694 2464 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:08:58.0725 2464 fdPHost - ok
14:08:58.0741 2464 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:08:58.0788 2464 FDResPub - ok
14:08:58.0819 2464 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:08:58.0835 2464 FileInfo - ok
14:08:58.0850 2464 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:08:58.0897 2464 Filetrace - ok
14:08:58.0913 2464 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:08:58.0928 2464 flpydisk - ok
14:08:58.0975 2464 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:08:58.0991 2464 FltMgr - ok
14:08:59.0053 2464 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
14:08:59.0100 2464 FontCache - ok
14:08:59.0147 2464 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:08:59.0147 2464 FontCache3.0.0.0 - ok
14:08:59.0178 2464 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:08:59.0193 2464 FsDepends - ok
14:08:59.0225 2464 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:08:59.0240 2464 Fs_Rec - ok
14:08:59.0271 2464 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:08:59.0287 2464 fvevol - ok
14:08:59.0318 2464 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:08:59.0318 2464 gagp30kx - ok
14:08:59.0365 2464 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:08:59.0365 2464 GEARAspiWDM - ok
14:08:59.0427 2464 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:08:59.0490 2464 gpsvc - ok
14:08:59.0583 2464 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:08:59.0599 2464 gupdate - ok
14:08:59.0615 2464 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:08:59.0630 2464 gupdatem - ok
14:08:59.0661 2464 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:08:59.0693 2464 hcw85cir - ok
14:08:59.0724 2464 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:08:59.0739 2464 HdAudAddService - ok
14:08:59.0771 2464 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:08:59.0802 2464 HDAudBus - ok
14:08:59.0817 2464 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:08:59.0849 2464 HidBatt - ok
14:08:59.0864 2464 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:08:59.0895 2464 HidBth - ok
14:08:59.0895 2464 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:08:59.0911 2464 HidIr - ok
14:08:59.0942 2464 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
14:08:59.0989 2464 hidserv - ok
14:09:00.0036 2464 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:09:00.0036 2464 HidUsb - ok
14:09:00.0083 2464 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:09:00.0145 2464 hkmsvc - ok
14:09:00.0176 2464 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:09:00.0223 2464 HomeGroupListener - ok
14:09:00.0254 2464 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:09:00.0301 2464 HomeGroupProvider - ok
14:09:00.0332 2464 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:09:00.0363 2464 HpSAMD - ok
14:09:00.0426 2464 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
14:09:00.0457 2464 HsfXAudioService - ok
14:09:00.0488 2464 [ 64667D9808FD09FABEDCCF62E8F52662 ] HSF_DP C:\Windows\system32\DRIVERS\CAX_DP.sys
14:09:00.0535 2464 HSF_DP - ok
14:09:00.0582 2464 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:09:00.0644 2464 HTTP - ok
14:09:00.0675 2464 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:09:00.0691 2464 hwpolicy - ok
14:09:00.0722 2464 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:09:00.0738 2464 i8042prt - ok
14:09:00.0785 2464 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:09:00.0800 2464 iaStorV - ok
14:09:00.0863 2464 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:09:00.0894 2464 idsvc - ok
14:09:01.0065 2464 [ 89B99E3E988DFA20ABB58FF1930ADD21 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
14:09:01.0190 2464 igfx - ok
14:09:01.0221 2464 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:09:01.0237 2464 iirsp - ok
14:09:01.0284 2464 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:09:01.0331 2464 IKEEXT - ok
14:09:01.0424 2464 [ BFBABCB231628A4551DBB10D0EA25D62 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:09:01.0487 2464 IntcAzAudAddService - ok
14:09:01.0518 2464 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:09:01.0533 2464 intelide - ok
14:09:01.0549 2464 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:09:01.0580 2464 intelppm - ok
14:09:01.0611 2464 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:09:01.0643 2464 IPBusEnum - ok
14:09:01.0674 2464 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:09:01.0736 2464 IpFilterDriver - ok
14:09:01.0783 2464 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:09:01.0830 2464 iphlpsvc - ok
14:09:01.0861 2464 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:09:01.0877 2464 IPMIDRV - ok
14:09:01.0923 2464 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:09:01.0986 2464 IPNAT - ok
14:09:02.0033 2464 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:09:02.0048 2464 iPod Service - ok
14:09:02.0064 2464 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:09:02.0126 2464 IRENUM - ok
14:09:02.0157 2464 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:09:02.0173 2464 isapnp - ok
14:09:02.0204 2464 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:09:02.0220 2464 iScsiPrt - ok
14:09:02.0235 2464 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
14:09:02.0251 2464 kbdclass - ok
14:09:02.0282 2464 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:09:02.0298 2464 kbdhid - ok
14:09:02.0313 2464 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:09:02.0329 2464 KeyIso - ok
14:09:02.0376 2464 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:09:02.0391 2464 KSecDD - ok
14:09:02.0407 2464 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:09:02.0423 2464 KSecPkg - ok
14:09:02.0454 2464 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:09:02.0501 2464 ksthunk - ok
14:09:02.0532 2464 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:09:02.0579 2464 KtmRm - ok
14:09:02.0625 2464 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:09:02.0672 2464 LanmanServer - ok
14:09:02.0703 2464 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:09:02.0750 2464 LanmanWorkstation - ok
14:09:02.0766 2464 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:09:02.0813 2464 lltdio - ok
14:09:02.0844 2464 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:09:02.0891 2464 lltdsvc - ok
14:09:02.0906 2464 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:09:02.0953 2464 lmhosts - ok
14:09:02.0969 2464 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:09:02.0984 2464 LSI_FC - ok
14:09:03.0000 2464 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:09:03.0015 2464 LSI_SAS - ok
14:09:03.0031 2464 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:09:03.0047 2464 LSI_SAS2 - ok
14:09:03.0062 2464 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:09:03.0078 2464 LSI_SCSI - ok
14:09:03.0109 2464 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:09:03.0156 2464 luafv - ok
14:09:03.0156 2464 LVPr2M64 - ok
14:09:03.0218 2464 [ 986C1CB787A007BAA5F74E7D316D7246 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
14:09:03.0234 2464 LVRS64 - ok
14:09:03.0390 2464 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
14:09:03.0499 2464 LVUVC64 - ok
14:09:03.0515 2464 lxcz_device - ok
14:09:03.0546 2464 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
14:09:03.0561 2464 MBAMProtector - ok
14:09:03.0608 2464 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:09:03.0639 2464 MBAMScheduler - ok
14:09:03.0671 2464 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:09:03.0686 2464 MBAMService - ok
14:09:03.0733 2464 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:09:03.0764 2464 Mcx2Svc - ok
14:09:03.0780 2464 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:09:03.0795 2464 mdmxsdk - ok
14:09:03.0811 2464 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:09:03.0842 2464 megasas - ok
14:09:03.0873 2464 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:09:03.0889 2464 MegaSR - ok
14:09:03.0951 2464 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:09:03.0967 2464 Microsoft Office Groove Audit Service - ok
14:09:04.0014 2464 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:09:04.0076 2464 MMCSS - ok
14:09:04.0107 2464 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:09:04.0154 2464 Modem - ok
14:09:04.0170 2464 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:09:04.0201 2464 monitor - ok
14:09:04.0232 2464 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:09:04.0248 2464 mouclass - ok
14:09:04.0263 2464 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:09:04.0279 2464 mouhid - ok
14:09:04.0310 2464 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:09:04.0326 2464 mountmgr - ok
14:09:04.0373 2464 [ 6C452A07E4F72B31FB93DA153D083179 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:09:04.0388 2464 MozillaMaintenance - ok
14:09:04.0419 2464 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:09:04.0435 2464 mpio - ok
14:09:04.0466 2464 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:09:04.0513 2464 mpsdrv - ok
14:09:04.0560 2464 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:09:04.0622 2464 MpsSvc - ok
14:09:04.0669 2464 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:09:04.0716 2464 MRxDAV - ok
14:09:04.0731 2464 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:09:04.0763 2464 mrxsmb - ok
14:09:04.0794 2464 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:09:04.0809 2464 mrxsmb10 - ok
14:09:04.0841 2464 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:09:04.0856 2464 mrxsmb20 - ok
14:09:04.0903 2464 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:09:04.0903 2464 msahci - ok
14:09:04.0934 2464 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:09:04.0950 2464 msdsm - ok
14:09:04.0981 2464 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:09:05.0012 2464 MSDTC - ok
14:09:05.0043 2464 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:09:05.0090 2464 Msfs - ok
14:09:05.0106 2464 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:09:05.0199 2464 mshidkmdf - ok
14:09:05.0231 2464 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:09:05.0246 2464 msisadrv - ok
14:09:05.0262 2464 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:09:05.0324 2464 MSiSCSI - ok
14:09:05.0324 2464 msiserver - ok
14:09:05.0355 2464 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:09:05.0387 2464 MSKSSRV - ok
14:09:05.0402 2464 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:09:05.0449 2464 MSPCLOCK - ok
14:09:05.0465 2464 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:09:05.0511 2464 MSPQM - ok
14:09:05.0558 2464 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:09:05.0574 2464 MsRPC - ok
14:09:05.0621 2464 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:09:05.0636 2464 mssmbios - ok
14:09:05.0652 2464 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:09:05.0699 2464 MSTEE - ok
14:09:05.0714 2464 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:09:05.0745 2464 MTConfig - ok
14:09:05.0761 2464 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:09:05.0777 2464 Mup - ok
14:09:05.0823 2464 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:09:05.0886 2464 napagent - ok
14:09:05.0917 2464 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:09:05.0948 2464 NativeWifiP - ok
14:09:06.0057 2464 [ 3BAE2BFCB6D69E19C8373F635DD544DC ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
14:09:06.0089 2464 NBService - ok
14:09:06.0135 2464 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:09:06.0167 2464 NDIS - ok
14:09:06.0182 2464 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:09:06.0229 2464 NdisCap - ok
14:09:06.0245 2464 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:09:06.0307 2464 NdisTapi - ok
14:09:06.0338 2464 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:09:06.0385 2464 Ndisuio - ok
14:09:06.0416 2464 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:09:06.0463 2464 NdisWan - ok
14:09:06.0494 2464 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:09:06.0541 2464 NDProxy - ok
14:09:06.0572 2464 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:09:06.0619 2464 NetBIOS - ok
14:09:06.0650 2464 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:09:06.0697 2464 NetBT - ok
14:09:06.0713 2464 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:09:06.0744 2464 Netlogon - ok
14:09:06.0775 2464 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:09:06.0806 2464 Netman - ok
14:09:06.0822 2464 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:09:06.0884 2464 netprofm - ok
14:09:06.0915 2464 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:09:06.0931 2464 NetTcpPortSharing - ok
14:09:06.0962 2464 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:09:06.0978 2464 nfrd960 - ok
14:09:07.0025 2464 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:09:07.0040 2464 NlaSvc - ok
14:09:07.0118 2464 [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
14:09:07.0134 2464 NMIndexingService - ok
14:09:07.0165 2464 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:09:07.0196 2464 Npfs - ok
14:09:07.0227 2464 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:09:07.0274 2464 nsi - ok
14:09:07.0290 2464 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:09:07.0337 2464 nsiproxy - ok
14:09:07.0415 2464 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:09:07.0446 2464 Ntfs - ok
14:09:07.0477 2464 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:09:07.0508 2464 Null - ok
14:09:07.0539 2464 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:09:07.0555 2464 nvraid - ok
14:09:07.0586 2464 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:09:07.0602 2464 nvstor - ok
14:09:07.0633 2464 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:09:07.0649 2464 nv_agp - ok
14:09:07.0727 2464 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:09:07.0742 2464 odserv - ok
14:09:07.0773 2464 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:09:07.0789 2464 ohci1394 - ok
14:09:07.0820 2464 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:09:07.0836 2464 ose - ok
14:09:07.0851 2464 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:09:07.0883 2464 p2pimsvc - ok
14:09:07.0929 2464 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:09:07.0945 2464 p2psvc - ok
14:09:07.0976 2464 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:09:07.0992 2464 Parport - ok
14:09:08.0023 2464 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:09:08.0054 2464 partmgr - ok
14:09:08.0070 2464 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:09:08.0101 2464 PcaSvc - ok
14:09:08.0117 2464 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:09:08.0132 2464 pci - ok
14:09:08.0163 2464 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:09:08.0179 2464 pciide - ok
14:09:08.0210 2464 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:09:08.0226 2464 pcmcia - ok
14:09:08.0242 2464 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:09:08.0258 2464 pcw - ok
14:09:08.0274 2464 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:09:08.0336 2464 PEAUTH - ok
14:09:08.0383 2464 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:09:08.0445 2464 PeerDistSvc - ok
14:09:08.0461 2464 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:09:08.0476 2464 PerfHost - ok
14:09:08.0554 2464 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:09:08.0617 2464 pla - ok
14:09:08.0664 2464 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
14:09:08.0664 2464 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
14:09:08.0664 2464 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
14:09:08.0710 2464 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:09:08.0742 2464 PlugPlay - ok
14:09:08.0773 2464 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:09:08.0788 2464 PNRPAutoReg - ok
14:09:08.0804 2464 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:09:08.0820 2464 PNRPsvc - ok
14:09:08.0866 2464 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:09:08.0929 2464 PolicyAgent - ok
14:09:08.0960 2464 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:09:09.0007 2464 Power - ok
14:09:09.0054 2464 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:09:09.0100 2464 PptpMiniport - ok
14:09:09.0116 2464 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:09:09.0132 2464 Processor - ok
14:09:09.0163 2464 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:09:09.0210 2464 ProfSvc - ok
14:09:09.0225 2464 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:09:09.0241 2464 ProtectedStorage - ok
14:09:09.0272 2464 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:09:09.0334 2464 Psched - ok
14:09:09.0397 2464 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:09:09.0444 2464 ql2300 - ok
14:09:09.0459 2464 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:09:09.0475 2464 ql40xx - ok
14:09:09.0506 2464 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:09:09.0537 2464 QWAVE - ok
14:09:09.0553 2464 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:09:09.0568 2464 QWAVEdrv - ok
14:09:09.0584 2464 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:09:09.0631 2464 RasAcd - ok
14:09:09.0662 2464 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:09:09.0693 2464 RasAgileVpn - ok
14:09:09.0724 2464 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:09:09.0771 2464 RasAuto - ok
14:09:09.0818 2464 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:09:09.0849 2464 Rasl2tp - ok
14:09:09.0865 2464 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:09:09.0912 2464 RasMan - ok
14:09:09.0943 2464 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:09:09.0974 2464 RasPppoe - ok
14:09:10.0005 2464 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:09:10.0036 2464 RasSstp - ok
14:09:10.0068 2464 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:09:10.0114 2464 rdbss - ok
14:09:10.0146 2464 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:09:10.0161 2464 rdpbus - ok
14:09:10.0177 2464 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:09:10.0224 2464 RDPCDD - ok
14:09:10.0270 2464 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:09:10.0302 2464 RDPDR - ok
14:09:10.0302 2464 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:09:10.0348 2464 RDPENCDD - ok
14:09:10.0364 2464 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:09:10.0395 2464 RDPREFMP - ok
14:09:10.0473 2464 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:09:10.0520 2464 RdpVideoMiniport - ok
14:09:10.0551 2464 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:09:10.0582 2464 RDPWD - ok
14:09:10.0629 2464 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:09:10.0645 2464 rdyboost - ok
14:09:10.0676 2464 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:09:10.0723 2464 RemoteAccess - ok
14:09:10.0754 2464 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:09:10.0785 2464 RemoteRegistry - ok
14:09:10.0816 2464 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:09:10.0863 2464 RpcEptMapper - ok
14:09:10.0894 2464 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:09:10.0910 2464 RpcLocator - ok
14:09:10.0957 2464 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
14:09:11.0019 2464 RpcSs - ok
14:09:11.0035 2464 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:09:11.0082 2464 rspndr - ok
14:09:11.0113 2464 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
14:09:11.0144 2464 s3cap - ok
14:09:11.0175 2464 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:09:11.0191 2464 SamSs - ok
14:09:11.0222 2464 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:09:11.0238 2464 sbp2port - ok
14:09:11.0269 2464 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:09:11.0300 2464 SCardSvr - ok
14:09:11.0347 2464 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:09:11.0394 2464 scfilter - ok
14:09:11.0440 2464 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:09:11.0503 2464 Schedule - ok
14:09:11.0534 2464 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:09:11.0596 2464 SCPolicySvc - ok
14:09:11.0643 2464 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:09:11.0674 2464 SDRSVC - ok
14:09:11.0690 2464 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:09:11.0752 2464 secdrv - ok
14:09:11.0784 2464 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:09:11.0830 2464 seclogon - ok
14:09:11.0846 2464 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
14:09:11.0893 2464 SENS - ok
14:09:11.0924 2464 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:09:11.0940 2464 SensrSvc - ok
14:09:11.0971 2464 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:09:12.0002 2464 Serenum - ok
14:09:12.0018 2464 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:09:12.0049 2464 Serial - ok
14:09:12.0049 2464 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:09:12.0080 2464 sermouse - ok
14:09:12.0127 2464 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:09:12.0189 2464 SessionEnv - ok
14:09:12.0205 2464 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:09:12.0236 2464 sffdisk - ok
14:09:12.0252 2464 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:09:12.0267 2464 sffp_mmc - ok
14:09:12.0298 2464 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:09:12.0330 2464 sffp_sd - ok
14:09:12.0345 2464 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:09:12.0361 2464 sfloppy - ok
14:09:12.0376 2464 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:09:12.0439 2464 SharedAccess - ok
14:09:12.0486 2464 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:09:12.0532 2464 ShellHWDetection - ok
14:09:12.0548 2464 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:09:12.0564 2464 SiSRaid2 - ok
14:09:12.0595 2464 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:09:12.0610 2464 SiSRaid4 - ok
14:09:12.0673 2464 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
14:09:12.0688 2464 SkypeUpdate - ok
14:09:12.0704 2464 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:09:12.0751 2464 Smb - ok
14:09:12.0782 2464 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:09:12.0813 2464 SNMPTRAP - ok
14:09:12.0829 2464 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:09:12.0844 2464 spldr - ok
14:09:12.0876 2464 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:09:12.0907 2464 Spooler - ok
14:09:13.0016 2464 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:09:13.0110 2464 sppsvc - ok
14:09:13.0141 2464 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:09:13.0188 2464 sppuinotify - ok
14:09:13.0219 2464 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:09:13.0266 2464 srv - ok
14:09:13.0297 2464 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:09:13.0328 2464 srv2 - ok
14:09:13.0359 2464 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:09:13.0390 2464 srvnet - ok
14:09:13.0422 2464 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:09:13.0468 2464 SSDPSRV - ok
14:09:13.0484 2464 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:09:13.0515 2464 SstpSvc - ok
14:09:13.0546 2464 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:09:13.0562 2464 stexstor - ok
14:09:13.0609 2464 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:09:13.0640 2464 stisvc - ok
14:09:13.0671 2464 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
14:09:13.0687 2464 storflt - ok
14:09:13.0702 2464 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:09:13.0718 2464 storvsc - ok
14:09:13.0765 2464 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:09:13.0765 2464 swenum - ok
14:09:13.0812 2464 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:09:13.0858 2464 swprv - ok
14:09:13.0874 2464 Synth3dVsc - ok
14:09:13.0952 2464 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:09:14.0014 2464 SysMain - ok
14:09:14.0046 2464 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:09:14.0108 2464 TabletInputService - ok
14:09:14.0155 2464 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:09:14.0202 2464 TapiSrv - ok
14:09:14.0233 2464 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:09:14.0264 2464 TBS - ok
14:09:14.0342 2464 [ DB74544B75566C974815E79A62433F29 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:09:14.0389 2464 Tcpip - ok
14:09:14.0451 2464 [ DB74544B75566C974815E79A62433F29 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:09:14.0498 2464 TCPIP6 - ok
14:09:14.0529 2464 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:09:14.0560 2464 tcpipreg - ok
14:09:14.0576 2464 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:09:14.0623 2464 TDPIPE - ok
14:09:14.0654 2464 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:09:14.0670 2464 TDTCP - ok
14:09:14.0716 2464 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:09:14.0763 2464 tdx - ok
14:09:14.0794 2464 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:09:14.0810 2464 TermDD - ok
14:09:14.0857 2464 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:09:14.0919 2464 TermService - ok
14:09:14.0935 2464 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:09:14.0966 2464 Themes - ok
14:09:14.0982 2464 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:09:15.0028 2464 THREADORDER - ok
14:09:15.0044 2464 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:09:15.0106 2464 TrkWks - ok
14:09:15.0169 2464 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:09:15.0231 2464 TrustedInstaller - ok
14:09:15.0262 2464 [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:09:15.0309 2464 tssecsrv - ok
14:09:15.0340 2464 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:09:15.0372 2464 TsUsbFlt - ok
14:09:15.0372 2464 tsusbhub - ok
14:09:15.0418 2464 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:09:15.0481 2464 tunnel - ok
14:09:15.0512 2464 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:09:15.0528 2464 uagp35 - ok
14:09:15.0574 2464 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:09:15.0606 2464 udfs - ok
14:09:15.0637 2464 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:09:15.0668 2464 UI0Detect - ok
14:09:15.0684 2464 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:09:15.0684 2464 uliagpkx - ok
14:09:15.0730 2464 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
14:09:15.0746 2464 umbus - ok
14:09:15.0777 2464 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:09:15.0793 2464 UmPass - ok
14:09:15.0824 2464 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
14:09:15.0855 2464 UmRdpService - ok
14:09:15.0886 2464 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:09:15.0949 2464 upnphost - ok
14:09:15.0980 2464 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:09:15.0996 2464 usbaudio - ok
14:09:16.0027 2464 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:09:16.0058 2464 usbccgp - ok
14:09:16.0074 2464 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:09:16.0089 2464 usbcir - ok
14:09:16.0136 2464 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:09:16.0152 2464 usbehci - ok
14:09:16.0167 2464 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:09:16.0198 2464 usbhub - ok
14:09:16.0214 2464 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:09:16.0230 2464 usbohci - ok
14:09:16.0261 2464 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:09:16.0292 2464 usbprint - ok
14:09:16.0323 2464 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:09:16.0354 2464 usbscan - ok
14:09:16.0370 2464 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:09:16.0401 2464 USBSTOR - ok
14:09:16.0432 2464 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:09:16.0464 2464 usbuhci - ok
14:09:16.0495 2464 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:09:16.0542 2464 UxSms - ok
14:09:16.0557 2464 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:09:16.0573 2464 VaultSvc - ok
14:09:16.0588 2464 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:09:16.0604 2464 vdrvroot - ok
14:09:16.0651 2464 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:09:16.0698 2464 vds - ok
14:09:16.0729 2464 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:09:16.0744 2464 vga - ok
14:09:16.0760 2464 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:09:16.0822 2464 VgaSave - ok
14:09:16.0822 2464 VGPU - ok
14:09:16.0854 2464 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:09:16.0869 2464 vhdmp - ok
14:09:16.0916 2464 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:09:16.0932 2464 viaide - ok
14:09:16.0978 2464 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
14:09:16.0994 2464 vmbus - ok
14:09:17.0010 2464 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
14:09:17.0025 2464 VMBusHID - ok
14:09:17.0056 2464 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:09:17.0072 2464 volmgr - ok
14:09:17.0119 2464 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:09:17.0134 2464 volmgrx - ok
14:09:17.0166 2464 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:09:17.0181 2464 volsnap - ok
14:09:17.0212 2464 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:09:17.0228 2464 vsmraid - ok
14:09:17.0290 2464 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:09:17.0368 2464 VSS - ok
14:09:17.0400 2464 [ 93132C69394A99D992095D8CFE464801 ] VST64HWBS2 C:\Windows\system32\DRIVERS\VSTBS26.SYS
14:09:17.0431 2464 VST64HWBS2 - ok
14:09:17.0478 2464 [ 02071D207A9858FBE3A48CBFD59C4A04 ] VST64_DPV C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:09:17.0509 2464 VST64_DPV - ok
14:09:17.0524 2464 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:09:17.0540 2464 vwifibus - ok
14:09:17.0587 2464 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:09:17.0634 2464 W32Time - ok
14:09:17.0665 2464 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:09:17.0696 2464 WacomPen - ok
14:09:17.0727 2464 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:09:17.0774 2464 WANARP - ok
14:09:17.0790 2464 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:09:17.0836 2464 Wanarpv6 - ok
14:09:17.0899 2464 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:09:17.0946 2464 wbengine - ok
14:09:17.0977 2464 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:09:18.0008 2464 WbioSrvc - ok
14:09:18.0039 2464 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:09:18.0070 2464 wcncsvc - ok
14:09:18.0102 2464 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:09:18.0133 2464 WcsPlugInService - ok
14:09:18.0164 2464 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:09:18.0180 2464 Wd - ok
14:09:18.0226 2464 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:09:18.0258 2464 Wdf01000 - ok
14:09:18.0273 2464 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:09:18.0320 2464 WdiServiceHost - ok
14:09:18.0336 2464 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:09:18.0351 2464 WdiSystemHost - ok
14:09:18.0398 2464 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:09:18.0429 2464 WebClient - ok
14:09:18.0445 2464 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:09:18.0492 2464 Wecsvc - ok
14:09:18.0523 2464 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:09:18.0570 2464 wercplsupport - ok
14:09:18.0585 2464 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:09:18.0632 2464 WerSvc - ok
14:09:18.0663 2464 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:09:18.0694 2464 WfpLwf - ok
14:09:18.0710 2464 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:09:18.0726 2464 WIMMount - ok
14:09:18.0772 2464 [ A6EA7A3FC4B00F48535B506DB1E86EFD ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
14:09:18.0804 2464 winachsf - ok
14:09:18.0819 2464 WinDefend - ok
14:09:18.0835 2464 WinHttpAutoProxySvc - ok
14:09:18.0882 2464 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:09:18.0928 2464 Winmgmt - ok
14:09:19.0006 2464 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:09:19.0084 2464 WinRM - ok
14:09:19.0131 2464 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:09:19.0147 2464 WinUsb - ok
14:09:19.0178 2464 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:09:19.0225 2464 Wlansvc - ok
14:09:19.0256 2464 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:09:19.0287 2464 WmiAcpi - ok
14:09:19.0318 2464 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:09:19.0350 2464 wmiApSrv - ok
14:09:19.0365 2464 WMPNetworkSvc - ok
14:09:19.0396 2464 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:09:19.0412 2464 WPCSvc - ok
14:09:19.0443 2464 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:09:19.0459 2464 WPDBusEnum - ok
14:09:19.0490 2464 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:09:19.0521 2464 ws2ifsl - ok
14:09:19.0552 2464 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
14:09:19.0584 2464 wscsvc - ok
14:09:19.0584 2464 WSearch - ok
14:09:19.0677 2464 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:09:19.0724 2464 wuauserv - ok
14:09:19.0771 2464 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:09:19.0802 2464 WudfPf - ok
14:09:19.0818 2464 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:09:19.0833 2464 WUDFRd - ok
14:09:19.0880 2464 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:09:19.0896 2464 wudfsvc - ok
14:09:19.0942 2464 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
14:09:19.0974 2464 WwanSvc - ok
14:09:20.0005 2464 [ E8F3FA126A06F8E7088F63757112A186 ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys
14:09:20.0020 2464 XAudio - ok
14:09:20.0020 2464 ================ Scan global ===============================
14:09:20.0052 2464 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:09:20.0083 2464 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:09:20.0098 2464 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:09:20.0130 2464 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:09:20.0176 2464 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:09:20.0176 2464 [Global] - ok
14:09:20.0176 2464 ================ Scan MBR ==================================
14:09:20.0192 2464 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:09:20.0660 2464 \Device\Harddisk0\DR0 - ok
14:09:20.0660 2464 ================ Scan VBR ==================================
14:09:20.0676 2464 [ C20D948B0CD3633375D6A5664670DDEB ] \Device\Harddisk0\DR0\Partition1
14:09:20.0691 2464 \Device\Harddisk0\DR0\Partition1 - ok
14:09:20.0691 2464 [ 5F826158E051C2AB74DD5FF7BCDF241B ] \Device\Harddisk0\DR0\Partition2
14:09:20.0707 2464 \Device\Harddisk0\DR0\Partition2 - ok
14:09:20.0707 2464 ============================================================
14:09:20.0707 2464 Scan finished
14:09:20.0707 2464 ============================================================
14:09:20.0722 7212 Detected object count: 1
14:09:20.0722 7212 Actual detected object count: 1
14:11:15.0367 7212 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:11:15.0367 7212 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:12:46.0226 6444 Deinitialize success

NOTE: I didn't know if I should skip or delete the PLFlash threat found.
I can attempt to run the the aswMBR scan tonight or tomorrow night on C:\ to see if it finds anything else.
Once this is all dealt with, I will install Avast. Is there anything additional that should be running to protect against malware or other nasties that aren't viruses?
Thanks again for your time, it is much appreciated!
AltCircuit
  • 0

#4
RKinner
Posted 04 September 2013 - 12:38 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
PLFlash DeviceIoControl Service is just part of Nero. Doesn't need to be removed.

I am seeing a lot of errors caused by:

Spybot S&D
Adobe Air
Microsoft Security Essentials

I would uninstall all three and install Avast as you planned. (Best to have the program downloaded before you uninstall Microsoft Security Essentials, then reboot and right click on the Avast installer and Run As Admin.)

Once you do that let's look at the errors again and see if things have improved:


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#5
AltCircuit
Posted 21 September 2013 - 12:52 PM

AltCircuit

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi Ron,
Thank you so much for your response. Somehow, I did not receive the notification of your response, so I had been thinking that I didn't have a response. Finally, today I thought I would just check back on the site itself - and there it was!

I uninstalled Adobe Air, however neither Microsoft Security Essentials or Spybot S&D were listed as being installed...I even searched the files to see if they were somehow just not being 'seen' by the Install/Uninstall programs feature. But they really aren't there. So I'm not sure what that means...

However, I did install Avast. I cleared the logs and rebooted. I did the scan. It says that everything is fine.

I then downloaded the Event Viewer Tool and ran it. Here is the log from "System":
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 21/09/2013 2:41:28 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/09/2013 6:12:22 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20021111153705700&0#.

Here is the log from, "Application":
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 21/09/2013 2:48:35 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


One thing I'm trying to understand, ever since I downloaded everything you requested the first time, every website we visit pops up with Security Alerts "You are about to leave a secure Internet connection. It will be possible for others to view information you send. Do you want to continue?" and there is a similar one for when we go to a secure website. Do I need to leave all the things we installed to scan and clean the computer there?

Thanks again for your time!
AltCircuit
  • 0

#6
RKinner
Posted 21 September 2013 - 01:52 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
in IE, go to Tools > Internet Options > Advanced and uncheck the box next to "Warn if changing between secure and non secure mode". Or, the next time the message appears check the box "In the Future, do not show this warning".

Does that work?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP