Inactive [A] Reinstall.exe/System Check removal

Status
Not open for further replies.
B

bradbackalsh

Posts: 20   +0
I run windows 7 64 bit.
I was just surfing the internet when I got the reinstall.exe prompt.

I kept clicking no and it kept popping up.

Now I have the System Check virus.

I am currently scanning with Comodo.

What do to remove?
 
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.22.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Brad :: SOWELL [administrator]

Protection: Enabled

3/22/2012 6:12:31 PM
mbam-log-2012-03-22 (18-12-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231299
Time elapsed: 16 minute(s), 41 second(s)

Memory Processes Detected: 1
C:\ProgramData\BGNKveQAbc.exe (Rogue.FakeHDD) -> 3892 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BGNKveQAbc.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\BGNKveQAbc.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\ProgramData\BGNKveQAbc.exe (Rogue.FakeHDD) -> Delete on reboot.
C:\Users\Brad\AppData\Local\Temp\MexjDILKLs8KTN.exe.tmp (Rogue.FakeHDD) -> Quarantined and deleted successfully.
C:\Users\Brad\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-22 19:10:31
Windows 6.1.7601 Service Pack 1
Running: 9s29g9c5.exe


---- Files - GMER 1.0.15 ----

File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1072457D-BBC5-4470-8705-C64F8F91D7C3.data 907824 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1072457D-BBC5-4470-8705-C64F8F91D7C3.data.info 202 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1CDF2B92-9786-49B7-9A75-A89E204D21E4.data 352768 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1CDF2B92-9786-49B7-9A75-A89E204D21E4.data.info 140 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2A2711AF-3FCF-41C7-976D-B1E748A1D9A0.data 800768 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2A2711AF-3FCF-41C7-976D-B1E748A1D9A0.data.info 170 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\31ACD07D-999A-494C-BEF2-E9C6B12934CF.data 10348 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8B4B9D09-C524-4F35-9899-D0B7D52219BE.data 194848 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8B4B9D09-C524-4F35-9899-D0B7D52219BE.data.info 146 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\9D48F868-3C77-4E30-B975-9D5E4F702AAD.data 194848 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\9D48F868-3C77-4E30-B975-9D5E4F702AAD.data.info 152 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A816EADC-0D0E-4D13-9C8C-6B7F1115646E.data 620527 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A816EADC-0D0E-4D13-9C8C-6B7F1115646E.data.info 134 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B7EAE528-B829-426B-93DF-8A842E612871.data 40 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\B7EAE528-B829-426B-93DF-8A842E612871.data.info 110 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\BC9BEB46-A766-498D-811B-F62FAEE029E4.data 176 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\DC9A0719-7A90-444A-80F1-59CA2EE7BB4B.data 9982 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\DC9A0719-7A90-444A-80F1-59CA2EE7BB4B.data.info 214 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\DD5DA6F4-04DB-4BEA-B01A-8D2A8F990EA1.data 780344 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\DD5DA6F4-04DB-4BEA-B01A-8D2A8F990EA1.data.info 170 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E95AE954-0F82-4DFB-B6C7-B4EC4C2A89B6.data 620527 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E95AE954-0F82-4DFB-B6C7-B4EC4C2A89B6.data.info 144 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E9C6E8A6-5C3D-488E-820F-241EE8B9960D.data 10656 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\CA88598C-7071-4161-9033-4F6838DD6D1C.data 176 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\CA88598C-7071-4161-9033-4F6838DD6D1C.data.info 112 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D15F0FD1-4024-413A-B793-9FF5016E50D9.data 165735 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D15F0FD1-4024-413A-B793-9FF5016E50D9.data.info 168 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\DC416627-8576-4F60-87F5-1B016CC5D0CA.data 264 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\DC416627-8576-4F60-87F5-1B016CC5D0CA.data.info 110 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\3EEC8AFC-A19B-47FB-970E-625171D7E32C.data 382976 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\3EEC8AFC-A19B-47FB-970E-625171D7E32C.data.info 212 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\5C58115B-B6CB-4967-BC56-65466F19C394.data 352768 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\5C58115B-B6CB-4967-BC56-65466F19C394.data.info 140 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\6AEFF85D-5DD9-430F-8F04-12DCBAAFDD27.data 13056 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\6AEFF85D-5DD9-430F-8F04-12DCBAAFDD27.data.info 134 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7422ECD9-1153-4A54-97EA-4E4DCEDAF913.data 352768 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7422ECD9-1153-4A54-97EA-4E4DCEDAF913.data.info 140 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\31ACD07D-999A-494C-BEF2-E9C6B12934CF.data.info 214 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\BC9BEB46-A766-498D-811B-F62FAEE029E4.data.info 112 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E9C6E8A6-5C3D-488E-820F-241EE8B9960D.data.info 214 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\EC0AF0CF-A224-4D2A-870E-39B8D517F8D6.data 352768 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\EC0AF0CF-A224-4D2A-870E-39B8D517F8D6.data.info 140 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\EC73E0BB-A1DC-4623-89F1-44ECFAF1C0B4.data 264 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\EC73E0BB-A1DC-4623-89F1-44ECFAF1C0B4.data.info 110 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F28E74CB-DEAC-4496-9E10-02818CED7780.data 176 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F28E74CB-DEAC-4496-9E10-02818CED7780.data.info 112 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes

---- EOF - GMER 1.0.15 ----
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Brad at 15:16:52 on 2012-03-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.1967 [GMT -4:00]
.
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: Spy Emergency *Disabled/Updated* {545CA291-8AC9-FEF7-AB96-14A4BDB62AFD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\HTSRecover.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uURLSearchHooks: Viral Tube Toolbar: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files (x86)\Viral_Tube\prxtbVira.dll
mURLSearchHooks: Viral Tube Toolbar: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files (x86)\Viral_Tube\prxtbVira.dll
BHO: Shop to Win: {0095c290-a428-4bdd-b98c-e0a116f1c702} - C:\Program Files (x86)\Shop to Win 9\Shop to Win 9.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Viral Tube Toolbar: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files (x86)\Viral_Tube\prxtbVira.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Viral Tube Toolbar: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files (x86)\Viral_Tube\prxtbVira.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Google Update] "C:\Users\Brad\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [<NO NAME>]
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WI-FIM~1.LNK - C:\Program Files (x86)\Philips\Wi-Fi MediaConnect\Wi-Fi MediaConnect.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{18013080-1FF7-4266-80AA-13E71D79432A} : DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{18013080-1FF7-4266-80AA-13E71D79432A}\1557965647758616C656D27657563747 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{18013080-1FF7-4266-80AA-13E71D79432A}\2375942554432383 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{18013080-1FF7-4266-80AA-13E71D79432A}\2496760245 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{18013080-1FF7-4266-80AA-13E71D79432A}\461667964607C6F657274656 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{18013080-1FF7-4266-80AA-13E71D79432A}\6524340535348616E6E656C6 : DhcpNameServer = 10.90.85.90 10.90.94.90 10.240.66.68
TCP: Interfaces\{18013080-1FF7-4266-80AA-13E71D79432A}\851667965627D2E456B6F636F6E6 : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Shop to Win: {0095C290-A428-4BDD-B98C-E0A116F1C702} - C:\Program Files (x86)\Shop to Win 9\Shop to Win 9.dll
BHO-X64: Freecause Shopping BHO - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Viral Tube Toolbar: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files (x86)\Viral_Tube\prxtbVira.dll
BHO-X64: Viral Tube - No File
BHO-X64: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll
BHO-X64: DCA - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Viral Tube Toolbar: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - C:\Program Files (x86)\Viral_Tube\prxtbVira.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun-x64: [(Default)]
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\zgzt9k5d.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Brad\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Brad\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - bda145ed-2def-4b21-be8d-cc2ea0f8aba2
FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage,PageRageGlobal,PageRageTeases,Buzzdock,BuzzdockTease,PageRage,PageRageGlobal,
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\system32\DRIVERS\cmderd.sys --> C:\Windows\system32\DRIVERS\cmderd.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 SpyEmrg;Spy Emergency Driver;C:\Windows\system32\Drivers\spyemrg.sys --> C:\Windows\system32\Drivers\spyemrg.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;C:\Windows\system32\Drivers\spyemrg_guard.sys --> C:\Windows\system32\Drivers\spyemrg_guard.sys [?]
R3 WFMC_VAD;WFMCVAD (WDM);C:\Windows\system32\DRIVERS\wfmcvad.sys --> C:\Windows\system32\DRIVERS\wfmcvad.sys [?]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;C:\Windows\system32\Drivers\spyemrg_access.sys --> C:\Windows\system32\Drivers\spyemrg_access.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;C:\Windows\system32\DRIVERS\gtkdrv.sys --> C:\Windows\system32\DRIVERS\gtkdrv.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-03-22 23:24:17 -------- d-----w- C:\Program Files (x86)\GridinSoft Trojan Killer
2012-03-22 22:42:51 -------- d-----w- C:\HP_TOOLS_mountHPSF
2012-03-22 22:11:16 -------- d-----w- C:\Users\Brad\AppData\Roaming\Malwarebytes
2012-03-22 22:11:04 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-22 22:11:02 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-22 22:11:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-22 20:31:57 -------- d-----w- C:\ProgramData\CPA_VA
2012-03-22 20:29:58 -------- d-----w- C:\VritualRoot
2012-03-22 20:23:05 -------- d-----w- C:\ProgramData\Comodo
2012-03-22 20:23:01 -------- d-----w- C:\Program Files\COMODO
2012-03-22 20:22:39 -------- d-----w- C:\Program Files (x86)\Comodo
2012-03-22 20:22:35 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-03-22 19:18:51 -------- d-----w- C:\Users\Brad\AppData\Roaming\Spy Emergency
2012-03-22 19:18:47 24408 ----a-w- C:\Windows\System32\drivers\spyemrg_access.sys
2012-03-22 19:18:47 18776 ----a-w- C:\Windows\System32\drivers\spyemrg_guard.sys
2012-03-22 19:18:47 17240 ----a-w- C:\Windows\System32\drivers\spyemrg.sys
2012-03-22 19:18:42 -------- d-----w- C:\ProgramData\NETGATE
2012-03-22 19:18:41 -------- d-----w- C:\Program Files\NETGATE
2012-03-21 01:44:42 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{78ED4704-C308-4C14-9A4C-89196AFFDCF1}\mpengine.dll
2012-03-14 07:02:03 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 07:02:01 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:02:00 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 22:29:36 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 22:29:31 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 22:29:31 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 22:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 22:28:32 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 22:28:32 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 22:28:29 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 22:28:29 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 22:28:29 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 22:28:29 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-12 01:13:42 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2012-03-12 01:13:42 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2012-03-12 01:13:40 22696 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2012-03-12 01:13:22 41200 ----a-w- C:\Windows\System32\cmdcsr.dll
2012-03-12 01:13:20 301224 ----a-w- C:\Windows\SysWow64\guard32.dll
2012-03-12 01:13:18 389840 ----a-w- C:\Windows\System32\guard64.dll
2012-03-07 05:32:45 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-03-07 05:32:31 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-03-07 05:32:17 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-03-07 05:32:09 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-06 01:05:40 -------- d-----w- C:\Users\Brad\AppData\Local\{3EE9E587-BD5F-4322-8D42-0B6AEDE41D04}
2012-03-04 07:37:55 -------- d-----w- C:\Program Files (x86)\fbphotozoom
2012-03-04 05:25:38 -------- d-----w- C:\Users\Brad\AppData\Local\{1AB9B534-054C-4F44-BE00-221AD8920FB0}
2012-03-04 04:03:14 125376 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2012-03-04 04:03:13 -------- d-----w- C:\Program Files (x86)\PowerISO
2012-02-27 03:27:45 -------- d-----w- C:\Users\Brad\AppData\Local\{B7AFDB63-DABB-4564-85C0-A80D825726E3}
2012-02-23 03:26:50 -------- d-----w- C:\Program Files (x86)\1ClickDownload
.
==================== Find3M ====================
.
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-04 14:28:36 16640 ----a-w- C:\Windows\System32\drivers\gtkdrv.sys
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 15:20:14.53 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/10/2011 7:11:11 PM
System Uptime: 3/23/2012 2:56:59 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 3568
Processor: AMD A4-3300M APU with Radeon(tm) HD Graphics | Socket FS1 | 798/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 45.285 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.554 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
1ClickDownload
7-Zip 9.20
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.1) MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
AMD System Monitor
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
ArcSoft MediaImpression for Kodak
ASIO4ALL
Bejeweled 2 Deluxe
Bejeweled 3
Bing Bar
BitTorrent
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Celtx (2.9.1)
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Comodo Dragon
COMODO GeekBuddy
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
DivX Setup
Dora's World Adventure
DVD Architect Studio 5.0
Energy Star Digital Logo
ESU for Microsoft Windows 7
Evernote v. 4.2.2
Facebook Video Calling 1.2.0.159
Farm Frenzy
FATE - The Traitor Soul
Google Chrome
Google Earth
Google Update Helper
HP Connection Manager
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
IDT Audio
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
jZip
K-Lite Codec Pack 8.3.2 (Standard)
Live 8.2.7
Magic Desktop
Mah Jong Medley
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Security Scan Plus
Mesh Runtime
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
MotoHelper 2.0.49 Driver
MotoHelper MergeModules
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars PAC-MAN
Native Instruments Skanner
NewBlue VideoFX for Sony Vegas MSPPS
OnLive
ooVoo
ooVoo toolbar, powered by Ask.com
ooVoo toolbar, powered by Ask.com Updater
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Points2Shop Points Multiplier 2012 version 2012
Poker Superstars III
Polar Bowler
Polar Golfer
PowerISO
Psycle 1.10.0 32 bits
QuickTime
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
REALTEK Wireless LAN Driver
Recovery Manager
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Shop To Win
Skype™ 5.1
Slingo Supreme
Sony Vocal Eraser
Sound Forge Audio Studio 10.0
Spotify
Trojan Killer
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Update Installer for WildTangent Games App
VC80CRTRedist - 8.0.50727.6195
Vegas Movie Studio HD Platinum 11.0
Viral Tube Toolbar
Virtual Villagers 4 - The Tree of Life
VirtualDJ Home FREE
Wheel of Fortune 2
Wi-Fi MediaConnect
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
3/22/2012 6:11:10 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
3/22/2012 4:25:04 PM, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/22/2012 3:30:25 PM, Error: Service Control Manager [7023] - The Block Level Backup Engine Service service terminated with the following error: %%-2147024891
3/22/2012 3:13:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
3/22/2012 3:04:34 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2012 3:04:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/22/2012 3:04:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/22/2012 3:04:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/22/2012 3:04:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/22/2012 3:04:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/22/2012 3:04:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/22/2012 3:04:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf
3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/22/2012 3:04:17 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/20/2012 5:32:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpqwmiex service.
.
==== End Of File ===========================
 
Good :)

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===============================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c800000

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
 
ListParts by Farbar Version: 12-03-2012 03
Ran by Brad (administrator) on 23-03-2012 at 16:31:38
Windows 7 (X64)
Running From: C:\Users\Brad\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 68%
Total physical RAM: 3562.9 MB
Available physical RAM: 1128.54 MB
Total Pagefile: 7124 MB
Available Pagefile: 4065.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:451.54 GB) (Free:44.73 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (RECOVERY) (Fixed) (Total:13.92 GB) (Free:1.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 451 GB 200 MB
Partition 3 Primary 13 GB 451 GB
Partition 4 Primary 103 MB 465 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM NTFS Partition 199 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 451 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D RECOVERY NTFS Partition 13 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 HP_TOOLS FAT32 Partition 103 MB Healthy

======================================================================================================

****** End Of Log ******
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
16:38:35.0701 4164 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
16:38:36.0116 4164 ============================================================
16:38:36.0116 4164 Current date / time: 2012/03/23 16:38:36.0116
16:38:36.0116 4164 SystemInfo:
16:38:36.0116 4164
16:38:36.0116 4164 OS Version: 6.1.7601 ServicePack: 1.0
16:38:36.0116 4164 Product type: Workstation
16:38:36.0117 4164 ComputerName: SOWELL
16:38:36.0117 4164 UserName: Brad
16:38:36.0117 4164 Windows directory: C:\Windows
16:38:36.0117 4164 System windows directory: C:\Windows
16:38:36.0117 4164 Running under WOW64
16:38:36.0117 4164 Processor architecture: Intel x64
16:38:36.0117 4164 Number of processors: 2
16:38:36.0117 4164 Page size: 0x1000
16:38:36.0117 4164 Boot type: Normal boot
16:38:36.0117 4164 ============================================================
16:38:37.0358 4164 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:38:37.0369 4164 \Device\Harddisk0\DR0:
16:38:37.0370 4164 MBR used
16:38:37.0370 4164 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
16:38:37.0370 4164 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38715000
16:38:37.0370 4164 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38779000, BlocksNum 0x1BD9000
16:38:37.0370 4164 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
16:38:37.0453 4164 Initialize success
16:38:37.0453 4164 ============================================================
16:38:39.0113 4480 ============================================================
16:38:39.0113 4480 Scan started
16:38:39.0114 4480 Mode: Manual;
16:38:39.0114 4480 ============================================================
16:38:40.0263 4480 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:38:40.0269 4480 1394ohci - ok
16:38:40.0580 4480 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
16:38:40.0584 4480 ACDaemon - ok
16:38:41.0221 4480 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:38:41.0228 4480 ACPI - ok
16:38:41.0596 4480 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:38:41.0599 4480 AcpiPmi - ok
16:38:41.0794 4480 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:38:41.0798 4480 AdobeARMservice - ok
16:38:42.0592 4480 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
16:38:42.0603 4480 adp94xx - ok
16:38:43.0010 4480 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
16:38:43.0018 4480 adpahci - ok
16:38:43.0433 4480 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
16:38:43.0438 4480 adpu320 - ok
16:38:43.0714 4480 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:38:43.0717 4480 AeLookupSvc - ok
16:38:44.0132 4480 Afc (6ccd1135320109d6b219f1a6e04ad9f6) C:\Windows\syswow64\drivers\Afc.sys
16:38:44.0134 4480 Afc - ok
16:38:44.0587 4480 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:38:44.0599 4480 AFD - ok
16:38:45.0097 4480 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:38:45.0101 4480 agp440 - ok
16:38:45.0493 4480 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:38:45.0496 4480 ALG - ok
16:38:45.0905 4480 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:38:45.0907 4480 aliide - ok
16:38:46.0242 4480 AMD External Events Utility (3a2fc4017a0b7e4e9ae43027b0ba9a13) C:\Windows\system32\atiesrxx.exe
16:38:46.0263 4480 AMD External Events Utility - ok
16:38:46.0404 4480 AMD FUEL Service - ok
16:38:46.0801 4480 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:38:46.0803 4480 amdide - ok
16:38:47.0241 4480 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
16:38:47.0245 4480 amdiox64 - ok
16:38:47.0680 4480 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
16:38:47.0682 4480 AmdK8 - ok
16:38:48.0419 4480 amdkmdag (7eb312d17601c8a1375e32547303e51f) C:\Windows\system32\DRIVERS\atikmdag.sys
16:38:48.0727 4480 amdkmdag - ok
16:38:49.0109 4480 amdkmdap (678febf2d50f87056fa6b2cdca21a711) C:\Windows\system32\DRIVERS\atikmpag.sys
16:38:49.0116 4480 amdkmdap - ok
16:38:49.0623 4480 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:38:49.0626 4480 AmdPPM - ok
16:38:50.0067 4480 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:38:50.0071 4480 amdsata - ok
16:38:50.0463 4480 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
16:38:50.0469 4480 amdsbs - ok
16:38:51.0018 4480 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:38:51.0020 4480 amdxata - ok
16:38:51.0358 4480 amd_sata (2fbb00a7616106b95104574c6cd640c2) C:\Windows\system32\DRIVERS\amd_sata.sys
16:38:51.0360 4480 amd_sata - ok
16:38:51.0886 4480 amd_xata (87d0d7645cb0d53220649bd5fe15d93e) C:\Windows\system32\DRIVERS\amd_xata.sys
16:38:51.0888 4480 amd_xata - ok
16:38:52.0503 4480 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:38:52.0506 4480 AppID - ok
16:38:52.0762 4480 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:38:52.0764 4480 AppIDSvc - ok
16:38:53.0142 4480 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:38:53.0145 4480 Appinfo - ok
16:38:53.0439 4480 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:38:53.0443 4480 Apple Mobile Device - ok
16:38:53.0820 4480 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
16:38:53.0823 4480 arc - ok
16:38:54.0334 4480 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
16:38:54.0338 4480 arcsas - ok
16:38:54.0760 4480 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:38:54.0802 4480 aspnet_state - ok
16:38:55.0231 4480 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:38:55.0233 4480 AsyncMac - ok
16:38:55.0767 4480 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:38:55.0770 4480 atapi - ok
16:38:56.0183 4480 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
16:38:56.0187 4480 AtiHDAudioService - ok
16:38:56.0578 4480 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:38:56.0593 4480 AudioEndpointBuilder - ok
16:38:56.0621 4480 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:38:56.0632 4480 AudioSrv - ok
16:38:57.0087 4480 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:38:57.0092 4480 AxInstSV - ok
16:38:57.0908 4480 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
16:38:57.0918 4480 b06bdrv - ok
16:38:58.0311 4480 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:38:58.0319 4480 b57nd60a - ok
16:38:58.0482 4480 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
16:38:58.0487 4480 BBSvc - ok
16:38:58.0889 4480 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
16:38:58.0916 4480 BCM43XX - ok
16:38:59.0187 4480 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:38:59.0191 4480 BDESVC - ok
16:38:59.0761 4480 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:38:59.0763 4480 Beep - ok
16:39:00.0085 4480 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:39:00.0101 4480 BFE - ok
16:39:00.0421 4480 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
16:39:00.0505 4480 BITS - ok
16:39:01.0129 4480 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
16:39:01.0138 4480 blbdrive - ok
16:39:01.0296 4480 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:39:01.0306 4480 Bonjour Service - ok
16:39:01.0806 4480 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:39:01.0810 4480 bowser - ok
16:39:02.0161 4480 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
16:39:02.0164 4480 BrFiltLo - ok
16:39:02.0527 4480 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
16:39:02.0529 4480 BrFiltUp - ok
16:39:02.0791 4480 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:39:02.0796 4480 Browser - ok
16:39:03.0287 4480 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:39:03.0307 4480 Brserid - ok
16:39:03.0848 4480 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:39:03.0851 4480 BrSerWdm - ok
16:39:04.0212 4480 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:39:04.0214 4480 BrUsbMdm - ok
16:39:04.0682 4480 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:39:04.0684 4480 BrUsbSer - ok
16:39:05.0062 4480 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
16:39:05.0064 4480 BTCFilterService - ok
16:39:05.0419 4480 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
16:39:05.0423 4480 BTHMODEM - ok
16:39:05.0761 4480 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:39:05.0764 4480 bthserv - ok
16:39:06.0248 4480 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:39:06.0251 4480 cdfs - ok
16:39:06.0675 4480 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:39:06.0680 4480 cdrom - ok
16:39:07.0005 4480 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:39:07.0008 4480 CertPropSvc - ok
16:39:07.0603 4480 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
16:39:07.0606 4480 circlass - ok
16:39:07.0898 4480 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:39:07.0907 4480 CLFS - ok
16:39:08.0086 4480 CLPSLS (882e3973505c441ce000133c821d0edd) C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
16:39:08.0113 4480 CLPSLS - ok
16:39:08.0330 4480 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:39:08.0336 4480 clr_optimization_v2.0.50727_32 - ok
16:39:08.0668 4480 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:39:08.0675 4480 clr_optimization_v2.0.50727_64 - ok
16:39:09.0131 4480 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:39:09.0354 4480 clr_optimization_v4.0.30319_32 - ok
16:39:09.0679 4480 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:39:09.0709 4480 clr_optimization_v4.0.30319_64 - ok
16:39:10.0086 4480 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
16:39:10.0089 4480 clwvd - ok
16:39:10.0567 4480 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
16:39:10.0569 4480 CmBatt - ok
16:39:10.0781 4480 cmdAgent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
16:39:10.0838 4480 cmdAgent - ok
16:39:11.0229 4480 cmderd (7eac5e62f0b93262984d450e0d497b61) C:\Windows\system32\DRIVERS\cmderd.sys
16:39:11.0232 4480 cmderd - ok
16:39:11.0677 4480 cmdGuard (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys
16:39:11.0697 4480 cmdGuard - ok
16:39:12.0051 4480 cmdHlp (2d3e08c7106f748f9eff3dec14142d3e) C:\Windows\system32\DRIVERS\cmdhlp.sys
16:39:12.0054 4480 cmdHlp - ok
16:39:12.0405 4480 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:39:12.0407 4480 cmdide - ok
16:39:13.0107 4480 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:39:13.0117 4480 CNG - ok
16:39:13.0490 4480 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
16:39:13.0492 4480 Compbatt - ok
16:39:14.0010 4480 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:39:14.0012 4480 CompositeBus - ok
16:39:14.0273 4480 COMSysApp - ok
16:39:14.0697 4480 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
16:39:14.0714 4480 crcdisk - ok
16:39:15.0031 4480 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:39:15.0036 4480 CryptSvc - ok
16:39:15.0343 4480 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:39:15.0358 4480 DcomLaunch - ok
16:39:15.0642 4480 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:39:15.0650 4480 defragsvc - ok
16:39:16.0205 4480 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:39:16.0209 4480 DfsC - ok
16:39:16.0511 4480 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:39:16.0519 4480 Dhcp - ok
16:39:16.0972 4480 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:39:16.0974 4480 discache - ok
16:39:17.0395 4480 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
16:39:17.0398 4480 Disk - ok
16:39:17.0664 4480 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:39:17.0670 4480 Dnscache - ok
16:39:18.0085 4480 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:39:18.0093 4480 dot3svc - ok
16:39:18.0554 4480 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:39:18.0560 4480 DPS - ok
16:39:19.0000 4480 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:39:19.0002 4480 drmkaud - ok
16:39:19.0405 4480 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:39:19.0425 4480 DXGKrnl - ok
16:39:19.0711 4480 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:39:19.0715 4480 EapHost - ok
16:39:20.0274 4480 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
16:39:20.0372 4480 ebdrv - ok
16:39:20.0653 4480 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:39:20.0657 4480 EFS - ok
16:39:20.0822 4480 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:39:20.0837 4480 ehRecvr - ok
16:39:21.0050 4480 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:39:21.0054 4480 ehSched - ok
16:39:21.0625 4480 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
16:39:21.0637 4480 elxstor - ok
16:39:21.0983 4480 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:39:21.0985 4480 ErrDev - ok
16:39:22.0399 4480 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:39:22.0410 4480 EventSystem - ok
16:39:23.0062 4480 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:39:23.0067 4480 exfat - ok
16:39:23.0329 4480 ezSharedSvc - ok
16:39:23.0810 4480 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:39:23.0816 4480 fastfat - ok
16:39:24.0110 4480 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:39:24.0126 4480 Fax - ok
16:39:24.0525 4480 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
16:39:24.0527 4480 fdc - ok
16:39:24.0885 4480 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:39:24.0887 4480 fdPHost - ok
16:39:25.0178 4480 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:39:25.0182 4480 FDResPub - ok
16:39:25.0578 4480 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:39:25.0581 4480 FileInfo - ok
16:39:25.0989 4480 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:39:25.0991 4480 Filetrace - ok
16:39:26.0340 4480 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
16:39:26.0343 4480 flpydisk - ok
16:39:26.0867 4480 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:39:26.0874 4480 FltMgr - ok
16:39:27.0171 4480 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:39:27.0197 4480 FontCache - ok
16:39:27.0345 4480 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:39:27.0347 4480 FontCache3.0.0.0 - ok
16:39:27.0698 4480 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:39:27.0726 4480 FsDepends - ok
16:39:28.0210 4480 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:39:28.0212 4480 Fs_Rec - ok
16:39:28.0614 4480 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:39:28.0620 4480 fvevol - ok
16:39:29.0109 4480 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
16:39:29.0112 4480 gagp30kx - ok
16:39:29.0276 4480 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
16:39:29.0279 4480 GamesAppService - ok
16:39:29.0655 4480 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:39:29.0658 4480 GEARAspiWDM - ok
16:39:30.0121 4480 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:39:30.0139 4480 gpsvc - ok
16:39:30.0315 4480 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:39:30.0319 4480 gupdate - ok
16:39:30.0353 4480 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:39:30.0356 4480 gupdatem - ok
16:39:30.0753 4480 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:39:30.0756 4480 hcw85cir - ok
16:39:31.0307 4480 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:39:31.0316 4480 HdAudAddService - ok
16:39:31.0703 4480 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:39:31.0707 4480 HDAudBus - ok
16:39:32.0152 4480 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
16:39:32.0155 4480 HidBatt - ok
16:39:32.0496 4480 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
16:39:32.0501 4480 HidBth - ok
16:39:33.0268 4480 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
16:39:33.0271 4480 HidIr - ok
16:39:33.0588 4480 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:39:33.0591 4480 hidserv - ok
16:39:34.0031 4480 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:39:34.0034 4480 HidUsb - ok
16:39:34.0454 4480 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:39:34.0458 4480 hkmsvc - ok
16:39:34.0876 4480 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:39:34.0884 4480 HomeGroupListener - ok
16:39:35.0305 4480 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:39:35.0312 4480 HomeGroupProvider - ok
16:39:35.0595 4480 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
16:39:35.0599 4480 HP Health Check Service - ok
16:39:35.0720 4480 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
16:39:35.0727 4480 HPClientSvc - ok
16:39:35.0976 4480 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
16:39:35.0999 4480 hpCMSrv - ok
16:39:36.0191 4480 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
16:39:36.0216 4480 HPDrvMntSvc.exe - ok
16:39:36.0275 4480 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
16:39:36.0292 4480 hpqwmiex - ok
16:39:36.0775 4480 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:39:36.0778 4480 HpSAMD - ok
16:39:36.0961 4480 HPWMISVC (ead185acdcfd81bf2172cd6f36277d50) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
16:39:36.0963 4480 HPWMISVC - ok
16:39:37.0420 4480 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:39:37.0444 4480 HTTP - ok
16:39:38.0057 4480 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:39:38.0059 4480 hwpolicy - ok
16:39:38.0528 4480 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:39:38.0543 4480 i8042prt - ok
16:39:39.0024 4480 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:39:39.0033 4480 iaStorV - ok
16:39:39.0293 4480 IconMan_R (2c3cc41fefcb77e2826886e6b7ef93ae) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
16:39:39.0329 4480 IconMan_R - ok
16:39:39.0531 4480 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:39:39.0551 4480 idsvc - ok
16:39:40.0056 4480 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
16:39:40.0059 4480 iirsp - ok
16:39:40.0341 4480 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:39:40.0360 4480 IKEEXT - ok
16:39:40.0858 4480 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
16:39:40.0862 4480 inspect - ok
16:39:41.0214 4480 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:39:41.0217 4480 intelide - ok
16:39:41.0637 4480 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
16:39:41.0640 4480 intelppm - ok
16:39:41.0929 4480 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:39:41.0934 4480 IPBusEnum - ok
16:39:42.0374 4480 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:39:42.0402 4480 IpFilterDriver - ok
16:39:42.0790 4480 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:39:42.0803 4480 iphlpsvc - ok
16:39:43.0308 4480 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:39:43.0311 4480 IPMIDRV - ok
16:39:43.0788 4480 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:39:43.0792 4480 IPNAT - ok
16:39:43.0920 4480 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe
16:39:43.0939 4480 iPod Service - ok
16:39:44.0333 4480 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:39:44.0336 4480 IRENUM - ok
16:39:44.0808 4480 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:39:44.0819 4480 isapnp - ok
16:39:45.0201 4480 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:39:45.0209 4480 iScsiPrt - ok
16:39:45.0611 4480 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:39:45.0614 4480 kbdclass - ok
16:39:46.0069 4480 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:39:46.0072 4480 kbdhid - ok
16:39:46.0343 4480 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:39:46.0346 4480 KeyIso - ok
16:39:46.0730 4480 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:39:46.0733 4480 KSecDD - ok
16:39:47.0134 4480 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:39:47.0139 4480 KSecPkg - ok
16:39:47.0559 4480 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:39:47.0562 4480 ksthunk - ok
16:39:47.0872 4480 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:39:47.0883 4480 KtmRm - ok
16:39:48.0293 4480 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
16:39:48.0302 4480 LanmanServer - ok
16:39:48.0620 4480 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:39:48.0627 4480 LanmanWorkstation - ok
16:39:49.0117 4480 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:39:49.0134 4480 lltdio - ok
16:39:49.0428 4480 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:39:49.0437 4480 lltdsvc - ok
16:39:49.0714 4480 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:39:49.0717 4480 lmhosts - ok
16:39:50.0347 4480 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
16:39:50.0351 4480 LSI_FC - ok
16:39:50.0754 4480 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
16:39:50.0758 4480 LSI_SAS - ok
16:39:51.0284 4480 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
16:39:51.0287 4480 LSI_SAS2 - ok
16:39:51.0742 4480 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
16:39:51.0746 4480 LSI_SCSI - ok
16:39:52.0141 4480 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:39:52.0145 4480 luafv - ok
16:39:52.0594 4480 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
16:39:52.0596 4480 MBAMProtector - ok
16:39:52.0794 4480 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:39:52.0808 4480 MBAMService - ok
16:39:53.0164 4480 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
16:39:53.0171 4480 McComponentHostService - ok
16:39:53.0501 4480 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:39:53.0507 4480 Mcx2Svc - ok
16:39:53.0986 4480 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
16:39:53.0989 4480 megasas - ok
16:39:54.0378 4480 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
16:39:54.0386 4480 MegaSR - ok
16:39:54.0858 4480 Microsoft SharePoint Workspace Audit Service - ok
16:39:55.0187 4480 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:39:55.0192 4480 MMCSS - ok
16:39:55.0542 4480 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:39:55.0545 4480 Modem - ok
16:39:56.0019 4480 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:39:56.0022 4480 monitor - ok
16:39:56.0414 4480 motccgp (5d1080dbd8ec5f2d6e550e01398e17cf) C:\Windows\system32\DRIVERS\motccgp.sys
16:39:56.0417 4480 motccgp - ok
16:39:57.0042 4480 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
16:39:57.0045 4480 motccgpfl - ok
16:39:57.0429 4480 motmodem (6cbc0f4005593c96c9aecad39f0690fc) C:\Windows\system32\DRIVERS\motmodem.sys
16:39:57.0432 4480 motmodem - ok
16:39:57.0659 4480 MotoHelper (fa073bf55e99f21cfe3afb023cfd81dc) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
16:39:57.0666 4480 MotoHelper - ok
16:39:58.0592 4480 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
16:39:58.0596 4480 MotoSwitchService - ok
16:39:59.0169 4480 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
16:39:59.0172 4480 Motousbnet - ok
16:39:59.0747 4480 motusbdevice (307727f9829fb46ff4be0e4d1dac5002) C:\Windows\system32\DRIVERS\motusbdevice.sys
16:39:59.0750 4480 motusbdevice - ok
16:40:00.0111 4480 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:40:00.0115 4480 mouclass - ok
16:40:00.0846 4480 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
16:40:00.0850 4480 mouhid - ok
16:40:01.0234 4480 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:40:01.0237 4480 mountmgr - ok
16:40:01.0624 4480 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:40:01.0641 4480 mpio - ok
16:40:02.0038 4480 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:40:02.0042 4480 mpsdrv - ok
16:40:02.0360 4480 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:40:02.0379 4480 MpsSvc - ok
16:40:02.0874 4480 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:40:02.0878 4480 MRxDAV - ok
16:40:03.0270 4480 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:40:03.0274 4480 mrxsmb - ok
16:40:03.0624 4480 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:40:03.0631 4480 mrxsmb10 - ok
16:40:04.0078 4480 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:40:04.0083 4480 mrxsmb20 - ok
16:40:04.0430 4480 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:40:04.0433 4480 msahci - ok
16:40:04.0872 4480 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:40:04.0890 4480 msdsm - ok
16:40:05.0244 4480 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:40:05.0250 4480 MSDTC - ok
16:40:05.0653 4480 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:40:05.0656 4480 Msfs - ok
16:40:06.0030 4480 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:40:06.0033 4480 mshidkmdf - ok
16:40:06.0443 4480 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:40:06.0445 4480 msisadrv - ok
16:40:06.0827 4480 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:40:06.0834 4480 MSiSCSI - ok
16:40:07.0164 4480 msiserver - ok
16:40:07.0683 4480 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:40:07.0685 4480 MSKSSRV - ok
16:40:08.0150 4480 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:40:08.0152 4480 MSPCLOCK - ok
16:40:08.0639 4480 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:40:08.0653 4480 MSPQM - ok
16:40:09.0319 4480 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:40:09.0347 4480 MsRPC - ok
16:40:10.0072 4480 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:40:10.0075 4480 mssmbios - ok
16:40:10.0460 4480 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:40:10.0462 4480 MSTEE - ok
16:40:11.0037 4480 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
16:40:11.0039 4480 MTConfig - ok
16:40:11.0473 4480 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:40:11.0476 4480 Mup - ok
16:40:11.0812 4480 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:40:11.0831 4480 napagent - ok
16:40:12.0256 4480 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:40:12.0264 4480 NativeWifiP - ok
16:40:12.0716 4480 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
16:40:12.0743 4480 NDIS - ok
16:40:13.0230 4480 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:40:13.0233 4480 NdisCap - ok
16:40:13.0631 4480 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:40:13.0633 4480 NdisTapi - ok
16:40:14.0132 4480 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:40:14.0135 4480 Ndisuio - ok
16:40:14.0525 4480 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:40:14.0531 4480 NdisWan - ok
16:40:14.0970 4480 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:40:14.0973 4480 NDProxy - ok
16:40:15.0415 4480 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:40:15.0418 4480 NetBIOS - ok
16:40:15.0792 4480 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:40:15.0799 4480 NetBT - ok
16:40:16.0178 4480 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:40:16.0181 4480 Netlogon - ok
16:40:16.0488 4480 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:40:16.0499 4480 Netman - ok
16:40:16.0827 4480 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:40:16.0854 4480 NetMsmqActivator - ok
16:40:16.0883 4480 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:40:16.0886 4480 NetPipeActivator - ok
16:40:17.0259 4480 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:40:17.0272 4480 netprofm - ok
16:40:17.0616 4480 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:40:17.0619 4480 NetTcpActivator - ok
16:40:17.0629 4480 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:40:17.0632 4480 NetTcpPortSharing - ok
16:40:18.0221 4480 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
16:40:18.0248 4480 nfrd960 - ok
16:40:18.0598 4480 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:40:18.0607 4480 NlaSvc - ok
16:40:19.0300 4480 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:40:19.0311 4480 Npfs - ok
16:40:19.0595 4480 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:40:19.0600 4480 nsi - ok
16:40:19.0967 4480 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:40:19.0970 4480 nsiproxy - ok
16:40:20.0407 4480 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:40:20.0444 4480 Ntfs - ok
16:40:20.0840 4480 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:40:20.0855 4480 Null - ok
16:40:21.0342 4480 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
16:40:21.0352 4480 NVENETFD - ok
16:40:21.0764 4480 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:40:21.0768 4480 nvraid - ok
16:40:22.0168 4480 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:40:22.0173 4480 nvstor - ok
16:40:22.0543 4480 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:40:22.0547 4480 nv_agp - ok
16:40:22.0912 4480 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:40:22.0916 4480 ohci1394 - ok
16:40:23.0093 4480 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:40:23.0097 4480 ose - ok
16:40:23.0386 4480 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:40:23.0461 4480 osppsvc - ok
16:40:23.0811 4480 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:40:23.0826 4480 p2pimsvc - ok
16:40:24.0245 4480 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:40:24.0258 4480 p2psvc - ok
16:40:24.0777 4480 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
16:40:24.0781 4480 Parport - ok
16:40:25.0306 4480 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:40:25.0310 4480 partmgr - ok
16:40:25.0592 4480 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:40:25.0599 4480 PcaSvc - ok
16:40:25.0974 4480 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:40:25.0980 4480 pci - ok
16:40:26.0415 4480 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:40:26.0418 4480 pciide - ok
16:40:26.0792 4480 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
16:40:26.0798 4480 pcmcia - ok
16:40:27.0196 4480 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:40:27.0199 4480 pcw - ok
16:40:27.0567 4480 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:40:27.0581 4480 PEAUTH - ok
16:40:27.0897 4480 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:40:27.0901 4480 PerfHost - ok
16:40:28.0265 4480 pla (c7cf6a6e137463219e1259e3f0f0dd6c)
 
C:\Windows\system32\pla.dll
16:40:28.0296 4480 pla - ok
16:40:28.0621 4480 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:40:28.0634 4480 PlugPlay - ok
16:40:29.0135 4480 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:40:29.0140 4480 PNRPAutoReg - ok
16:40:29.0444 4480 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:40:29.0452 4480 PNRPsvc - ok
16:40:29.0875 4480 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:40:29.0886 4480 PolicyAgent - ok
16:40:30.0154 4480 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:40:30.0162 4480 Power - ok
16:40:30.0594 4480 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:40:30.0602 4480 PptpMiniport - ok
16:40:31.0115 4480 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
16:40:31.0118 4480 Processor - ok
16:40:31.0415 4480 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:40:31.0423 4480 ProfSvc - ok
16:40:31.0712 4480 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:40:31.0715 4480 ProtectedStorage - ok
16:40:32.0226 4480 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:40:32.0231 4480 Psched - ok
16:40:32.0640 4480 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
16:40:32.0672 4480 ql2300 - ok
16:40:33.0192 4480 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
16:40:33.0197 4480 ql40xx - ok
16:40:33.0480 4480 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:40:33.0489 4480 QWAVE - ok
16:40:33.0908 4480 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:40:33.0912 4480 QWAVEdrv - ok
16:40:34.0308 4480 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:40:34.0311 4480 RasAcd - ok
16:40:34.0771 4480 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:40:34.0782 4480 RasAgileVpn - ok
16:40:35.0077 4480 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:40:35.0083 4480 RasAuto - ok
16:40:35.0479 4480 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:40:35.0484 4480 Rasl2tp - ok
16:40:35.0879 4480 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:40:35.0890 4480 RasMan - ok
16:40:36.0281 4480 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:40:36.0285 4480 RasPppoe - ok
16:40:36.0695 4480 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:40:36.0699 4480 RasSstp - ok
16:40:37.0084 4480 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:40:37.0092 4480 rdbss - ok
16:40:37.0482 4480 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
16:40:37.0485 4480 rdpbus - ok
16:40:37.0880 4480 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:40:37.0883 4480 RDPCDD - ok
16:40:38.0281 4480 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:40:38.0283 4480 RDPENCDD - ok
16:40:38.0681 4480 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:40:38.0684 4480 RDPREFMP - ok
16:40:39.0297 4480 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:40:39.0304 4480 RDPWD - ok
16:40:39.0832 4480 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:40:39.0838 4480 rdyboost - ok
16:40:40.0116 4480 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:40:40.0121 4480 RemoteAccess - ok
16:40:40.0548 4480 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:40:40.0556 4480 RemoteRegistry - ok
16:40:40.0690 4480 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
16:40:40.0699 4480 RoxioNow Service - ok
16:40:41.0022 4480 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:40:41.0027 4480 RpcEptMapper - ok
16:40:41.0303 4480 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:40:41.0307 4480 RpcLocator - ok
16:40:41.0614 4480 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:40:41.0626 4480 RpcSs - ok
16:40:42.0098 4480 RSPCIESTOR (d5c3e1629a3f7f0857d27949252b94ce) C:\Windows\system32\DRIVERS\RtsPStor.sys
16:40:42.0119 4480 RSPCIESTOR - ok
16:40:42.0592 4480 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:40:42.0596 4480 rspndr - ok
16:40:43.0027 4480 RTL8167 (a73ed14670220307874ad6bc2f279349) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:40:43.0037 4480 RTL8167 - ok
16:40:43.0524 4480 RTL8192Ce (5fa2f4f658fca7816a5ff6980b95c5f9) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
16:40:43.0549 4480 RTL8192Ce - ok
16:40:43.0823 4480 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:40:43.0826 4480 SamSs - ok
16:40:44.0188 4480 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:40:44.0192 4480 sbp2port - ok
16:40:44.0462 4480 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:40:44.0471 4480 SCardSvr - ok
16:40:45.0094 4480 SCDEmu (c81eb41e9ffc35560e5025891dc01a6e) C:\Windows\system32\drivers\SCDEmu.sys
16:40:45.0098 4480 SCDEmu - ok
16:40:45.0461 4480 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:40:45.0464 4480 scfilter - ok
16:40:45.0766 4480 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:40:45.0794 4480 Schedule - ok
16:40:46.0075 4480 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:40:46.0077 4480 SCPolicySvc - ok
16:40:46.0582 4480 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
16:40:46.0587 4480 sdbus - ok
16:40:46.0890 4480 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:40:46.0898 4480 SDRSVC - ok
16:40:47.0037 4480 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
16:40:47.0043 4480 SeaPort - ok
16:40:47.0427 4480 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:40:47.0430 4480 secdrv - ok
16:40:47.0720 4480 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:40:47.0726 4480 seclogon - ok
16:40:48.0010 4480 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:40:48.0016 4480 SENS - ok
16:40:48.0424 4480 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:40:48.0438 4480 SensrSvc - ok
16:40:48.0871 4480 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
16:40:48.0873 4480 Serenum - ok
16:40:49.0436 4480 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
16:40:49.0441 4480 Serial - ok
16:40:49.0781 4480 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
16:40:49.0783 4480 sermouse - ok
16:40:50.0153 4480 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:40:50.0167 4480 SessionEnv - ok
16:40:50.0551 4480 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:40:50.0553 4480 sffdisk - ok
16:40:50.0984 4480 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:40:50.0987 4480 sffp_mmc - ok
16:40:51.0442 4480 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:40:51.0445 4480 sffp_sd - ok
16:40:51.0811 4480 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
16:40:51.0813 4480 sfloppy - ok
16:40:52.0150 4480 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:40:52.0160 4480 SharedAccess - ok
16:40:52.0467 4480 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:40:52.0479 4480 ShellHWDetection - ok
16:40:52.0877 4480 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
16:40:52.0880 4480 SiSRaid2 - ok
16:40:53.0256 4480 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
16:40:53.0260 4480 SiSRaid4 - ok
16:40:53.0725 4480 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:40:53.0739 4480 Smb - ok
16:40:54.0124 4480 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:40:54.0129 4480 SNMPTRAP - ok
16:40:54.0503 4480 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:40:54.0505 4480 spldr - ok
16:40:54.0939 4480 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:40:54.0955 4480 Spooler - ok
16:40:55.0716 4480 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:40:55.0793 4480 sppsvc - ok
16:40:56.0096 4480 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:40:56.0102 4480 sppuinotify - ok
16:40:56.0609 4480 SpyEmrg (7812faa01daf3e3ce9e8a2a7c4abcdf0) C:\Windows\system32\Drivers\spyemrg.sys
16:40:56.0612 4480 SpyEmrg - ok
16:40:57.0021 4480 SpyEmrgAccess (70b90b8f3733194a72a7fedc8567eb3d) C:\Windows\system32\Drivers\spyemrg_access.sys
16:40:57.0023 4480 SpyEmrgAccess - ok
16:40:57.0594 4480 SpyEmrgGuard (3f87ad9594bbae33215014c794c95b42) C:\Windows\system32\Drivers\spyemrg_guard.sys
16:40:57.0596 4480 SpyEmrgGuard - ok
16:40:57.0875 4480 SpyEmrgSrv (a12b5104f5f5fd6c1dc6427762d0118d) C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
16:40:58.0020 4480 SpyEmrgSrv - ok
16:40:58.0540 4480 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:40:58.0551 4480 srv - ok
16:40:59.0018 4480 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:40:59.0027 4480 srv2 - ok
16:40:59.0571 4480 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
16:40:59.0580 4480 SrvHsfHDA - ok
16:40:59.0983 4480 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
16:41:00.0023 4480 SrvHsfV92 - ok
16:41:00.0462 4480 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
16:41:00.0481 4480 SrvHsfWinac - ok
16:41:00.0927 4480 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:41:00.0934 4480 srvnet - ok
16:41:01.0233 4480 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:41:01.0240 4480 SSDPSRV - ok
16:41:01.0633 4480 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:41:01.0640 4480 SstpSvc - ok
16:41:01.0829 4480 STacSV (293a556e04f815477ae93e07b35065e6) C:\Program Files\IDT\WDM\STacSV64.exe
16:41:01.0835 4480 STacSV - ok
16:41:02.0192 4480 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
16:41:02.0195 4480 stexstor - ok
16:41:02.0729 4480 STHDA (aa3c0336514c239a171f00a6902b59b8) C:\Windows\system32\DRIVERS\stwrt64.sys
16:41:02.0741 4480 STHDA - ok
16:41:03.0062 4480 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:41:03.0078 4480 stisvc - ok
16:41:03.0477 4480 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:41:03.0491 4480 swenum - ok
16:41:03.0841 4480 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:41:03.0856 4480 swprv - ok
16:41:04.0368 4480 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
16:41:04.0400 4480 SynTP - ok
16:41:05.0073 4480 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:41:05.0113 4480 SysMain - ok
16:41:05.0400 4480 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:41:05.0407 4480 TabletInputService - ok
16:41:05.0750 4480 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:41:05.0768 4480 TapiSrv - ok
16:41:06.0067 4480 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:41:06.0074 4480 TBS - ok
16:41:06.0543 4480 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:41:06.0585 4480 Tcpip - ok
16:41:07.0064 4480 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:41:07.0094 4480 TCPIP6 - ok
16:41:07.0475 4480 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:41:07.0478 4480 tcpipreg - ok
16:41:07.0924 4480 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:41:07.0926 4480 TDPIPE - ok
16:41:08.0298 4480 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:41:08.0301 4480 TDTCP - ok
16:41:08.0869 4480 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:41:08.0874 4480 tdx - ok
16:41:09.0453 4480 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:41:09.0457 4480 TermDD - ok
16:41:09.0764 4480 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:41:09.0783 4480 TermService - ok
16:41:10.0114 4480 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:41:10.0119 4480 Themes - ok
16:41:10.0412 4480 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:41:10.0416 4480 THREADORDER - ok
16:41:10.0834 4480 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:41:10.0841 4480 TrkWks - ok
16:41:11.0366 4480 TrojanKillerDriver (9bf9e809fbb2d5d0403b32b15abe5f30) C:\Windows\system32\DRIVERS\gtkdrv.sys
16:41:11.0368 4480 TrojanKillerDriver - ok
16:41:11.0477 4480 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:41:11.0482 4480 TrustedInstaller - ok
16:41:11.0814 4480 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:41:11.0817 4480 tssecsrv - ok
16:41:12.0203 4480 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:41:12.0207 4480 TsUsbFlt - ok
16:41:12.0577 4480 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
16:41:12.0580 4480 TsUsbGD - ok
16:41:13.0076 4480 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:41:13.0080 4480 tunnel - ok
16:41:13.0451 4480 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
16:41:13.0455 4480 uagp35 - ok
16:41:13.0942 4480 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:41:13.0950 4480 udfs - ok
16:41:14.0274 4480 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:41:14.0281 4480 UI0Detect - ok
16:41:14.0917 4480 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:41:14.0921 4480 uliagpkx - ok
16:41:15.0340 4480 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:41:15.0343 4480 umbus - ok
16:41:15.0723 4480 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
16:41:15.0725 4480 UmPass - ok
16:41:16.0077 4480 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:41:16.0089 4480 upnphost - ok
16:41:16.0471 4480 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:41:16.0475 4480 USBAAPL64 - ok
16:41:16.0920 4480 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:41:16.0939 4480 usbaudio - ok
16:41:17.0342 4480 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:41:17.0346 4480 usbccgp - ok
16:41:17.0755 4480 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:41:17.0759 4480 usbcir - ok
16:41:18.0416 4480 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:41:18.0423 4480 usbehci - ok
16:41:19.0037 4480 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:41:19.0047 4480 usbhub - ok
16:41:19.0547 4480 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
16:41:19.0550 4480 usbohci - ok
16:41:19.0949 4480 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:41:19.0952 4480 usbprint - ok
16:41:20.0445 4480 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:41:20.0448 4480 usbscan - ok
16:41:20.0833 4480 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:41:20.0837 4480 USBSTOR - ok
16:41:21.0273 4480 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:41:21.0276 4480 usbuhci - ok
16:41:21.0700 4480 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
16:41:21.0706 4480 usbvideo - ok
16:41:21.0972 4480 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:41:21.0978 4480 UxSms - ok
16:41:22.0381 4480 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:41:22.0384 4480 VaultSvc - ok
16:41:22.0821 4480 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:41:22.0824 4480 vdrvroot - ok
16:41:23.0149 4480 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:41:23.0162 4480 vds - ok
16:41:23.0570 4480 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:41:23.0573 4480 vga - ok
16:41:24.0035 4480 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:41:24.0038 4480 VgaSave - ok
16:41:24.0509 4480 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:41:24.0519 4480 vhdmp - ok
16:41:25.0106 4480 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:41:25.0109 4480 viaide - ok
16:41:25.0489 4480 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:41:25.0493 4480 volmgr - ok
16:41:26.0013 4480 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:41:26.0022 4480 volmgrx - ok
16:41:26.0410 4480 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:41:26.0417 4480 volsnap - ok
16:41:26.0857 4480 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
16:41:26.0862 4480 vsmraid - ok
16:41:27.0177 4480 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:41:27.0214 4480 VSS - ok
16:41:27.0625 4480 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:41:27.0628 4480 vwifibus - ok
16:41:28.0015 4480 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:41:28.0019 4480 vwififlt - ok
16:41:28.0403 4480 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:41:28.0416 4480 W32Time - ok
16:41:28.0824 4480 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
16:41:28.0827 4480 WacomPen - ok
16:41:29.0296 4480 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:41:29.0310 4480 WANARP - ok
16:41:29.0361 4480 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:41:29.0364 4480 Wanarpv6 - ok
16:41:29.0793 4480 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:41:29.0818 4480 WatAdminSvc - ok
16:41:30.0131 4480 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:41:30.0165 4480 wbengine - ok
16:41:30.0542 4480 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:41:30.0558 4480 WbioSrvc - ok
16:41:30.0839 4480 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:41:30.0851 4480 wcncsvc - ok
16:41:31.0127 4480 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:41:31.0133 4480 WcsPlugInService - ok
16:41:31.0558 4480 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
16:41:31.0561 4480 Wd - ok
16:41:31.0968 4480 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:41:31.0983 4480 Wdf01000 - ok
16:41:32.0256 4480 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:41:32.0262 4480 WdiServiceHost - ok
16:41:32.0277 4480 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:41:32.0283 4480 WdiSystemHost - ok
16:41:32.0678 4480 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:41:32.0688 4480 WebClient - ok
16:41:32.0991 4480 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:41:33.0000 4480 Wecsvc - ok
16:41:33.0340 4480 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:41:33.0347 4480 wercplsupport - ok
16:41:33.0738 4480 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:41:33.0744 4480 WerSvc - ok
16:41:34.0168 4480 WFMC_VAD (c48ca80fdc6926a9fc2f520379bdb635) C:\Windows\system32\DRIVERS\wfmcvad.sys
16:41:34.0170 4480 WFMC_VAD - ok
16:41:34.0594 4480 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:41:34.0596 4480 WfpLwf - ok
16:41:35.0139 4480 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:41:35.0142 4480 WIMMount - ok
16:41:35.0243 4480 WinDefend - ok
16:41:35.0294 4480 WinHttpAutoProxySvc - ok
16:41:35.0649 4480 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:41:35.0656 4480 Winmgmt - ok
16:41:36.0099 4480 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:41:36.0166 4480 WinRM - ok
16:41:36.0700 4480 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:41:36.0703 4480 WinUsb - ok
16:41:37.0055 4480 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:41:37.0077 4480 Wlansvc - ok
16:41:37.0193 4480 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:41:37.0195 4480 wlcrasvc - ok
16:41:37.0379 4480 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:41:37.0426 4480 wlidsvc - ok
16:41:37.0821 4480 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:41:37.0824 4480 WmiAcpi - ok
16:41:38.0293 4480 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:41:38.0300 4480 wmiApSrv - ok
16:41:38.0410 4480 WMPNetworkSvc - ok
16:41:38.0741 4480 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:41:38.0748 4480 WPCSvc - ok
16:41:39.0068 4480 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:41:39.0075 4480 WPDBusEnum - ok
16:41:39.0473 4480 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:41:39.0476 4480 ws2ifsl - ok
16:41:39.0772 4480 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
16:41:39.0779 4480 wscsvc - ok
16:41:40.0102 4480 WSearch - ok
16:41:40.0505 4480 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:41:40.0561 4480 wuauserv - ok
16:41:40.0943 4480 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:41:40.0948 4480 WudfPf - ok
16:41:41.0479 4480 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:41:41.0484 4480 WUDFRd - ok
16:41:41.0770 4480 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:41:41.0777 4480 wudfsvc - ok
16:41:42.0093 4480 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:41:42.0104 4480 WwanSvc - ok
16:41:42.0200 4480 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:41:42.0290 4480 \Device\Harddisk0\DR0 - ok
16:41:42.0307 4480 Boot (0x1200) (f762b3bd794b7469b0d1e9cd5b57b695) \Device\Harddisk0\DR0\Partition0
16:41:42.0309 4480 \Device\Harddisk0\DR0\Partition0 - ok
16:41:42.0332 4480 Boot (0x1200) (c61e32c0b3f7ba1abefaadeb69a1844c) \Device\Harddisk0\DR0\Partition1
16:41:42.0335 4480 \Device\Harddisk0\DR0\Partition1 - ok
16:41:42.0368 4480 Boot (0x1200) (27ff6bd7c05aff264d4d7808cb4be055) \Device\Harddisk0\DR0\Partition2
16:41:42.0370 4480 \Device\Harddisk0\DR0\Partition2 - ok
16:41:42.0388 4480 Boot (0x1200) (259bd720a40481d0874aa0addb491d0f) \Device\Harddisk0\DR0\Partition3
16:41:42.0389 4480 \Device\Harddisk0\DR0\Partition3 - ok
16:41:42.0390 4480 ============================================================
16:41:42.0390 4480 Scan finished
16:41:42.0390 4480 ============================================================
16:41:42.0423 2728 Detected object count: 0
16:41:42.0423 2728 Actual detected object count: 0
 
Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
 
Status
Not open for further replies.

Similar threads

R
Solved Norton blocked attack by: System Infected: Miner.Bitcoinminer Activity #
2
Replies
32
Views
3K
Broni
Broni
Z
Windows Insiders can now use Sudo just like they do on Linux
Replies
3
Views
174
bviktor
B
Cal Jeffrey
Your outdated version of Windows Media Player 6 will still work after the Y2K38 bug ends...
Replies
6
Views
130
dangh
dangh

Latest posts

Back