TechSpot

Rootkit remaining after Rogue.FakeHDD

By ViolinDad
Aug 16, 2012
  1. I scanned Win7/64 pc with MBAM in safe mode and it removed a number of items. Then I tried scanning with Vipre and SuperAntiSpyware, but the pc would suddenly shut down in the middle of the scan (even after first running RKill). I tried to get to the ESET online scan, but was redirected. I have since run GMER and DDS, logs of which are below.

    Thanks for any help getting rid of the remaining malware.

    MBAM

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.13.07

    Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.7601.17514
    Jane :: JANE-PC [administrator]

    8/13/2012 8:50:38 PM
    mbam-log-2012-08-13 (20-50-38).txt

    Scan type: Full scan (C:\|D:\|E:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 411858
    Time elapsed: 47 minute(s), 56 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 4
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|syshost32 (Trojan.Phex.THAGen6) -> Data: C:\Users\Jane\AppData\Local\{E07D9A09-0289-43CB-D566-A3B1B3563B25}\syshost.exe -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|eWNaaXjiaqX.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\eWNaaXjiaqX.exe -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|huzN5Dxqvot4e9 (Rogue.FakeHDD) -> Data: C:\ProgramData\huzN5Dxqvot4e9.exe -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Update Server (Backdoor.IRCBot) -> Data: C:\Users\Jane\57bd77ea-3221.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 4
    C:\Users\Jane\AppData\Local\{E07D9A09-0289-43CB-D566-A3B1B3563B25}\syshost.exe (Trojan.Phex.THAGen6) -> Quarantined and deleted successfully.
    C:\ProgramData\eWNaaXjiaqX.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
    C:\ProgramData\huzN5Dxqvot4e9.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
    C:\Users\Jane\57bd77ea-3221.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.

    (end)
    GMER
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-08-16 13:32:03
    Windows 6.1.7601 Service Pack 1
    Running: kxzzi91e.exe
    ---- Services - GMER 1.0.15 ----
    Service System32\Drivers\afe8b0cca498795.sys (*** hidden *** ) [BOOT] afe8b0cca498795 <-- ROOTKIT !!!
    ---- EOF - GMER 1.0.15 ----
    DDS
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL
    Internet Explorer: 8.0.7601.17514
    Run by Jane at 13:57:53 on 2012-08-16
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.3281 [GMT -6:00]
    .
    AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
    FW: GFI Software VIPRE *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
    C:\Windows\system32\ctfmon.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.cnn.com/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
    uRun: [GameXN (update)] "C:\ProgramData\GameXN\GameXNGO.exe" /u
    uRun: [GameXN (news)] "C:\ProgramData\GameXN\GameXNGO.exe" /n
    uRun: [GameXN] "C:\ProgramData\GameXN\GameXNGO.exe" /silent
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYHO~1.LNK - C:\Program Files (x86)\MozyHome\mozystat.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{CCF5CA41-3CD0-42F9-8D77-9E196DFA946F} : DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{CCF5CA41-3CD0-42F9-8D77-9E196DFA946F}\142656E6467416C6C6562797 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{CCF5CA41-3CD0-42F9-8D77-9E196DFA946F}\27F68716E6E656 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{CCF5CA41-3CD0-42F9-8D77-9E196DFA946F}\3516D616E6478616 : DhcpNameServer = 10.1.10.1
    TCP: Interfaces\{CCF5CA41-3CD0-42F9-8D77-9E196DFA946F}\8616374796E67637 : DhcpNameServer = 68.87.85.102 68.87.69.150
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll
    BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-5-2 173920]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    S1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
    S1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2012-1-25 101112]
    S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-2-11 98208]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-3 136176]
    S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    S2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-10-1 375176]
    S2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
    S2 SBAMSvc;VIPRE Internet Security;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-5-2 3289680]
    S2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
    S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-2-11 2320920]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 250056]
    S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-1-20 227896]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-3 136176]
    S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-2-11 225280]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
    S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
    S3 SbHips;SbHips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
    S3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS\sbwtis.sys [?]
    S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-08-16 17:51:01--------d-----w-C:\VIPRERESCUE
    2012-08-16 16:44:28--------d-----w-C:\Program Files\SUPERAntiSpyware
    2012-08-15 16:51:54--------d-----w-C:\Users\Jane\AppData\Roaming\SUPERAntiSpyware.com
    2012-08-15 16:51:47--------d-----w-C:\ProgramData\SUPERAntiSpyware.com
    2012-08-15 16:29:37--------d-----w-C:\Program Files\Kaspersky
    2012-08-14 01:14:5084920----a-w-C:\Windows\System32\drivers\afe8b0cca498795.sys
    2012-08-14 00:41:23--------d-----w-C:\Users\Jane\AppData\Local\{E07D9A09-0289-43CB-D566-A3B1B3563B25}
    2012-08-05 21:48:24--------d-----w-C:\Users\Jane\AppData\Local\{6BAFEF1D-8279-44F2-A99B-C427E76A98D1}
    2012-08-05 21:48:13--------d-----w-C:\Users\Jane\AppData\Local\{F116CFB8-8510-4B95-A584-0BA2A45965C5}
    2012-08-05 21:47:02--------d-----w-C:\Users\Jane\AppData\Local\{DF1A1239-945F-4BFA-9051-D8B71025FAB5}
    2012-08-05 21:46:51--------d-----w-C:\Users\Jane\AppData\Local\{62A854C4-526A-460E-89D0-9090309900C8}
    .
    ==================== Find3M ====================
    .
    2012-08-02 16:53:11426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-02 16:53:1070344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-12 03:08:363148800----a-w-C:\Windows\System32\win32k.sys
    2012-06-06 06:06:162004480----a-w-C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:161881600----a-w-C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:541133568----a-w-C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:521390080----a-w-C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:521236992----a-w-C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06805376----a-w-C:\Windows\SysWow64\cdosys.dll
    2012-06-02 22:15:312622464----a-w-C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:0899840----a-w-C:\Windows\System32\wudriver.dll
    2012-06-02 21:19:42186752----a-w-C:\Windows\System32\wuwebv.dll
    2012-06-02 21:15:1236864----a-w-C:\Windows\System32\wuapp.exe
    2012-06-02 05:50:10458704----a-w-C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:1695600----a-w-C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16151920----a-w-C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31340992----a-w-C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21307200----a-w-C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:4222016----a-w-C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39225280----a-w-C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10219136----a-w-C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:0996768----a-w-C:\Windows\SysWow64\sspicli.dll
    2012-05-25 19:14:2445936----a-w-C:\Windows\System32\sbbd.exe
    .
    ============= FINISH: 14:07:16.06 ===============
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================

    I still need Attach.txt part of DDS.

    Next...

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ====================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  3. ViolinDad

    ViolinDad TS Rookie Topic Starter

    Sorry I forgot Attach.txt. I have pasted it below.

    I ran RogueKiller and pasted the result below as well.

    I was unable to run aswMBR.exe I tried to run as administrator and to run normally. I tried renaming it, both as .com and .exe and it still wouldn't run.

    Thanks for the help.

    ATTACH.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/10/2010 7:27:08 PM
    System Uptime: 8/16/2012 1:26:57 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 1425
    Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz | CPU | 2128/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 285 GiB total, 212.604 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 2.101 GiB free.
    E: is FIXED (FAT32) - 0 GiB total, 0.093 GiB free.
    F: is CDROM ()
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Officejet 6500 E710n-z
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Officejet 6500 E710n-z
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr
    .
    ==== System Restore Points ===================
    .
    RP111: 7/24/2012 1:30:16 AM - HPSF Restore Point
    RP112: 8/1/2012 12:00:02 AM - Scheduled Checkpoint
    RP113: 8/9/2012 12:00:01 AM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    6300
    6300_Help
    6300Trb
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.5.1
    Adobe Shockwave Player
    AIO_CDB_ProductContext
    AIO_CDB_Software
    AIO_Scan
    Apple Application Support
    Apple Software Update
    Atheros Driver Installation Program
    BufferChm
    Canon DIGITAL CAMERA Solution Disk Software Guide
    CANON iMAGE GATEWAY Task for ZoomBrowser EX
    Canon Internet Library for ZoomBrowser EX
    Canon MOV Decoder
    Canon MOV Encoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon Personal Printing Guide
    Canon PowerShot SD1400 IS_IXUS 130 Camera User Guide
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC 8
    Canon Utilities Movie Uploader for YouTube
    Canon Utilities MyCamera
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Comcast Desktop Software (v1.2.0.9)
    Compatibility Pack for the 2007 Office system
    Copy
    Core FTP LE
    CyberLink DVD Suite
    CyberLink MediaShow
    CyberLink PowerDVD 8
    CyberLink YouCam
    D3DX10
    Destinations
    DeviceDiscovery
    DocProc
    ESU for Microsoft Windows 7
    Fax
    GameXN GO
    Garmin Communicator Plugin
    Garmin USB Drivers
    Garmin WebUpdater
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPBaseService2
    Hewlett-Packard ACLM.NET v1.1.2.0
    HP Advisor
    HP Customer Experience Enhancements
    HP Games
    HP Officejet 6500 E710n-z Help
    HP Quick Launch Buttons
    HP Setup
    HP Support Assistant
    HP Update
    HP User Guides
    HP Wireless Assistant
    HPPhotoGadget
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    I.R.I.S. OCR
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Java Auto Updater
    Java(TM) 6 Update 26
    Junk Mail filter update
    LabelPrint
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.62.0.1300
    MarketResearch
    Marketsplash Shortcuts
    Microsoft Live Search Toolbar
    Microsoft Office Click-to-Run 2010
    Microsoft Office Home and Business 2010 - English
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Suite Activation Assistant
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee Reveal
    Notepad++
    Power2Go
    PowerDirector
    QLBCASL
    QuickTime
    Realtek Ethernet Controller Driver For Windows 7
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Recovery Manager
    Safari
    Scan
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Skype Toolbars
    Skype™ 5.5
    SmartWebPrinting
    SolutionCenter
    Status
    Toolbox
    TrayApp
    UnloadSupport
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VIPRE Internet Security
    WebReg
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Yahoo! Detect
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/16/2012 11:40:37 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    8/16/2012 11:40:02 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    8/16/2012 11:37:49 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
    8/16/2012 11:37:36 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache mozyFilter SASDIFSV SASKUTIL spldr Wanarpv6
    8/16/2012 10:40:21 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
    8/16/2012 10:40:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LMIGuardianSvc service to connect.
    8/16/2012 10:40:08 AM, Error: Service Control Manager [7000] - The LMIGuardianSvc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/16/2012 1:57:24 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    8/16/2012 1:30:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    8/16/2012 1:30:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    8/16/2012 1:27:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    8/16/2012 1:27:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    8/16/2012 1:27:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    8/16/2012 1:27:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    8/16/2012 1:27:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/16/2012 1:27:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    8/16/2012 1:27:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mozyFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL SbFw spldr tdx vwififlt Wanarpv6 WfpLwf
    8/16/2012 1:27:24 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
    8/16/2012 1:27:21 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    8/16/2012 1:27:21 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    8/16/2012 1:27:21 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    8/16/2012 1:27:21 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/16/2012 1:27:21 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/16/2012 1:27:20 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/16/2012 1:27:20 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    8/16/2012 1:27:20 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    8/16/2012 1:27:20 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/16/2012 1:27:20 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    8/15/2012 8:09:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service hpqcxs08 with arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
    8/15/2012 7:52:35 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mozyFilter NetBIOS NetBT nsiproxy Psched rdbss SbFw spldr tdx vwififlt Wanarpv6 WfpLwf
    8/15/2012 11:58:38 AM, Error: RTL8167 [5008] - Realtek PCIe FE Family Controller : Has encountered an invalid network address.
    8/15/2012 10:48:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache mozyFilter spldr Wanarpv6
    .
    ==== End Of File ===========================


    RKReport

    RogueKiller V7.6.6 [08/10/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Safe mode
    User: Jane [Admin rights]
    Mode: Scan -- Date: 08/16/2012 16:27:02

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 19 ¤¤¤
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : Root.MBR ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HTS725032A9A364 +++++
    --- User ---
    [MBR] fec26de5bdc01ec8da566a2a4de14ef4
    [BSP] 24035245c45285f1a4d81690ace6df90 : Windows Vista/7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 292078 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598585344 | Size: 12863 Mo
    3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
    User != LL1 ... KO!
    --- LL1 ---
    [MBR] 4ebd161a17ec97463ed85f5c9a350343
    [BSP] 21316ccbfbf2f41b5486a09c37284017 : MaxSS MBR Code!
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 292078 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598585344 | Size: 12863 Mo
    3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] 4ebd161a17ec97463ed85f5c9a350343
    [BSP] 21316ccbfbf2f41b5486a09c37284017 : MaxSS MBR Code!
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 292078 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598585344 | Size: 12863 Mo
    3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo

    +++++ PhysicalDrive1: SanDisk Cruzer USB Device +++++
    --- User ---
    [MBR] 4881b9428e5dc8e0186075b6a8bae55b
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32 | Size: 7629 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    It looks like email notification about your reply missed me.
    I apologize :)

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  5. ViolinDad

    ViolinDad TS Rookie Topic Starter

    Thanks for the link for TDSSKiller (I had tried earlier with probably a different version, and it hadn't run. This one did.) There were two logs generated.

    I didn't know if I should run it again or not. BTW, I ran it in Safe Mode with Networking.

    Apparently, the log is too big, so I will break it up
    Thanks!

    TDSS log 1: (part 1)

    23:21:35.0819 1920 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
    23:21:35.0866 1920 ============================================================
    23:21:35.0866 1920 Current date / time: 2012/08/21 23:21:35.0866
    23:21:35.0866 1920 SystemInfo:
    23:21:35.0866 1920
    23:21:35.0866 1920 OS Version: 6.1.7601 ServicePack: 1.0
    23:21:35.0866 1920 Product type: Workstation
    23:21:35.0866 1920 ComputerName: JANE-PC
    23:21:35.0866 1920 UserName: Jane
    23:21:35.0866 1920 Windows directory: C:\Windows
    23:21:35.0866 1920 System windows directory: C:\Windows
    23:21:35.0866 1920 Running under WOW64
    23:21:35.0866 1920 Processor architecture: Intel x64
    23:21:35.0866 1920 Number of processors: 4
    23:21:35.0866 1920 Page size: 0x1000
    23:21:35.0866 1920 Boot type: Safe boot with network
    23:21:35.0866 1920 ============================================================
    23:21:45.0210 1920 !crdlk
    23:21:45.0319 1920 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
    23:21:45.0335 1920 Drive \Device\Harddisk1\DR1 - Size: 0x1DCD80000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    23:21:45.0335 1920 ============================================================
    23:21:45.0335 1920 \Device\Harddisk0\DR0:
    23:21:45.0335 1920 MBR partitions:
    23:21:45.0335 1920 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    23:21:45.0335 1920 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23A77000
    23:21:45.0335 1920 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23ADB000, BlocksNum 0x191F800
    23:21:45.0335 1920 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
    23:21:45.0335 1920 \Device\Harddisk1\DR1:
    23:21:45.0335 1920 MBR partitions:
    23:21:45.0335 1920 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x20, BlocksNum 0xEE6BE0
    23:21:45.0335 1920 ============================================================
    23:21:45.0351 1920 C: <-> \Device\Harddisk0\DR0\Partition2
    23:21:45.0397 1920 D: <-> \Device\Harddisk0\DR0\Partition3
    23:21:45.0397 1920 E: <-> \Device\Harddisk0\DR0\Partition4
    23:21:45.0397 1920 ============================================================
    23:21:45.0397 1920 Initialize success
    23:21:45.0397 1920 ============================================================
    23:21:56.0505 2028 ============================================================
    23:21:56.0505 2028 Scan started
    23:21:56.0505 2028 Mode: Manual;
    23:21:56.0505 2028 ============================================================
    23:21:56.0754 2028 ================ Scan system memory ========================
    23:21:56.0754 2028 System memory - ok
    23:21:56.0754 2028 ================ Scan services =============================
    23:21:56.0832 2028 [ 7D9D615201A483D6FA99491C2E655A5A ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    23:21:56.0832 2028 !SASCORE - ok
    23:21:57.0051 2028 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    23:21:57.0051 2028 1394ohci - ok
    23:21:57.0082 2028 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    23:21:57.0082 2028 ACPI - ok
    23:21:57.0113 2028 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    23:21:57.0113 2028 AcpiPmi - ok
    23:21:57.0269 2028 [ F19C98AD81D2C0E1BBFD8153D2C80EE8 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    23:21:57.0269 2028 AdobeFlashPlayerUpdateSvc - ok
    23:21:57.0363 2028 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    23:21:57.0363 2028 adp94xx - ok
    23:21:57.0425 2028 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    23:21:57.0425 2028 adpahci - ok
    23:21:57.0488 2028 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    23:21:57.0488 2028 adpu320 - ok
    23:21:57.0581 2028 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    23:21:57.0581 2028 AeLookupSvc - ok
    23:21:57.0659 2028 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    23:21:57.0659 2028 AERTFilters - ok
    23:21:57.0722 2028 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    23:21:57.0722 2028 AFD - ok
    23:21:57.0737 2028 Suspicious service (NoAccess): afe8b0cca498795
    23:21:57.0784 2028 [ DD2F7446F3C22710DB5F56F386233922 ] afe8b0cca498795 C:\Windows\System32\Drivers\afe8b0cca498795.sys
    23:21:57.0784 2028 Suspicious file (NoAccess): C:\Windows\System32\Drivers\afe8b0cca498795.sys. md5: DD2F7446F3C22710DB5F56F386233922
    23:21:58.0096 2028 afe8b0cca498795 ( Rootkit.Win32.Necurs.gen ) - infected
    23:21:58.0096 2028 afe8b0cca498795 - detected Rootkit.Win32.Necurs.gen (0)
    23:21:58.0174 2028 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
    23:21:58.0190 2028 AgereSoftModem - ok
    23:21:58.0268 2028 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    23:21:58.0268 2028 agp440 - ok
    23:21:58.0346 2028 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    23:21:58.0346 2028 ALG - ok
    23:21:58.0377 2028 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    23:21:58.0377 2028 aliide - ok
    23:21:58.0439 2028 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    23:21:58.0439 2028 amdide - ok
    23:21:58.0470 2028 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    23:21:58.0470 2028 AmdK8 - ok
    23:21:58.0502 2028 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    23:21:58.0502 2028 AmdPPM - ok
    23:21:58.0533 2028 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    23:21:58.0548 2028 amdsata - ok
    23:21:58.0595 2028 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    23:21:58.0595 2028 amdsbs - ok
    23:21:58.0626 2028 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    23:21:58.0642 2028 amdxata - ok
    23:21:58.0720 2028 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    23:21:58.0720 2028 AppID - ok
    23:21:58.0751 2028 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    23:21:58.0751 2028 AppIDSvc - ok
    23:21:58.0798 2028 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    23:21:58.0814 2028 Appinfo - ok
    23:21:58.0892 2028 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    23:21:58.0907 2028 Apple Mobile Device - ok
    23:21:58.0938 2028 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    23:21:58.0954 2028 arc - ok
    23:21:58.0970 2028 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    23:21:58.0970 2028 arcsas - ok
    23:21:59.0016 2028 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    23:21:59.0016 2028 AsyncMac - ok
    23:21:59.0048 2028 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    23:21:59.0048 2028 atapi - ok
    23:21:59.0141 2028 [ 40734F3A5EEC4C4AC6A1FAF10B293714 ] athr C:\Windows\system32\DRIVERS\athrx.sys
    23:21:59.0157 2028 athr - ok
    23:21:59.0235 2028 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    23:21:59.0250 2028 AudioEndpointBuilder - ok
    23:21:59.0282 2028 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    23:21:59.0282 2028 AudioSrv - ok
    23:21:59.0344 2028 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    23:21:59.0344 2028 AxInstSV - ok
    23:21:59.0391 2028 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    23:21:59.0406 2028 b06bdrv - ok
    23:21:59.0453 2028 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    23:21:59.0453 2028 b57nd60a - ok
    23:21:59.0547 2028 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    23:21:59.0547 2028 BDESVC - ok
    23:21:59.0578 2028 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    23:21:59.0594 2028 Beep - ok
    23:21:59.0656 2028 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    23:21:59.0656 2028 BFE - ok
    23:21:59.0750 2028 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    23:21:59.0750 2028 BITS - ok
    23:21:59.0781 2028 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    23:21:59.0781 2028 blbdrive - ok
    23:21:59.0828 2028 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    23:21:59.0843 2028 Bonjour Service - ok
    23:21:59.0890 2028 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    23:21:59.0890 2028 bowser - ok
    23:21:59.0937 2028 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    23:21:59.0937 2028 BrFiltLo - ok
    23:21:59.0952 2028 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    23:21:59.0952 2028 BrFiltUp - ok
    23:22:00.0015 2028 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
    23:22:00.0015 2028 Browser - ok
    23:22:00.0046 2028 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    23:22:00.0046 2028 Brserid - ok
    23:22:00.0077 2028 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    23:22:00.0077 2028 BrSerWdm - ok
    23:22:00.0093 2028 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    23:22:00.0093 2028 BrUsbMdm - ok
    23:22:00.0124 2028 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    23:22:00.0124 2028 BrUsbSer - ok
    23:22:00.0155 2028 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    23:22:00.0155 2028 BTHMODEM - ok
    23:22:00.0218 2028 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    23:22:00.0218 2028 bthserv - ok
    23:22:00.0264 2028 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    23:22:00.0264 2028 cdfs - ok
    23:22:00.0311 2028 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
    23:22:00.0311 2028 cdrom - ok
    23:22:00.0374 2028 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    23:22:00.0374 2028 CertPropSvc - ok
    23:22:00.0405 2028 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    23:22:00.0405 2028 circlass - ok
    23:22:00.0436 2028 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    23:22:00.0452 2028 CLFS - ok
    23:22:00.0498 2028 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    23:22:00.0514 2028 clr_optimization_v2.0.50727_32 - ok
    23:22:00.0576 2028 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    23:22:00.0576 2028 clr_optimization_v2.0.50727_64 - ok
    23:22:00.0639 2028 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    23:22:00.0654 2028 clr_optimization_v4.0.30319_32 - ok
    23:22:00.0686 2028 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    23:22:00.0686 2028 clr_optimization_v4.0.30319_64 - ok
    23:22:00.0732 2028 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    23:22:00.0732 2028 CmBatt - ok
    23:22:00.0748 2028 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    23:22:00.0764 2028 cmdide - ok
    23:22:00.0826 2028 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    23:22:00.0826 2028 CNG - ok
    23:22:00.0888 2028 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    23:22:00.0888 2028 Com4QLBEx - ok
    23:22:00.0920 2028 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    23:22:00.0920 2028 Compbatt - ok
    23:22:00.0966 2028 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    23:22:00.0966 2028 CompositeBus - ok
    23:22:00.0982 2028 COMSysApp - ok
    23:22:01.0013 2028 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    23:22:01.0013 2028 crcdisk - ok
    23:22:01.0076 2028 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    23:22:01.0091 2028 CryptSvc - ok
    23:22:01.0169 2028 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    23:22:01.0169 2028 cvhsvc - ok
    23:22:01.0247 2028 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    23:22:01.0247 2028 DcomLaunch - ok
    23:22:01.0294 2028 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    23:22:01.0294 2028 defragsvc - ok
    23:22:01.0341 2028 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    23:22:01.0341 2028 DfsC - ok
    23:22:01.0372 2028 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    23:22:01.0372 2028 Dhcp - ok
    23:22:01.0403 2028 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    23:22:01.0403 2028 discache - ok
    23:22:01.0450 2028 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    23:22:01.0450 2028 Disk - ok
    23:22:01.0512 2028 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    23:22:01.0528 2028 Dnscache - ok
    23:22:01.0590 2028 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    23:22:01.0590 2028 dot3svc - ok
    23:22:01.0637 2028 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
    23:22:01.0637 2028 Dot4 - ok
    23:22:01.0684 2028 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
    23:22:01.0684 2028 Dot4Print - ok
    23:22:01.0700 2028 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
    23:22:01.0700 2028 dot4usb - ok
    23:22:01.0778 2028 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    23:22:01.0778 2028 DPS - ok
    23:22:01.0840 2028 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    23:22:01.0840 2028 drmkaud - ok
    23:22:01.0902 2028 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    23:22:01.0918 2028 DXGKrnl - ok
    23:22:01.0965 2028 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    23:22:01.0965 2028 EapHost - ok
    23:22:02.0058 2028 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    23:22:02.0090 2028 ebdrv - ok
    23:22:02.0136 2028 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    23:22:02.0136 2028 EFS - ok
    23:22:02.0199 2028 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    23:22:02.0199 2028 ehRecvr - ok
    23:22:02.0246 2028 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    23:22:02.0246 2028 ehSched - ok
    23:22:02.0308 2028 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    23:22:02.0324 2028 elxstor - ok
    23:22:02.0355 2028 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    23:22:02.0355 2028 ErrDev - ok
    23:22:02.0433 2028 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    23:22:02.0433 2028 EventSystem - ok
    23:22:02.0480 2028 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    23:22:02.0495 2028 exfat - ok
    23:22:02.0573 2028 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    23:22:02.0573 2028 fastfat - ok
    23:22:02.0651 2028 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    23:22:02.0667 2028 Fax - ok
    23:22:02.0698 2028 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    23:22:02.0698 2028 fdc - ok
    23:22:02.0729 2028 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    23:22:02.0729 2028 fdPHost - ok
    23:22:02.0760 2028 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    23:22:02.0760 2028 FDResPub - ok
    23:22:02.0807 2028 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    23:22:02.0807 2028 FileInfo - ok
    23:22:02.0854 2028 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    23:22:02.0854 2028 Filetrace - ok
    23:22:02.0885 2028 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    23:22:02.0885 2028 flpydisk - ok
    23:22:02.0948 2028 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    23:22:02.0948 2028 FltMgr - ok
    23:22:03.0010 2028 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    23:22:03.0026 2028 FontCache - ok
    23:22:03.0088 2028 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    23:22:03.0088 2028 FontCache3.0.0.0 - ok
    23:22:03.0135 2028 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    23:22:03.0135 2028 FsDepends - ok
    23:22:03.0182 2028 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    23:22:03.0197 2028 Fs_Rec - ok
    23:22:03.0228 2028 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    23:22:03.0228 2028 fvevol - ok
    23:22:03.0275 2028 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    23:22:03.0275 2028 gagp30kx - ok
    23:22:03.0338 2028 [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    23:22:03.0338 2028 GameConsoleService - ok
    23:22:03.0369 2028 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    23:22:03.0369 2028 GEARAspiWDM - ok
    23:22:03.0447 2028 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    23:22:03.0462 2028 gpsvc - ok
    23:22:03.0572 2028 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    23:22:03.0572 2028 gupdate - ok
    23:22:03.0618 2028 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    23:22:03.0618 2028 gupdatem - ok
    23:22:03.0681 2028 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    23:22:03.0681 2028 gusvc - ok
    23:22:03.0728 2028 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    23:22:03.0728 2028 hcw85cir - ok
    23:22:03.0774 2028 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    23:22:03.0774 2028 HdAudAddService - ok
    23:22:03.0821 2028 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    23:22:03.0821 2028 HDAudBus - ok
    23:22:03.0868 2028 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    23:22:03.0868 2028 HECIx64 - ok
    23:22:03.0884 2028 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    23:22:03.0899 2028 HidBatt - ok
    23:22:03.0915 2028 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    23:22:03.0915 2028 HidBth - ok
    23:22:03.0962 2028 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    23:22:03.0962 2028 HidIr - ok
    23:22:04.0024 2028 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    23:22:04.0024 2028 hidserv - ok
    23:22:04.0055 2028 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    23:22:04.0055 2028 HidUsb - ok
    23:22:04.0102 2028 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    23:22:04.0118 2028 hkmsvc - ok
    23:22:04.0164 2028 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    23:22:04.0180 2028 HomeGroupListener - ok
    23:22:04.0227 2028 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    23:22:04.0227 2028 HomeGroupProvider - ok
    23:22:04.0320 2028 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    23:22:04.0320 2028 HP Support Assistant Service - ok
    23:22:04.0398 2028 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    23:22:04.0398 2028 HPDrvMntSvc.exe - ok
    23:22:04.0492 2028 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    23:22:04.0492 2028 hpqcxs08 - ok
    23:22:04.0539 2028 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
    23:22:04.0554 2028 hpqddsvc - ok
    23:22:04.0586 2028 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    23:22:04.0586 2028 HpqKbFiltr - ok
    23:22:04.0617 2028 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    23:22:04.0632 2028 hpqwmiex - ok
    23:22:04.0679 2028 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    23:22:04.0679 2028 HpSAMD - ok
    23:22:04.0742 2028 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
    23:22:04.0757 2028 HPSLPSVC - ok
    23:22:04.0820 2028 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    23:22:04.0820 2028 HTTP - ok
    23:22:04.0866 2028 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    23:22:04.0866 2028 hwpolicy - ok
    23:22:04.0944 2028 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    23:22:04.0944 2028 i8042prt - ok
    23:22:05.0007 2028 [ BE7D72FCF442C26975942007E0831241 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    23:22:05.0007 2028 iaStor - ok
    23:22:05.0038 2028 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    23:22:05.0054 2028 iaStorV - ok
    23:22:05.0132 2028 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    23:22:05.0147 2028 idsvc - ok
    23:22:05.0366 2028 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    23:22:05.0537 2028 igfx - ok
    23:22:05.0584 2028 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    23:22:05.0584 2028 iirsp - ok
    23:22:05.0646 2028 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    23:22:05.0662 2028 IKEEXT - ok
    23:22:05.0756 2028 [ D311E2DD59A34079D89C249B2A4D9FDB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    23:22:05.0771 2028 IntcAzAudAddService - ok
    23:22:05.0818 2028 [ 408B401CD7CDB075C7470B0FF7BA8D0B ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    23:22:05.0818 2028 IntcDAud - ok
    23:22:05.0865 2028 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    23:22:05.0865 2028 intelide - ok
    23:22:05.0896 2028 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    23:22:05.0896 2028 intelppm - ok
    23:22:05.0943 2028 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    23:22:05.0958 2028 IPBusEnum - ok
    23:22:06.0005 2028 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    23:22:06.0005 2028 IpFilterDriver - ok
    23:22:06.0052 2028 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    23:22:06.0052 2028 iphlpsvc - ok
    23:22:06.0099 2028 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    23:22:06.0099 2028 IPMIDRV - ok
    23:22:06.0146 2028 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    23:22:06.0146 2028 IPNAT - ok
    23:22:06.0224 2028 [ 755E4BA6DCE627A2683BB7640553C8D6 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    23:22:06.0224 2028 iPod Service - ok
    23:22:06.0255 2028 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    23:22:06.0255 2028 IRENUM - ok
    23:22:06.0317 2028 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    23:22:06.0317 2028 isapnp - ok
    23:22:06.0364 2028 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    23:22:06.0364 2028 iScsiPrt - ok
    23:22:06.0395 2028 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    23:22:06.0411 2028 kbdclass - ok
    23:22:06.0458 2028 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    23:22:06.0458 2028 kbdhid - ok
    23:22:06.0489 2028 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    23:22:06.0489 2028 KeyIso - ok
    23:22:06.0536 2028 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    23:22:06.0536 2028 KSecDD - ok
    23:22:06.0567 2028 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    23:22:06.0582 2028 KSecPkg - ok
    23:22:06.0598 2028 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    23:22:06.0598 2028 ksthunk - ok
    23:22:06.0645 2028 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    23:22:06.0645 2028 KtmRm - ok
    23:22:06.0692 2028 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    23:22:06.0692 2028 LanmanServer - ok
    23:22:06.0738 2028 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    23:22:06.0738 2028 LanmanWorkstation - ok
    23:22:06.0816 2028 [ 7550D101BF49FDB1F92666A233EE36C4 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    23:22:06.0816 2028 LightScribeService - ok
    23:22:06.0910 2028 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    23:22:06.0910 2028 lltdio - ok
    23:22:06.0972 2028 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    23:22:06.0972 2028 lltdsvc - ok
    23:22:07.0019 2028 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    23:22:07.0019 2028 lmhosts - ok
    23:22:07.0128 2028 [ DCC0C4BD277E7EE0CD171D7499A55035 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    23:22:07.0128 2028 LMIGuardianSvc - ok
    23:22:07.0144 2028 lmimirr - ok
    23:22:07.0238 2028 [ 7485FBCEF9136F530953575E2977859D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    23:22:07.0238 2028 LMS - ok
    23:22:07.0300 2028 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    23:22:07.0300 2028 LSI_FC - ok
    23:22:07.0331 2028 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    23:22:07.0331 2028 LSI_SAS - ok
    23:22:07.0347 2028 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    23:22:07.0347 2028 LSI_SAS2 - ok
    23:22:07.0378 2028 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    23:22:07.0394 2028 LSI_SCSI - ok
    23:22:07.0425 2028 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    23:22:07.0425 2028 luafv - ok
    23:22:07.0550 2028 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    23:22:07.0550 2028 Mcx2Svc - ok
    23:22:07.0643 2028 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    23:22:07.0643 2028 megasas - ok
    23:22:07.0690 2028 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    23:22:07.0690 2028 MegaSR - ok
    23:22:07.0752 2028 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    23:22:07.0752 2028 MMCSS - ok
    23:22:07.0784 2028 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    23:22:07.0784 2028 Modem - ok
    23:22:07.0815 2028 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    23:22:07.0815 2028 monitor - ok
    23:22:07.0862 2028 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
    23:22:07.0862 2028 mouclass - ok
    23:22:07.0893 2028 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    23:22:07.0893 2028 mouhid - ok
    23:22:07.0940 2028 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    23:22:07.0940 2028 mountmgr - ok
    23:22:08.0002 2028 [ 19B2629C3F8E02B2E823738FF0AB1BFD ] mozybackup C:\Program Files\MozyHome\mozybackup.exe
    23:22:08.0002 2028 mozybackup - ok
    23:22:08.0018 2028 [ A5C8838B68EDDD5C738308B3A50CB350 ] mozyFilter C:\Windows\system32\DRIVERS\mozy.sys
    23:22:08.0018 2028 mozyFilter - ok
    23:22:08.0049 2028 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    23:22:08.0049 2028 mpio - ok
    23:22:08.0096 2028 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    23:22:08.0096 2028 mpsdrv - ok
    23:22:08.0142 2028 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    23:22:08.0158 2028 MpsSvc - ok
    23:22:08.0220 2028 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    23:22:08.0220 2028 MRxDAV - ok
    23:22:08.0283 2028 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    23:22:08.0283 2028 mrxsmb - ok
    23:22:08.0345 2028 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    23:22:08.0345 2028 mrxsmb10 - ok
    23:22:08.0392 2028 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    23:22:08.0392 2028 mrxsmb20 - ok
    23:22:08.0439 2028 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    23:22:08.0439 2028 msahci - ok
    23:22:08.0454 2028 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    23:22:08.0454 2028 msdsm - ok
    23:22:08.0501 2028 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    23:22:08.0501 2028 MSDTC - ok
    23:22:08.0564 2028 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    23:22:08.0564 2028 Msfs - ok
    23:22:08.0595 2028 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    23:22:08.0595 2028 mshidkmdf - ok
    23:22:08.0610 2028 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    23:22:08.0626 2028 msisadrv - ok
    23:22:08.0688 2028 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    23:22:08.0688 2028 MSiSCSI - ok
    23:22:08.0704 2028 msiserver - ok
    23:22:08.0735 2028 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    23:22:08.0735 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366
    23:22:08.0766 2028 MSKSSRV ( LockedFile.Multi.Generic ) - warning
    23:22:08.0766 2028 MSKSSRV - detected LockedFile.Multi.Generic (1)
    23:22:08.0798 2028 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    23:22:08.0798 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3
    23:22:08.0798 2028 MSPCLOCK ( LockedFile.Multi.Generic ) - warning
    23:22:08.0798 2028 MSPCLOCK - detected LockedFile.Multi.Generic (1)
    23:22:08.0829 2028 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    23:22:08.0829 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0
    23:22:08.0829 2028 MSPQM ( LockedFile.Multi.Generic ) - warning
    23:22:08.0829 2028 MSPQM - detected LockedFile.Multi.Generic (1)
    23:22:08.0876 2028 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    23:22:08.0876 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\MsRPC.sys. md5: 759A9EEB0FA9ED79DA1FB7D4EF78866D
    23:22:08.0891 2028 MsRPC ( LockedFile.Multi.Generic ) - warning
    23:22:08.0891 2028 MsRPC - detected LockedFile.Multi.Generic (1)
    23:22:08.0938 2028 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    23:22:08.0938 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288
    23:22:08.0938 2028 mssmbios ( LockedFile.Multi.Generic ) - warning
    23:22:08.0938 2028 mssmbios - detected LockedFile.Multi.Generic (1)
    23:22:08.0969 2028 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    23:22:08.0969 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779
    23:22:08.0969 2028 MSTEE ( LockedFile.Multi.Generic ) - warning
    23:22:08.0969 2028 MSTEE - detected LockedFile.Multi.Generic (1)
    23:22:09.0000 2028 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    23:22:09.0000 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD
    23:22:09.0000 2028 MTConfig ( LockedFile.Multi.Generic ) - warning
    23:22:09.0000 2028 MTConfig - detected LockedFile.Multi.Generic (1)
    23:22:09.0032 2028 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    23:22:09.0032 2028 Suspicious file (NoAccess): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8
    23:22:09.0047 2028 Mup ( LockedFile.Multi.Generic ) - warning
    23:22:09.0047 2028 Mup - detected LockedFile.Multi.Generic (1)
    23:22:09.0063 2028 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    23:22:09.0078 2028 napagent - ok
    23:22:09.0110 2028 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    23:22:09.0110 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33
    23:22:09.0125 2028 NativeWifiP ( LockedFile.Multi.Generic ) - warning
    23:22:09.0125 2028 NativeWifiP - detected LockedFile.Multi.Generic (1)
    23:22:09.0172 2028 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
    23:22:09.0172 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\ndis.sys. md5: 79B47FD40D9A817E932F9D26FAC0A81C
    23:22:09.0203 2028 NDIS ( LockedFile.Multi.Generic ) - warning
    23:22:09.0203 2028 NDIS - detected LockedFile.Multi.Generic (1)
    23:22:09.0266 2028 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    23:22:09.0266 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC
    23:22:09.0281 2028 NdisCap ( LockedFile.Multi.Generic ) - warning
    23:22:09.0281 2028 NdisCap - detected LockedFile.Multi.Generic (1)
    23:22:09.0312 2028 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    23:22:09.0312 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5
    23:22:09.0312 2028 NdisTapi ( LockedFile.Multi.Generic ) - warning
    23:22:09.0312 2028 NdisTapi - detected LockedFile.Multi.Generic (1)
    23:22:09.0359 2028 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    23:22:09.0359 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 136185F9FB2CC61E573E676AA5402356
    23:22:09.0359 2028 Ndisuio ( LockedFile.Multi.Generic ) - warning
    23:22:09.0359 2028 Ndisuio - detected LockedFile.Multi.Generic (1)
    23:22:09.0406 2028 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    23:22:09.0406 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 53F7305169863F0A2BDDC49E116C2E11
    23:22:09.0422 2028 NdisWan ( LockedFile.Multi.Generic ) - warning
    23:22:09.0422 2028 NdisWan - detected LockedFile.Multi.Generic (1)
    23:22:09.0468 2028 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    23:22:09.0468 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\NDProxy.sys. md5: 015C0D8E0E0421B4CFD48CFFE2825879
    23:22:09.0468 2028 NDProxy ( LockedFile.Multi.Generic ) - warning
    23:22:09.0468 2028 NDProxy - detected LockedFile.Multi.Generic (1)
    23:22:09.0546 2028 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    23:22:09.0546 2028 Net Driver HPZ12 - ok
    23:22:09.0624 2028 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
    23:22:09.0624 2028 Netaapl - ok
    23:22:09.0671 2028 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    23:22:09.0671 2028 NetBIOS - ok
    23:22:09.0734 2028 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    23:22:09.0734 2028 NetBT - ok
    23:22:09.0749 2028 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    23:22:09.0749 2028 Netlogon - ok
    23:22:09.0812 2028 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    23:22:09.0827 2028 Netman - ok
    23:22:09.0858 2028 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    23:22:09.0858 2028 netprofm - ok
    23:22:09.0905 2028 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    23:22:09.0905 2028 NetTcpPortSharing - ok
    23:22:10.0061 2028 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
    23:22:10.0108 2028 netw5v64 - ok
    23:22:10.0170 2028 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    23:22:10.0170 2028 nfrd960 - ok
    23:22:10.0248 2028 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    23:22:10.0248 2028 NlaSvc - ok
    23:22:10.0326 2028 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    23:22:10.0326 2028 Npfs - ok
    23:22:10.0389 2028 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    23:22:10.0389 2028 nsi - ok
    23:22:10.0436 2028 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    23:22:10.0436 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001
    23:22:10.0467 2028 nsiproxy ( LockedFile.Multi.Generic ) - warning
    23:22:10.0467 2028 nsiproxy - detected LockedFile.Multi.Generic (1)
    23:22:10.0560 2028 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    23:22:10.0560 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\Ntfs.sys. md5: A2F74975097F52A00745F9637451FDD8
    23:22:10.0592 2028 Ntfs ( LockedFile.Multi.Generic ) - warning
    23:22:10.0592 2028 Ntfs - detected LockedFile.Multi.Generic (1)
    23:22:10.0638 2028 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    23:22:10.0638 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1
    23:22:10.0654 2028 Null ( LockedFile.Multi.Generic ) - warning
    23:22:10.0654 2028 Null - detected LockedFile.Multi.Generic (1)
    23:22:10.0685 2028 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    23:22:10.0685 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvraid.sys. md5: 0A92CB65770442ED0DC44834632F66AD
    23:22:10.0716 2028 nvraid ( LockedFile.Multi.Generic ) - warning
    23:22:10.0716 2028 nvraid - detected LockedFile.Multi.Generic (1)
    23:22:10.0732 2028 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    23:22:10.0732 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvstor.sys. md5: DAB0E87525C10052BF65F06152F37E4A
    23:22:10.0748 2028 nvstor ( LockedFile.Multi.Generic ) - warning
    23:22:10.0748 2028 nvstor - detected LockedFile.Multi.Generic (1)
    23:22:10.0763 2028 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    23:22:10.0763 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05
    23:22:10.0779 2028 nv_agp ( LockedFile.Multi.Generic ) - warning
    23:22:10.0779 2028 nv_agp - detected LockedFile.Multi.Generic (1)
    23:22:10.0810 2028 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    23:22:10.0810 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0
    23:22:10.0810 2028 ohci1394 ( LockedFile.Multi.Generic ) - warning
    23:22:10.0810 2028 ohci1394 - detected LockedFile.Multi.Generic (1)
    23:22:10.0857 2028 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    23:22:10.0857 2028 ose - ok
     
  6. ViolinDad

    ViolinDad TS Rookie Topic Starter

    Here is part 2 (of 3) from TDSSKiller Log:

    23:22:11.0028 2028 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    23:22:11.0075 2028 osppsvc - ok
    23:22:11.0138 2028 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    23:22:11.0138 2028 p2pimsvc - ok
    23:22:11.0184 2028 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    23:22:11.0184 2028 p2psvc - ok
    23:22:11.0216 2028 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    23:22:11.0216 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887
    23:22:11.0231 2028 Parport ( LockedFile.Multi.Generic ) - warning
    23:22:11.0231 2028 Parport - detected LockedFile.Multi.Generic (1)
    23:22:11.0278 2028 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    23:22:11.0278 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\partmgr.sys. md5: E9766131EEADE40A27DC27D2D68FBA9C
    23:22:11.0278 2028 partmgr ( LockedFile.Multi.Generic ) - warning
    23:22:11.0278 2028 partmgr - detected LockedFile.Multi.Generic (1)
    23:22:11.0309 2028 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    23:22:11.0309 2028 PcaSvc - ok
    23:22:11.0403 2028 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    23:22:11.0403 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\pci.sys. md5: 94575C0571D1462A0F70BDE6BD6EE6B3
    23:22:11.0434 2028 pci ( LockedFile.Multi.Generic ) - warning
    23:22:11.0434 2028 pci - detected LockedFile.Multi.Generic (1)
    23:22:11.0481 2028 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    23:22:11.0481 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA
    23:22:11.0496 2028 pciide ( LockedFile.Multi.Generic ) - warning
    23:22:11.0496 2028 pciide - detected LockedFile.Multi.Generic (1)
    23:22:11.0528 2028 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    23:22:11.0528 2028 pcmcia - ok
    23:22:11.0574 2028 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    23:22:11.0574 2028 pcw - ok
    23:22:11.0637 2028 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    23:22:11.0652 2028 PEAUTH - ok
    23:22:11.0730 2028 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    23:22:11.0730 2028 PerfHost - ok
    23:22:11.0824 2028 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    23:22:11.0840 2028 pla - ok
    23:22:11.0902 2028 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    23:22:11.0902 2028 PlugPlay - ok
    23:22:11.0964 2028 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    23:22:11.0964 2028 Pml Driver HPZ12 - ok
    23:22:12.0027 2028 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    23:22:12.0027 2028 PNRPAutoReg - ok
    23:22:12.0058 2028 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    23:22:12.0074 2028 PNRPsvc - ok
    23:22:12.0136 2028 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    23:22:12.0136 2028 PolicyAgent - ok
    23:22:12.0183 2028 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    23:22:12.0183 2028 Power - ok
    23:22:12.0214 2028 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    23:22:12.0214 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspptp.sys. md5: F92A2C41117A11A00BE01CA01A7FCDE9
    23:22:12.0245 2028 PptpMiniport ( LockedFile.Multi.Generic ) - warning
    23:22:12.0245 2028 PptpMiniport - detected LockedFile.Multi.Generic (1)
    23:22:12.0261 2028 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    23:22:12.0261 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF
    23:22:12.0292 2028 Processor ( LockedFile.Multi.Generic ) - warning
    23:22:12.0292 2028 Processor - detected LockedFile.Multi.Generic (1)
    23:22:12.0339 2028 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    23:22:12.0354 2028 ProfSvc - ok
    23:22:12.0370 2028 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    23:22:12.0370 2028 ProtectedStorage - ok
    23:22:12.0432 2028 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    23:22:12.0432 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pacer.sys. md5: 0557CF5A2556BD58E26384169D72438D
    23:22:12.0432 2028 Psched ( LockedFile.Multi.Generic ) - warning
    23:22:12.0432 2028 Psched - detected LockedFile.Multi.Generic (1)
    23:22:12.0495 2028 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    23:22:12.0495 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0
    23:22:12.0526 2028 ql2300 ( LockedFile.Multi.Generic ) - warning
    23:22:12.0526 2028 ql2300 - detected LockedFile.Multi.Generic (1)
    23:22:12.0557 2028 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    23:22:12.0557 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8
    23:22:12.0573 2028 ql40xx ( LockedFile.Multi.Generic ) - warning
    23:22:12.0573 2028 ql40xx - detected LockedFile.Multi.Generic (1)
    23:22:12.0604 2028 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    23:22:12.0604 2028 QWAVE - ok
    23:22:12.0635 2028 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    23:22:12.0635 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C
    23:22:12.0666 2028 QWAVEdrv ( LockedFile.Multi.Generic ) - warning
    23:22:12.0666 2028 QWAVEdrv - detected LockedFile.Multi.Generic (1)
    23:22:12.0713 2028 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    23:22:12.0713 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704
    23:22:12.0729 2028 RasAcd ( LockedFile.Multi.Generic ) - warning
    23:22:12.0729 2028 RasAcd - detected LockedFile.Multi.Generic (1)
    23:22:12.0760 2028 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    23:22:12.0760 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90
    23:22:12.0760 2028 RasAgileVpn ( LockedFile.Multi.Generic ) - warning
    23:22:12.0760 2028 RasAgileVpn - detected LockedFile.Multi.Generic (1)
    23:22:12.0791 2028 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    23:22:12.0791 2028 RasAuto - ok
    23:22:12.0838 2028 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    23:22:12.0838 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 471815800AE33E6F1C32FB1B97C490CA
    23:22:12.0854 2028 Rasl2tp ( LockedFile.Multi.Generic ) - warning
    23:22:12.0854 2028 Rasl2tp - detected LockedFile.Multi.Generic (1)
    23:22:12.0932 2028 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    23:22:12.0932 2028 RasMan - ok
    23:22:12.0978 2028 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    23:22:12.0978 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25
    23:22:12.0994 2028 RasPppoe ( LockedFile.Multi.Generic ) - warning
    23:22:12.0994 2028 RasPppoe - detected LockedFile.Multi.Generic (1)
    23:22:13.0010 2028 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    23:22:13.0010 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB
    23:22:13.0010 2028 RasSstp ( LockedFile.Multi.Generic ) - warning
    23:22:13.0010 2028 RasSstp - detected LockedFile.Multi.Generic (1)
    23:22:13.0056 2028 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    23:22:13.0056 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 77F665941019A1594D887A74F301FA2F
    23:22:13.0056 2028 rdbss ( LockedFile.Multi.Generic ) - warning
    23:22:13.0056 2028 rdbss - detected LockedFile.Multi.Generic (1)
    23:22:13.0088 2028 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    23:22:13.0088 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D
    23:22:13.0088 2028 rdpbus ( LockedFile.Multi.Generic ) - warning
    23:22:13.0088 2028 rdpbus - detected LockedFile.Multi.Generic (1)
    23:22:13.0119 2028 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    23:22:13.0119 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24
    23:22:13.0119 2028 RDPCDD ( LockedFile.Multi.Generic ) - warning
    23:22:13.0119 2028 RDPCDD - detected LockedFile.Multi.Generic (1)
    23:22:13.0150 2028 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    23:22:13.0150 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365
    23:22:13.0166 2028 RDPENCDD ( LockedFile.Multi.Generic ) - warning
    23:22:13.0166 2028 RDPENCDD - detected LockedFile.Multi.Generic (1)
    23:22:13.0212 2028 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    23:22:13.0212 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A
    23:22:13.0228 2028 RDPREFMP ( LockedFile.Multi.Generic ) - warning
    23:22:13.0228 2028 RDPREFMP - detected LockedFile.Multi.Generic (1)
    23:22:13.0259 2028 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    23:22:13.0259 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\RDPWD.sys. md5: E61608AA35E98999AF9AAEEEA6114B0A
    23:22:13.0259 2028 RDPWD ( LockedFile.Multi.Generic ) - warning
    23:22:13.0259 2028 RDPWD - detected LockedFile.Multi.Generic (1)
    23:22:13.0322 2028 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    23:22:13.0322 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdyboost.sys. md5: 34ED295FA0121C241BFEF24764FC4520
    23:22:13.0337 2028 rdyboost ( LockedFile.Multi.Generic ) - warning
    23:22:13.0337 2028 rdyboost - detected LockedFile.Multi.Generic (1)
    23:22:13.0384 2028 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    23:22:13.0384 2028 RemoteAccess - ok
    23:22:13.0415 2028 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    23:22:13.0415 2028 RemoteRegistry - ok
    23:22:13.0493 2028 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    23:22:13.0509 2028 RichVideo - ok
    23:22:13.0618 2028 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    23:22:13.0634 2028 RpcEptMapper - ok
    23:22:13.0665 2028 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    23:22:13.0665 2028 RpcLocator - ok
    23:22:13.0727 2028 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    23:22:13.0727 2028 RpcSs - ok
    23:22:13.0774 2028 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    23:22:13.0774 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rspndr.sys. md5: DDC86E4F8E7456261E637E3552E804FF
    23:22:13.0805 2028 rspndr ( LockedFile.Multi.Generic ) - warning
    23:22:13.0805 2028 rspndr - detected LockedFile.Multi.Generic (1)
    23:22:13.0852 2028 [ 483DF0B58CA532E5240E59DC41F30AA2 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
    23:22:13.0852 2028 Suspicious file (NoAccess): C:\Windows\system32\Drivers\RtsUStor.sys. md5: 483DF0B58CA532E5240E59DC41F30AA2
    23:22:13.0868 2028 RSUSBSTOR ( LockedFile.Multi.Generic ) - warning
    23:22:13.0868 2028 RSUSBSTOR - detected LockedFile.Multi.Generic (1)
    23:22:13.0914 2028 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    23:22:13.0914 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\Rt64win7.sys. md5: 4B42BC58294E83A6A92EC8B88C14C4A3
    23:22:13.0914 2028 RTL8167 ( LockedFile.Multi.Generic ) - warning
    23:22:13.0914 2028 RTL8167 - detected LockedFile.Multi.Generic (1)
    23:22:14.0008 2028 [ 4EA7E5DF0CB237156176FA0349E6E87F ] RtVOsdService C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
    23:22:14.0008 2028 RtVOsdService - ok
    23:22:14.0039 2028 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    23:22:14.0039 2028 SamSs - ok
    23:22:14.0102 2028 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    23:22:14.0102 2028 SASDIFSV - ok
    23:22:14.0133 2028 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    23:22:14.0133 2028 SASKUTIL - ok
    23:22:14.0258 2028 [ 18530D2F605F1EC48CA20A7B184CCBCC ] SBAMSvc C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
    23:22:14.0289 2028 SBAMSvc - ok
    23:22:14.0367 2028 [ 6E342316E72F4B6FA39C99E06373A1A3 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
    23:22:14.0367 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sbapifs.sys. md5: 6E342316E72F4B6FA39C99E06373A1A3
    23:22:14.0382 2028 sbapifs ( LockedFile.Multi.Generic ) - warning
    23:22:14.0382 2028 sbapifs - detected LockedFile.Multi.Generic (1)
    23:22:14.0507 2028 [ C0ACD574F740C5781031FD533C2494F5 ] SbFw C:\Windows\system32\drivers\SbFw.sys
    23:22:14.0507 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\SbFw.sys. md5: C0ACD574F740C5781031FD533C2494F5
    23:22:14.0507 2028 SbFw ( LockedFile.Multi.Generic ) - warning
    23:22:14.0507 2028 SbFw - detected LockedFile.Multi.Generic (1)
    23:22:14.0554 2028 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys
    23:22:14.0554 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sbfwim.sys. md5: 513B3BFCD3C465B9820C2D05FA94E630
    23:22:14.0570 2028 SBFWIMCL ( LockedFile.Multi.Generic ) - warning
    23:22:14.0570 2028 SBFWIMCL - detected LockedFile.Multi.Generic (1)
    23:22:14.0585 2028 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys
    23:22:14.0585 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\SBFWIM.sys. md5: 513B3BFCD3C465B9820C2D05FA94E630
    23:22:14.0585 2028 SBFWIMCLMP ( LockedFile.Multi.Generic ) - warning
    23:22:14.0585 2028 SBFWIMCLMP - detected LockedFile.Multi.Generic (1)
    23:22:14.0632 2028 [ F2C38F62E9C540F40C2A5F6172D9D07B ] SbHips C:\Windows\system32\drivers\sbhips.sys
    23:22:14.0632 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\sbhips.sys. md5: F2C38F62E9C540F40C2A5F6172D9D07B
    23:22:14.0648 2028 SbHips ( LockedFile.Multi.Generic ) - warning
    23:22:14.0648 2028 SbHips - detected LockedFile.Multi.Generic (1)
    23:22:14.0710 2028 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    23:22:14.0710 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\sbp2port.sys. md5: AC03AF3329579FFFB455AA2DAABBE22B
    23:22:14.0726 2028 sbp2port ( LockedFile.Multi.Generic ) - warning
    23:22:14.0726 2028 sbp2port - detected LockedFile.Multi.Generic (1)
    23:22:14.0819 2028 [ 2815772894855506E94008CC0E602738 ] SBPIMSvc C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
    23:22:14.0819 2028 SBPIMSvc - ok
    23:22:14.0897 2028 [ AAE41EFBAD69B78513875C2EB3DE7008 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
    23:22:14.0897 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\SBREdrv.sys. md5: AAE41EFBAD69B78513875C2EB3DE7008
    23:22:14.0913 2028 SBRE ( LockedFile.Multi.Generic ) - warning
    23:22:14.0913 2028 SBRE - detected LockedFile.Multi.Generic (1)
    23:22:14.0960 2028 [ F9AA83A88EABE22B29D8F293C21AAA4D ] sbwtis C:\Windows\system32\DRIVERS\sbwtis.sys
    23:22:14.0960 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sbwtis.sys. md5: F9AA83A88EABE22B29D8F293C21AAA4D
    23:22:14.0975 2028 sbwtis ( LockedFile.Multi.Generic ) - warning
    23:22:14.0975 2028 sbwtis - detected LockedFile.Multi.Generic (1)
    23:22:15.0022 2028 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    23:22:15.0022 2028 SCardSvr - ok
    23:22:15.0069 2028 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    23:22:15.0069 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 253F38D0D7074C02FF8DEB9836C97D2B
    23:22:15.0084 2028 scfilter ( LockedFile.Multi.Generic ) - warning
    23:22:15.0084 2028 scfilter - detected LockedFile.Multi.Generic (1)
    23:22:15.0147 2028 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    23:22:15.0162 2028 Schedule - ok
    23:22:15.0209 2028 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    23:22:15.0209 2028 SCPolicySvc - ok
    23:22:15.0287 2028 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
    23:22:15.0287 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\sdbus.sys. md5: 111E0EBC0AD79CB0FA014B907B231CF0
    23:22:15.0318 2028 sdbus ( LockedFile.Multi.Generic ) - warning
    23:22:15.0318 2028 sdbus - detected LockedFile.Multi.Generic (1)
    23:22:15.0396 2028 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    23:22:15.0396 2028 SDRSVC - ok
    23:22:15.0428 2028 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    23:22:15.0428 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186
    23:22:15.0428 2028 secdrv ( LockedFile.Multi.Generic ) - warning
    23:22:15.0428 2028 secdrv - detected LockedFile.Multi.Generic (1)
    23:22:15.0474 2028 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    23:22:15.0474 2028 seclogon - ok
    23:22:15.0506 2028 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    23:22:15.0506 2028 SENS - ok
    23:22:15.0552 2028 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    23:22:15.0552 2028 SensrSvc - ok
    23:22:15.0584 2028 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    23:22:15.0584 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B
    23:22:15.0584 2028 Serenum ( LockedFile.Multi.Generic ) - warning
    23:22:15.0584 2028 Serenum - detected LockedFile.Multi.Generic (1)
    23:22:15.0615 2028 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    23:22:15.0615 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6
    23:22:15.0630 2028 Serial ( LockedFile.Multi.Generic ) - warning
    23:22:15.0630 2028 Serial - detected LockedFile.Multi.Generic (1)
    23:22:15.0662 2028 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    23:22:15.0662 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3
    23:22:15.0677 2028 sermouse ( LockedFile.Multi.Generic ) - warning
    23:22:15.0677 2028 sermouse - detected LockedFile.Multi.Generic (1)
    23:22:15.0771 2028 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    23:22:15.0771 2028 SessionEnv - ok
    23:22:15.0818 2028 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    23:22:15.0818 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF
    23:22:15.0833 2028 sffdisk ( LockedFile.Multi.Generic ) - warning
    23:22:15.0833 2028 sffdisk - detected LockedFile.Multi.Generic (1)
    23:22:15.0880 2028 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    23:22:15.0880 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF
    23:22:15.0896 2028 sffp_mmc ( LockedFile.Multi.Generic ) - warning
    23:22:15.0896 2028 sffp_mmc - detected LockedFile.Multi.Generic (1)
    23:22:15.0927 2028 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    23:22:15.0927 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_sd.sys. md5: DD85B78243A19B59F0637DCF284DA63C
    23:22:15.0942 2028 sffp_sd ( LockedFile.Multi.Generic ) - warning
    23:22:15.0942 2028 sffp_sd - detected LockedFile.Multi.Generic (1)
    23:22:15.0958 2028 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    23:22:15.0958 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4
    23:22:15.0974 2028 sfloppy ( LockedFile.Multi.Generic ) - warning
    23:22:15.0974 2028 sfloppy - detected LockedFile.Multi.Generic (1)
    23:22:16.0036 2028 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
    23:22:16.0036 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\Sftfslh.sys. md5: C6CC9297BD53E5229653303E556AA539
    23:22:16.0083 2028 Sftfs ( LockedFile.Multi.Generic ) - warning
    23:22:16.0083 2028 Sftfs - detected LockedFile.Multi.Generic (1)
    23:22:16.0161 2028 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    23:22:16.0161 2028 sftlist - ok
    23:22:16.0208 2028 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
    23:22:16.0208 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\Sftplaylh.sys. md5: 390AA7BC52CEE43F6790CDEA1E776703
    23:22:16.0208 2028 Sftplay ( LockedFile.Multi.Generic ) - warning
    23:22:16.0208 2028 Sftplay - detected LockedFile.Multi.Generic (1)
    23:22:16.0223 2028 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
    23:22:16.0223 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\Sftredirlh.sys. md5: 617E29A0B0A2807466560D4C4E338D3E
    23:22:16.0223 2028 Sftredir ( LockedFile.Multi.Generic ) - warning
    23:22:16.0223 2028 Sftredir - detected LockedFile.Multi.Generic (1)
    23:22:16.0239 2028 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
    23:22:16.0239 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\Sftvollh.sys. md5: 8F571F016FA1976F445147E9E6C8AE9B
    23:22:16.0254 2028 Sftvol ( LockedFile.Multi.Generic ) - warning
    23:22:16.0254 2028 Sftvol - detected LockedFile.Multi.Generic (1)
    23:22:16.0301 2028 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    23:22:16.0317 2028 sftvsa - ok
    23:22:16.0348 2028 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    23:22:16.0348 2028 SharedAccess - ok
    23:22:16.0410 2028 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    23:22:16.0410 2028 ShellHWDetection - ok
    23:22:16.0457 2028 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    23:22:16.0457 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1
    23:22:16.0473 2028 SiSRaid2 ( LockedFile.Multi.Generic ) - warning
    23:22:16.0473 2028 SiSRaid2 - detected LockedFile.Multi.Generic (1)
    23:22:16.0520 2028 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    23:22:16.0520 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4
    23:22:16.0535 2028 SiSRaid4 ( LockedFile.Multi.Generic ) - warning
    23:22:16.0535 2028 SiSRaid4 - detected LockedFile.Multi.Generic (1)
    23:22:16.0566 2028 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    23:22:16.0566 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4
    23:22:16.0582 2028 Smb ( LockedFile.Multi.Generic ) - warning
    23:22:16.0582 2028 Smb - detected LockedFile.Multi.Generic (1)
    23:22:16.0660 2028 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    23:22:16.0660 2028 SNMPTRAP - ok
    23:22:16.0722 2028 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    23:22:16.0722 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9
    23:22:16.0722 2028 spldr ( LockedFile.Multi.Generic ) - warning
    23:22:16.0722 2028 spldr - detected LockedFile.Multi.Generic (1)
    23:22:16.0769 2028 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
    23:22:16.0785 2028 Spooler - ok
    23:22:16.0894 2028 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    23:22:16.0941 2028 sppsvc - ok
    23:22:17.0003 2028 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    23:22:17.0003 2028 sppuinotify - ok
    23:22:17.0066 2028 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    23:22:17.0066 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv.sys. md5: 441FBA48BFF01FDB9D5969EBC1838F0B
    23:22:17.0081 2028 srv ( LockedFile.Multi.Generic ) - warning
    23:22:17.0081 2028 srv - detected LockedFile.Multi.Generic (1)
    23:22:17.0128 2028 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    23:22:17.0128 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv2.sys. md5: B4ADEBBF5E3677CCE9651E0F01F7CC28
    23:22:17.0128 2028 srv2 ( LockedFile.Multi.Generic ) - warning
    23:22:17.0128 2028 srv2 - detected LockedFile.Multi.Generic (1)
    23:22:17.0175 2028 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    23:22:17.0175 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\VSTAZL6.SYS. md5: 0C4540311E11664B245A263E1154CEF8
    23:22:17.0175 2028 SrvHsfHDA ( LockedFile.Multi.Generic ) - warning
    23:22:17.0175 2028 SrvHsfHDA - detected LockedFile.Multi.Generic (1)
    23:22:17.0222 2028 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    23:22:17.0222 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\VSTDPV6.SYS. md5: 02071D207A9858FBE3A48CBFD59C4A04
    23:22:17.0253 2028 SrvHsfV92 ( LockedFile.Multi.Generic ) - warning
    23:22:17.0253 2028 SrvHsfV92 - detected LockedFile.Multi.Generic (1)
    23:22:17.0284 2028 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    23:22:17.0284 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\VSTCNXT6.SYS. md5: 18E40C245DBFAF36FD0134A7EF2DF396
    23:22:17.0300 2028 SrvHsfWinac ( LockedFile.Multi.Generic ) - warning
    23:22:17.0300 2028 SrvHsfWinac - detected LockedFile.Multi.Generic (1)
    23:22:17.0362 2028 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    23:22:17.0362 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 27E461F0BE5BFF5FC737328F749538C3
    23:22:17.0393 2028 srvnet ( LockedFile.Multi.Generic ) - warning
    23:22:17.0393 2028 srvnet - detected LockedFile.Multi.Generic (1)
    23:22:17.0440 2028 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    23:22:17.0440 2028 SSDPSRV - ok
    23:22:17.0487 2028 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    23:22:17.0487 2028 SstpSvc - ok
    23:22:17.0549 2028 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    23:22:17.0549 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\stexstor.sys. md5: F3817967ED533D08327DC73BC4D5542A
    23:22:17.0565 2028 stexstor ( LockedFile.Multi.Generic ) - warning
    23:22:17.0565 2028 stexstor - detected LockedFile.Multi.Generic (1)
    23:22:17.0612 2028 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
    23:22:17.0612 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serscan.sys. md5: DECACB6921DED1A38642642685D77DAC
    23:22:17.0627 2028 StillCam ( LockedFile.Multi.Generic ) - warning
    23:22:17.0627 2028 StillCam - detected LockedFile.Multi.Generic (1)
    23:22:17.0705 2028 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    23:22:17.0705 2028 stisvc - ok
    23:22:17.0752 2028 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    23:22:17.0752 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90
    23:22:17.0752 2028 swenum ( LockedFile.Multi.Generic ) - warning
    23:22:17.0752 2028 swenum - detected LockedFile.Multi.Generic (1)
    23:22:17.0799 2028 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    23:22:17.0799 2028 swprv - ok
    23:22:17.0908 2028 [ 961CFAC2A5318E212F459D651F28E0A4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    23:22:17.0908 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\SynTP.sys. md5: 961CFAC2A5318E212F459D651F28E0A4
    23:22:17.0924 2028 SynTP ( LockedFile.Multi.Generic ) - warning
    23:22:17.0924 2028 SynTP - detected LockedFile.Multi.Generic (1)
    23:22:18.0064 2028 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    23:22:18.0080 2028 SysMain - ok
    23:22:18.0142 2028 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    23:22:18.0142 2028 TabletInputService - ok
    23:22:18.0220 2028 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    23:22:18.0220 2028 TapiSrv - ok
    23:22:18.0282 2028 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    23:22:18.0298 2028 TBS - ok
    23:22:18.0376 2028 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    23:22:18.0376 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpip.sys. md5: ACB82BDA8F46C84F465C1AFA517DC4B9
    23:22:18.0407 2028 Tcpip ( LockedFile.Multi.Generic ) - warning
    23:22:18.0407 2028 Tcpip - detected LockedFile.Multi.Generic (1)
    23:22:18.0438 2028 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    23:22:18.0438 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tcpip.sys. md5: ACB82BDA8F46C84F465C1AFA517DC4B9
    23:22:18.0438 2028 TCPIP6 ( LockedFile.Multi.Generic ) - warning
    23:22:18.0438 2028 TCPIP6 - detected LockedFile.Multi.Generic (1)
    23:22:18.0516 2028 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    23:22:18.0516 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpipreg.sys. md5: DF687E3D8836BFB04FCC0615BF15A519
    23:22:18.0516 2028 tcpipreg ( LockedFile.Multi.Generic ) - warning
    23:22:18.0516 2028 tcpipreg - detected LockedFile.Multi.Generic (1)
    23:22:18.0610 2028 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    23:22:18.0610 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C
    23:22:18.0626 2028 TDPIPE ( LockedFile.Multi.Generic ) - warning
    23:22:18.0626 2028 TDPIPE - detected LockedFile.Multi.Generic (1)
    23:22:18.0672 2028 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    23:22:18.0672 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\tdtcp.sys. md5: 51C5ECEB1CDEE2468A1748BE550CFBC8
    23:22:18.0688 2028 TDTCP ( LockedFile.Multi.Generic ) - warning
    23:22:18.0688 2028 TDTCP - detected LockedFile.Multi.Generic (1)
    23:22:18.0766 2028 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    23:22:18.0766 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tdx.sys. md5: DDAD5A7AB24D8B65F8D724F5C20FD806
    23:22:18.0766 2028 tdx ( LockedFile.Multi.Generic ) - warning
    23:22:18.0766 2028 tdx - detected LockedFile.Multi.Generic (1)
    23:22:18.0813 2028 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    23:22:18.0813 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\termdd.sys. md5: 561E7E1F06895D78DE991E01DD0FB6E5
    23:22:18.0813 2028 TermDD ( LockedFile.Multi.Generic ) - warning
    23:22:18.0813 2028 TermDD - detected LockedFile.Multi.Generic (1)
    23:22:18.0875 2028 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    23:22:18.0891 2028 TermService - ok
    23:22:18.0953 2028 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    23:22:18.0953 2028 Themes - ok
    23:22:18.0984 2028 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    23:22:18.0984 2028 THREADORDER - ok
    23:22:19.0031 2028 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    23:22:19.0031 2028 TrkWks - ok
    23:22:19.0094 2028 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    23:22:19.0094 2028 TrustedInstaller - ok
    23:22:19.0140 2028 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    23:22:19.0140 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: CE18B2CDFC837C99E5FAE9CA6CBA5D30
    23:22:19.0156 2028 tssecsrv ( LockedFile.Multi.Generic ) - warning
    23:22:19.0156 2028 tssecsrv - detected LockedFile.Multi.Generic (1)
    23:22:19.0250 2028 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    23:22:19.0250 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\tsusbflt.sys. md5: D11C783E3EF9A3C52C0EBE83CC5000E9
    23:22:19.0296 2028 TsUsbFlt ( LockedFile.Multi.Generic ) - warning
    23:22:19.0296 2028 TsUsbFlt - detected LockedFile.Multi.Generic (1)
    23:22:19.0359 2028 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    23:22:19.0359 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3566A8DAAFA27AF944F5D705EAA64894
    23:22:19.0359 2028 tunnel ( LockedFile.Multi.Generic ) - warning
    23:22:19.0359 2028 tunnel - detected LockedFile.Multi.Generic (1)
    23:22:19.0406 2028 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    23:22:19.0406 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67
    23:22:19.0406 2028 uagp35 ( LockedFile.Multi.Generic ) - warning
    23:22:19.0406 2028 uagp35 - detected LockedFile.Multi.Generic (1)
    23:22:19.0468 2028 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    23:22:19.0468 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\udfs.sys. md5: FF4232A1A64012BAA1FD97C7B67DF593
    23:22:19.0468 2028 udfs ( LockedFile.Multi.Generic ) - warning
    23:22:19.0468 2028 udfs - detected LockedFile.Multi.Generic (1)
    23:22:19.0499 2028 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    23:22:19.0499 2028 UI0Detect - ok
    23:22:19.0562 2028 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    23:22:19.0562 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320
    23:22:19.0593 2028 uliagpkx ( LockedFile.Multi.Generic ) - warning
    23:22:19.0593 2028 uliagpkx - detected LockedFile.Multi.Generic (1)
    23:22:19.0608 2028 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    23:22:19.0608 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\umbus.sys. md5: DC54A574663A895C8763AF0FA1FF7561
    23:22:19.0608 2028 umbus ( LockedFile.Multi.Generic ) - warning
    23:22:19.0608 2028 umbus - detected LockedFile.Multi.Generic (1)
    23:22:19.0640 2028 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    23:22:19.0640 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D
    23:22:19.0640 2028 UmPass ( LockedFile.Multi.Generic ) - warning
    23:22:19.0640 2028 UmPass - detected LockedFile.Multi.Generic (1)
    23:22:19.0780 2028 [ 765F2DD351BA064F657751D8D75E58C0 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    23:22:19.0796 2028 UNS - ok
    23:22:19.0858 2028 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    23:22:19.0874 2028 upnphost - ok
    23:22:19.0936 2028 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    23:22:19.0936 2028 Suspicious file (NoAccess): C:\Windows\system32\Drivers\usbaapl64.sys. md5: FB251567F41BC61988B26731DEC19E4B
    23:22:19.0952 2028 USBAAPL64 ( LockedFile.Multi.Generic ) - warning
    23:22:19.0952 2028 USBAAPL64 - detected LockedFile.Multi.Generic (1)
    23:22:19.0998 2028 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    23:22:19.0998 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbaudio.sys. md5: 82E8F44688E6FAC57B5B7C6FC7ADBC2A
    23:22:19.0998 2028 usbaudio ( LockedFile.Multi.Generic ) - warning
    23:22:19.0998 2028 usbaudio - detected LockedFile.Multi.Generic (1)
    23:22:20.0045 2028 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    23:22:20.0045 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: 6F1A3157A1C89435352CEB543CDB359C
    23:22:20.0061 2028 usbccgp ( LockedFile.Multi.Generic ) - warning
    23:22:20.0061 2028 usbccgp - detected LockedFile.Multi.Generic (1)
    23:22:20.0076 2028 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    23:22:20.0076 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbcir.sys. md5: AF0892A803FDDA7492F595368E3B68E7
    23:22:20.0076 2028 usbcir ( LockedFile.Multi.Generic ) - warning
    23:22:20.0076 2028 usbcir - detected LockedFile.Multi.Generic (1)
    23:22:20.0123 2028 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    23:22:20.0123 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbehci.sys. md5: C025055FE7B87701EB042095DF1A2D7B
    23:22:20.0139 2028 usbehci ( LockedFile.Multi.Generic ) - warning
    23:22:20.0139 2028 usbehci - detected LockedFile.Multi.Generic (1)
    23:22:20.0170 2028 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    23:22:20.0170 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 287C6C9410B111B68B52CA298F7B8C24
    23:22:20.0186 2028 usbhub ( LockedFile.Multi.Generic ) - warning
    23:22:20.0186 2028 usbhub - detected LockedFile.Multi.Generic (1)
    23:22:20.0201 2028 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    23:22:20.0201 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbohci.sys. md5: 9840FC418B4CBD632D3D0A667A725C31
    23:22:20.0217 2028 usbohci ( LockedFile.Multi.Generic ) - warning
    23:22:20.0217 2028 usbohci - detected LockedFile.Multi.Generic (1)
    23:22:20.0232 2028 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    23:22:20.0232 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D
    23:22:20.0248 2028 usbprint ( LockedFile.Multi.Generic ) - warning
    23:22:20.0248 2028 usbprint - detected LockedFile.Multi.Generic (1)
    23:22:20.0279 2028 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    23:22:20.0279 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbscan.sys. md5: AAA2513C8AED8B54B189FD0C6B1634C0
    23:22:20.0295 2028 usbscan ( LockedFile.Multi.Generic ) - warning
    23:22:20.0295 2028 usbscan - detected LockedFile.Multi.Generic (1)
    23:22:20.0342 2028 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    23:22:20.0357 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: FED648B01349A3C8395A5169DB5FB7D6
    23:22:20.0357 2028 USBSTOR ( LockedFile.Multi.Generic ) - warning
    23:22:20.0357 2028 USBSTOR - detected LockedFile.Multi.Generic (1)
    23:22:20.0388 2028 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    23:22:20.0388 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbuhci.sys. md5: 62069A34518BCF9C1FD9E74B3F6DB7CD
    23:22:20.0388 2028 usbuhci ( LockedFile.Multi.Generic ) - warning
    23:22:20.0388 2028 usbuhci - detected LockedFile.Multi.Generic (1)
    23:22:20.0420 2028 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    23:22:20.0420 2028 Suspicious file (NoAccess): C:\Windows\System32\Drivers\usbvideo.sys. md5: 454800C2BC7F3927CE030141EE4F4C50
    23:22:20.0420 2028 usbvideo ( LockedFile.Multi.Generic ) - warning
    23:22:20.0420 2028 usbvideo - detected LockedFile.Multi.Generic (1)
    23:22:20.0482 2028 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    23:22:20.0482 2028 UxSms - ok
    23:22:20.0513 2028 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    23:22:20.0513 2028 VaultSvc - ok
    23:22:20.0529 2028 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    23:22:20.0529 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD
    23:22:20.0544 2028 vdrvroot ( LockedFile.Multi.Generic ) - warning
    23:22:20.0544 2028 vdrvroot - detected LockedFile.Multi.Generic (1)
    23:22:20.0591 2028 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    23:22:20.0607 2028 vds - ok
    23:22:20.0669 2028 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    23:22:20.0669 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD
    23:22:20.0700 2028 vga ( LockedFile.Multi.Generic ) - warning
    23:22:20.0700 2028 vga - detected LockedFile.Multi.Generic (1)
    23:22:20.0732 2028 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    23:22:20.0732 2028 Suspicious file (NoAccess): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC
    23:22:20.0763 2028 VgaSave ( LockedFile.Multi.Generic ) - warning
    23:22:20.0763 2028 VgaSave - detected LockedFile.Multi.Generic (1)
    23:22:20.0856 2028 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    23:22:20.0856 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\vhdmp.sys. md5: 2CE2DF28C83AEAF30084E1B1EB253CBB
    23:22:20.0872 2028 vhdmp ( LockedFile.Multi.Generic ) - warning
    23:22:20.0872 2028 vhdmp - detected LockedFile.Multi.Generic (1)
    23:22:20.0934 2028 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    23:22:20.0934 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54
    23:22:20.0950 2028 viaide ( LockedFile.Multi.Generic ) - warning
    23:22:20.0950 2028 viaide - detected LockedFile.Multi.Generic (1)
    23:22:20.0981 2028 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    23:22:20.0997 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0
    23:22:20.0997 2028 volmgr ( LockedFile.Multi.Generic ) - warning
    23:22:20.0997 2028 volmgr - detected LockedFile.Multi.Generic (1)
    23:22:21.0059 2028 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    23:22:21.0059 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgrx.sys. md5: A255814907C89BE58B79EF2F189B843B
    23:22:21.0075 2028 volmgrx ( LockedFile.Multi.Generic ) - warning
    23:22:21.0075 2028 volmgrx - detected LockedFile.Multi.Generic (1)
    23:22:21.0106 2028 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    23:22:21.0122 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\volsnap.sys. md5: 0D08D2F3B3FF84E433346669B5E0F639
    23:22:21.0122 2028 volsnap ( LockedFile.Multi.Generic ) - warning
    23:22:21.0122 2028 volsnap - detected LockedFile.Multi.Generic (1)
    23:22:21.0153 2028 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    23:22:21.0153 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997
    23:22:21.0168 2028 vsmraid ( LockedFile.Multi.Generic ) - warning
    23:22:21.0168 2028 vsmraid - detected LockedFile.Multi.Generic (1)
    23:22:21.0246 2028 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    23:22:21.0262 2028 VSS - ok
    23:22:21.0309 2028 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    23:22:21.0309 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1
    23:22:21.0324 2028 vwifibus ( LockedFile.Multi.Generic ) - warning
    23:22:21.0324 2028 vwifibus - detected LockedFile.Multi.Generic (1)
    23:22:21.0340 2028 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    23:22:21.0340 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6A3D66263414FF0D6FA754C646612F3F
    23:22:21.0340 2028 vwififlt ( LockedFile.Multi.Generic ) - warning
    23:22:21.0340 2028 vwififlt - detected LockedFile.Multi.Generic (1)
    23:22:21.0371 2028 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
     
  7. ViolinDad

    ViolinDad TS Rookie Topic Starter

    and here is Part 3 (of 3) from TDSSKiller Log 1:

    23:22:23.0883 2028 ================ Scan global ===============================
    23:22:23.0930 2028 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    23:22:23.0961 2028 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    23:22:23.0961 2028 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    23:22:23.0992 2028 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    23:22:24.0008 2028 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    23:22:24.0023 2028 [Global] - ok
    23:22:24.0023 2028 ================ Scan MBR ==================================
    23:22:24.0023 2028 [ B5EAEEECC6A0DEF5E45D08EFBC60B9AB ] \Device\Harddisk0\DR0
    23:22:24.0023 2028 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    23:22:24.0054 2028 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
    23:22:24.0054 2028 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
    23:22:24.0070 2028 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
    23:22:24.0101 2028 \Device\Harddisk1\DR1 - ok
    23:22:24.0117 2028 ================ Scan VBR ==================================
    23:22:24.0164 2028 [ F9854F78C50F119A7E45FED53410618F ] \Device\Harddisk0\DR0\Partition1
    23:22:24.0164 2028 \Device\Harddisk0\DR0\Partition1 - ok
    23:22:24.0164 2028 [ 43828C7CD497982403F1A941E041BC3C ] \Device\Harddisk0\DR0\Partition2
    23:22:24.0164 2028 \Device\Harddisk0\DR0\Partition2 - ok
    23:22:24.0195 2028 [ 3BD6A63A98BDF549C2CAA51EF76F368E ] \Device\Harddisk0\DR0\Partition3
    23:22:24.0195 2028 \Device\Harddisk0\DR0\Partition3 - ok
    23:22:24.0210 2028 [ 8224F8572ADC593D821BFC90436BCA92 ] \Device\Harddisk0\DR0\Partition4
    23:22:24.0226 2028 \Device\Harddisk0\DR0\Partition4 - ok
    23:22:24.0226 2028 [ 8237A829CC8E092B592A650A13774655 ] \Device\Harddisk1\DR1\Partition1
    23:22:24.0226 2028 \Device\Harddisk1\DR1\Partition1 - ok
    23:22:24.0226 2028 ============================================================
    23:22:24.0226 2028 Scan finished
    23:22:24.0226 2028 ============================================================
    23:22:24.0226 0520 Detected object count: 136
    23:22:24.0226 0520 Actual detected object count: 136
    23:23:45.0986 0520 C:\Windows\System32\Drivers\afe8b0cca498795.sys - copied to quarantine
    23:23:46.0032 0520 HKLM\SYSTEM\ControlSet001\services\afe8b0cca498795 - will be deleted on reboot
    23:23:46.0079 0520 HKLM\SYSTEM\ControlSet002\services\afe8b0cca498795 - will be deleted on reboot
    23:23:46.0407 0520 C:\Windows\System32\Drivers\afe8b0cca498795.sys - will be deleted on reboot
    23:23:46.0407 0520 afe8b0cca498795 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
    23:23:46.0407 0520 MSKSSRV ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0407 0520 MSKSSRV ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0407 0520 MSPCLOCK ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0407 0520 MSPCLOCK ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0407 0520 MSPQM ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0407 0520 MSPQM ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0407 0520 MsRPC ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0407 0520 MsRPC ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0407 0520 mssmbios ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0407 0520 mssmbios ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0407 0520 MSTEE ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0407 0520 MSTEE ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0407 0520 MTConfig ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0407 0520 MTConfig ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0407 0520 Mup ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0407 0520 Mup ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0422 0520 NativeWifiP ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0422 0520 NativeWifiP ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0422 0520 NDIS ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0422 0520 NDIS ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0422 0520 NdisCap ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0422 0520 NdisCap ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0422 0520 NdisTapi ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0422 0520 NdisTapi ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0422 0520 Ndisuio ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0422 0520 Ndisuio ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0422 0520 NdisWan ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0422 0520 NdisWan ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0422 0520 NDProxy ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0422 0520 NDProxy ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0422 0520 nsiproxy ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0422 0520 nsiproxy ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0422 0520 Ntfs ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0422 0520 Ntfs ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0422 0520 Null ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0422 0520 Null ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0438 0520 nvraid ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0438 0520 nvraid ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0438 0520 nvstor ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0438 0520 nvstor ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0438 0520 nv_agp ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0438 0520 nv_agp ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0438 0520 ohci1394 ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0438 0520 ohci1394 ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0438 0520 Parport ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0438 0520 Parport ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0438 0520 partmgr ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0438 0520 partmgr ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0438 0520 pci ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0438 0520 pci ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0438 0520 pciide ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0438 0520 pciide ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0438 0520 PptpMiniport ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0438 0520 PptpMiniport ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0438 0520 Processor ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0438 0520 Processor ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0438 0520 Psched ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0438 0520 Psched ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0454 0520 ql2300 ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0454 0520 ql2300 ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0454 0520 ql40xx ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0454 0520 ql40xx ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0454 0520 QWAVEdrv ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0454 0520 QWAVEdrv ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0454 0520 RasAcd ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0454 0520 RasAcd ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0454 0520 RasAgileVpn ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0454 0520 RasAgileVpn ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0454 0520 Rasl2tp ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0454 0520 Rasl2tp ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0454 0520 RasPppoe ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0454 0520 RasPppoe ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0454 0520 RasSstp ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0454 0520 RasSstp ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0454 0520 rdbss ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0454 0520 rdbss ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0454 0520 rdpbus ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0454 0520 rdpbus ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0485 0520 RDPCDD ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0485 0520 RDPCDD ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0485 0520 RDPENCDD ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0485 0520 RDPENCDD ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0485 0520 RDPREFMP ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0485 0520 RDPREFMP ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0485 0520 RDPWD ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0485 0520 RDPWD ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0485 0520 rdyboost ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0485 0520 rdyboost ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0485 0520 rspndr ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0485 0520 rspndr ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0485 0520 RSUSBSTOR ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0485 0520 RSUSBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0485 0520 RTL8167 ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0485 0520 RTL8167 ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0485 0520 sbapifs ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0485 0520 sbapifs ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0500 0520 SbFw ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0500 0520 SbFw ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0500 0520 SBFWIMCL ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0500 0520 SBFWIMCL ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0500 0520 SBFWIMCLMP ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0500 0520 SBFWIMCLMP ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0500 0520 SbHips ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0500 0520 SbHips ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0500 0520 sbp2port ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0500 0520 sbp2port ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0500 0520 SBRE ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0500 0520 SBRE ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0500 0520 sbwtis ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0500 0520 sbwtis ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0500 0520 scfilter ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0500 0520 scfilter ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0500 0520 sdbus ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0500 0520 sdbus ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0500 0520 secdrv ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0500 0520 secdrv ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0516 0520 Serenum ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0516 0520 Serenum ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0516 0520 Serial ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0516 0520 Serial ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0516 0520 sermouse ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0516 0520 sermouse ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0516 0520 sffdisk ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0516 0520 sffdisk ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0516 0520 sffp_mmc ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0516 0520 sffp_mmc ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0516 0520 sffp_sd ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0516 0520 sffp_sd ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0516 0520 sfloppy ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0516 0520 sfloppy ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0516 0520 Sftfs ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0516 0520 Sftfs ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0516 0520 Sftplay ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0516 0520 Sftplay ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0516 0520 Sftredir ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0516 0520 Sftredir ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0516 0520 Sftvol ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0516 0520 Sftvol ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0547 0520 SiSRaid2 ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0547 0520 SiSRaid2 ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0563 0520 SiSRaid4 ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0563 0520 SiSRaid4 ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0578 0520 Smb ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0578 0520 Smb ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0594 0520 spldr ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0594 0520 spldr ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0594 0520 srv ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0594 0520 srv ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0594 0520 srv2 ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0594 0520 srv2 ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0594 0520 SrvHsfHDA ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0594 0520 SrvHsfHDA ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0610 0520 SrvHsfV92 ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0610 0520 SrvHsfV92 ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0625 0520 SrvHsfWinac ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0625 0520 SrvHsfWinac ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0625 0520 srvnet ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0625 0520 srvnet ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0625 0520 stexstor ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0625 0520 stexstor ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0625 0520 StillCam ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0625 0520 StillCam ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0625 0520 swenum ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0625 0520 swenum ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0625 0520 SynTP ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0625 0520 SynTP ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0625 0520 Tcpip ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0625 0520 Tcpip ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0625 0520 TCPIP6 ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0625 0520 TCPIP6 ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0625 0520 tcpipreg ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0625 0520 tcpipreg ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0641 0520 TDPIPE ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0641 0520 TDPIPE ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0641 0520 TDTCP ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0641 0520 TDTCP ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0641 0520 tdx ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0641 0520 tdx ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0641 0520 TermDD ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0641 0520 TermDD ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0641 0520 tssecsrv ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0641 0520 tssecsrv ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0641 0520 TsUsbFlt ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0641 0520 TsUsbFlt ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0641 0520 tunnel ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0641 0520 tunnel ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0641 0520 uagp35 ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0641 0520 uagp35 ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0641 0520 udfs ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0641 0520 udfs ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0641 0520 uliagpkx ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0641 0520 uliagpkx ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0641 0520 umbus ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0641 0520 umbus ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0656 0520 UmPass ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0656 0520 UmPass ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0656 0520 USBAAPL64 ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0656 0520 USBAAPL64 ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0656 0520 usbaudio ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0656 0520 usbaudio ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0656 0520 usbccgp ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0656 0520 usbccgp ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0656 0520 usbcir ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0656 0520 usbcir ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0656 0520 usbehci ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0656 0520 usbehci ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0656 0520 usbhub ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0656 0520 usbhub ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0656 0520 usbohci ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0656 0520 usbohci ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0656 0520 usbprint ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0656 0520 usbprint ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0656 0520 usbscan ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0656 0520 usbscan ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0672 0520 USBSTOR ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0672 0520 USBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0672 0520 usbuhci ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0672 0520 usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0672 0520 usbvideo ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0672 0520 usbvideo ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0672 0520 vdrvroot ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0672 0520 vdrvroot ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0672 0520 vga ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0672 0520 vga ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0672 0520 VgaSave ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0672 0520 VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0672 0520 vhdmp ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0672 0520 vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0672 0520 viaide ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0672 0520 viaide ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0672 0520 volmgr ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0672 0520 volmgr ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0672 0520 volmgrx ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0672 0520 volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0672 0520 volsnap ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0672 0520 volsnap ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0703 0520 vsmraid ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0703 0520 vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0719 0520 vwifibus ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0719 0520 vwifibus ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0734 0520 vwififlt ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0734 0520 vwififlt ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0750 0520 WacomPen ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0750 0520 WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0750 0520 WANARP ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0750 0520 WANARP ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0750 0520 Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0750 0520 Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0750 0520 Wd ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0750 0520 Wd ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0750 0520 Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0766 0520 Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0781 0520 WfpLwf ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0781 0520 WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0781 0520 WIMMount ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0781 0520 WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0781 0520 WinUsb ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0781 0520 WinUsb ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0781 0520 WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0781 0520 WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0781 0520 ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0781 0520 ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0781 0520 WudfPf ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0781 0520 WudfPf ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0781 0520 WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0781 0520 WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0781 0520 yukonw7 ( LockedFile.Multi.Generic ) - skipped by user
    23:23:46.0781 0520 yukonw7 ( LockedFile.Multi.Generic ) - User select action: Skip
    23:23:46.0844 0520 \Device\Harddisk0\DR0\# - copied to quarantine
    23:23:46.0875 0520 \Device\Harddisk0\DR0 - copied to quarantine
    23:23:46.0922 0520 \Device\Harddisk0\DR0 - processing error
    23:24:08.0575 0520 \Device\Harddisk0\DR0 - will be restored on reboot
    23:24:08.0653 0520 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore
    23:24:19.0323 1904 Deinitialize success
    23:22:21.0387 2028 W32Time - ok
    23:22:21.0434 2028 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    23:22:21.0434 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E
    23:22:21.0434 2028 WacomPen ( LockedFile.Multi.Generic ) - warning
    23:22:21.0434 2028 WacomPen - detected LockedFile.Multi.Generic (1)
    23:22:21.0496 2028 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    23:22:21.0496 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C
    23:22:21.0512 2028 WANARP ( LockedFile.Multi.Generic ) - warning
    23:22:21.0512 2028 WANARP - detected LockedFile.Multi.Generic (1)
    23:22:21.0543 2028 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    23:22:21.0543 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C
    23:22:21.0543 2028 Wanarpv6 ( LockedFile.Multi.Generic ) - warning
    23:22:21.0543 2028 Wanarpv6 - detected LockedFile.Multi.Generic (1)
    23:22:21.0636 2028 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    23:22:21.0652 2028 WatAdminSvc - ok
    23:22:21.0730 2028 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    23:22:21.0746 2028 wbengine - ok
    23:22:21.0808 2028 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    23:22:21.0808 2028 WbioSrvc - ok
    23:22:21.0855 2028 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    23:22:21.0870 2028 wcncsvc - ok
    23:22:21.0886 2028 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    23:22:21.0886 2028 WcsPlugInService - ok
    23:22:21.0917 2028 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    23:22:21.0917 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC
    23:22:21.0933 2028 Wd ( LockedFile.Multi.Generic ) - warning
    23:22:21.0933 2028 Wd - detected LockedFile.Multi.Generic (1)
    23:22:21.0964 2028 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    23:22:21.0964 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441BD2D7B4F98134C3A4F9FA570FD250
    23:22:22.0011 2028 Wdf01000 ( LockedFile.Multi.Generic ) - warning
    23:22:22.0011 2028 Wdf01000 - detected LockedFile.Multi.Generic (1)
    23:22:22.0026 2028 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    23:22:22.0026 2028 WdiServiceHost - ok
    23:22:22.0058 2028 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    23:22:22.0058 2028 WdiSystemHost - ok
    23:22:22.0104 2028 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    23:22:22.0104 2028 WebClient - ok
    23:22:22.0151 2028 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    23:22:22.0151 2028 Wecsvc - ok
    23:22:22.0182 2028 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    23:22:22.0182 2028 wercplsupport - ok
    23:22:22.0214 2028 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    23:22:22.0214 2028 WerSvc - ok
    23:22:22.0292 2028 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    23:22:22.0292 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725
    23:22:22.0323 2028 WfpLwf ( LockedFile.Multi.Generic ) - warning
    23:22:22.0323 2028 WfpLwf - detected LockedFile.Multi.Generic (1)
    23:22:22.0416 2028 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    23:22:22.0416 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC
    23:22:22.0432 2028 WIMMount ( LockedFile.Multi.Generic ) - warning
    23:22:22.0432 2028 WIMMount - detected LockedFile.Multi.Generic (1)
    23:22:22.0494 2028 WinDefend - ok
    23:22:22.0510 2028 WinHttpAutoProxySvc - ok
    23:22:22.0572 2028 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    23:22:22.0588 2028 Winmgmt - ok
    23:22:22.0650 2028 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    23:22:22.0682 2028 WinRM - ok
    23:22:22.0775 2028 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    23:22:22.0775 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: FE88B288356E7B47B74B13372ADD906D
    23:22:22.0806 2028 WinUsb ( LockedFile.Multi.Generic ) - warning
    23:22:22.0806 2028 WinUsb - detected LockedFile.Multi.Generic (1)
    23:22:22.0853 2028 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    23:22:22.0869 2028 Wlansvc - ok
    23:22:23.0025 2028 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    23:22:23.0056 2028 wlidsvc - ok
    23:22:23.0103 2028 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    23:22:23.0103 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778
    23:22:23.0150 2028 WmiAcpi ( LockedFile.Multi.Generic ) - warning
    23:22:23.0150 2028 WmiAcpi - detected LockedFile.Multi.Generic (1)
    23:22:23.0196 2028 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    23:22:23.0196 2028 wmiApSrv - ok
    23:22:23.0228 2028 WMPNetworkSvc - ok
    23:22:23.0274 2028 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    23:22:23.0274 2028 WPCSvc - ok
    23:22:23.0321 2028 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    23:22:23.0321 2028 WPDBusEnum - ok
    23:22:23.0352 2028 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    23:22:23.0352 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52
    23:22:23.0368 2028 ws2ifsl ( LockedFile.Multi.Generic ) - warning
    23:22:23.0368 2028 ws2ifsl - detected LockedFile.Multi.Generic (1)
    23:22:23.0415 2028 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    23:22:23.0415 2028 wscsvc - ok
    23:22:23.0446 2028 WSearch - ok
    23:22:23.0555 2028 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    23:22:23.0586 2028 wuauserv - ok
    23:22:23.0618 2028 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    23:22:23.0633 2028 Suspicious file (NoAccess): C:\Windows\system32\drivers\WudfPf.sys. md5: D3381DC54C34D79B22CEE0D65BA91B7C
    23:22:23.0649 2028 WudfPf ( LockedFile.Multi.Generic ) - warning
    23:22:23.0649 2028 WudfPf - detected LockedFile.Multi.Generic (1)
    23:22:23.0696 2028 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    23:22:23.0696 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: CF8D590BE3373029D57AF80914190682
    23:22:23.0696 2028 WUDFRd ( LockedFile.Multi.Generic ) - warning
    23:22:23.0696 2028 WUDFRd - detected LockedFile.Multi.Generic (1)
    23:22:23.0758 2028 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    23:22:23.0758 2028 wudfsvc - ok
    23:22:23.0805 2028 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    23:22:23.0805 2028 WwanSvc - ok
    23:22:23.0867 2028 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
    23:22:23.0867 2028 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\yk62x64.sys. md5: B3EEACF62445E24FBB2CD4B0FB4DB026
    23:22:23.0867 2028 yukonw7 ( LockedFile.Multi.Generic ) - warning
    23:22:23.0867 2028 yukonw7 - detected LockedFile.Multi.Generic (1)

    Log 2:

    23:25:55.0046 3724 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
    23:25:55.0062 3724 ============================================================
    23:25:55.0062 3724 Current date / time: 2012/08/21 23:25:55.0062
    23:25:55.0062 3724 SystemInfo:
    23:25:55.0062 3724
    23:25:55.0062 3724 OS Version: 6.1.7601 ServicePack: 1.0
    23:25:55.0062 3724 Product type: Workstation
    23:25:55.0062 3724 ComputerName: JANE-PC
    23:25:55.0062 3724 UserName: Jane
    23:25:55.0062 3724 Windows directory: C:\Windows
    23:25:55.0062 3724 System windows directory: C:\Windows
    23:25:55.0062 3724 Running under WOW64
    23:25:55.0062 3724 Processor architecture: Intel x64
    23:25:55.0062 3724 Number of processors: 4
    23:25:55.0062 3724 Page size: 0x1000
    23:25:55.0062 3724 Boot type: Normal boot
    23:25:55.0062 3724 ============================================================
    23:25:55.0155 3724 BG loaded
    23:25:55.0670 3724 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    23:25:55.0686 3724 Drive \Device\Harddisk1\DR1 - Size: 0x1DCD80000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    23:25:55.0686 3724 ============================================================
    23:25:55.0686 3724 \Device\Harddisk0\DR0:
    23:25:55.0686 3724 MBR partitions:
    23:25:55.0686 3724 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    23:25:55.0686 3724 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23A77000
    23:25:55.0686 3724 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23ADB000, BlocksNum 0x191F800
    23:25:55.0686 3724 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
    23:25:55.0686 3724 \Device\Harddisk1\DR1:
    23:25:55.0686 3724 MBR partitions:
    23:25:55.0686 3724 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x20, BlocksNum 0xEE6BE0
    23:25:55.0686 3724 ============================================================
    23:25:55.0764 3724 C: <-> \Device\Harddisk0\DR0\Partition2
    23:25:55.0810 3724 D: <-> \Device\Harddisk0\DR0\Partition3
    23:25:55.0810 3724 E: <-> \Device\Harddisk0\DR0\Partition4
    23:25:55.0810 3724 ============================================================
    23:25:55.0810 3724 Initialize success
    23:25:55.0810 3724 ============================================================
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Both logs look incomplete or you didn't post a whole log.

    Please re-run it.
     
  9. ViolinDad

    ViolinDad TS Rookie Topic Starter

    This time, when I ran it -- both in normal and safe mode, I get a report of "No Threats Found".

    I'm pasting the log, but should I also zip and upload it?

    Here's the log: (Part 1 of 2)

    TDSSKiller:

    11:32:54.0501 1364 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
    11:32:54.0548 1364 ============================================================
    11:32:54.0548 1364 Current date / time: 2012/08/22 11:32:54.0548
    11:32:54.0548 1364 SystemInfo:
    11:32:54.0548 1364
    11:32:54.0548 1364 OS Version: 6.1.7601 ServicePack: 1.0
    11:32:54.0548 1364 Product type: Workstation
    11:32:54.0548 1364 ComputerName: JANE-PC
    11:32:54.0548 1364 UserName: Jane
    11:32:54.0548 1364 Windows directory: C:\Windows
    11:32:54.0548 1364 System windows directory: C:\Windows
    11:32:54.0548 1364 Running under WOW64
    11:32:54.0548 1364 Processor architecture: Intel x64
    11:32:54.0548 1364 Number of processors: 4
    11:32:54.0548 1364 Page size: 0x1000
    11:32:54.0548 1364 Boot type: Safe boot
    11:32:54.0548 1364 ============================================================
    11:32:55.0172 1364 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    11:32:55.0172 1364 ============================================================
    11:32:55.0172 1364 \Device\Harddisk0\DR0:
    11:32:55.0172 1364 MBR partitions:
    11:32:55.0172 1364 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    11:32:55.0172 1364 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23A77000
    11:32:55.0172 1364 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23ADB000, BlocksNum 0x191F800
    11:32:55.0172 1364 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
    11:32:55.0172 1364 ============================================================
    11:32:55.0187 1364 C: <-> \Device\Harddisk0\DR0\Partition2
    11:32:55.0234 1364 D: <-> \Device\Harddisk0\DR0\Partition3
    11:32:55.0250 1364 E: <-> \Device\Harddisk0\DR0\Partition4
    11:32:55.0250 1364 ============================================================
    11:32:55.0250 1364 Initialize success
    11:32:55.0250 1364 ============================================================
    11:32:57.0839 1396 ============================================================
    11:32:57.0839 1396 Scan started
    11:32:57.0839 1396 Mode: Manual;
    11:32:57.0839 1396 ============================================================
    11:32:57.0980 1396 ================ Scan system memory ========================
    11:32:57.0980 1396 System memory - ok
    11:32:57.0980 1396 ================ Scan services =============================
    11:32:58.0073 1396 [ 7D9D615201A483D6FA99491C2E655A5A ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    11:32:58.0073 1396 !SASCORE - ok
    11:32:58.0245 1396 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    11:32:58.0245 1396 1394ohci - ok
    11:32:58.0276 1396 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    11:32:58.0292 1396 ACPI - ok
    11:32:58.0307 1396 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    11:32:58.0307 1396 AcpiPmi - ok
    11:32:58.0448 1396 [ F19C98AD81D2C0E1BBFD8153D2C80EE8 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    11:32:58.0463 1396 AdobeFlashPlayerUpdateSvc - ok
    11:32:58.0510 1396 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    11:32:58.0510 1396 adp94xx - ok
    11:32:58.0557 1396 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    11:32:58.0557 1396 adpahci - ok
    11:32:58.0604 1396 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    11:32:58.0604 1396 adpu320 - ok
    11:32:58.0635 1396 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    11:32:58.0635 1396 AeLookupSvc - ok
    11:32:58.0666 1396 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    11:32:58.0666 1396 AERTFilters - ok
    11:32:58.0728 1396 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    11:32:58.0728 1396 AFD - ok
    11:32:58.0775 1396 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
    11:32:58.0791 1396 AgereSoftModem - ok
    11:32:58.0838 1396 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    11:32:58.0838 1396 agp440 - ok
    11:32:58.0869 1396 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    11:32:58.0869 1396 ALG - ok
    11:32:58.0884 1396 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    11:32:58.0884 1396 aliide - ok
    11:32:58.0916 1396 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    11:32:58.0916 1396 amdide - ok
    11:32:58.0947 1396 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    11:32:58.0947 1396 AmdK8 - ok
    11:32:58.0947 1396 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    11:32:58.0947 1396 AmdPPM - ok
    11:32:58.0994 1396 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    11:32:58.0994 1396 amdsata - ok
    11:32:59.0040 1396 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    11:32:59.0040 1396 amdsbs - ok
    11:32:59.0087 1396 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    11:32:59.0087 1396 amdxata - ok
    11:32:59.0150 1396 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    11:32:59.0150 1396 AppID - ok
    11:32:59.0196 1396 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    11:32:59.0196 1396 AppIDSvc - ok
    11:32:59.0243 1396 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    11:32:59.0243 1396 Appinfo - ok
    11:32:59.0352 1396 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    11:32:59.0352 1396 Apple Mobile Device - ok
    11:32:59.0384 1396 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    11:32:59.0384 1396 arc - ok
    11:32:59.0430 1396 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    11:32:59.0430 1396 arcsas - ok
    11:32:59.0462 1396 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    11:32:59.0462 1396 AsyncMac - ok
    11:32:59.0508 1396 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    11:32:59.0508 1396 atapi - ok
    11:32:59.0602 1396 [ 40734F3A5EEC4C4AC6A1FAF10B293714 ] athr C:\Windows\system32\DRIVERS\athrx.sys
    11:32:59.0633 1396 athr - ok
    11:32:59.0696 1396 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    11:32:59.0696 1396 AudioEndpointBuilder - ok
    11:32:59.0711 1396 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    11:32:59.0711 1396 AudioSrv - ok
    11:32:59.0758 1396 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    11:32:59.0758 1396 AxInstSV - ok
    11:32:59.0789 1396 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    11:32:59.0789 1396 b06bdrv - ok
    11:32:59.0820 1396 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    11:32:59.0820 1396 b57nd60a - ok
    11:32:59.0883 1396 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    11:32:59.0883 1396 BDESVC - ok
    11:32:59.0914 1396 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    11:32:59.0914 1396 Beep - ok
    11:32:59.0961 1396 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    11:32:59.0961 1396 BFE - ok
    11:33:00.0023 1396 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    11:33:00.0039 1396 BITS - ok
    11:33:00.0070 1396 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    11:33:00.0070 1396 blbdrive - ok
    11:33:00.0678 1396 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    11:33:00.0694 1396 Bonjour Service - ok
    11:33:00.0741 1396 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    11:33:00.0741 1396 bowser - ok
    11:33:00.0772 1396 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    11:33:00.0772 1396 BrFiltLo - ok
    11:33:00.0803 1396 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    11:33:00.0803 1396 BrFiltUp - ok
    11:33:00.0850 1396 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
    11:33:00.0850 1396 Browser - ok
    11:33:00.0866 1396 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    11:33:00.0881 1396 Brserid - ok
    11:33:00.0912 1396 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    11:33:01.0318 1396 BrSerWdm - ok
    11:33:01.0349 1396 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    11:33:01.0349 1396 BrUsbMdm - ok
    11:33:01.0365 1396 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    11:33:01.0380 1396 BrUsbSer - ok
    11:33:01.0412 1396 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    11:33:01.0412 1396 BTHMODEM - ok
    11:33:01.0443 1396 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    11:33:01.0458 1396 bthserv - ok
    11:33:01.0490 1396 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    11:33:01.0490 1396 cdfs - ok
    11:33:01.0536 1396 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
    11:33:01.0536 1396 cdrom - ok
    11:33:01.0583 1396 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    11:33:01.0583 1396 CertPropSvc - ok
    11:33:01.0614 1396 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    11:33:01.0614 1396 circlass - ok
    11:33:01.0646 1396 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    11:33:01.0646 1396 CLFS - ok
    11:33:01.0692 1396 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    11:33:01.0692 1396 clr_optimization_v2.0.50727_32 - ok
    11:33:01.0739 1396 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    11:33:01.0755 1396 clr_optimization_v2.0.50727_64 - ok
    11:33:01.0817 1396 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    11:33:01.0833 1396 clr_optimization_v4.0.30319_32 - ok
    11:33:01.0864 1396 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    11:33:01.0864 1396 clr_optimization_v4.0.30319_64 - ok
    11:33:01.0895 1396 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    11:33:01.0895 1396 CmBatt - ok
    11:33:01.0911 1396 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    11:33:01.0911 1396 cmdide - ok
    11:33:01.0942 1396 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    11:33:01.0942 1396 CNG - ok
    11:33:02.0004 1396 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    11:33:02.0004 1396 Com4QLBEx - ok
    11:33:02.0036 1396 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    11:33:02.0051 1396 Compbatt - ok
    11:33:02.0082 1396 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    11:33:02.0082 1396 CompositeBus - ok
    11:33:02.0098 1396 COMSysApp - ok
    11:33:02.0098 1396 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    11:33:02.0114 1396 crcdisk - ok
    11:33:02.0504 1396 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    11:33:02.0504 1396 CryptSvc - ok
    11:33:02.0566 1396 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    11:33:02.0582 1396 cvhsvc - ok
    11:33:02.0628 1396 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    11:33:02.0644 1396 DcomLaunch - ok
    11:33:02.0691 1396 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    11:33:02.0691 1396 defragsvc - ok
    11:33:02.0722 1396 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    11:33:02.0722 1396 DfsC - ok
    11:33:02.0769 1396 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    11:33:02.0769 1396 Dhcp - ok
    11:33:02.0816 1396 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    11:33:02.0816 1396 discache - ok
    11:33:02.0847 1396 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    11:33:02.0847 1396 Disk - ok
    11:33:02.0894 1396 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    11:33:02.0894 1396 Dnscache - ok
    11:33:02.0956 1396 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    11:33:02.0956 1396 dot3svc - ok
    11:33:03.0003 1396 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
    11:33:03.0003 1396 Dot4 - ok
    11:33:03.0050 1396 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
    11:33:03.0050 1396 Dot4Print - ok
    11:33:03.0081 1396 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
    11:33:03.0081 1396 dot4usb - ok
    11:33:03.0112 1396 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    11:33:03.0112 1396 DPS - ok
    11:33:03.0159 1396 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    11:33:03.0159 1396 drmkaud - ok
    11:33:03.0206 1396 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    11:33:03.0206 1396 DXGKrnl - ok
    11:33:03.0252 1396 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    11:33:03.0252 1396 EapHost - ok
    11:33:03.0315 1396 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    11:33:03.0346 1396 ebdrv - ok
    11:33:03.0377 1396 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    11:33:03.0377 1396 EFS - ok
    11:33:03.0440 1396 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    11:33:03.0440 1396 ehRecvr - ok
    11:33:03.0471 1396 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    11:33:03.0471 1396 ehSched - ok
    11:33:03.0502 1396 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    11:33:03.0502 1396 elxstor - ok
    11:33:03.0533 1396 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    11:33:03.0533 1396 ErrDev - ok
    11:33:03.0580 1396 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    11:33:03.0580 1396 EventSystem - ok
    11:33:03.0611 1396 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    11:33:03.0611 1396 exfat - ok
    11:33:03.0627 1396 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    11:33:03.0627 1396 fastfat - ok
    11:33:03.0674 1396 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    11:33:03.0674 1396 Fax - ok
    11:33:03.0705 1396 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    11:33:03.0705 1396 fdc - ok
    11:33:03.0736 1396 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    11:33:03.0736 1396 fdPHost - ok
    11:33:03.0752 1396 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    11:33:03.0752 1396 FDResPub - ok
    11:33:03.0767 1396 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    11:33:03.0767 1396 FileInfo - ok
    11:33:03.0783 1396 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    11:33:03.0783 1396 Filetrace - ok
    11:33:03.0814 1396 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    11:33:03.0814 1396 flpydisk - ok
    11:33:03.0830 1396 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    11:33:03.0845 1396 FltMgr - ok
    11:33:03.0892 1396 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    11:33:03.0908 1396 FontCache - ok
    11:33:03.0970 1396 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    11:33:03.0970 1396 FontCache3.0.0.0 - ok
    11:33:03.0986 1396 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    11:33:03.0986 1396 FsDepends - ok
    11:33:04.0032 1396 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    11:33:04.0032 1396 Fs_Rec - ok
    11:33:04.0079 1396 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    11:33:04.0079 1396 fvevol - ok
    11:33:04.0110 1396 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    11:33:05.0265 1396 gagp30kx - ok
    11:33:05.0327 1396 [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    11:33:05.0327 1396 GameConsoleService - ok
    11:33:05.0374 1396 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    11:33:05.0374 1396 GEARAspiWDM - ok
    11:33:05.0421 1396 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    11:33:05.0421 1396 gpsvc - ok
    11:33:05.0530 1396 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    11:33:05.0530 1396 gupdate - ok
    11:33:05.0561 1396 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    11:33:05.0561 1396 gupdatem - ok
    11:33:05.0592 1396 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    11:33:05.0592 1396 gusvc - ok
    11:33:05.0608 1396 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    11:33:05.0608 1396 hcw85cir - ok
    11:33:05.0655 1396 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    11:33:05.0670 1396 HdAudAddService - ok
    11:33:05.0686 1396 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    11:33:05.0686 1396 HDAudBus - ok
    11:33:05.0717 1396 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    11:33:05.0717 1396 HECIx64 - ok
    11:33:05.0717 1396 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    11:33:05.0717 1396 HidBatt - ok
    11:33:05.0748 1396 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    11:33:05.0748 1396 HidBth - ok
    11:33:05.0780 1396 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    11:33:05.0780 1396 HidIr - ok
    11:33:05.0811 1396 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    11:33:05.0811 1396 hidserv - ok
    11:33:05.0858 1396 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    11:33:05.0858 1396 HidUsb - ok
    11:33:05.0889 1396 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    11:33:05.0889 1396 hkmsvc - ok
    11:33:05.0936 1396 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    11:33:05.0936 1396 HomeGroupListener - ok
    11:33:05.0967 1396 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    11:33:05.0982 1396 HomeGroupProvider - ok
    11:33:06.0045 1396 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    11:33:06.0045 1396 HP Support Assistant Service - ok
    11:33:06.0123 1396 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    11:33:06.0497 1396 HPDrvMntSvc.exe - ok
    11:33:06.0591 1396 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    11:33:06.0591 1396 hpqcxs08 - ok
    11:33:06.0622 1396 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
    11:33:06.0622 1396 hpqddsvc - ok
    11:33:06.0653 1396 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    11:33:06.0653 1396 HpqKbFiltr - ok
    11:33:06.0731 1396 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    11:33:06.0731 1396 hpqwmiex - ok
    11:33:06.0778 1396 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    11:33:06.0778 1396 HpSAMD - ok
    11:33:06.0825 1396 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
    11:33:06.0825 1396 HPSLPSVC - ok
    11:33:06.0887 1396 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    11:33:06.0887 1396 HTTP - ok
    11:33:06.0918 1396 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    11:33:06.0918 1396 hwpolicy - ok
    11:33:06.0981 1396 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    11:33:06.0981 1396 i8042prt - ok
    11:33:07.0012 1396 [ BE7D72FCF442C26975942007E0831241 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    11:33:07.0012 1396 iaStor - ok
    11:33:07.0043 1396 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    11:33:07.0059 1396 iaStorV - ok
    11:33:07.0106 1396 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    11:33:07.0121 1396 idsvc - ok
    11:33:07.0308 1396 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    11:33:07.0496 1396 igfx - ok
    11:33:07.0511 1396 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    11:33:07.0511 1396 iirsp - ok
    11:33:07.0558 1396 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    11:33:07.0574 1396 IKEEXT - ok
    11:33:07.0636 1396 [ D311E2DD59A34079D89C249B2A4D9FDB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    11:33:07.0667 1396 IntcAzAudAddService - ok
    11:33:07.0714 1396 [ 408B401CD7CDB075C7470B0FF7BA8D0B ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    11:33:07.0714 1396 IntcDAud - ok
    11:33:07.0745 1396 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    11:33:07.0745 1396 intelide - ok
    11:33:07.0761 1396 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    11:33:07.0761 1396 intelppm - ok
    11:33:07.0792 1396 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    11:33:07.0792 1396 IPBusEnum - ok
    11:33:07.0823 1396 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    11:33:07.0839 1396 IpFilterDriver - ok
    11:33:07.0870 1396 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    11:33:07.0870 1396 iphlpsvc - ok
    11:33:07.0901 1396 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    11:33:07.0901 1396 IPMIDRV - ok
    11:33:07.0917 1396 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    11:33:07.0917 1396 IPNAT - ok
    11:33:07.0995 1396 [ 755E4BA6DCE627A2683BB7640553C8D6 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    11:33:08.0010 1396 iPod Service - ok
    11:33:08.0042 1396 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    11:33:08.0042 1396 IRENUM - ok
    11:33:08.0073 1396 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    11:33:08.0088 1396 isapnp - ok
    11:33:08.0104 1396 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    11:33:08.0104 1396 iScsiPrt - ok
    11:33:08.0151 1396 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    11:33:08.0151 1396 kbdclass - ok
    11:33:08.0166 1396 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    11:33:08.0166 1396 kbdhid - ok
    11:33:08.0213 1396 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    11:33:08.0229 1396 KeyIso - ok
    11:33:08.0276 1396 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    11:33:08.0276 1396 KSecDD - ok
    11:33:08.0307 1396 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    11:33:08.0307 1396 KSecPkg - ok
    11:33:08.0322 1396 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    11:33:08.0322 1396 ksthunk - ok
    11:33:08.0354 1396 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    11:33:08.0354 1396 KtmRm - ok
    11:33:08.0400 1396 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    11:33:08.0400 1396 LanmanServer - ok
    11:33:08.0432 1396 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    11:33:08.0432 1396 LanmanWorkstation - ok
    11:33:08.0494 1396 [ 7550D101BF49FDB1F92666A233EE36C4 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    11:33:08.0494 1396 LightScribeService - ok
    11:33:08.0525 1396 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    11:33:08.0525 1396 lltdio - ok
    11:33:08.0541 1396 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    11:33:08.0541 1396 lltdsvc - ok
    11:33:08.0556 1396 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    11:33:08.0556 1396 lmhosts - ok
    11:33:08.0634 1396 [ DCC0C4BD277E7EE0CD171D7499A55035 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    11:33:08.0634 1396 LMIGuardianSvc - ok
    11:33:08.0650 1396 lmimirr - ok
    11:33:08.0744 1396 [ 7485FBCEF9136F530953575E2977859D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    11:33:08.0744 1396 LMS - ok
    11:33:08.0790 1396 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    11:33:08.0790 1396 LSI_FC - ok
    11:33:08.0806 1396 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    11:33:08.0806 1396 LSI_SAS - ok
    11:33:08.0822 1396 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    11:33:08.0822 1396 LSI_SAS2 - ok
    11:33:08.0853 1396 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    11:33:08.0853 1396 LSI_SCSI - ok
    11:33:08.0884 1396 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    11:33:08.0900 1396 luafv - ok
     
  10. ViolinDad

    ViolinDad TS Rookie Topic Starter

    Here is rest of the log

    TDSSKiller (part 2 of 2):


    11:33:08.0931 1396 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    11:33:08.0946 1396 Mcx2Svc - ok
    11:33:08.0962 1396 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    11:33:08.0962 1396 megasas - ok
    11:33:08.0978 1396 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    11:33:08.0978 1396 MegaSR - ok
    11:33:09.0024 1396 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    11:33:09.0024 1396 MMCSS - ok
    11:33:09.0040 1396 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    11:33:09.0040 1396 Modem - ok
    11:33:09.0056 1396 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    11:33:09.0056 1396 monitor - ok
    11:33:09.0087 1396 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
    11:33:09.0087 1396 mouclass - ok
    11:33:09.0134 1396 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    11:33:09.0134 1396 mouhid - ok
    11:33:09.0149 1396 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    11:33:09.0165 1396 mountmgr - ok
    11:33:09.0227 1396 [ 19B2629C3F8E02B2E823738FF0AB1BFD ] mozybackup C:\Program Files\MozyHome\mozybackup.exe
    11:33:09.0227 1396 mozybackup - ok
    11:33:09.0258 1396 [ A5C8838B68EDDD5C738308B3A50CB350 ] mozyFilter C:\Windows\system32\DRIVERS\mozy.sys
    11:33:09.0258 1396 mozyFilter - ok
    11:33:09.0290 1396 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    11:33:09.0290 1396 mpio - ok
    11:33:09.0321 1396 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    11:33:09.0321 1396 mpsdrv - ok
    11:33:09.0352 1396 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    11:33:09.0368 1396 MpsSvc - ok
    11:33:09.0399 1396 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    11:33:09.0414 1396 MRxDAV - ok
    11:33:09.0446 1396 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    11:33:09.0446 1396 mrxsmb - ok
    11:33:09.0477 1396 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    11:33:09.0477 1396 mrxsmb10 - ok
    11:33:09.0492 1396 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    11:33:09.0492 1396 mrxsmb20 - ok
    11:33:09.0555 1396 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    11:33:09.0555 1396 msahci - ok
    11:33:09.0555 1396 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    11:33:09.0555 1396 msdsm - ok
    11:33:09.0602 1396 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    11:33:09.0602 1396 MSDTC - ok
    11:33:09.0617 1396 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    11:33:09.0617 1396 Msfs - ok
    11:33:09.0633 1396 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    11:33:09.0633 1396 mshidkmdf - ok
    11:33:09.0648 1396 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    11:33:09.0648 1396 msisadrv - ok
    11:33:09.0680 1396 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    11:33:09.0680 1396 MSiSCSI - ok
    11:33:09.0711 1396 msiserver - ok
    11:33:09.0726 1396 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    11:33:09.0726 1396 MSKSSRV - ok
    11:33:09.0742 1396 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    11:33:09.0742 1396 MSPCLOCK - ok
    11:33:09.0758 1396 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    11:33:09.0758 1396 MSPQM - ok
    11:33:09.0789 1396 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    11:33:09.0804 1396 MsRPC - ok
    11:33:09.0820 1396 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    11:33:09.0820 1396 mssmbios - ok
    11:33:09.0836 1396 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    11:33:09.0836 1396 MSTEE - ok
    11:33:09.0867 1396 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    11:33:09.0867 1396 MTConfig - ok
    11:33:09.0882 1396 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    11:33:09.0882 1396 Mup - ok
    11:33:09.0914 1396 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    11:33:09.0914 1396 napagent - ok
    11:33:09.0960 1396 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    11:33:09.0960 1396 NativeWifiP - ok
    11:33:10.0007 1396 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
    11:33:10.0023 1396 NDIS - ok
    11:33:10.0038 1396 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    11:33:10.0038 1396 NdisCap - ok
    11:33:10.0070 1396 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    11:33:10.0070 1396 NdisTapi - ok
    11:33:10.0101 1396 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    11:33:10.0101 1396 Ndisuio - ok
    11:33:10.0132 1396 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    11:33:10.0132 1396 NdisWan - ok
    11:33:10.0194 1396 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    11:33:10.0194 1396 NDProxy - ok
    11:33:10.0257 1396 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    11:33:10.0272 1396 Net Driver HPZ12 - ok
    11:33:10.0304 1396 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
    11:33:10.0319 1396 Netaapl - ok
    11:33:10.0335 1396 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    11:33:10.0335 1396 NetBIOS - ok
    11:33:10.0366 1396 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    11:33:10.0366 1396 NetBT - ok
    11:33:10.0382 1396 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    11:33:10.0382 1396 Netlogon - ok
    11:33:10.0428 1396 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    11:33:10.0428 1396 Netman - ok
    11:33:10.0444 1396 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    11:33:10.0444 1396 netprofm - ok
    11:33:10.0475 1396 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    11:33:10.0491 1396 NetTcpPortSharing - ok
    11:33:10.0600 1396 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
    11:33:10.0662 1396 netw5v64 - ok
    11:33:10.0678 1396 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    11:33:10.0678 1396 nfrd960 - ok
    11:33:10.0725 1396 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    11:33:10.0725 1396 NlaSvc - ok
    11:33:10.0756 1396 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    11:33:10.0756 1396 Npfs - ok
    11:33:10.0912 1396 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    11:33:10.0912 1396 nsi - ok
    11:33:10.0928 1396 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    11:33:10.0928 1396 nsiproxy - ok
    11:33:10.0990 1396 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    11:33:11.0006 1396 Ntfs - ok
    11:33:11.0037 1396 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    11:33:11.0037 1396 Null - ok
    11:33:11.0084 1396 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    11:33:11.0084 1396 nvraid - ok
    11:33:11.0115 1396 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    11:33:11.0115 1396 nvstor - ok
    11:33:11.0130 1396 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    11:33:11.0130 1396 nv_agp - ok
    11:33:11.0162 1396 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    11:33:11.0177 1396 ohci1394 - ok
    11:33:11.0193 1396 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    11:33:11.0208 1396 ose - ok
    11:33:11.0349 1396 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    11:33:11.0442 1396 osppsvc - ok
    11:33:11.0474 1396 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    11:33:11.0474 1396 p2pimsvc - ok
    11:33:11.0489 1396 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    11:33:11.0505 1396 p2psvc - ok
    11:33:11.0520 1396 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    11:33:11.0520 1396 Parport - ok
    11:33:11.0552 1396 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    11:33:11.0552 1396 partmgr - ok
    11:33:11.0567 1396 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    11:33:11.0567 1396 PcaSvc - ok
    11:33:11.0614 1396 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    11:33:11.0614 1396 pci - ok
    11:33:11.0630 1396 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    11:33:11.0630 1396 pciide - ok
    11:33:11.0661 1396 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    11:33:11.0661 1396 pcmcia - ok
    11:33:11.0692 1396 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    11:33:11.0692 1396 pcw - ok
    11:33:11.0708 1396 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    11:33:11.0708 1396 PEAUTH - ok
    11:33:11.0786 1396 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    11:33:11.0786 1396 PerfHost - ok
    11:33:11.0848 1396 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    11:33:11.0864 1396 pla - ok
    11:33:11.0926 1396 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    11:33:11.0926 1396 PlugPlay - ok
    11:33:11.0973 1396 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    11:33:11.0988 1396 Pml Driver HPZ12 - ok
    11:33:12.0020 1396 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    11:33:12.0020 1396 PNRPAutoReg - ok
    11:33:12.0035 1396 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    11:33:12.0035 1396 PNRPsvc - ok
    11:33:12.0082 1396 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    11:33:12.0082 1396 PolicyAgent - ok
    11:33:12.0113 1396 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    11:33:12.0113 1396 Power - ok
    11:33:12.0144 1396 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    11:33:12.0144 1396 PptpMiniport - ok
    11:33:12.0176 1396 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    11:33:12.0176 1396 Processor - ok
    11:33:12.0238 1396 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    11:33:12.0238 1396 ProfSvc - ok
    11:33:12.0254 1396 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    11:33:12.0254 1396 ProtectedStorage - ok
    11:33:12.0285 1396 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    11:33:12.0285 1396 Psched - ok
    11:33:12.0332 1396 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    11:33:12.0347 1396 ql2300 - ok
    11:33:12.0363 1396 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    11:33:12.0378 1396 ql40xx - ok
    11:33:12.0394 1396 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    11:33:12.0394 1396 QWAVE - ok
    11:33:12.0425 1396 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    11:33:12.0425 1396 QWAVEdrv - ok
    11:33:12.0441 1396 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    11:33:12.0441 1396 RasAcd - ok
    11:33:12.0456 1396 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    11:33:12.0456 1396 RasAgileVpn - ok
    11:33:12.0472 1396 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    11:33:12.0472 1396 RasAuto - ok
    11:33:12.0503 1396 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    11:33:12.0519 1396 Rasl2tp - ok
    11:33:12.0550 1396 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    11:33:12.0550 1396 RasMan - ok
    11:33:12.0566 1396 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    11:33:12.0566 1396 RasPppoe - ok
    11:33:12.0581 1396 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    11:33:12.0581 1396 RasSstp - ok
    11:33:12.0628 1396 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    11:33:12.0628 1396 rdbss - ok
    11:33:12.0659 1396 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    11:33:12.0659 1396 rdpbus - ok
    11:33:12.0675 1396 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    11:33:12.0675 1396 RDPCDD - ok
    11:33:12.0690 1396 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    11:33:12.0690 1396 RDPENCDD - ok
    11:33:12.0753 1396 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    11:33:12.0753 1396 RDPREFMP - ok
    11:33:12.0784 1396 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    11:33:12.0784 1396 RDPWD - ok
    11:33:12.0831 1396 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    11:33:12.0831 1396 rdyboost - ok
    11:33:12.0878 1396 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    11:33:12.0878 1396 RemoteAccess - ok
    11:33:12.0909 1396 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    11:33:12.0909 1396 RemoteRegistry - ok
    11:33:12.0971 1396 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    11:33:12.0987 1396 RichVideo - ok
    11:33:13.0002 1396 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    11:33:13.0002 1396 RpcEptMapper - ok
    11:33:13.0002 1396 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    11:33:13.0002 1396 RpcLocator - ok
    11:33:13.0049 1396 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    11:33:13.0049 1396 RpcSs - ok
    11:33:13.0080 1396 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    11:33:13.0080 1396 rspndr - ok
    11:33:13.0112 1396 [ 483DF0B58CA532E5240E59DC41F30AA2 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
    11:33:13.0112 1396 RSUSBSTOR - ok
    11:33:13.0143 1396 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    11:33:13.0143 1396 RTL8167 - ok
    11:33:13.0221 1396 [ 4EA7E5DF0CB237156176FA0349E6E87F ] RtVOsdService C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
    11:33:13.0221 1396 RtVOsdService - ok
    11:33:13.0236 1396 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    11:33:13.0236 1396 SamSs - ok
    11:33:13.0299 1396 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    11:33:13.0299 1396 SASDIFSV - ok
    11:33:13.0314 1396 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    11:33:13.0314 1396 SASKUTIL - ok
    11:33:13.0439 1396 [ 18530D2F605F1EC48CA20A7B184CCBCC ] SBAMSvc C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
    11:33:13.0470 1396 SBAMSvc - ok
    11:33:13.0533 1396 [ 6E342316E72F4B6FA39C99E06373A1A3 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
    11:33:13.0533 1396 sbapifs - ok
    11:33:13.0580 1396 [ C0ACD574F740C5781031FD533C2494F5 ] SbFw C:\Windows\system32\drivers\SbFw.sys
    11:33:13.0580 1396 SbFw - ok
    11:33:13.0611 1396 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys
    11:33:13.0611 1396 SBFWIMCL - ok
    11:33:13.0626 1396 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys
    11:33:13.0626 1396 SBFWIMCLMP - ok
    11:33:13.0642 1396 [ F2C38F62E9C540F40C2A5F6172D9D07B ] SbHips C:\Windows\system32\drivers\sbhips.sys
    11:33:13.0642 1396 SbHips - ok
    11:33:13.0704 1396 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    11:33:13.0704 1396 sbp2port - ok
    11:33:13.0736 1396 [ 2815772894855506E94008CC0E602738 ] SBPIMSvc C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
    11:33:13.0736 1396 SBPIMSvc - ok
    11:33:13.0782 1396 [ AAE41EFBAD69B78513875C2EB3DE7008 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
    11:33:13.0782 1396 SBRE - ok
    11:33:13.0814 1396 [ F9AA83A88EABE22B29D8F293C21AAA4D ] sbwtis C:\Windows\system32\DRIVERS\sbwtis.sys
    11:33:13.0814 1396 sbwtis - ok
    11:33:13.0845 1396 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    11:33:13.0845 1396 SCardSvr - ok
    11:33:13.0876 1396 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    11:33:13.0876 1396 scfilter - ok
    11:33:13.0938 1396 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    11:33:13.0938 1396 Schedule - ok
    11:33:13.0970 1396 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    11:33:13.0970 1396 SCPolicySvc - ok
    11:33:14.0016 1396 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
    11:33:14.0032 1396 sdbus - ok
    11:33:14.0048 1396 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    11:33:14.0063 1396 SDRSVC - ok
    11:33:14.0079 1396 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    11:33:14.0079 1396 secdrv - ok
    11:33:14.0094 1396 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    11:33:14.0110 1396 seclogon - ok
    11:33:14.0110 1396 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    11:33:14.0110 1396 SENS - ok
    11:33:14.0126 1396 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    11:33:14.0126 1396 SensrSvc - ok
    11:33:14.0157 1396 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    11:33:14.0157 1396 Serenum - ok
    11:33:14.0172 1396 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    11:33:14.0172 1396 Serial - ok
    11:33:14.0204 1396 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    11:33:14.0204 1396 sermouse - ok
    11:33:14.0250 1396 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    11:33:14.0250 1396 SessionEnv - ok
    11:33:14.0282 1396 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    11:33:14.0282 1396 sffdisk - ok
    11:33:14.0297 1396 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    11:33:14.0297 1396 sffp_mmc - ok
    11:33:14.0313 1396 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    11:33:14.0313 1396 sffp_sd - ok
    11:33:14.0344 1396 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    11:33:14.0344 1396 sfloppy - ok
    11:33:14.0406 1396 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
    11:33:14.0406 1396 Sftfs - ok
    11:33:14.0469 1396 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    11:33:14.0469 1396 sftlist - ok
    11:33:14.0516 1396 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
    11:33:14.0516 1396 Sftplay - ok
    11:33:14.0516 1396 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
    11:33:14.0516 1396 Sftredir - ok
    11:33:14.0547 1396 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
    11:33:14.0547 1396 Sftvol - ok
    11:33:14.0562 1396 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    11:33:14.0562 1396 sftvsa - ok
    11:33:14.0594 1396 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    11:33:14.0594 1396 SharedAccess - ok
    11:33:14.0625 1396 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    11:33:14.0625 1396 ShellHWDetection - ok
    11:33:14.0656 1396 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    11:33:14.0656 1396 SiSRaid2 - ok
    11:33:14.0703 1396 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    11:33:14.0703 1396 SiSRaid4 - ok
    11:33:14.0718 1396 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    11:33:14.0718 1396 Smb - ok
    11:33:14.0750 1396 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    11:33:14.0750 1396 SNMPTRAP - ok
    11:33:14.0781 1396 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    11:33:14.0781 1396 spldr - ok
    11:33:14.0796 1396 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
    11:33:14.0812 1396 Spooler - ok
    11:33:14.0890 1396 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    11:33:14.0921 1396 sppsvc - ok
    11:33:14.0952 1396 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    11:33:14.0952 1396 sppuinotify - ok
    11:33:14.0984 1396 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    11:33:14.0999 1396 srv - ok
    11:33:15.0015 1396 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    11:33:15.0015 1396 srv2 - ok
    11:33:15.0046 1396 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    11:33:15.0046 1396 SrvHsfHDA - ok
    11:33:15.0093 1396 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    11:33:15.0108 1396 SrvHsfV92 - ok
    11:33:15.0140 1396 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    11:33:15.0155 1396 SrvHsfWinac - ok
    11:33:15.0186 1396 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    11:33:15.0186 1396 srvnet - ok
    11:33:15.0218 1396 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    11:33:15.0233 1396 SSDPSRV - ok
    11:33:15.0233 1396 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    11:33:15.0249 1396 SstpSvc - ok
    11:33:15.0280 1396 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    11:33:15.0280 1396 stexstor - ok
    11:33:15.0311 1396 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
    11:33:15.0311 1396 StillCam - ok
    11:33:15.0358 1396 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    11:33:15.0374 1396 stisvc - ok
    11:33:15.0389 1396 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    11:33:15.0389 1396 swenum - ok
    11:33:15.0420 1396 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    11:33:15.0420 1396 swprv - ok
    11:33:15.0530 1396 [ 961CFAC2A5318E212F459D651F28E0A4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    11:33:15.0530 1396 SynTP - ok
    11:33:15.0592 1396 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    11:33:15.0608 1396 SysMain - ok
    11:33:15.0639 1396 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    11:33:15.0639 1396 TabletInputService - ok
    11:33:15.0654 1396 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    11:33:15.0654 1396 TapiSrv - ok
    11:33:15.0686 1396 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    11:33:15.0686 1396 TBS - ok
    11:33:15.0748 1396 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    11:33:15.0764 1396 Tcpip - ok
    11:33:15.0795 1396 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    11:33:15.0810 1396 TCPIP6 - ok
    11:33:15.0842 1396 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    11:33:15.0857 1396 tcpipreg - ok
    11:33:15.0873 1396 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    11:33:15.0873 1396 TDPIPE - ok
    11:33:15.0904 1396 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    11:33:15.0904 1396 TDTCP - ok
    11:33:15.0951 1396 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    11:33:15.0951 1396 tdx - ok
    11:33:15.0982 1396 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    11:33:15.0982 1396 TermDD - ok
    11:33:16.0029 1396 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    11:33:16.0029 1396 TermService - ok
    11:33:16.0076 1396 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    11:33:16.0076 1396 Themes - ok
    11:33:16.0091 1396 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    11:33:16.0107 1396 THREADORDER - ok
    11:33:16.0107 1396 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    11:33:16.0107 1396 TrkWks - ok
    11:33:16.0154 1396 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    11:33:16.0154 1396 TrustedInstaller - ok
    11:33:16.0200 1396 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    11:33:16.0200 1396 tssecsrv - ok
    11:33:16.0247 1396 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    11:33:16.0247 1396 TsUsbFlt - ok
    11:33:16.0294 1396 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    11:33:16.0294 1396 tunnel - ok
    11:33:16.0325 1396 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    11:33:16.0325 1396 uagp35 - ok
    11:33:16.0341 1396 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    11:33:16.0341 1396 udfs - ok
    11:33:16.0372 1396 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    11:33:16.0372 1396 UI0Detect - ok
    11:33:16.0403 1396 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    11:33:16.0403 1396 uliagpkx - ok
    11:33:16.0466 1396 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    11:33:16.0466 1396 umbus - ok
    11:33:16.0481 1396 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    11:33:16.0481 1396 UmPass - ok
    11:33:16.0622 1396 [ 765F2DD351BA064F657751D8D75E58C0 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    11:33:16.0637 1396 UNS - ok
    11:33:16.0684 1396 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    11:33:16.0684 1396 upnphost - ok
    11:33:16.0731 1396 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    11:33:16.0731 1396 USBAAPL64 - ok
    11:33:16.0778 1396 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    11:33:16.0778 1396 usbaudio - ok
    11:33:16.0824 1396 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    11:33:16.0824 1396 usbccgp - ok
    11:33:16.0840 1396 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    11:33:16.0840 1396 usbcir - ok
    11:33:16.0856 1396 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    11:33:16.0856 1396 usbehci - ok
    11:33:16.0887 1396 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    11:33:16.0887 1396 usbhub - ok
    11:33:16.0902 1396 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    11:33:16.0902 1396 usbohci - ok
    11:33:16.0949 1396 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    11:33:16.0949 1396 usbprint - ok
    11:33:16.0980 1396 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    11:33:16.0980 1396 usbscan - ok
    11:33:17.0012 1396 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    11:33:17.0012 1396 USBSTOR - ok
    11:33:17.0027 1396 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    11:33:17.0027 1396 usbuhci - ok
    11:33:17.0043 1396 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    11:33:17.0043 1396 usbvideo - ok
    11:33:17.0090 1396 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    11:33:17.0090 1396 UxSms - ok
    11:33:17.0121 1396 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    11:33:17.0121 1396 VaultSvc - ok
    11:33:17.0152 1396 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    11:33:17.0152 1396 vdrvroot - ok
    11:33:17.0199 1396 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    11:33:17.0199 1396 vds - ok
    11:33:17.0230 1396 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    11:33:17.0230 1396 vga - ok
    11:33:17.0246 1396 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    11:33:17.0246 1396 VgaSave - ok
    11:33:17.0277 1396 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    11:33:17.0277 1396 vhdmp - ok
    11:33:17.0308 1396 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    11:33:17.0308 1396 viaide - ok
    11:33:17.0324 1396 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    11:33:17.0324 1396 volmgr - ok
    11:33:17.0355 1396 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    11:33:17.0370 1396 volmgrx - ok
    11:33:17.0386 1396 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    11:33:17.0386 1396 volsnap - ok
    11:33:17.0417 1396 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    11:33:17.0417 1396 vsmraid - ok
    11:33:17.0480 1396 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    11:33:17.0495 1396 VSS - ok
    11:33:17.0526 1396 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    11:33:17.0526 1396 vwifibus - ok
    11:33:17.0542 1396 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    11:33:17.0542 1396 vwififlt - ok
    11:33:17.0573 1396 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    11:33:17.0573 1396 W32Time - ok
    11:33:17.0604 1396 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    11:33:17.0604 1396 WacomPen - ok
    11:33:17.0651 1396 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    11:33:17.0651 1396 WANARP - ok
    11:33:17.0667 1396 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    11:33:17.0667 1396 Wanarpv6 - ok
    11:33:17.0729 1396 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    11:33:17.0745 1396 WatAdminSvc - ok
    11:33:17.0792 1396 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    11:33:17.0807 1396 wbengine - ok
    11:33:17.0838 1396 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    11:33:17.0838 1396 WbioSrvc - ok
    11:33:17.0870 1396 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    11:33:17.0885 1396 wcncsvc - ok
    11:33:17.0901 1396 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    11:33:17.0901 1396 WcsPlugInService - ok
    11:33:17.0916 1396 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    11:33:17.0916 1396 Wd - ok
    11:33:17.0963 1396 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    11:33:17.0963 1396 Wdf01000 - ok
    11:33:17.0994 1396 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    11:33:17.0994 1396 WdiServiceHost - ok
    11:33:18.0010 1396 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    11:33:18.0010 1396 WdiSystemHost - ok
    11:33:18.0041 1396 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    11:33:18.0057 1396 WebClient - ok
    11:33:18.0072 1396 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    11:33:18.0072 1396 Wecsvc - ok
    11:33:18.0088 1396 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    11:33:18.0088 1396 wercplsupport - ok
    11:33:18.0088 1396 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    11:33:18.0104 1396 WerSvc - ok
    11:33:18.0135 1396 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    11:33:18.0135 1396 WfpLwf - ok
    11:33:18.0150 1396 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    11:33:18.0150 1396 WIMMount - ok
    11:33:18.0166 1396 WinDefend - ok
    11:33:18.0182 1396 WinHttpAutoProxySvc - ok
    11:33:18.0228 1396 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    11:33:18.0228 1396 Winmgmt - ok
    11:33:18.0291 1396 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    11:33:18.0322 1396 WinRM - ok
    11:33:18.0369 1396 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    11:33:18.0369 1396 WinUsb - ok
    11:33:18.0400 1396 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    11:33:18.0400 1396 Wlansvc - ok
    11:33:18.0509 1396 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    11:33:18.0525 1396 wlidsvc - ok
    11:33:18.0556 1396 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    11:33:18.0556 1396 WmiAcpi - ok
    11:33:18.0587 1396 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    11:33:18.0587 1396 wmiApSrv - ok
    11:33:18.0603 1396 WMPNetworkSvc - ok
    11:33:18.0634 1396 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    11:33:18.0634 1396 WPCSvc - ok
    11:33:18.0681 1396 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    11:33:18.0681 1396 WPDBusEnum - ok
    11:33:18.0696 1396 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    11:33:18.0696 1396 ws2ifsl - ok
    11:33:18.0712 1396 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    11:33:18.0712 1396 wscsvc - ok
    11:33:18.0728 1396 WSearch - ok
    11:33:18.0790 1396 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    11:33:18.0821 1396 wuauserv - ok
    11:33:18.0852 1396 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    11:33:18.0852 1396 WudfPf - ok
    11:33:18.0868 1396 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    11:33:18.0868 1396 WUDFRd - ok
    11:33:18.0915 1396 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    11:33:18.0915 1396 wudfsvc - ok
    11:33:18.0930 1396 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    11:33:18.0930 1396 WwanSvc - ok
    11:33:18.0977 1396 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
    11:33:18.0977 1396 yukonw7 - ok
    11:33:18.0993 1396 ================ Scan global ===============================
    11:33:19.0008 1396 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    11:33:19.0040 1396 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    11:33:19.0055 1396 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    11:33:19.0086 1396 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    11:33:19.0086 1396 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    11:33:19.0102 1396 [Global] - ok
    11:33:19.0118 1396 ================ Scan MBR ==================================
    11:33:19.0118 1396 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    11:33:19.0274 1396 \Device\Harddisk0\DR0 - ok
    11:33:19.0274 1396 ================ Scan VBR ==================================
    11:33:19.0274 1396 [ F9854F78C50F119A7E45FED53410618F ] \Device\Harddisk0\DR0\Partition1
    11:33:19.0274 1396 \Device\Harddisk0\DR0\Partition1 - ok
    11:33:19.0289 1396 [ 43828C7CD497982403F1A941E041BC3C ] \Device\Harddisk0\DR0\Partition2
    11:33:19.0289 1396 \Device\Harddisk0\DR0\Partition2 - ok
    11:33:19.0305 1396 [ 3BD6A63A98BDF549C2CAA51EF76F368E ] \Device\Harddisk0\DR0\Partition3
    11:33:19.0305 1396 \Device\Harddisk0\DR0\Partition3 - ok
    11:33:19.0336 1396 [ 8224F8572ADC593D821BFC90436BCA92 ] \Device\Harddisk0\DR0\Partition4
    11:33:19.0336 1396 \Device\Harddisk0\DR0\Partition4 - ok
    11:33:19.0336 1396 ============================================================
    11:33:19.0336 1396 Scan finished
    11:33:19.0336 1396 ============================================================
    11:33:19.0336 1388 Detected object count: 0
    11:33:19.0336 1388 Actual detected object count: 0
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You did fine :)

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  12. ViolinDad

    ViolinDad TS Rookie Topic Starter

    Here is the ComboFix log. Unfortunately, I thought GFI/Vipre was not running when I started, so I disabled it when the warning popped up. Do I need to run ComboFix again with it properly disabled?

    Thanks again for your prompt replies.

    ComboFix log:

    ComboFix 12-08-22.01 - Jane 08/22/2012 12:13:22.1.4 - x64 MINIMAL
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.3212 [GMT -6:00]
    Running from: c:\users\Jane\Desktop\ComboFix.exe
    AV: GFI Software VIPRE *Enabled/Outdated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
    FW: GFI Software VIPRE *Enabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
    SP: GFI Software VIPRE *Enabled/Outdated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\huzN5Dxqvot4e9
    c:\users\Jane\Documents\~WRL0001.tmp
    c:\users\Jane\Documents\~WRL0003.tmp
    c:\users\Jane\Documents\~WRL0004.tmp
    c:\windows\security\Database\tmp.edb
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-22 05:23 . 2012-08-22 05:23 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-08-16 22:25 . 2012-08-16 22:31 -------- d-----w- C:\DPTemp
    2012-08-16 17:51 . 2012-08-16 17:51 -------- d-----w- C:\VIPRERESCUE
    2012-08-16 16:44 . 2012-08-16 16:44 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-08-15 16:51 . 2012-08-15 16:51 -------- d-----w- c:\users\Jane\AppData\Roaming\SUPERAntiSpyware.com
    2012-08-15 16:51 . 2012-08-15 16:51 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-08-15 16:29 . 2012-08-15 16:29 -------- d-----w- c:\program files\Kaspersky
    2012-08-14 00:44 . 2012-08-14 00:44 -------- d-----w- c:\users\Jane\AppData\Roaming\HPAppData
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-02 16:53 . 2012-04-03 13:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-02 16:53 . 2011-07-19 19:22 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-11 09:01 . 2010-08-05 11:48 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-06-12 03:08 . 2012-07-11 09:04 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-06-09 05:43 . 2012-07-11 08:56 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-06-06 06:06 . 2012-07-11 08:56 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 06:06 . 2012-07-11 08:56 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 06:02 . 2012-07-11 08:56 1133568 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-06 05:05 . 2012-07-11 08:56 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05 . 2012-07-11 08:56 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03 . 2012-07-11 08:56 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
    2012-06-02 22:19 . 2012-06-21 10:35 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 10:35 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 10:36 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 10:36 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 10:35 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 10:35 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 10:35 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 21:19 . 2012-06-21 10:35 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 21:15 . 2012-06-21 10:35 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 05:50 . 2012-07-11 08:56 458704 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 05:48 . 2012-07-11 08:56 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 05:48 . 2012-07-11 08:56 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 05:45 . 2012-07-11 08:56 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 05:44 . 2012-07-11 08:56 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-06-02 04:40 . 2012-07-11 08:56 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-06-02 04:40 . 2012-07-11 08:56 225280 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-06-02 04:39 . 2012-07-11 08:56 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:34 . 2012-07-11 08:56 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2012-05-25 19:14 . 2012-07-13 10:44 45936 ----a-w- c:\windows\system32\sbbd.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-03 39408]
    "Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
    "GameXN (update)"="c:\programdata\GameXN\GameXNGO.exe" [2011-08-31 347008]
    "GameXN (news)"="c:\programdata\GameXN\GameXNGO.exe" [2011-08-31 347008]
    "GameXN"="c:\programdata\GameXN\GameXNGO.exe" [2011-08-31 347008]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
    "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
    "SBAMTray"="c:\program files (x86)\GFI Software\VIPRE\SBAMTray.exe" [2012-05-02 3050848]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
    MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2011-8-4 4987160]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 136176]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-07-14 375176]
    R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 136176]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
    R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416]
    R3 SbHips;SbHips;c:\windows\system32\drivers\sbhips.sys [2012-04-14 61184]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-11 1255736]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-04-14 258304]
    S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-26 57976]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
    S2 SBAMSvc;VIPRE Internet Security;c:\program files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2012-05-02 3289680]
    S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
    S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2012-05-02 173920]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
    S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 244736]
    S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416]
    S3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2012-04-14 85248]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-05-19 16:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 16:53]
    .
    2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 17:37]
    .
    2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-03 17:37]
    .
    2012-08-14 c:\windows\Tasks\HPCeeScheduleForJane.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
    @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
    [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
    2011-08-04 22:15 4472600 ----a-w- c:\program files\MozyHome\mozyshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
    @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
    [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
    2011-08-04 22:15 4472600 ----a-w- c:\program files\MozyHome\mozyshell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-30 6489704]
    "RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-08-02 995840]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.cnn.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-42548925.sys
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-22 12:28:05 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-22 18:28
    .
    Pre-Run: 231,533,047,808 bytes free
    Post-Run: 233,302,200,320 bytes free
    .
    - - End Of File - - 860E9D169A4C90000C65F0D3FCC7C7E9
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Looks good :)

    Any current issues?

    ===================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  14. ViolinDad

    ViolinDad TS Rookie Topic Starter

    Everything looks good so far - here are two of the the logs: (I'll send Extras.txt in the next post)

    MBAM:

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.22.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Jane :: JANE-PC [administrator]

    8/22/2012 3:23:32 PM
    mbam-log-2012-08-22 (15-23-32).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 197657
    Time elapsed: 4 minute(s), 13 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    OTL.txt
    OTL logfile created on: 8/22/2012 3:42:38 PM - Run 1
    OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Jane\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.80 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 60.82% Memory free
    7.60 Gb Paging File | 6.13 Gb Available in Paging File | 80.68% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 285.23 Gb Total Space | 217.84 Gb Free Space | 76.37% Space Free | Partition Type: NTFS
    Drive D: | 12.56 Gb Total Space | 2.10 Gb Free Space | 16.71% Space Free | Partition Type: NTFS
    Drive E: | 99.34 Mb Total Space | 95.24 Mb Free Space | 95.88% Space Free | Partition Type: FAT32
    Drive G: | 7.45 Gb Total Space | 4.04 Gb Free Space | 54.22% Space Free | Partition Type: NTFS

    Computer Name: JANE-PC | User Name: Jane | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/22 15:24:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jane\Desktop\OTL.exe
    PRC - [2012/05/02 09:27:12 | 003,050,848 | ---- | M] (GFI Software) -- C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe
    PRC - [2012/05/02 08:59:28 | 003,289,680 | ---- | M] (GFI Software) -- C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
    PRC - [2012/05/02 08:58:48 | 000,173,920 | ---- | M] (GFI Software) -- C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
    PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/08/31 17:03:06 | 000,347,008 | ---- | M] (EasyBits Software AS) -- C:\ProgramData\GameXN\GameXNGO.exe
    PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2009/09/30 22:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/09/30 22:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/04/24 02:57:42 | 001,025,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/05/19 10:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
    MOD - [2010/05/19 10:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
    MOD - [2010/05/19 10:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/06/24 16:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Stopped] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
    SRV:64bit: - [2009/11/17 20:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/08/02 10:53:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/05/02 08:59:28 | 003,289,680 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe -- (SBAMSvc)
    SRV - [2012/05/02 08:58:48 | 000,173,920 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe -- (SBPIMSvc)
    SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/07/14 16:35:17 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/09/30 22:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2009/09/30 22:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/06/05 18:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/04/13 21:30:04 | 000,258,304 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
    DRV:64bit: - [2012/04/13 21:30:04 | 000,085,248 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
    DRV:64bit: - [2012/04/13 21:30:04 | 000,061,184 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (SbHips)
    DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/01/25 22:21:26 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
    DRV:64bit: - [2012/01/21 17:42:17 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/11/29 07:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
    DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/09/29 14:19:02 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
    DRV:64bit: - [2011/09/29 14:19:02 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
    DRV:64bit: - [2011/08/04 16:15:16 | 000,066,552 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mozy.sys -- (mozyFilter)
    DRV:64bit: - [2011/08/02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/22 12:17:34 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/10/30 08:56:34 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/09/22 19:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 15:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/04/29 10:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2012/01/25 22:21:26 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
    DRV - [2009/09/22 19:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{36E6C171-BD83-493F-A8A6-943B1C145CF0}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{EEF452CF-A4C7-4452-9161-28B0EB51E1DE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{36E6C171-BD83-493F-A8A6-943B1C145CF0}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{EEF452CF-A4C7-4452-9161-28B0EB51E1DE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2920264540-1447791862-2204674455-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
    IE - HKU\S-1-5-21-2920264540-1447791862-2204674455-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-2920264540-1447791862-2204674455-1000\..\SearchScopes,DefaultScope = {E1C8F480-4DC5-4133-A3AD-CA05906E81C4}
    IE - HKU\S-1-5-21-2920264540-1447791862-2204674455-1000\..\SearchScopes\{36E6C171-BD83-493F-A8A6-943B1C145CF0}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKU\S-1-5-21-2920264540-1447791862-2204674455-1000\..\SearchScopes\{E1C8F480-4DC5-4133-A3AD-CA05906E81C4}: "URL" = http://www.google.com/search?q={sea...x?}&startPage={startPage}&rlz=1I7SKPB_enUS395
    IE - HKU\S-1-5-21-2920264540-1447791862-2204674455-1000\..\SearchScopes\{EEF452CF-A4C7-4452-9161-28B0EB51E1DE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-2920264540-1447791862-2204674455-1000\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
    IE - HKU\S-1-5-21-2920264540-1447791862-2204674455-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2920264540-1447791862-2204674455-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/18 11:27:19 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/18 11:27:19 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2012/08/22 12:21:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7725.1624\swg64.dll (Google Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll (Google Inc.)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3:64bit: - HKU\S-1-5-21-2920264540-1447791862-2204674455-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [SBAMTray] C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe (GFI Software)
    O4 - HKU\S-1-5-21-2920264540-1447791862-2204674455-1000..\Run: [Desktop Software] C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
    O4 - HKU\S-1-5-21-2920264540-1447791862-2204674455-1000..\Run: [GameXN] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
    O4 - HKU\S-1-5-21-2920264540-1447791862-2204674455-1000..\Run: [GameXN (news)] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
    O4 - HKU\S-1-5-21-2920264540-1447791862-2204674455-1000..\Run: [GameXN (update)] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
    O4 - HKU\S-1-5-21-2920264540-1447791862-2204674455-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-2920264540-1447791862-2204674455-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2920264540-1447791862-2204674455-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-2920264540-1447791862-2204674455-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCF5CA41-3CD0-42F9-8D77-9E196DFA946F}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/22 15:40:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Jane\Desktop\OTL.exe
    [2012/08/22 12:19:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/08/22 12:11:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/22 12:11:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/22 12:11:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/22 12:05:00 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/22 12:04:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/08/22 11:56:58 | 004,735,900 | R--- | C] (Swearware) -- C:\Users\Jane\Desktop\ComboFix.exe
    [2012/08/21 23:23:45 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/08/20 17:33:26 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jane\Desktop\TDSSKiller.exe
    [2012/08/16 16:26:12 | 000,000,000 | ---D | C] -- C:\Users\Jane\Desktop\RK_Quarantine
    [2012/08/16 16:25:44 | 000,000,000 | ---D | C] -- C:\DPTemp
    [2012/08/16 13:57:50 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Jane\Desktop\dds.com
    [2012/08/16 11:51:01 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
    [2012/08/15 10:51:54 | 000,000,000 | ---D | C] -- C:\Users\Jane\AppData\Roaming\SUPERAntiSpyware.com
    [2012/08/15 10:50:27 | 001,051,552 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Jane\Desktop\rkill.com
    [2012/08/15 10:37:11 | 002,208,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jane\Desktop\dlp123.com
    [2012/08/15 10:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky
    [2012/08/13 20:47:29 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Public\Documents\mbam-setup-1.62.0.1300.exe
    [2012/08/13 18:54:03 | 000,000,000 | ---D | C] -- C:\Users\Jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Recovery
    [2012/08/13 18:41:23 | 000,000,000 | ---D | C] -- C:\Users\Jane\AppData\Local\{E07D9A09-0289-43CB-D566-A3B1B3563B25}
    [2012/08/05 15:48:24 | 000,000,000 | ---D | C] -- C:\Users\Jane\AppData\Local\{6BAFEF1D-8279-44F2-A99B-C427E76A98D1}
    [2012/08/05 15:48:13 | 000,000,000 | ---D | C] -- C:\Users\Jane\AppData\Local\{F116CFB8-8510-4B95-A584-0BA2A45965C5}
    [2012/08/05 15:47:02 | 000,000,000 | ---D | C] -- C:\Users\Jane\AppData\Local\{DF1A1239-945F-4BFA-9051-D8B71025FAB5}
    [2012/08/05 15:46:51 | 000,000,000 | ---D | C] -- C:\Users\Jane\AppData\Local\{62A854C4-526A-460E-89D0-9090309900C8}

    ========== Files - Modified Within 30 Days ==========

    [2012/08/22 15:33:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/08/22 15:26:31 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/22 15:26:31 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/22 15:24:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jane\Desktop\OTL.exe
    [2012/08/22 14:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/22 12:27:55 | 004,120,964 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/08/22 12:27:55 | 001,323,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/08/22 12:27:55 | 000,005,372 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/08/22 12:21:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/08/22 12:21:03 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/08/22 12:20:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/22 12:20:05 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/22 11:52:24 | 004,735,900 | R--- | M] (Swearware) -- C:\Users\Jane\Desktop\ComboFix.exe
    [2012/08/20 17:33:26 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jane\Desktop\TDSSKiller.exe
    [2012/08/16 13:50:57 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Jane\Desktop\dds.com
    [2012/08/16 13:15:13 | 000,302,592 | ---- | M] () -- C:\Users\Jane\Desktop\kxzzi91e.exe
    [2012/08/16 11:51:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SBRC.dat
    [2012/08/15 10:42:07 | 001,051,552 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Jane\Desktop\rkill.com
    [2012/08/15 10:37:16 | 002,208,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jane\Desktop\dlp123.com
    [2012/08/14 20:29:06 | 000,005,088 | ---- | M] () -- C:\Windows\mozy.blk
    [2012/08/14 20:29:06 | 000,003,286 | ---- | M] () -- C:\Windows\mozy.flt
    [2012/08/13 20:47:37 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Public\Documents\mbam-setup-1.62.0.1300.exe
    [2012/08/13 19:16:18 | 000,000,064 | ---- | M] () -- C:\ProgramData\-huzN5Dxqvot4e9r
    [2012/08/13 19:16:18 | 000,000,064 | ---- | M] () -- C:\ProgramData\-huzN5Dxqvot4e9
    [2012/08/13 19:12:58 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJane.job
    [2012/08/13 18:54:03 | 000,000,679 | ---- | M] () -- C:\Users\Jane\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
    [2012/08/13 18:54:03 | 000,000,655 | ---- | M] () -- C:\Users\Jane\Desktop\File_Recovery.lnk

    ========== Files Created - No Company Name ==========

    [2012/08/22 12:17:21 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
    [2012/08/22 12:11:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/22 12:11:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/22 12:11:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/22 12:11:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/22 12:11:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/08/16 13:30:22 | 000,302,592 | ---- | C] () -- C:\Users\Jane\Desktop\kxzzi91e.exe
    [2012/08/16 11:51:13 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SBRC.dat
    [2012/08/14 21:47:50 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2012/08/14 21:47:50 | 000,002,294 | ---- | C] () -- C:\Users\Public\Desktop\Comcast Desktop Software.lnk
    [2012/08/14 21:47:50 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Play HP Games.lnk
    [2012/08/14 21:47:50 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk
    [2012/08/14 21:47:50 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
    [2012/08/14 21:47:50 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk
    [2012/08/14 21:47:50 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\VIPRE Internet Security.lnk
    [2012/08/14 21:47:50 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2012/08/14 21:47:50 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6500 E710n-z.lnk
    [2012/08/14 21:47:50 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/08/14 21:47:50 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/08/14 21:47:50 | 000,001,315 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
    [2012/08/14 21:47:50 | 000,001,296 | ---- | C] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk
    [2012/08/14 21:47:50 | 000,001,266 | ---- | C] () -- C:\Users\Public\Desktop\PowerShot SD1400 IS_IXUS 130 Camera User Guide.lnk
    [2012/08/14 21:47:50 | 000,001,217 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710n-z Scan.lnk
    [2012/08/14 21:47:50 | 000,001,206 | ---- | C] () -- C:\Users\Public\Desktop\Personal Printing Guide.lnk
    [2012/08/14 21:47:50 | 000,001,180 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 6500 E710n-z.lnk
    [2012/08/14 21:47:50 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\DCSD Software Guide.lnk
    [2012/08/14 21:47:46 | 000,002,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2012/08/14 21:47:46 | 000,000,913 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
    [2012/08/14 21:47:38 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2012/08/14 21:47:38 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
    [2012/08/14 21:47:38 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
    [2012/08/14 21:47:38 | 000,002,304 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Software Store.lnk
    [2012/08/14 21:47:38 | 000,002,278 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    [2012/08/14 21:47:38 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    [2012/08/14 21:47:38 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
    [2012/08/14 21:47:38 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
    [2012/08/14 21:47:38 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2012/08/14 21:47:38 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    [2012/08/14 21:47:38 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2012/08/14 21:47:38 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
    [2012/08/14 21:47:38 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    [2012/08/14 21:47:38 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    [2012/08/14 21:47:38 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
    [2012/08/14 21:47:38 | 000,000,966 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
    [2012/08/14 21:47:38 | 000,000,183 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Internet Radio.url
    [2012/08/13 20:49:09 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/13 18:54:05 | 000,000,064 | ---- | C] () -- C:\ProgramData\-huzN5Dxqvot4e9r
    [2012/08/13 18:54:05 | 000,000,064 | ---- | C] () -- C:\ProgramData\-huzN5Dxqvot4e9
    [2012/08/13 18:54:03 | 000,000,679 | ---- | C] () -- C:\Users\Jane\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
    [2012/08/13 18:54:03 | 000,000,655 | ---- | C] () -- C:\Users\Jane\Desktop\File_Recovery.lnk
    [2011/12/15 11:12:08 | 000,025,683 | ---- | C] () -- C:\Users\Jane\seasons-greeting-300x181[1].jpg
    [2011/02/24 02:12:25 | 000,001,854 | ---- | C] () -- C:\Users\Jane\AppData\Roaming\GhostObjGAFix.xml
    [2011/02/11 19:15:08 | 000,874,048 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2010/09/03 11:48:44 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/08/25 20:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2010/08/25 20:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

    ========== LOP Check ==========

    [2012/05/20 13:01:00 | 000,000,000 | ---D | M] -- C:\Users\Jane\AppData\Roaming\GARMIN
    [2012/02/03 09:13:16 | 000,000,000 | ---D | M] -- C:\Users\Jane\AppData\Roaming\GFI Software
    [2012/08/22 11:18:24 | 000,000,000 | ---D | M] -- C:\Users\Jane\AppData\Roaming\go
    [2011/10/22 18:19:32 | 000,000,000 | ---D | M] -- C:\Users\Jane\AppData\Roaming\Notepad++
    [2012/08/14 14:35:22 | 000,000,000 | ---D | M] -- C:\Users\Jane\AppData\Roaming\SoftGrid Client
    [2010/07/10 14:13:28 | 000,000,000 | ---D | M] -- C:\Users\Jane\AppData\Roaming\TP
    [2011/02/11 08:25:36 | 000,000,000 | ---D | M] -- C:\Users\Jane\AppData\Roaming\Windows Live Writer
    [2012/03/18 15:58:05 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========


    < End of report >
     
  15. ViolinDad

    ViolinDad TS Rookie Topic Starter

    And here is the Extras.txt log.

    Extras.txt

    OTL Extras logfile created on: 8/22/2012 3:42:38 PM - Run 1
    OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Jane\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.80 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 60.82% Memory free
    7.60 Gb Paging File | 6.13 Gb Available in Paging File | 80.68% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 285.23 Gb Total Space | 217.84 Gb Free Space | 76.37% Space Free | Partition Type: NTFS
    Drive D: | 12.56 Gb Total Space | 2.10 Gb Free Space | 16.71% Space Free | Partition Type: NTFS
    Drive E: | 99.34 Mb Total Space | 95.24 Mb Free Space | 95.88% Space Free | Partition Type: FAT32
    Drive G: | 7.45 Gb Total Space | 4.04 Gb Free Space | 54.22% Space Free | Partition Type: NTFS

    Computer Name: JANE-PC | User Name: Jane | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" /n /dde
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00CD5EFE-F16B-4855-A78E-D416A0864464}" = rport=139 | protocol=6 | dir=out | app=system |
    "{0891FFAB-70DA-4FE7-B8FE-173B82536C1C}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{129B0407-2E25-4556-B9A0-A7603F682F15}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{17728AAA-D5C5-4D33-BDC8-90932BAA8599}" = lport=139 | protocol=6 | dir=in | app=system |
    "{1A63B2B3-94FF-48EB-AB3A-8CAB1234283E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{1B3900E0-6FAB-4C63-B2B7-77C1FC74D67B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{23513C04-4D13-4F0B-ADEE-59F328D39624}" = rport=137 | protocol=17 | dir=out | app=system |
    "{32D41C67-ADF9-49B1-B068-C81C7E26F0D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{33B1C0CB-ECCA-4C0E-A988-4F39B0E4E751}" = rport=445 | protocol=6 | dir=out | app=system |
    "{34454B4B-292E-4C53-AF5F-3F539C111B67}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{40E46A13-FF45-4279-A2EB-CBE60AF3A421}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{420F7451-CED9-4696-99B3-655802853D04}" = lport=138 | protocol=17 | dir=in | app=system |
    "{4B143424-3BEF-46D4-8EC4-3B408164F2EB}" = rport=138 | protocol=17 | dir=out | app=system |
    "{6BB8911A-50F1-4242-BE6F-C1D6F5F12ADA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6F3D7639-C728-4F29-B00E-AB293ACCD646}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{7CBCCCCA-6434-4DD8-AA12-7103B0B9057D}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{7D07156C-B007-46A8-8466-F70DD72E1821}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{846B3203-9691-4B93-B01E-C903DEC040F8}" = lport=445 | protocol=6 | dir=in | app=system |
    "{B2FC9841-8E04-4C77-856A-9A0F519DA6DA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B7658D71-BEFE-440A-8760-C7921C451592}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B9608AE5-6627-4A63-8955-D8ADF3FEEB43}" = lport=137 | protocol=17 | dir=in | app=system |
    "{BC35CD8B-6F24-4D9C-88DD-32E0BF862556}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CC50F42F-A914-4185-B7DE-2501471CCD9D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{CE0D2DC5-395F-43A8-A664-624DAD9BBE39}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D3DAF18A-1084-453B-BABB-11E5B9E49018}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{F256B886-9B2F-44D0-A8CB-61E7BC5C8AB5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{FAE6B233-D62C-4DA0-9C81-6575D1721199}" = lport=2869 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02E0224B-5C03-4302-8ABC-767799836362}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{062B2B3F-0036-4B4D-82DC-07263C1261B5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
    "{07497FE6-7BCC-45BB-AF04-D16402040AAA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{0A02286D-E3E9-42B4-993C-6D54CA161AAC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{212F7ECD-D96B-4C37-BD81-4928F46865E7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
    "{2255B91A-1EF9-4DA1-9B10-A135EE967563}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
    "{286781D7-52BF-482C-BF4B-334BE609DC47}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
    "{286CCC96-9E95-4664-A76D-DFEF75AA01A1}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
    "{2EDC80D1-187A-4F9F-86C9-CEAC147D8367}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
    "{326D59C0-741F-4502-BD66-C87C3CEE9117}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
    "{34315EAB-7D26-4155-9EDA-AF90D679244E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{377826F0-23D6-43D0-A5BA-EAEE77455E64}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{4968A779-F0B9-48D0-A360-32C63E532323}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{498F86B9-3A3B-445D-82E1-5E02AD642107}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{54921F10-BF6E-4841-921B-9AB87899E067}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
    "{5B8F3CA6-DB97-4BED-88B0-A7AA4D8DB507}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5C731F8B-04A6-4D49-9CDF-4219D6DF203E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{6D4AE121-3BA8-4A3C-AC69-02C2D74B21C4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{6F33428C-FEED-4EE2-BA2A-2259097D6884}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{7809D53C-5A6A-4DB6-A866-0D3A078F4075}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{7A17A37E-722A-4FA7-99D5-2D203C7CF5C7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{7E2FC1B6-2014-4904-A14D-19480029D622}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{84245F5E-6DD9-402B-A255-DA602C4A5E0E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{8576F3A9-65E8-42A9-A2DB-6EFFED02A0D8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
    "{8BC6BADB-55F5-40AC-A4B3-624F8B56C686}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
    "{8C30EB2C-A814-4D6C-9395-34E6BA873621}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
    "{8E0FC9B6-499D-4938-B9C7-C996472F9A28}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{8E5DEFDB-8C1D-45AC-ACD3-8FBA1803E6A8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{906B84FD-9EB4-4ECD-9738-D45F3D23261E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
    "{95D08B2B-075A-4283-A3B3-9A50703233BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{95D62699-5518-499E-A023-278FF2BB4364}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
    "{97B90CED-B723-47E6-BD26-0AC65062115C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{99773D44-A889-47CF-8883-2B145C7AF176}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9A0F6123-D17D-4607-B746-92BC32E15614}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
    "{9B7C8C08-7831-4AB1-A22E-D7087FC56882}" = protocol=6 | dir=out | app=system |
    "{A58F7895-3280-48D0-991D-F5C07C6AD2C4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{AA0978F4-63BC-4FE3-91BC-65FC013C4179}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
    "{B2243250-27C1-49A6-A5E5-6DFDB4276DE0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
    "{B7DE17A5-55E3-40C9-B182-DBE66F45299E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B8923108-7A41-42E0-9EB9-DCB6CE0398AE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{BBC81DDC-B602-4FFE-816F-977B5949CEE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{C51AA821-96E7-4FBB-AB34-BA63C63F8671}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{C8EEF168-2F4B-423C-BC6E-CA3E6095A702}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{CF0FA9EF-73E0-4466-A24F-248324ECCADA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
    "{D0C9A6ED-C834-43F4-A5F4-B496C2404AB3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{D1C36C93-5CFB-4885-ABEA-34D4AB1CCDD4}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
    "{D498CF11-A99E-4AD5-AA85-DF37EAB70E6D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{D4E36977-9457-4B9F-A102-93A66765CE5F}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
    "{D52B3C34-0A6A-4375-8D75-EBB115D73AD8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{D7AA2A60-7458-447C-9BDF-DC17CB036ABE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
    "{DACFFB29-5E70-46EA-BDDF-9CC604317BAA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{DAF8026F-6AC8-430C-A164-139381643A3B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
    "{DC7B8FEF-64FC-4E94-B6A4-15D8D2E99E3E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
    "{E039B9DE-F0EC-46A3-B5A8-8C2C9C8C12FC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{E0B37E9A-E0B5-4AF8-A73D-FC7BE9EA0EF4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
    "{E303E746-EDA9-4645-8905-BE44D598FE2D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
    "{E4EFDEE3-7C2E-4B41-A225-CBDEAB24E2AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E6B45DEB-36D7-4C9F-B99F-0C2797CD6AC6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
    "{EF2AB602-90F3-4995-9224-80700DEE3FC3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F37A1096-1B5D-4EAE-A8BF-FF2891C9E942}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{F3D6C6F2-0266-44C0-99D5-2FD3A994A3E7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
    "{F5F40BAB-3AF6-4CAE-B09D-25DA2FB6A6E9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{FEFD679D-FA5A-4E46-AD8E-14F34DD1F218}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{ADDF4B84-5D28-4EAE-8511-EF808C8BC81C}" = HP Officejet 6500 E710n-z Basic Device Software
    "{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{D5510D28-D0E4-433E-A0F3-EE3FCECA60D2}" = HP Officejet 6500 E710n-z Product Improvement Study
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{EB020347-354D-A1AF-F265-84B5427C96BA}" = MozyHome
    "{EB418DDD-5365-4381-87F6-D8BBB21CC1CA}" = Garmin Communicator Plugin x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Shop for HP Supplies" = Shop for HP Supplies
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
    "{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Help
    "{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
    "{17079027-EB8A-42C6-9BF8-825B78889F6A}" = Garmin Communicator Plugin
    "{17271AB7-D7EC-4a95-9861-FAFE5A4664AD}" = 6300Trb
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
    "{2706D853-FF69-4F96-8364-913238158CCD}" = VIPRE Internet Security
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
    "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
    "{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4D5927FF-F3A0-4E03-9DE9-8265499164CF}" = HP User Guides
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
    "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{BC39DBA4-D1B7-483C-BA0D-9EB0BB0B6DCF}" = 6300
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{BDEDBDD9-C97B-4333-B7BE-6979A34F6F74}" = 6300_Help
    "{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}" = VIPRE Internet Security
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
    "{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
    "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
    "{F9A43C0C-F274-4EC0-B02E-202C15C09C00}" = HP Wireless Assistant
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "CameraUserGuide-PSSD1400IS_IXUS130" = Canon PowerShot SD1400 IS_IXUS 130 Camera User Guide
    "CameraWindowDC8" = Canon Utilities CameraWindow DC 8
    "CameraWindowLauncher" = Canon Utilities CameraWindow
    "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
    "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
    "Canon MOV Decoder" = Canon MOV Decoder
    "Canon MOV Encoder" = Canon MOV Encoder
    "CoreFTP" = Core FTP LE
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
    "MyCamera" = Canon Utilities MyCamera
    "Notepad++" = Notepad++
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "Personal Printing Guide" = Canon Personal Printing Guide
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "Yahoo! Companion" = Yahoo! Toolbar
    "YTdetect" = Yahoo! Detect
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2920264540-1447791862-2204674455-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Game Organizer" = GameXN GO

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/22/2012 1:36:08 PM | Computer Name = Jane-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
    Description = The performance strings in the Performance registry value is corrupted
    when process Performance extension counter provider. The BaseIndex value from the
    Performance registry is the first DWORD in the Data section, LastCounter value
    is the second DWORD in the Data section, and LastHelp value is the third DWORD in
    the Data section.

    Error - 8/22/2012 1:36:08 PM | Computer Name = Jane-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The first DWORD in the Data section contains the error code.

    Error - 8/22/2012 1:58:42 PM | Computer Name = Jane-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
    Description = The performance strings in the Performance registry value is corrupted
    when process Performance extension counter provider. The BaseIndex value from the
    Performance registry is the first DWORD in the Data section, LastCounter value
    is the second DWORD in the Data section, and LastHelp value is the third DWORD in
    the Data section.

    Error - 8/22/2012 1:58:42 PM | Computer Name = Jane-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The first DWORD in the Data section contains the error code.

    Error - 8/22/2012 2:11:51 PM | Computer Name = Jane-PC | Source = VSS | ID = 18
    Description =

    Error - 8/22/2012 2:11:51 PM | Computer Name = Jane-PC | Source = VSS | ID = 8193
    Description =

    Error - 8/22/2012 2:11:51 PM | Computer Name = Jane-PC | Source = System Restore | ID = 8193
    Description =

    Error - 8/22/2012 2:27:52 PM | Computer Name = Jane-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
    Description = The performance strings in the Performance registry value is corrupted
    when process Performance extension counter provider. The BaseIndex value from the
    Performance registry is the first DWORD in the Data section, LastCounter value
    is the second DWORD in the Data section, and LastHelp value is the third DWORD in
    the Data section.

    Error - 8/22/2012 2:27:52 PM | Computer Name = Jane-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The first DWORD in the Data section contains the error code.

    Error - 8/22/2012 2:30:55 PM | Computer Name = Jane-PC | Source = CVHSVC | ID = 100
    Description = Information only. (Patch task for {90140011-0062-0409-0000-0000000FF1CE}):
    DownloadLatest Failed: There are currently no active network connections. Background
    Intelligent Transfer Service (BITS) will try again when an adapter is connected.


    [ Hewlett-Packard Events ]
    Error - 7/28/2012 5:12:12 AM | Computer Name = Jane-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/28/2012 5:13:01 AM | Computer Name = Jane-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/28/2012 5:13:51 AM | Computer Name = Jane-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/28/2012 5:21:21 AM | Computer Name = Jane-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/28/2012 5:27:13 AM | Computer Name = Jane-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/28/2012 5:28:01 AM | Computer Name = Jane-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/28/2012 6:07:44 AM | Computer Name = Jane-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/28/2012 6:08:10 AM | Computer Name = Jane-PC | Source = HPSF.exe | ID = 4000
    Description =

    Error - 8/5/2012 5:26:18 PM | Computer Name = Jane-PC | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 3893 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

    Error - 8/11/2012 3:04:34 PM | Computer Name = Jane-PC | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088hpsa_service.exe at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 3893 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

    [ System Events ]
    Error - 8/22/2012 2:11:51 PM | Computer Name = Jane-PC | Source = DCOM | ID = 10005
    Description =

    Error - 8/22/2012 2:17:28 PM | Computer Name = Jane-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 8/22/2012 2:19:03 PM | Computer Name = Jane-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 8/22/2012 2:19:39 PM | Computer Name = Jane-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 8/22/2012 2:20:07 PM | Computer Name = Jane-PC | Source = RTL8167 | ID = 5008
    Description = Realtek PCIe FE Family Controller : Has encountered an invalid network
    address.

    Error - 8/22/2012 2:20:45 PM | Computer Name = Jane-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the LMIGuardianSvc
    service to connect.

    Error - 8/22/2012 2:20:45 PM | Computer Name = Jane-PC | Source = Service Control Manager | ID = 7000
    Description = The LMIGuardianSvc service failed to start due to the following error:
    %%1053

    Error - 8/22/2012 2:20:48 PM | Computer Name = Jane-PC | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 8/22/2012 2:23:19 PM | Computer Name = Jane-PC | Source = Service Control Manager | ID = 7000
    Description = The HP Support Assistant Service service failed to start due to the
    following error: %%31

    Error - 8/22/2012 2:23:35 PM | Computer Name = Jane-PC | Source = Service Control Manager | ID = 7000
    Description = The RtVOsdService Installer service failed to start due to the following
    error: %%31


    < End of report >
     
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
      O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
      [2012/08/13 18:54:03 | 000,000,679 | ---- | M] () -- C:\Users\Jane\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
      [2012/08/13 18:54:05 | 000,000,064 | ---- | C] () -- C:\ProgramData\-huzN5Dxqvot4e9r
      [2012/08/13 18:54:05 | 000,000,064 | ---- | C] () -- C:\ProgramData\-huzN5Dxqvot4e9
      [2012/08/13 18:54:03 | 000,000,655 | ---- | C] () -- C:\Users\Jane\Desktop\File_Recovery.lnk
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    =====================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  17. ViolinDad

    ViolinDad TS Rookie Topic Starter

    Hi again,

    Things look pretty good, here are the logs from the last set of scans. ESET found no threats, and so had no log.

    OTL log post fix:

    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Starting removal of ActiveX control Garmin Communicator Plug-In
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
    C:\Users\Jane\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk moved successfully.
    C:\ProgramData\-huzN5Dxqvot4e9r moved successfully.
    C:\ProgramData\-huzN5Dxqvot4e9 moved successfully.
    C:\Users\Jane\Desktop\File_Recovery.lnk moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56504 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jane
    ->Temp folder emptied: 170807 bytes
    ->Temporary Internet Files folder emptied: 139057576 bytes
    ->Java cache emptied: 11961769 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 167704 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 30548 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68435 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 144.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Jane
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Jane
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.58.1 log created on 08222012_173513

    Files\Folders moved on Reboot...
    C:\Users\Jane\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


    Security Check Log:

    Results of screen317's Security Check version 0.99.46
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    GFI Software VIPRE
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    Java(TM) 6 Update 26
    Java version out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
    Farber Service Scanner Log:
    Farbar Service Scanner Version: 06-08-2012
    Ran by Jane (administrator) on 22-08-2012 at 17:56:14
    Running from "C:\Users\Jane\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.
    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0
    System Restore:
    ============
    System Restore Disabled Policy:
    ========================
    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================
    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.
    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1
    Other Services:
    ==============
    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    **** End of log ****
    ESET: No threats found
     
  18. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  19. ViolinDad

    ViolinDad TS Rookie Topic Starter

    Thanks so much. The computer seems to be running very well. I did the first steps (updated Adobe Reader & Java) and ran the OTL cleanup. I have posted that log below.

    I will do the rest of the cleanup on Sunday -- I am heading out of town in the morning and will be back then.

    You have been so very helpful and your support has resolved what was a nasty infection. Thanks again for all your guidance!!

    I'll report back in on Sunday, just to finalize, but I'm quite confident that all is back in order and working well.

    OTL Log:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jane
    ->Temp folder emptied: 221176 bytes
    ->Temporary Internet Files folder emptied: 16094193 bytes
    ->Java cache emptied: 1878 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 635 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 39250 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 16.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Jane
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Jane
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.58.1 log created on 08222012_204547

    Files\Folders moved on Reboot...
    C:\Users\Jane\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  20. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...