Inactive Laptop fails to boot/sporadic sprees of freezing

[Auvic]

My laptop hasn't really been slowing down, but sometimes it just has a real problem starting up - and even when it's managed to boot up, it doesn't always even make it to the welcome screen or any measure of functionability. In trying to boot it up last night, it failed to respond at least 15+ times, and froze mid-MSE scan at least 3-4 times as well. It's currently up and running, and I've pushed one Malwarebytes/MSE scan through, but all scans seem clean.

However, the first time it did this - last week or so - the MSE scan pulled out three viruses. I thought the issue was over then, but since my laptop's been acting up again, I'm not sure if some other virus escaped the scans, or if MSE failed to remove the viruses entirely. I didn't copy down the names of the viruses, unfortunately. Sorry!

MBAM log:


Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.09.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Vincent :: NOISELESS [administrator]

2/15/2013 10:36:12 AM
mbam-log-2013-02-15 (10-36-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215501
Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

DDS Log:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 1.6.0_39
Run by Vincent at 10:45:47 on 2013-02-15
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2968.999 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Users\Vincent\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Users\Vincent\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vincent\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\msiexec.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.plusnetwork.com/?sp=hp&t=b0213
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: WinToFlash Suggestor: {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll
uRun: [Google Update] "C:\Users\Vincent\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [googletalk] C:\Users\Vincent\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
mRun: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Vincent\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {8EF9626B-2251-4C5E-BD17-D5F3E0E98B03} - hxxps://management.pna.utexas.edu/idengineswpa/tools/xc_loader_activex.ocx
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 10.111.218.254 10.113.218.254 10.112.218.254
TCP: Interfaces\{25EC66F7-E07D-453E-AAE1-390EDA1EABC6} : DHCPNameServer = 10.111.218.254 10.113.218.254 10.112.218.254
TCP: Interfaces\{25EC66F7-E07D-453E-AAE1-390EDA1EABC6}\14C62656274723 : DHCPNameServer = 192.168.24.1
TCP: Interfaces\{25EC66F7-E07D-453E-AAE1-390EDA1EABC6}\2375942554336383 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{25EC66F7-E07D-453E-AAE1-390EDA1EABC6}\77F6F64713 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{25EC66F7-E07D-453E-AAE1-390EDA1EABC6}\D646167657563747 : DHCPNameServer = 216.136.95.2 64.132.94.250
TCP: Interfaces\{BD783C53-2E55-4428-BABB-30C58E4C8B16} : DHCPNameServer = 10.160.220.60 10.160.16.66
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\9sijq2hf.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Vincent\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-02-08 22:29; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-3-11 283200]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 202752]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-8 398184]
R2 MsgPlusService;Messenger Plus! Service;C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-2-2 119296]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2008-8-22 316544]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2009-9-22 7369728]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-8-27 24176]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-8 682344]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-7-1 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-2 1255736]
.
=============== Created Last 30 ================
.
2013-02-15 16:44:309161176----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CDA3F42D-3ECB-4C9C-9549-D1086A774D6B}\mpengine.dll
2013-02-15 16:25:05--------d-----w-C:\Users\Vincent\AppData\Local\{9E6BECEB-0D61-4166-B607-4292BF90BB59}
2013-02-15 13:04:01996352----a-w-C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 13:04:01768000----a-w-C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 13:02:042382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2013-02-15 13:02:042382848----a-w-C:\Windows\System32\mshtml.tlb
2013-02-15 13:02:02420864----a-w-C:\Windows\SysWow64\vbscript.dll
2013-02-15 13:02:02304640----a-w-C:\Program Files\Internet Explorer\IEShims.dll
2013-02-15 13:02:02182816----a-w-C:\Program Files\Internet Explorer\sqmapi.dll
2013-02-15 13:02:02149528----a-w-C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-02-15 13:02:01194048----a-w-C:\Program Files (x86)\Internet Explorer\IEShims.dll
2013-02-15 13:02:00173056----a-w-C:\Windows\System32\ieUnatt.exe
2013-02-15 05:12:199161176------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-15 04:24:27--------d-----w-C:\Users\Vincent\AppData\Local\{7AAB4094-6685-4332-9873-60CC0C6F9DCA}
2013-02-14 15:00:10--------d-----w-C:\Users\Vincent\AppData\Local\{CACC86CB-0E85-49B5-A088-28B305BC08C2}
2013-02-13 15:46:355553512----a-w-C:\Windows\System32\ntoskrnl.exe
2013-02-13 15:46:353967848----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-13 15:46:343913064----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2013-02-13 15:46:243153408----a-w-C:\Windows\System32\win32k.sys
2013-02-13 15:46:22215040----a-w-C:\Windows\System32\winsrv.dll
2013-02-13 15:46:217680----a-w-C:\Windows\SysWow64\instnm.exe
2013-02-13 15:46:215120----a-w-C:\Windows\SysWow64\wow32.dll
2013-02-13 15:46:2125600----a-w-C:\Windows\SysWow64\setup16.exe
2013-02-13 15:46:2114336----a-w-C:\Windows\SysWow64\ntvdm64.dll
2013-02-13 15:46:192048----a-w-C:\Windows\SysWow64\user.exe
2013-02-13 15:46:181913192----a-w-C:\Windows\System32\drivers\tcpip.sys
2013-02-13 15:46:17288088----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 15:39:11--------d-----w-C:\Users\Vincent\AppData\Local\{B14D8464-B386-43EB-82A3-84C27A16B971}
2013-02-11 15:04:34--------d-----w-C:\Users\Vincent\AppData\Local\{BA1A6346-7B0E-4F78-814F-B5DB5EF60BEC}
2013-02-11 03:04:10--------d-----w-C:\Users\Vincent\AppData\Local\{3714717F-5132-44A5-9F8A-4D71A95EB04F}
2013-02-09 03:02:37--------d-----w-C:\Users\Vincent\AppData\Local\{439E0B16-A624-4791-8EE6-97F6C14ADA51}
2013-02-08 15:05:22--------d-----w-C:\Users\Vincent\AppData\Local\Programs
2013-02-08 15:02:12--------d-----w-C:\Users\Vincent\AppData\Local\{165321E6-EC59-483B-B20E-1AABB9D6A469}
2013-02-06 20:52:27--------d-----w-C:\Users\Vincent\AppData\Local\{5B6D8BCE-2660-4B7A-8FB0-6B5733B561E1}
2013-02-06 16:29:45--------d-----w-C:\Users\Vincent\AppData\Local\{153F2C24-CD44-4680-A12D-70D722C17682}
2013-02-04 18:07:41--------d-----w-C:\Users\Vincent\AppData\Local\{E6EA3636-AB3A-46A1-A516-D6E58FBB74F5}
2013-02-04 18:03:22--------d-----w-C:\Users\Vincent\AppData\Local\{0F82E8E7-B153-4930-AAFE-35CD58E9B5DD}
2013-02-04 03:20:39--------d-----w-C:\Users\Vincent\AppData\Local\{C6EB04E4-AA14-4F8A-8854-31293D71494C}
2013-02-01 13:33:22--------d-----w-C:\Users\Vincent\AppData\Local\{AFFDF80A-2FC5-44A8-8B14-C28BE23A70E2}
2013-01-31 14:28:14--------d-----w-C:\Users\Vincent\AppData\Local\{AFBC5FFE-90FB-4070-AC2F-1A82C1A60946}
2013-01-28 15:18:43--------d-----w-C:\Users\Vincent\AppData\Local\{5E961521-E292-46D3-871C-2E1572AAE051}
2013-01-26 22:49:36--------d-----w-C:\Program Files (x86)\Mozilla Firefox.bak
2013-01-26 21:12:26--------d-----w-C:\Users\Vincent\AppData\Local\{DDDFF6E0-6C7F-4B3C-B7C5-102E0D36EC77}
2013-01-25 16:50:58--------d-----w-C:\Users\Vincent\AppData\Local\{D5D0D6FD-06F6-48A8-B7BF-4AC5030DC29E}
2013-01-24 15:23:54--------d-----w-C:\Users\Vincent\AppData\Local\{1B2E9EA9-CC21-4E6D-9420-0DCB045E9981}
2013-01-21 16:16:33--------d-----w-C:\Users\Vincent\AppData\Local\{62F4D638-B6C0-464C-A5B1-7A76C99FFC8B}
2013-01-20 21:59:04230320----a-w-C:\Windows\System32\drivers\MpFilter.sys
2013-01-18 15:21:42--------d-----w-C:\Users\Vincent\AppData\Local\{5802D00E-6B90-48AB-A4EE-2188231798C8}
2013-01-18 03:21:06--------d-----w-C:\Users\Vincent\AppData\Local\{866896EA-9A49-477B-A00E-7B99A5AB8CA0}
2013-01-17 15:20:53--------d-----w-C:\Users\Vincent\AppData\Local\{836F901D-4CFD-4031-A748-56D47CA0B63D}
2013-01-17 15:16:08--------d-----w-C:\Users\Vincent\AppData\Local\{DB296446-7097-4E6F-9B4A-FB7104D862F6}
.
==================== Find3M ====================
.
2013-02-08 16:09:2574096----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-08 16:09:25697712----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-30 10:53:22273840------w-C:\Windows\System32\MpSigStub.exe
2013-01-20 21:59:04130008----a-w-C:\Windows\System32\drivers\NisDrvWFP.sys
2013-01-15 22:56:10477616----a-w-C:\Windows\SysWow64\npdeployJava1.dll
2013-01-15 22:56:07473520----a-w-C:\Windows\SysWow64\deployJava1.dll
2013-01-09 01:19:092312704----a-w-C:\Windows\System32\jscript9.dll
2013-01-09 01:12:031392128----a-w-C:\Windows\System32\wininet.dll
2013-01-09 01:11:061494528----a-w-C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:47599040----a-w-C:\Windows\System32\vbscript.dll
2013-01-08 22:11:211800704----a-w-C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:201129472----a-w-C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:121427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2013-01-04 04:43:2144032----a-w-C:\Windows\apppatch\acwow64.dll
2012-12-16 17:11:2246080----a-w-C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03367616----a-w-C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28295424----a-w-C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:2034304----a-w-C:\Windows\SysWow64\atmlib.dll
2012-12-14 22:49:2824176----a-w-C:\Windows\System32\drivers\mbam.sys
2012-12-07 13:20:16441856----a-w-C:\Windows\System32\Wpc.dll
2012-12-07 13:15:312746368----a-w-C:\Windows\System32\gameux.dll
2012-12-07 12:26:17308736----a-w-C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:432576384----a-w-C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:0430720----a-w-C:\Windows\System32\usk.rs
2012-12-07 11:20:0343520----a-w-C:\Windows\System32\csrr.rs
2012-12-07 11:20:0323552----a-w-C:\Windows\System32\oflc.rs
2012-12-07 11:20:0145568----a-w-C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:0144544----a-w-C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:0120480----a-w-C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:0020480----a-w-C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:5920480----a-w-C:\Windows\System32\pegi.rs
2012-12-07 11:19:5846592----a-w-C:\Windows\System32\fpb.rs
2012-12-07 11:19:5740960----a-w-C:\Windows\System32\cob-au.rs
2012-12-07 11:19:5721504----a-w-C:\Windows\System32\grb.rs
2012-12-07 11:19:5715360----a-w-C:\Windows\System32\djctq.rs
2012-12-07 11:19:5655296----a-w-C:\Windows\System32\cero.rs
2012-12-07 11:19:5551712----a-w-C:\Windows\System32\esrb.rs
2012-11-30 05:45:35362496----a-w-C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35243200----a-w-C:\Windows\System32\wow64.dll
2012-11-30 05:45:3513312----a-w-C:\Windows\System32\wow64cpu.dll
2012-11-30 05:43:1216384----a-w-C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07424448----a-w-C:\Windows\System32\KernelBase.dll
2012-11-30 04:53:59274944----a-w-C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48338432----a-w-C:\Windows\System32\conhost.exe
2012-11-30 02:38:596144---ha-w-C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:594608---ha-w-C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:593584---ha-w-C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:593072---ha-w-C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:13:5768608----a-w-C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23800768----a-w-C:\Windows\System32\usp10.dll
2012-11-22 04:45:03626688----a-w-C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49307200----a-w-C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09220160----a-w-C:\Windows\SysWow64\ncrypt.dll
.
============= FINISH: 10:46:39.80 ===============

 

[Jay Pfoutz]

Hi there!

ComboFix scan

Please download ComboFix

by sUBs
From TechSpot

Direct Link (alternative)

Please save the file to your Desktop.

Important information about ComboFix


After the download:

• Close any open browsers.
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

• Double click on ComboFix.exe & follow the prompts.
• When ComboFix finishes, it will produce a report for you.
• Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

 

[Jay Pfoutz]

How did this go? Update me please!

 

[Jay Pfoutz]

Hello! Are you still with us? Your topic is now marked inactive, because you have lacked to reply.

However, we'd like to still help. Please update us on the state of your PC.

 

[Auvic]

Whoops! Sorry about that, I hadn't gotten an email notification that there was a reply as I have in the past, so I hadn't gotten around to checking the thread. Sorry, sorry!
For a little, I'd thought my laptop had finished with the random crashes, but it decided to take a break from being responsive for a few hours today. Guess it's not something that'll fix itself so easily.

Here's the combofix log:

ComboFix 13-02-21.02 - Vincent 02/21/2013 14:08:22.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2968.1901 [GMT -6:00]
Running from: C:\Users\Vincent\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\Vincent\AppData\Local\{9E6BECEB-0D61-4166-B607-4292BF90BB59}


((((((((((((((((((((((((( Files Created from 2013-01-21 to 2013-02-21 )))))))))))))))))))))))))))))))


2013-02-21 20:14:57 . 2013-02-21 20:14:57--------d-----w-C:\Users\Default\AppData\Local\temp
2013-02-21 19:53:23 . 2013-02-21 19:53:2376232----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5EF0E605-7152-4378-A26B-E9FF0C99BB10}\offreg.dll
2013-02-21 14:46:20 . 2013-02-08 00:28:299162192----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5EF0E605-7152-4378-A26B-E9FF0C99BB10}\mpengine.dll
2013-02-18 15:02:20 . 2013-01-08 05:32:089161176----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-15 13:04:01 . 2013-01-09 01:10:05996352----a-w-C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 13:04:01 . 2013-01-08 22:01:00768000----a-w-C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 13:02:04 . 2013-01-09 01:04:422382848----a-w-C:\Windows\system32\mshtml.tlb
2013-02-15 13:02:04 . 2013-01-08 21:56:232382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2013-02-15 13:02:03 . 2013-01-09 01:04:5896768----a-w-C:\Windows\system32\mshtmled.dll
2013-02-15 13:02:02 . 2013-01-09 01:53:45182816----a-w-C:\Program Files\Internet Explorer\sqmapi.dll
2013-02-15 13:02:02 . 2013-01-09 01:09:12304640----a-w-C:\Program Files\Internet Explorer\IEShims.dll
2013-02-15 13:02:02 . 2013-01-08 22:42:06149528----a-w-C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-02-15 13:02:02 . 2013-01-08 21:58:29420864----a-w-C:\Windows\SysWow64\vbscript.dll
2013-02-15 13:02:01 . 2013-01-09 01:00:48248320----a-w-C:\Windows\system32\ieui.dll
2013-02-15 13:02:01 . 2013-01-08 22:00:12194048----a-w-C:\Program Files (x86)\Internet Explorer\IEShims.dll
2013-02-15 13:02:00 . 2013-01-09 01:07:51173056----a-w-C:\Windows\system32\ieUnatt.exe
2013-02-13 15:46:35 . 2013-01-05 05:53:435553512----a-w-C:\Windows\system32\ntoskrnl.exe
2013-02-13 15:46:35 . 2013-01-05 05:00:153967848----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-13 15:46:34 . 2013-01-05 05:00:113913064----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2013-02-13 15:46:24 . 2013-01-04 03:26:483153408----a-w-C:\Windows\system32\win32k.sys
2013-02-13 15:46:22 . 2013-01-04 05:46:09215040----a-w-C:\Windows\system32\winsrv.dll
2013-02-13 15:46:21 . 2013-01-04 04:51:165120----a-w-C:\Windows\SysWow64\wow32.dll
2013-02-13 15:46:21 . 2013-01-04 02:47:3525600----a-w-C:\Windows\SysWow64\setup16.exe
2013-02-13 15:46:21 . 2013-01-04 02:47:347680----a-w-C:\Windows\SysWow64\instnm.exe
2013-02-13 15:46:21 . 2013-01-04 02:47:3314336----a-w-C:\Windows\SysWow64\ntvdm64.dll
2013-02-13 15:46:19 . 2013-01-04 02:47:342048----a-w-C:\Windows\SysWow64\user.exe
2013-02-13 15:46:18 . 2013-01-03 06:00:541913192----a-w-C:\Windows\system32\drivers\tcpip.sys
2013-02-13 15:46:17 . 2013-01-03 06:00:42288088----a-w-C:\Windows\system32\drivers\FWPKCLNT.SYS
2013-02-08 15:05:22 . 2013-02-08 15:05:22--------d-----w-C:\Users\Vincent\AppData\Local\Programs
2013-02-04 06:21:02 . 2013-02-04 06:21:02--------d-----w-C:\Program Files (x86)\Common Files\Skype
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-02-18 21:20:29 . 2012-05-16 21:47:29691568----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-18 21:20:29 . 2011-05-26 13:37:3371024----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-15 13:09:57 . 2011-02-01 06:34:5470004024----a-w-C:\Windows\system32\MRT.exe
2013-01-30 10:53:22 . 2011-02-01 00:01:22273840------w-C:\Windows\system32\MpSigStub.exe
2013-01-20 21:59:04 . 2013-01-20 21:59:04230320----a-w-C:\Windows\system32\drivers\MpFilter.sys
2013-01-20 21:59:04 . 2010-10-25 03:25:38130008----a-w-C:\Windows\system32\drivers\NisDrvWFP.sys
2013-01-15 22:56:10 . 2012-07-02 19:00:56477616----a-w-C:\Windows\SysWow64\npdeployJava1.dll
2013-01-15 22:56:07 . 2011-02-01 20:12:31473520----a-w-C:\Windows\SysWow64\deployJava1.dll
2013-01-04 04:43:21 . 2013-02-13 15:46:2244032----a-w-C:\Windows\apppatch\acwow64.dll
2012-12-16 17:11:22 . 2012-12-21 16:06:3846080----a-w-C:\Windows\system32\atmlib.dll
2012-12-16 14:45:03 . 2012-12-21 16:06:36367616----a-w-C:\Windows\system32\atmfd.dll
2012-12-16 14:13:28 . 2012-12-21 16:06:35295424----a-w-C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 . 2012-12-21 16:06:3834304----a-w-C:\Windows\SysWow64\atmlib.dll
2012-12-14 22:49:28 . 2011-08-27 19:49:0324176----a-w-C:\Windows\system32\drivers\mbam.sys
2012-12-07 13:20:16 . 2013-01-09 19:23:00441856----a-w-C:\Windows\system32\Wpc.dll
2012-12-07 13:15:31 . 2013-01-09 19:23:002746368----a-w-C:\Windows\system32\gameux.dll
2012-12-07 12:26:17 . 2013-01-09 19:22:59308736----a-w-C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 . 2013-01-09 19:23:002576384----a-w-C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 . 2013-01-09 19:23:0030720----a-w-C:\Windows\system32\usk.rs
2012-12-07 11:20:03 . 2013-01-09 19:23:0043520----a-w-C:\Windows\system32\csrr.rs
2012-12-07 11:20:03 . 2013-01-09 19:22:5923552----a-w-C:\Windows\system32\oflc.rs
2012-12-07 11:20:01 . 2013-01-09 19:23:0045568----a-w-C:\Windows\system32\oflc-nz.rs
2012-12-07 11:20:01 . 2013-01-09 19:23:0044544----a-w-C:\Windows\system32\pegibbfc.rs
2012-12-07 11:20:01 . 2013-01-09 19:22:5920480----a-w-C:\Windows\system32\pegi-fi.rs
2012-12-07 11:20:00 . 2013-01-09 19:23:0020480----a-w-C:\Windows\system32\pegi-pt.rs
2012-12-07 11:19:59 . 2013-01-09 19:23:0020480----a-w-C:\Windows\system32\pegi.rs
2012-12-07 11:19:58 . 2013-01-09 19:23:0046592----a-w-C:\Windows\system32\fpb.rs
2012-12-07 11:19:57 . 2013-01-09 19:23:0040960----a-w-C:\Windows\system32\cob-au.rs
2012-12-07 11:19:57 . 2013-01-09 19:23:0021504----a-w-C:\Windows\system32\grb.rs
2012-12-07 11:19:57 . 2013-01-09 19:23:0015360----a-w-C:\Windows\system32\djctq.rs
2012-12-07 11:19:56 . 2013-01-09 19:22:5955296----a-w-C:\Windows\system32\cero.rs
2012-12-07 11:19:55 . 2013-01-09 19:22:5951712----a-w-C:\Windows\system32\esrb.rs
2012-12-07 10:46:42 . 2013-01-09 19:23:0043520----a-w-C:\Windows\SysWow64\csrr.rs
2012-12-07 10:46:42 . 2013-01-09 19:23:0030720----a-w-C:\Windows\SysWow64\usk.rs
2012-12-07 10:46:41 . 2013-01-09 19:23:0045568----a-w-C:\Windows\SysWow64\oflc-nz.rs
2012-12-07 10:46:41 . 2013-01-09 19:23:0044544----a-w-C:\Windows\SysWow64\pegibbfc.rs
2012-12-07 10:46:41 . 2013-01-09 19:23:0020480----a-w-C:\Windows\SysWow64\pegi-pt.rs
2012-12-07 10:46:41 . 2013-01-09 19:22:5923552----a-w-C:\Windows\SysWow64\oflc.rs
2012-12-07 10:46:40 . 2013-01-09 19:22:5920480----a-w-C:\Windows\SysWow64\pegi-fi.rs
2012-12-07 10:46:39 . 2013-01-09 19:23:0046592----a-w-C:\Windows\SysWow64\fpb.rs
2012-12-07 10:46:39 . 2013-01-09 19:23:0020480----a-w-C:\Windows\SysWow64\pegi.rs
2012-12-07 10:46:38 . 2013-01-09 19:23:0021504----a-w-C:\Windows\SysWow64\grb.rs
2012-12-07 10:46:37 . 2013-01-09 19:23:0040960----a-w-C:\Windows\SysWow64\cob-au.rs
2012-12-07 10:46:37 . 2013-01-09 19:23:0015360----a-w-C:\Windows\SysWow64\djctq.rs
2012-12-07 10:46:36 . 2013-01-09 19:22:5955296----a-w-C:\Windows\SysWow64\cero.rs
2012-12-07 10:46:36 . 2013-01-09 19:22:5951712----a-w-C:\Windows\SysWow64\esrb.rs
2012-11-30 05:45:35 . 2013-01-09 19:22:31362496----a-w-C:\Windows\system32\wow64win.dll
2012-11-30 05:45:35 . 2013-01-09 19:22:31243200----a-w-C:\Windows\system32\wow64.dll
2012-11-30 05:45:35 . 2013-01-09 19:22:3113312----a-w-C:\Windows\system32\wow64cpu.dll
2012-11-30 05:43:12 . 2013-01-09 19:22:3116384----a-w-C:\Windows\system32\ntvdm64.dll
2012-11-30 05:41:07 . 2013-01-09 19:22:34424448----a-w-C:\Windows\system32\KernelBase.dll
2012-11-30 05:41:07 . 2013-01-09 19:22:321161216----a-w-C:\Windows\system32\kernel32.dll
2012-11-30 05:38:45 . 2013-01-09 19:22:313072---ha-w-C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38:45 . 2013-01-09 19:22:306144---ha-w-C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38:45 . 2013-01-09 19:22:304608---ha-w-C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38:45 . 2013-01-09 19:22:304608---ha-w-C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38:45 . 2013-01-09 19:22:304096---ha-w-C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38:45 . 2013-01-09 19:22:304096---ha-w-C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38:45 . 2013-01-09 19:22:303584---ha-w-C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38:45 . 2013-01-09 19:22:303584---ha-w-C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38:45 . 2013-01-09 19:22:303584---ha-w-C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38:45 . 2013-01-09 19:22:303584---ha-w-C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38:45 . 2013-01-09 19:22:303072---ha-w-C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38:45 . 2013-01-09 19:22:303072---ha-w-C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38:45 . 2013-01-09 19:22:303072---ha-w-C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-09 19:22:315120---ha-w-C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-09 19:22:313072---ha-w-C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-09 19:22:303584---ha-w-C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-09 19:22:294096---ha-w-C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-09 19:22:293584---ha-w-C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-09 19:22:293584---ha-w-C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-09 19:22:293072---ha-w-C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-09 19:22:293072---ha-w-C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-09 19:22:293072---ha-w-C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-09 19:22:293072---ha-w-C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-09 19:22:293072---ha-w-C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-09 19:22:293072---ha-w-C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-09 19:22:293072---ha-w-C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-09 19:22:274096---ha-w-C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38:44 . 2013-01-09 19:22:273072---ha-w-C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53:59 . 2013-01-09 19:22:33274944----a-w-C:\Windows\SysWow64\KernelBase.dll
2012-11-30 04:45:15 . 2013-01-09 19:22:304608---ha-w-C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-09 19:22:304096---ha-w-C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-09 19:22:304096---ha-w-C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-09 19:22:304096---ha-w-C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-09 19:22:303584---ha-w-C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-09 19:22:303584---ha-w-C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-09 19:22:303584---ha-w-C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-09 19:22:303072---ha-w-C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-09 19:22:303072---ha-w-C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-09 19:22:294096---ha-w-C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-09 19:22:293584---ha-w-C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-09 19:22:293584---ha-w-C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-09 19:22:293584---ha-w-C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-09 19:22:293072---ha-w-C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-09 19:22:283072---ha-w-C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45:15 . 2013-01-09 19:22:274096---ha-w-C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45:14 . 2013-01-09 19:22:315120---ha-w-C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45:14 . 2013-01-09 19:22:313072---ha-w-C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45:14 . 2013-01-09 19:22:313072---ha-w-C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD}]
2012-05-25 15:38:14281424----a-w-C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files (x86)\Steam\Steam.exe" [2013-02-14 09:14:04 1597864]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 08:06:56 3481408]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18:59:26 18705664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2010-11-29 22:38:18 421888]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 06:22:56 421160]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 07:35:28 946352]
"PlusService"="C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2013-01-23 22:02:11 802304]
"MessengerPlusForSkypeService"="C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2012-03-21 21:57:07 119296]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 17:41:54 254896]

C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 17:49:27 128752]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 20:27:14 138576]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 22:49:28 682344]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-01-08 18:55:20 161536]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 20:35:28 5434368]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 21:59:04 130008]
R3 NisSrv;Microsoft Network Inspection;c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-01-27 17:34:32 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2010-11-20 11:03:42 20992]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2011-02-18 21:36:58 51712]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-02-02 14:56:53 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Vincent\Downloads\RealTemp_360\WinRing0x64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-11 08:28:54 283200]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 18:23:05 14920]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 18:23:05 12360]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2009-08-24 22:00:14 202752]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 22:49:28 398184]
S2 MsgPlusService;Messenger Plus! Service;C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-03-21 21:57:07 119296]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys [2008-08-23 03:10:26 316544]
S3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys [2009-09-22 20:47:16 7369728]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2012-12-14 22:49:28 24176]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys [2009-09-16 00:40:42 6952960]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 21:01:11 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 21:01:11 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 21:01:11 740864]


Contents of the 'Scheduled Tasks' folder

2013-02-21 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 21:47:29 . 2013-02-18 21:20:29]

2013-02-18 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-955836838-487028394-284100168-1000Core.job
- C:\Users\Vincent\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-31 23:55:33 . 2011-01-31 23:55:32]

2013-02-21 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-955836838-487028394-284100168-1000UA.job
- C:\Users\Vincent\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-31 23:55:33 . 2011-01-31 23:55:32]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" [2013-01-27 17:34:16 1281512]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2009-09-22 20:47:18 165912]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2009-09-22 20:47:14 387608]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2009-09-22 20:47:18 365592]

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.111.218.254 10.113.218.254 10.112.218.254
DPF: {8EF9626B-2251-4C5E-BD17-D5F3E0E98B03} - hxxps://management.pna.utexas.edu/idengineswpa/tools/xc_loader_activex.ocx
FF - ProfilePath - C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\9sijq2hf.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - ExtSQL: 2013-02-08 22:29; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}

- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKCU-Run-googletalk - C:\Users\Vincent\AppData\Roaming\Google\Google Talk\googletalk.exe
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk - C:\Users\Vincent\AppData\Roaming\Google\Google Talk\uninstall.exe

 

[Jay Pfoutz]

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

 

[Jay Pfoutz]

How is this going for you?

 

[Auvic]

Heya! Sorry about the delay again - it seemed that the most reliable way of getting my computer to lock up was to start a scan of any type, and the TDSS was no exception. I finally got it to run, though:

Log 1:

18:08:17.0469 0868 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:08:17.0516 0868 ============================================================
18:08:17.0516 0868 Current date / time: 2013/02/25 18:08:17.0516
18:08:17.0516 0868 SystemInfo:
18:08:17.0516 0868
18:08:17.0516 0868 OS Version: 6.1.7601 ServicePack: 1.0
18:08:17.0516 0868 Product type: Workstation
18:08:17.0516 0868 ComputerName: NOISELESS
18:08:17.0516 0868 UserName: Vincent
18:08:17.0516 0868 Windows directory: C:\Windows
18:08:17.0516 0868 System windows directory: C:\Windows
18:08:17.0516 0868 Running under WOW64
18:08:17.0516 0868 Processor architecture: Intel x64
18:08:17.0516 0868 Number of processors: 2
18:08:17.0516 0868 Page size: 0x1000
18:08:17.0516 0868 Boot type: Normal boot
18:08:17.0516 0868 ============================================================
18:08:20.0574 0868 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
18:08:20.0574 0868 ============================================================
18:08:20.0574 0868 \Device\Harddisk0\DR0:
18:08:20.0574 0868 MBR partitions:
18:08:20.0574 0868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:08:20.0574 0868 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x11E42800
18:08:20.0574 0868 ============================================================
18:08:20.0620 0868 C: <-> \Device\Harddisk0\DR0\Partition2
18:08:20.0620 0868 ============================================================
18:08:20.0620 0868 Initialize success
18:08:20.0620 0868 ============================================================
18:08:27.0219 3500 ============================================================
18:08:27.0219 3500 Scan started
18:08:27.0219 3500 Mode: Manual; SigCheck; TDLFS;
18:08:27.0219 3500 ============================================================
18:08:28.0483 3500 ================ Scan system memory ========================
18:08:28.0483 3500 System memory - ok
18:08:28.0483 3500 ================ Scan services =============================
18:08:28.0608 3500 [ A0709B82FA3B5AFAD1467E565B8B3BA0 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:08:28.0842 3500 !SASCORE ( UnsignedFile.Multi.Generic ) - warning
18:08:28.0842 3500 !SASCORE - detected UnsignedFile.Multi.Generic (1)
18:08:29.0232 3500 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:08:29.0325 3500 1394ohci - ok
18:08:29.0372 3500 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:08:29.0419 3500 ACPI - ok
18:08:29.0450 3500 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:08:29.0575 3500 AcpiPmi - ok
18:08:29.0684 3500 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:08:29.0731 3500 AdobeARMservice - ok
18:08:29.0981 3500 [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:08:30.0012 3500 AdobeFlashPlayerUpdateSvc - ok
18:08:30.0059 3500 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:08:30.0121 3500 adp94xx - ok
18:08:30.0183 3500 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:08:30.0230 3500 adpahci - ok
18:08:30.0246 3500 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:08:30.0293 3500 adpu320 - ok
18:08:30.0339 3500 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:08:30.0527 3500 AeLookupSvc - ok
18:08:30.0589 3500 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:08:30.0698 3500 AFD - ok
18:08:30.0745 3500 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:08:30.0792 3500 agp440 - ok
18:08:30.0854 3500 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:08:30.0963 3500 ALG - ok
18:08:30.0979 3500 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:08:31.0026 3500 aliide - ok
18:08:31.0104 3500 [ A118340CF84B007EA6351630FFF8BB78 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:08:31.0244 3500 AMD External Events Utility - ok
18:08:31.0275 3500 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:08:31.0338 3500 amdide - ok
18:08:31.0385 3500 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:08:31.0463 3500 AmdK8 - ok
18:08:32.0024 3500 [ 54F05FCCD1A6DE22F21992FE5F7A7B40 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
18:08:32.0336 3500 amdkmdag - ok
18:08:32.0399 3500 [ 3FFF0D6E7603601E62C5AD992B5E5912 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:08:32.0477 3500 amdkmdap - ok
18:08:32.0508 3500 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:08:32.0570 3500 AmdPPM - ok
18:08:32.0633 3500 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:08:32.0664 3500 amdsata - ok
18:08:32.0679 3500 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:08:32.0711 3500 amdsbs - ok
18:08:32.0726 3500 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:08:32.0742 3500 amdxata - ok
18:08:32.0804 3500 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:08:33.0023 3500 AppID - ok
18:08:33.0069 3500 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:08:33.0179 3500 AppIDSvc - ok
18:08:33.0210 3500 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:08:33.0303 3500 Appinfo - ok
18:08:33.0366 3500 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:08:33.0397 3500 Apple Mobile Device - ok
18:08:33.0459 3500 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
18:08:33.0537 3500 AppMgmt - ok
18:08:33.0584 3500 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:08:33.0631 3500 arc - ok
18:08:33.0647 3500 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:08:33.0678 3500 arcsas - ok
18:08:33.0709 3500 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:08:33.0818 3500 AsyncMac - ok
18:08:33.0849 3500 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:08:33.0881 3500 atapi - ok
18:08:34.0349 3500 [ 54F05FCCD1A6DE22F21992FE5F7A7B40 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:08:34.0629 3500 atikmdag - ok
18:08:34.0739 3500 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:08:34.0832 3500 AudioEndpointBuilder - ok
18:08:34.0848 3500 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:08:34.0895 3500 AudioSrv - ok
18:08:34.0941 3500 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:08:35.0222 3500 AxInstSV - ok
18:08:35.0316 3500 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:08:35.0409 3500 b06bdrv - ok
18:08:35.0519 3500 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:08:35.0581 3500 b57nd60a - ok
18:08:35.0659 3500 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:08:35.0721 3500 BDESVC - ok
18:08:35.0753 3500 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:08:35.0846 3500 Beep - ok
18:08:35.0955 3500 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:08:36.0080 3500 BFE - ok
18:08:36.0189 3500 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
18:08:36.0330 3500 BITS - ok
18:08:36.0377 3500 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:08:36.0423 3500 blbdrive - ok
18:08:36.0533 3500 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
18:08:36.0579 3500 Bonjour Service - ok
18:08:36.0611 3500 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:08:36.0673 3500 bowser - ok
18:08:36.0704 3500 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:08:36.0751 3500 BrFiltLo - ok
18:08:36.0767 3500 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:08:36.0782 3500 BrFiltUp - ok
18:08:36.0829 3500 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
18:08:36.0938 3500 BridgeMP - ok
18:08:36.0985 3500 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:08:37.0063 3500 Browser - ok
18:08:37.0094 3500 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:08:37.0172 3500 Brserid - ok
18:08:37.0188 3500 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:08:37.0250 3500 BrSerWdm - ok
18:08:37.0281 3500 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:08:37.0328 3500 BrUsbMdm - ok
18:08:37.0375 3500 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:08:37.0406 3500 BrUsbSer - ok
18:08:37.0437 3500 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:08:37.0469 3500 BTHMODEM - ok
18:08:37.0531 3500 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:08:37.0593 3500 bthserv - ok
18:08:37.0625 3500 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:08:37.0671 3500 cdfs - ok
18:08:37.0718 3500 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:08:37.0781 3500 cdrom - ok
18:08:37.0827 3500 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:08:37.0952 3500 CertPropSvc - ok
18:08:37.0999 3500 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:08:38.0046 3500 circlass - ok
18:08:38.0108 3500 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:08:38.0139 3500 CLFS - ok
18:08:38.0249 3500 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:08:38.0295 3500 clr_optimization_v2.0.50727_32 - ok
18:08:38.0389 3500 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:08:38.0436 3500 clr_optimization_v2.0.50727_64 - ok
18:08:38.0498 3500 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:08:38.0576 3500 clr_optimization_v4.0.30319_32 - ok
18:08:38.0607 3500 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:08:38.0639 3500 clr_optimization_v4.0.30319_64 - ok
18:08:38.0670 3500 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:08:38.0717 3500 CmBatt - ok
18:08:38.0748 3500 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:08:38.0763 3500 cmdide - ok
18:08:38.0795 3500 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:08:38.0888 3500 CNG - ok
18:08:38.0966 3500 [ A358EF95AFACC93AFCC2292F160A5FE4 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
18:08:39.0060 3500 CnxtHdAudService - ok
18:08:39.0107 3500 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:08:39.0138 3500 Compbatt - ok
18:08:39.0169 3500 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:08:39.0231 3500 CompositeBus - ok
18:08:39.0247 3500 COMSysApp - ok
18:08:39.0263 3500 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:08:39.0309 3500 crcdisk - ok
18:08:39.0356 3500 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:08:39.0419 3500 CryptSvc - ok
18:08:39.0481 3500 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
18:08:39.0575 3500 CSC - ok
18:08:39.0653 3500 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
18:08:39.0731 3500 CscService - ok
18:08:39.0777 3500 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:08:39.0918 3500 DcomLaunch - ok
18:08:39.0965 3500 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:08:40.0011 3500 defragsvc - ok
18:08:40.0058 3500 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:08:40.0136 3500 DfsC - ok
18:08:40.0183 3500 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:08:40.0261 3500 Dhcp - ok
18:08:40.0292 3500 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:08:40.0386 3500 discache - ok
18:08:40.0401 3500 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:08:40.0417 3500 Disk - ok
18:08:40.0479 3500 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:08:40.0557 3500 Dnscache - ok
18:08:40.0604 3500 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:08:40.0713 3500 dot3svc - ok
18:08:40.0760 3500 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:08:40.0838 3500 DPS - ok
18:08:40.0885 3500 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:08:40.0932 3500 drmkaud - ok
18:08:40.0994 3500 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:08:41.0072 3500 dtsoftbus01 - ok
18:08:41.0197 3500 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:08:41.0244 3500 DXGKrnl - ok
18:08:41.0306 3500 [ D608110ADB132E683360FCA0F6B2BB53 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
18:08:41.0353 3500 e1yexpress - ok
18:08:41.0400 3500 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:08:41.0493 3500 EapHost - ok
18:08:41.0696 3500 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:08:41.0821 3500 ebdrv - ok
18:08:41.0852 3500 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:08:41.0915 3500 EFS - ok
18:08:42.0039 3500 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:08:42.0117 3500 ehRecvr - ok
18:08:42.0164 3500 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:08:42.0211 3500 ehSched - ok
18:08:42.0258 3500 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:08:42.0320 3500 elxstor - ok
18:08:42.0351 3500 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:08:42.0398 3500 ErrDev - ok
18:08:42.0507 3500 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:08:42.0601 3500 EventSystem - ok
18:08:42.0632 3500 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:08:42.0726 3500 exfat - ok
18:08:42.0741 3500 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:08:42.0819 3500 fastfat - ok
18:08:42.0882 3500 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:08:42.0944 3500 Fax - ok
18:08:42.0975 3500 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:08:43.0038 3500 fdc - ok
18:08:43.0069 3500 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:08:43.0147 3500 fdPHost - ok
18:08:43.0147 3500 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:08:43.0209 3500 FDResPub - ok
18:08:43.0241 3500 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:08:43.0241 3500 FileInfo - ok
18:08:43.0256 3500 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:08:43.0303 3500 Filetrace - ok
18:08:43.0334 3500 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:08:43.0350 3500 flpydisk - ok
18:08:43.0412 3500 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:08:43.0443 3500 FltMgr - ok
18:08:43.0506 3500 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:08:43.0584 3500 FontCache - ok
18:08:43.0646 3500 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:08:43.0677 3500 FontCache3.0.0.0 - ok
18:08:43.0709 3500 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:08:43.0755 3500 FsDepends - ok
18:08:43.0787 3500 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:08:43.0818 3500 Fs_Rec - ok
18:08:43.0865 3500 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:08:43.0911 3500 fvevol - ok
18:08:43.0927 3500 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:08:43.0943 3500 gagp30kx - ok
18:08:43.0974 3500 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:08:43.0989 3500 GEARAspiWDM - ok
18:08:44.0036 3500 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:08:44.0161 3500 gpsvc - ok
18:08:44.0192 3500 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:08:44.0270 3500 hcw85cir - ok
18:08:44.0317 3500 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:08:44.0364 3500 HdAudAddService - ok
18:08:44.0379 3500 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:08:44.0426 3500 HDAudBus - ok
18:08:44.0442 3500 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:08:44.0489 3500 HidBatt - ok
18:08:44.0520 3500 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:08:44.0567 3500 HidBth - ok
18:08:44.0598 3500 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:08:44.0645 3500 HidIr - ok
18:08:44.0676 3500 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
18:08:44.0769 3500 hidserv - ok
18:08:44.0816 3500 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:08:44.0832 3500 HidUsb - ok
18:08:44.0879 3500 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:08:44.0972 3500 hkmsvc - ok
18:08:45.0003 3500 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:08:45.0081 3500 HomeGroupListener - ok
18:08:45.0113 3500 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:08:45.0175 3500 HomeGroupProvider - ok
18:08:45.0222 3500 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:08:45.0253 3500 HpSAMD - ok
18:08:45.0315 3500 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:08:45.0425 3500 HTTP - ok
18:08:45.0456 3500 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:08:45.0487 3500 hwpolicy - ok
18:08:45.0549 3500 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:08:45.0581 3500 i8042prt - ok
18:08:45.0643 3500 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:08:45.0705 3500 iaStorV - ok
18:08:45.0737 3500 [ 16A43ABB5A334C7842F4A60CF9FF8041 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
18:08:45.0752 3500 IBMPMDRV - ok
18:08:45.0768 3500 [ 32B778CCF1F3B1458EDDA98FB8431EAC ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
18:08:45.0783 3500 IBMPMSVC - ok
18:08:45.0830 3500 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:08:45.0908 3500 idsvc - ok
18:08:46.0501 3500 [ 2D18C9E1F23970DE32D78D3B1CDDA0A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:08:46.0782 3500 igfx - ok
18:08:46.0813 3500 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:08:46.0844 3500 iirsp - ok
18:08:46.0922 3500 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:08:47.0047 3500 IKEEXT - ok
18:08:47.0078 3500 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:08:47.0109 3500 intelide - ok
18:08:47.0733 3500 [ 2D18C9E1F23970DE32D78D3B1CDDA0A7 ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
18:08:47.0952 3500 intelkmd - ok
18:08:48.0014 3500 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:08:48.0045 3500 intelppm - ok
18:08:48.0077 3500 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:08:48.0139 3500 IPBusEnum - ok
18:08:48.0186 3500 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:08:48.0264 3500 IpFilterDriver - ok
18:08:48.0311 3500 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:08:48.0373 3500 iphlpsvc - ok
18:08:48.0404 3500 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:08:48.0451 3500 IPMIDRV - ok
18:08:48.0482 3500 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:08:48.0576 3500 IPNAT - ok
18:08:48.0685 3500 [ A9E53E1A9C4274EEBC00D36AE5ED40DE ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:08:48.0732 3500 iPod Service - ok
18:08:48.0763 3500 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:08:48.0825 3500 IRENUM - ok
18:08:48.0857 3500 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:08:48.0888 3500 isapnp - ok
18:08:48.0935 3500 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:08:48.0950 3500 iScsiPrt - ok
18:08:48.0981 3500 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:08:48.0997 3500 kbdclass - ok
18:08:49.0028 3500 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:08:49.0059 3500 kbdhid - ok
18:08:49.0075 3500 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:08:49.0091 3500 KeyIso - ok
18:08:49.0122 3500 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:08:49.0137 3500 KSecDD - ok
18:08:49.0169 3500 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:08:49.0200 3500 KSecPkg - ok
18:08:49.0231 3500 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:08:49.0325 3500 ksthunk - ok
18:08:49.0371 3500 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:08:49.0434 3500 KtmRm - ok
18:08:49.0481 3500 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
18:08:49.0574 3500 LanmanServer - ok
18:08:49.0605 3500 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:08:49.0683 3500 LanmanWorkstation - ok
18:08:49.0730 3500 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:08:49.0808 3500 lltdio - ok
18:08:49.0855 3500 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:08:49.0949 3500 lltdsvc - ok
18:08:49.0964 3500 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:08:50.0042 3500 lmhosts - ok
18:08:50.0073 3500 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:08:50.0120 3500 LSI_FC - ok
18:08:50.0167 3500 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:08:50.0214 3500 LSI_SAS - ok
18:08:50.0214 3500 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:08:50.0245 3500 LSI_SAS2 - ok
18:08:50.0261 3500 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:08:50.0276 3500 LSI_SCSI - ok
18:08:50.0307 3500 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:08:50.0370 3500 luafv - ok
18:08:50.0432 3500 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:08:50.0463 3500 MBAMProtector - ok
18:08:50.0557 3500 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:08:50.0588 3500 MBAMScheduler - ok
18:08:50.0619 3500 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:08:50.0682 3500 MBAMService - ok
18:08:50.0713 3500 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:08:50.0760 3500 Mcx2Svc - ok
18:08:50.0791 3500 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:08:50.0822 3500 megasas - ok
18:08:50.0869 3500 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:08:50.0900 3500 MegaSR - ok
18:08:50.0947 3500 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:08:51.0009 3500 MMCSS - ok
18:08:51.0041 3500 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:08:51.0134 3500 Modem - ok
18:08:51.0181 3500 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:08:51.0228 3500 monitor - ok
18:08:51.0259 3500 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
18:08:51.0275 3500 mouclass - ok
18:08:51.0290 3500 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:08:51.0306 3500 mouhid - ok
18:08:51.0353 3500 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:08:51.0399 3500 mountmgr - ok
18:08:51.0462 3500 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:08:51.0509 3500 MozillaMaintenance - ok
18:08:51.0540 3500 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:08:51.0618 3500 MpFilter - ok
18:08:51.0665 3500 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:08:51.0711 3500 mpio - ok
18:08:51.0743 3500 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:08:51.0821 3500 mpsdrv - ok

 

[Auvic]

18:08:51.0930 3500 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:08:52.0055 3500 MpsSvc - ok
18:08:52.0086 3500 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:08:52.0148 3500 MRxDAV - ok
18:08:52.0195 3500 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:08:52.0257 3500 mrxsmb - ok
18:08:52.0304 3500 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:08:52.0351 3500 mrxsmb10 - ok
18:08:52.0398 3500 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:08:52.0445 3500 mrxsmb20 - ok
18:08:52.0460 3500 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:08:52.0507 3500 msahci - ok
18:08:52.0554 3500 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:08:52.0601 3500 msdsm - ok
18:08:52.0647 3500 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:08:52.0710 3500 MSDTC - ok
18:08:52.0757 3500 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:08:52.0835 3500 Msfs - ok
18:08:52.0928 3500 [ E7826E9F372D4B57C3A56872A24385D9 ] MsgPlusService C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
18:08:52.0944 3500 MsgPlusService ( UnsignedFile.Multi.Generic ) - warning
18:08:52.0944 3500 MsgPlusService - detected UnsignedFile.Multi.Generic (1)
18:08:52.0975 3500 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:08:53.0069 3500 mshidkmdf - ok
18:08:53.0100 3500 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:08:53.0100 3500 msisadrv - ok
18:08:53.0162 3500 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:08:53.0271 3500 MSiSCSI - ok
18:08:53.0287 3500 msiserver - ok
18:08:53.0334 3500 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:08:53.0427 3500 MSKSSRV - ok
18:08:53.0490 3500 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:08:53.0521 3500 MsMpSvc - ok
18:08:53.0552 3500 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:08:53.0630 3500 MSPCLOCK - ok
18:08:53.0661 3500 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:08:53.0724 3500 MSPQM - ok
18:08:53.0755 3500 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:08:53.0802 3500 MsRPC - ok
18:08:53.0833 3500 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:08:53.0864 3500 mssmbios - ok
18:08:53.0911 3500 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:08:54.0020 3500 MSTEE - ok
18:08:54.0036 3500 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:08:54.0083 3500 MTConfig - ok
18:08:54.0114 3500 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:08:54.0145 3500 Mup - ok
18:08:54.0223 3500 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:08:54.0332 3500 napagent - ok
18:08:54.0379 3500 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:08:54.0473 3500 NativeWifiP - ok
18:08:54.0535 3500 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:08:54.0613 3500 NDIS - ok
18:08:54.0629 3500 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:08:54.0691 3500 NdisCap - ok
18:08:54.0722 3500 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:08:54.0769 3500 NdisTapi - ok
18:08:54.0800 3500 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:08:54.0863 3500 Ndisuio - ok
18:08:54.0894 3500 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:08:54.0972 3500 NdisWan - ok
18:08:55.0003 3500 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:08:55.0081 3500 NDProxy - ok
18:08:55.0112 3500 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:08:55.0206 3500 NetBIOS - ok
18:08:55.0237 3500 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:08:55.0315 3500 NetBT - ok
18:08:55.0331 3500 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:08:55.0346 3500 Netlogon - ok
18:08:55.0424 3500 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:08:55.0502 3500 Netman - ok
18:08:55.0533 3500 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:08:55.0658 3500 netprofm - ok
18:08:55.0689 3500 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:08:55.0721 3500 NetTcpPortSharing - ok
18:08:56.0657 3500 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
18:08:56.0937 3500 NETw5s64 - ok
18:08:57.0374 3500 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
18:08:57.0639 3500 netw5v64 - ok
18:08:57.0702 3500 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:08:57.0733 3500 nfrd960 - ok
18:08:57.0764 3500 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:08:57.0795 3500 NisDrv - ok
18:08:57.0842 3500 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
18:08:57.0858 3500 NisSrv - ok
18:08:57.0920 3500 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:08:57.0983 3500 NlaSvc - ok
18:08:58.0029 3500 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:08:58.0123 3500 Npfs - ok
18:08:58.0185 3500 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:08:58.0295 3500 nsi - ok
18:08:58.0310 3500 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:08:58.0419 3500 nsiproxy - ok
18:08:58.0653 3500 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:08:58.0747 3500 Ntfs - ok
18:08:58.0778 3500 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:08:58.0856 3500 Null - ok
18:08:58.0903 3500 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:08:58.0950 3500 nvraid - ok
18:08:59.0012 3500 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:08:59.0059 3500 nvstor - ok
18:08:59.0090 3500 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:08:59.0137 3500 nv_agp - ok
18:08:59.0168 3500 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:08:59.0215 3500 ohci1394 - ok
18:08:59.0277 3500 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:08:59.0371 3500 p2pimsvc - ok
18:08:59.0402 3500 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:08:59.0449 3500 p2psvc - ok
18:08:59.0496 3500 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:08:59.0543 3500 Parport - ok
18:08:59.0589 3500 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:08:59.0636 3500 partmgr - ok
18:08:59.0652 3500 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:08:59.0714 3500 PcaSvc - ok
18:08:59.0777 3500 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:08:59.0808 3500 pci - ok
18:08:59.0839 3500 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:08:59.0886 3500 pciide - ok
18:08:59.0917 3500 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:08:59.0933 3500 pcmcia - ok
18:08:59.0964 3500 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:08:59.0979 3500 pcw - ok
18:09:00.0011 3500 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:09:00.0104 3500 PEAUTH - ok
18:09:00.0213 3500 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:09:00.0323 3500 PeerDistSvc - ok
18:09:00.0822 3500 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:09:00.0915 3500 PerfHost - ok
18:09:01.0243 3500 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:09:01.0337 3500 pla - ok
18:09:01.0399 3500 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:09:01.0477 3500 PlugPlay - ok
18:09:01.0524 3500 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:09:01.0555 3500 PNRPAutoReg - ok
18:09:01.0571 3500 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:09:01.0602 3500 PNRPsvc - ok
18:09:01.0711 3500 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:09:01.0820 3500 PolicyAgent - ok
18:09:01.0883 3500 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:09:01.0976 3500 Power - ok
18:09:02.0023 3500 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:09:02.0101 3500 PptpMiniport - ok
18:09:02.0132 3500 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:09:02.0195 3500 Processor - ok
18:09:02.0241 3500 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:09:02.0304 3500 ProfSvc - ok
18:09:02.0335 3500 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:09:02.0351 3500 ProtectedStorage - ok
18:09:02.0397 3500 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:09:02.0491 3500 Psched - ok
18:09:02.0865 3500 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:09:02.0959 3500 ql2300 - ok
18:09:03.0021 3500 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:09:03.0068 3500 ql40xx - ok
18:09:03.0115 3500 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:09:03.0177 3500 QWAVE - ok
18:09:03.0209 3500 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:09:03.0287 3500 QWAVEdrv - ok
18:09:03.0302 3500 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:09:03.0380 3500 RasAcd - ok
18:09:03.0427 3500 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:09:03.0505 3500 RasAgileVpn - ok
18:09:03.0521 3500 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:09:03.0583 3500 RasAuto - ok
18:09:03.0630 3500 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:09:03.0723 3500 Rasl2tp - ok
18:09:03.0786 3500 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:09:03.0879 3500 RasMan - ok
18:09:03.0926 3500 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:09:04.0020 3500 RasPppoe - ok
18:09:04.0051 3500 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:09:04.0145 3500 RasSstp - ok
18:09:04.0207 3500 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:09:04.0285 3500 rdbss - ok
18:09:04.0301 3500 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:09:04.0347 3500 rdpbus - ok
18:09:04.0379 3500 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:09:04.0472 3500 RDPCDD - ok
18:09:04.0503 3500 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:09:04.0566 3500 RDPDR - ok
18:09:04.0613 3500 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:09:04.0706 3500 RDPENCDD - ok
18:09:04.0737 3500 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:09:04.0800 3500 RDPREFMP - ok
18:09:04.0925 3500 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:09:05.0018 3500 RdpVideoMiniport - ok
18:09:05.0065 3500 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:09:05.0127 3500 RDPWD - ok
18:09:05.0174 3500 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:09:05.0221 3500 rdyboost - ok
18:09:05.0268 3500 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:09:05.0377 3500 RemoteAccess - ok
18:09:05.0424 3500 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:09:05.0533 3500 RemoteRegistry - ok
18:09:05.0580 3500 [ 2A43F9E6DBDE12BC0C104785C3B3F5DF ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
18:09:05.0611 3500 rismxdp - ok
18:09:05.0642 3500 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:09:05.0720 3500 RpcEptMapper - ok
18:09:05.0720 3500 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:09:05.0767 3500 RpcLocator - ok
18:09:05.0814 3500 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:09:05.0892 3500 RpcSs - ok
18:09:05.0939 3500 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:09:06.0001 3500 rspndr - ok
18:09:06.0048 3500 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:09:06.0110 3500 s3cap - ok
18:09:06.0126 3500 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:09:06.0141 3500 SamSs - ok
18:09:06.0204 3500 [ 99DF79C258B3342B6C8A5F802998DE56 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:09:06.0235 3500 SASDIFSV - ok
18:09:06.0251 3500 [ 2859C35C0651E8EB0D86D48E740388F2 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:09:06.0282 3500 SASKUTIL - ok
18:09:06.0329 3500 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:09:06.0391 3500 sbp2port - ok
18:09:06.0469 3500 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:09:06.0578 3500 SCardSvr - ok
18:09:06.0609 3500 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:09:06.0719 3500 scfilter - ok
18:09:06.0906 3500 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:09:06.0999 3500 Schedule - ok
18:09:07.0046 3500 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:09:07.0077 3500 SCPolicySvc - ok
18:09:07.0124 3500 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
18:09:07.0187 3500 sdbus - ok
18:09:07.0233 3500 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:09:07.0296 3500 SDRSVC - ok
18:09:07.0343 3500 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:09:07.0436 3500 secdrv - ok
18:09:07.0467 3500 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:09:07.0561 3500 seclogon - ok
18:09:07.0592 3500 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
18:09:07.0686 3500 SENS - ok
18:09:07.0701 3500 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:09:07.0779 3500 SensrSvc - ok
18:09:07.0795 3500 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:09:07.0826 3500 Serenum - ok
18:09:07.0857 3500 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:09:07.0904 3500 Serial - ok
18:09:07.0920 3500 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:09:07.0967 3500 sermouse - ok
18:09:08.0013 3500 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:09:08.0107 3500 SessionEnv - ok
18:09:08.0123 3500 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:09:08.0154 3500 sffdisk - ok
18:09:08.0169 3500 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:09:08.0216 3500 sffp_mmc - ok
18:09:08.0216 3500 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:09:08.0279 3500 sffp_sd - ok
18:09:08.0310 3500 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:09:08.0341 3500 sfloppy - ok
18:09:08.0435 3500 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:09:08.0559 3500 SharedAccess - ok
18:09:08.0653 3500 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:09:08.0762 3500 ShellHWDetection - ok
18:09:08.0793 3500 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:09:08.0840 3500 SiSRaid2 - ok
18:09:08.0856 3500 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:09:08.0871 3500 SiSRaid4 - ok
18:09:08.0949 3500 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:09:08.0981 3500 SkypeUpdate - ok
18:09:09.0012 3500 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:09:09.0121 3500 Smb - ok
18:09:09.0168 3500 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:09:09.0215 3500 SNMPTRAP - ok
18:09:09.0246 3500 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:09:09.0277 3500 spldr - ok
18:09:09.0402 3500 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:09:09.0464 3500 Spooler - ok
18:09:10.0088 3500 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:09:10.0291 3500 sppsvc - ok
18:09:10.0338 3500 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:09:10.0400 3500 sppuinotify - ok
18:09:10.0478 3500 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:09:10.0556 3500 srv - ok
18:09:10.0603 3500 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:09:10.0650 3500 srv2 - ok
18:09:10.0712 3500 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:09:10.0759 3500 SrvHsfHDA - ok
18:09:10.0790 3500 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:09:10.0884 3500 SrvHsfV92 - ok
18:09:11.0024 3500 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:09:11.0087 3500 SrvHsfWinac - ok
18:09:11.0118 3500 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:09:11.0165 3500 srvnet - ok
18:09:11.0211 3500 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:09:11.0289 3500 SSDPSRV - ok
18:09:11.0352 3500 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:09:11.0430 3500 SstpSvc - ok
18:09:11.0508 3500 Steam Client Service - ok
18:09:11.0570 3500 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:09:11.0601 3500 stexstor - ok
18:09:11.0664 3500 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:09:11.0742 3500 stisvc - ok
18:09:11.0804 3500 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:09:11.0835 3500 storflt - ok
18:09:11.0867 3500 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:09:11.0913 3500 storvsc - ok
18:09:11.0929 3500 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:09:11.0976 3500 swenum - ok
18:09:12.0023 3500 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:09:12.0116 3500 swprv - ok
18:09:12.0132 3500 Synth3dVsc - ok
18:09:12.0179 3500 [ 868DFB220A18312A12CEF01BA9AC069B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:09:12.0194 3500 SynTP - ok
18:09:12.0522 3500 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:09:12.0647 3500 SysMain - ok
18:09:12.0693 3500 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:09:12.0740 3500 TabletInputService - ok
18:09:12.0771 3500 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:09:12.0849 3500 TapiSrv - ok
18:09:12.0865 3500 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:09:12.0896 3500 TBS - ok
18:09:12.0974 3500 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:09:13.0068 3500 Tcpip - ok
18:09:13.0099 3500 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:09:13.0146 3500 TCPIP6 - ok
18:09:13.0161 3500 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:09:13.0208 3500 tcpipreg - ok
18:09:13.0239 3500 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:09:13.0317 3500 TDPIPE - ok
18:09:13.0349 3500 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:09:13.0380 3500 TDTCP - ok
18:09:13.0427 3500 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:09:13.0505 3500 tdx - ok
18:09:13.0551 3500 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:09:13.0583 3500 TermDD - ok
18:09:13.0645 3500 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:09:13.0739 3500 TermService - ok
18:09:13.0785 3500 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:09:13.0863 3500 Themes - ok
18:09:13.0910 3500 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:09:13.0988 3500 THREADORDER - ok
18:09:14.0004 3500 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
18:09:14.0066 3500 TPM - ok
18:09:14.0097 3500 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:09:14.0191 3500 TrkWks - ok
18:09:14.0285 3500 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:09:14.0378 3500 TrustedInstaller - ok
18:09:14.0409 3500 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:09:14.0519 3500 tssecsrv - ok
18:09:14.0565 3500 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:09:14.0612 3500 TsUsbFlt - ok
18:09:14.0628 3500 tsusbhub - ok
18:09:14.0675 3500 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:09:14.0753 3500 tunnel - ok
18:09:14.0799 3500 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:09:14.0846 3500 uagp35 - ok
18:09:14.0955 3500 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:09:15.0049 3500 udfs - ok
18:09:15.0111 3500 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:09:15.0158 3500 UI0Detect - ok
18:09:15.0221 3500 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:09:15.0267 3500 uliagpkx - ok
18:09:15.0299 3500 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:09:15.0361 3500 umbus - ok
18:09:15.0392 3500 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:09:15.0470 3500 UmPass - ok
18:09:15.0533 3500 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
18:09:15.0579 3500 UmRdpService - ok
18:09:15.0595 3500 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:09:15.0642 3500 upnphost - ok
18:09:15.0689 3500 [ 54D4B48D443E7228BF64CF7CDC3118AC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:09:15.0720 3500 USBAAPL64 - ok
18:09:15.0767 3500 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:09:15.0829 3500 usbaudio - ok
18:09:15.0860 3500 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:09:15.0938 3500 usbccgp - ok
18:09:15.0985 3500 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:09:16.0047 3500 usbcir - ok
18:09:16.0079 3500 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:09:16.0125 3500 usbehci - ok
18:09:16.0157 3500 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:09:16.0219 3500 usbhub - ok
18:09:16.0250 3500 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:09:16.0328 3500 usbohci - ok
18:09:16.0375 3500 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:09:16.0453 3500 usbprint - ok
18:09:16.0469 3500 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:09:16.0578 3500 USBSTOR - ok
18:09:16.0625 3500 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:09:16.0687 3500 usbuhci - ok
18:09:16.0734 3500 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:09:16.0812 3500 UxSms - ok
18:09:16.0827 3500 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:09:16.0843 3500 VaultSvc - ok
18:09:16.0874 3500 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:09:16.0905 3500 vdrvroot - ok
18:09:16.0983 3500 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:09:17.0093 3500 vds - ok
18:09:17.0139 3500 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:09:17.0171 3500 vga - ok
18:09:17.0171 3500 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:09:17.0249 3500 VgaSave - ok
18:09:17.0264 3500 VGPU - ok
18:09:17.0311 3500 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:09:17.0358 3500 vhdmp - ok
18:09:17.0389 3500 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:09:17.0436 3500 viaide - ok
18:09:17.0545 3500 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:09:17.0623 3500 vmbus - ok
18:09:17.0654 3500 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:09:17.0717 3500 VMBusHID - ok
18:09:17.0779 3500 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:09:17.0826 3500 volmgr - ok
18:09:17.0873 3500 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:09:17.0919 3500 volmgrx - ok
18:09:18.0091 3500 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:09:18.0169 3500 volsnap - ok
18:09:18.0263 3500 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:09:18.0341 3500 vsmraid - ok
18:09:18.0637 3500 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:09:18.0762 3500 VSS - ok
18:09:18.0777 3500 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:09:18.0809 3500 vwifibus - ok
18:09:18.0855 3500 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:09:18.0902 3500 vwififlt - ok
18:09:18.0965 3500 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:09:19.0058 3500 W32Time - ok
18:09:19.0136 3500 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:09:19.0183 3500 WacomPen - ok
18:09:19.0245 3500 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:09:19.0339 3500 WANARP - ok
18:09:19.0355 3500 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:09:19.0401 3500 Wanarpv6 - ok
18:09:19.0495 3500 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:09:19.0573 3500 WatAdminSvc - ok
18:09:19.0776 3500 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:09:19.0901 3500 wbengine - ok
18:09:19.0947 3500 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:09:19.0994 3500 WbioSrvc - ok
18:09:20.0072 3500 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:09:20.0150 3500 wcncsvc - ok
18:09:20.0197 3500 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:09:20.0275 3500 WcsPlugInService - ok
18:09:20.0322 3500 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:09:20.0353 3500 Wd - ok
18:09:20.0415 3500 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:09:20.0478 3500 Wdf01000 - ok
18:09:20.0493 3500 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:09:20.0618 3500 WdiServiceHost - ok
18:09:20.0618 3500 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:09:20.0649 3500 WdiSystemHost - ok
18:09:20.0681 3500 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:09:20.0727 3500 WebClient - ok
18:09:20.0821 3500 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:09:20.0915 3500 Wecsvc - ok
18:09:20.0946 3500 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:09:21.0008 3500 wercplsupport - ok
18:09:21.0039 3500 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:09:21.0117 3500 WerSvc - ok
18:09:21.0149 3500 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:09:21.0211 3500 WfpLwf - ok
18:09:21.0227 3500 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:09:21.0242 3500 WIMMount - ok
18:09:21.0258 3500 WinDefend - ok
18:09:21.0258 3500 WinHttpAutoProxySvc - ok
18:09:21.0351 3500 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:09:21.0445 3500 Winmgmt - ok
18:09:21.0585 3500 WinRing0_1_2_0 - ok
18:09:21.0835 3500 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:09:21.0960 3500 WinRM - ok
18:09:22.0022 3500 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:09:22.0069 3500 WinUsb - ok
18:09:22.0116 3500 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:09:22.0194 3500 Wlansvc - ok
18:09:22.0334 3500 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:09:22.0381 3500 wlidsvc - ok
18:09:22.0412 3500 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:09:22.0475 3500 WmiAcpi - ok
18:09:22.0646 3500 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:09:22.0709 3500 wmiApSrv - ok
18:09:22.0755 3500 WMPNetworkSvc - ok
18:09:22.0787 3500 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:09:22.0865 3500 WPCSvc - ok
18:09:22.0896 3500 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:09:22.0974 3500 WPDBusEnum - ok
18:09:22.0989 3500 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:09:23.0099 3500 ws2ifsl - ok
18:09:23.0114 3500 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
18:09:23.0177 3500 wscsvc - ok
18:09:23.0192 3500 WSearch - ok
18:09:23.0520 3500 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:09:23.0660 3500 wuauserv - ok
18:09:23.0691 3500 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:09:23.0785 3500 WudfPf - ok
18:09:23.0832 3500 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:09:23.0894 3500 WUDFRd - ok
18:09:23.0941 3500 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:09:24.0003 3500 wudfsvc - ok
18:09:24.0050 3500 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:09:24.0097 3500 WwanSvc - ok
18:09:24.0128 3500 ================ Scan global ===============================
18:09:24.0159 3500 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:09:24.0191 3500 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:09:24.0253 3500 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:09:24.0315 3500 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:09:24.0362 3500 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:09:24.0378 3500 [Global] - ok
18:09:24.0378 3500 ================ Scan MBR ==================================
18:09:24.0393 3500 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:09:24.0425 3500 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
18:09:24.0425 3500 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
18:09:25.0111 3500 ================ Scan VBR ==================================
18:09:25.0142 3500 [ 3735DB8413332BF848E1950E2CB6BEE1 ] \Device\Harddisk0\DR0\Partition1
18:09:25.0173 3500 \Device\Harddisk0\DR0\Partition1 - ok
18:09:25.0189 3500 [ 7AA504E61C90ED85BA2F6D5C568DA462 ] \Device\Harddisk0\DR0\Partition2
18:09:25.0220 3500 \Device\Harddisk0\DR0\Partition2 - ok
18:09:25.0220 3500 ============================================================
18:09:25.0220 3500 Scan finished
18:09:25.0220 3500 ============================================================
18:09:25.0236 2864 Detected object count: 3
18:09:25.0236 2864 Actual detected object count: 3
18:10:09.0509 2864 !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:09.0509 2864 !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:09.0509 2864 MsgPlusService ( UnsignedFile.Multi.Generic ) - skipped by user
18:10:09.0509 2864 MsgPlusService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:10:14.0220 2864 \Device\Harddisk0\DR0\# - copied to quarantine
18:10:14.0485 2864 \Device\Harddisk0\DR0 - copied to quarantine
18:10:14.0547 2864 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
18:10:14.0594 2864 \Device\Harddisk0\DR0 - ok
18:10:14.0594 2864 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
18:10:33.0034 3376 Deinitialize success

 

[Auvic]

Log 2:

18:17:10.0848 1840 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:17:11.0082 1840 ============================================================
18:17:11.0082 1840 Current date / time: 2013/02/25 18:17:11.0082
18:17:11.0082 1840 SystemInfo:
18:17:11.0082 1840
18:17:11.0082 1840 OS Version: 6.1.7601 ServicePack: 1.0
18:17:11.0082 1840 Product type: Workstation
18:17:11.0082 1840 ComputerName: NOISELESS
18:17:11.0082 1840 UserName: Vincent
18:17:11.0082 1840 Windows directory: C:\Windows
18:17:11.0082 1840 System windows directory: C:\Windows
18:17:11.0082 1840 Running under WOW64
18:17:11.0082 1840 Processor architecture: Intel x64
18:17:11.0082 1840 Number of processors: 2
18:17:11.0082 1840 Page size: 0x1000
18:17:11.0082 1840 Boot type: Normal boot
18:17:11.0082 1840 ============================================================
18:17:42.0277 1840 BG loaded
18:17:43.0905 1840 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
18:17:43.0912 1840 ============================================================
18:17:43.0912 1840 \Device\Harddisk0\DR0:
18:17:43.0950 1840 MBR partitions:
18:17:43.0950 1840 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:17:43.0950 1840 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x11E42800
18:17:43.0950 1840 ============================================================
18:17:44.0091 1840 C: <-> \Device\Harddisk0\DR0\Partition2
18:17:44.0091 1840 ============================================================
18:17:44.0091 1840 Initialize success
18:17:44.0091 1840 ============================================================
18:18:10.0798 3624 ============================================================
18:18:10.0798 3624 Scan started
18:18:10.0798 3624 Mode: Manual; SigCheck; TDLFS;
18:18:10.0798 3624 ============================================================
18:18:12.0762 3624 ================ Scan system memory ========================
18:18:12.0762 3624 System memory - ok
18:18:12.0763 3624 ================ Scan services =============================
18:18:13.0034 3624 [ A0709B82FA3B5AFAD1467E565B8B3BA0 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:18:13.0201 3624 !SASCORE ( UnsignedFile.Multi.Generic ) - warning
18:18:13.0201 3624 !SASCORE - detected UnsignedFile.Multi.Generic (1)
18:18:13.0842 3624 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:18:13.0955 3624 1394ohci - ok
18:18:14.0069 3624 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:18:14.0116 3624 ACPI - ok
18:18:14.0154 3624 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:18:14.0293 3624 AcpiPmi - ok
18:18:14.0453 3624 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:18:14.0486 3624 AdobeARMservice - ok
18:18:14.0796 3624 [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:18:14.0836 3624 AdobeFlashPlayerUpdateSvc - ok
18:18:14.0948 3624 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:18:15.0011 3624 adp94xx - ok
18:18:15.0052 3624 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:18:15.0106 3624 adpahci - ok
18:18:15.0142 3624 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:18:15.0169 3624 adpu320 - ok
18:18:15.0227 3624 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:18:15.0534 3624 AeLookupSvc - ok
18:18:15.0648 3624 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:18:15.0742 3624 AFD - ok
18:18:15.0804 3624 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:18:15.0835 3624 agp440 - ok
18:18:15.0898 3624 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:18:16.0038 3624 ALG - ok
18:18:16.0085 3624 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:18:16.0132 3624 aliide - ok
18:18:16.0210 3624 [ A118340CF84B007EA6351630FFF8BB78 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:18:16.0475 3624 AMD External Events Utility - ok
18:18:16.0506 3624 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:18:16.0537 3624 amdide - ok
18:18:16.0615 3624 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:18:16.0693 3624 AmdK8 - ok
18:18:16.0990 3624 [ 54F05FCCD1A6DE22F21992FE5F7A7B40 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
18:18:17.0146 3624 amdkmdag - ok
18:18:17.0239 3624 [ 3FFF0D6E7603601E62C5AD992B5E5912 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:18:17.0333 3624 amdkmdap - ok
18:18:17.0380 3624 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:18:17.0458 3624 AmdPPM - ok
18:18:17.0505 3624 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:18:17.0551 3624 amdsata - ok
18:18:17.0583 3624 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:18:17.0629 3624 amdsbs - ok
18:18:17.0676 3624 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:18:17.0723 3624 amdxata - ok
18:18:17.0817 3624 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:18:18.0456 3624 AppID - ok
18:18:18.0503 3624 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:18:18.0643 3624 AppIDSvc - ok
18:18:18.0721 3624 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:18:18.0862 3624 Appinfo - ok
18:18:19.0018 3624 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:18:19.0033 3624 Apple Mobile Device - ok
18:18:19.0143 3624 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
18:18:19.0252 3624 AppMgmt - ok
18:18:19.0330 3624 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:18:19.0392 3624 arc - ok
18:18:19.0423 3624 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:18:19.0455 3624 arcsas - ok
18:18:19.0501 3624 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:18:19.0642 3624 AsyncMac - ok
18:18:19.0689 3624 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:18:19.0720 3624 atapi - ok
18:18:20.0843 3624 [ 54F05FCCD1A6DE22F21992FE5F7A7B40 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:18:21.0202 3624 atikmdag - ok
18:18:21.0451 3624 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:18:21.0576 3624 AudioEndpointBuilder - ok
18:18:21.0623 3624 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:18:21.0685 3624 AudioSrv - ok
18:18:21.0763 3624 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:18:22.0091 3624 AxInstSV - ok
18:18:22.0263 3624 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:18:22.0372 3624 b06bdrv - ok
18:18:22.0434 3624 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:18:22.0512 3624 b57nd60a - ok
18:18:22.0590 3624 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:18:22.0653 3624 BDESVC - ok
18:18:22.0715 3624 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:18:22.0840 3624 Beep - ok
18:18:23.0027 3624 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:18:23.0136 3624 BFE - ok
18:18:23.0277 3624 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
18:18:23.0433 3624 BITS - ok
18:18:23.0464 3624 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:18:23.0526 3624 blbdrive - ok
18:18:23.0682 3624 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
18:18:23.0713 3624 Bonjour Service - ok
18:18:23.0760 3624 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:18:23.0838 3624 bowser - ok
18:18:23.0885 3624 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:18:23.0963 3624 BrFiltLo - ok
18:18:23.0994 3624 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:18:24.0041 3624 BrFiltUp - ok
18:18:24.0150 3624 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
18:18:24.0244 3624 BridgeMP - ok
18:18:24.0322 3624 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:18:24.0415 3624 Browser - ok
18:18:24.0493 3624 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:18:24.0634 3624 Brserid - ok
18:18:24.0681 3624 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:18:24.0759 3624 BrSerWdm - ok
18:18:24.0790 3624 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:18:24.0837 3624 BrUsbMdm - ok
18:18:24.0868 3624 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:18:24.0930 3624 BrUsbSer - ok
18:18:24.0946 3624 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:18:25.0008 3624 BTHMODEM - ok
18:18:25.0071 3624 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:18:25.0149 3624 bthserv - ok
18:18:25.0211 3624 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:18:25.0320 3624 cdfs - ok
18:18:25.0429 3624 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:18:25.0507 3624 cdrom - ok
18:18:25.0601 3624 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:18:25.0741 3624 CertPropSvc - ok
18:18:25.0804 3624 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:18:25.0882 3624 circlass - ok
18:18:25.0975 3624 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:18:26.0038 3624 CLFS - ok
18:18:26.0225 3624 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:18:26.0272 3624 clr_optimization_v2.0.50727_32 - ok
18:18:26.0412 3624 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:18:26.0459 3624 clr_optimization_v2.0.50727_64 - ok
18:18:26.0693 3624 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:18:26.0958 3624 clr_optimization_v4.0.30319_32 - ok
18:18:27.0114 3624 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:18:27.0145 3624 clr_optimization_v4.0.30319_64 - ok
18:18:27.0239 3624 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:18:27.0286 3624 CmBatt - ok
18:18:27.0333 3624 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:18:27.0395 3624 cmdide - ok
18:18:27.0473 3624 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:18:27.0535 3624 CNG - ok
18:18:27.0676 3624 [ A358EF95AFACC93AFCC2292F160A5FE4 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
18:18:27.0801 3624 CnxtHdAudService - ok
18:18:27.0863 3624 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:18:27.0910 3624 Compbatt - ok
18:18:27.0957 3624 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:18:28.0019 3624 CompositeBus - ok
18:18:28.0035 3624 COMSysApp - ok
18:18:28.0066 3624 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:18:28.0113 3624 crcdisk - ok
18:18:28.0237 3624 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:18:28.0315 3624 CryptSvc - ok
18:18:28.0409 3624 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
18:18:28.0503 3624 CSC - ok
18:18:28.0596 3624 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
18:18:28.0643 3624 CscService - ok
18:18:28.0705 3624 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:18:28.0752 3624 DcomLaunch - ok
18:18:28.0846 3624 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:18:28.0924 3624 defragsvc - ok
18:18:29.0002 3624 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:18:29.0080 3624 DfsC - ok
18:18:29.0189 3624 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:18:29.0314 3624 Dhcp - ok
18:18:29.0345 3624 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:18:29.0423 3624 discache - ok
18:18:29.0454 3624 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:18:29.0470 3624 Disk - ok
18:18:29.0532 3624 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:18:29.0641 3624 Dnscache - ok
18:18:29.0766 3624 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:18:29.0891 3624 dot3svc - ok
18:18:29.0938 3624 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:18:30.0000 3624 DPS - ok
18:18:30.0031 3624 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:18:30.0109 3624 drmkaud - ok
18:18:30.0219 3624 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:18:30.0265 3624 dtsoftbus01 - ok
18:18:30.0421 3624 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:18:30.0484 3624 DXGKrnl - ok
18:18:30.0577 3624 [ D608110ADB132E683360FCA0F6B2BB53 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
18:18:30.0624 3624 e1yexpress - ok
18:18:30.0687 3624 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:18:30.0780 3624 EapHost - ok
18:18:31.0108 3624 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:18:31.0295 3624 ebdrv - ok
18:18:31.0342 3624 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:18:31.0451 3624 EFS - ok
18:18:31.0607 3624 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:18:31.0716 3624 ehRecvr - ok
18:18:31.0763 3624 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:18:31.0810 3624 ehSched - ok
18:18:31.0903 3624 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:18:31.0966 3624 elxstor - ok
18:18:31.0997 3624 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:18:32.0044 3624 ErrDev - ok
18:18:32.0169 3624 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:18:32.0262 3624 EventSystem - ok
18:18:32.0340 3624 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:18:32.0403 3624 exfat - ok
18:18:32.0434 3624 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:18:32.0496 3624 fastfat - ok
18:18:32.0605 3624 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:18:32.0652 3624 Fax - ok
18:18:32.0699 3624 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:18:32.0761 3624 fdc - ok
18:18:32.0808 3624 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:18:32.0886 3624 fdPHost - ok
18:18:32.0917 3624 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:18:33.0058 3624 FDResPub - ok
18:18:33.0089 3624 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:18:33.0120 3624 FileInfo - ok
18:18:33.0151 3624 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:18:33.0261 3624 Filetrace - ok
18:18:33.0292 3624 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:18:33.0323 3624 flpydisk - ok
18:18:33.0417 3624 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:18:33.0463 3624 FltMgr - ok
18:18:33.0526 3624 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:18:33.0604 3624 FontCache - ok
18:18:33.0713 3624 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:18:33.0760 3624 FontCache3.0.0.0 - ok
18:18:33.0822 3624 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:18:33.0838 3624 FsDepends - ok
18:18:33.0885 3624 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:18:33.0931 3624 Fs_Rec - ok
18:18:34.0025 3624 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:18:34.0072 3624 fvevol - ok
18:18:34.0087 3624 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:18:34.0119 3624 gagp30kx - ok
18:18:34.0150 3624 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:18:34.0165 3624 GEARAspiWDM - ok
18:18:34.0290 3624 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:18:34.0399 3624 gpsvc - ok
18:18:34.0477 3624 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:18:34.0571 3624 hcw85cir - ok
18:18:34.0711 3624 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:18:34.0789 3624 HdAudAddService - ok
18:18:34.0821 3624 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:18:34.0883 3624 HDAudBus - ok
18:18:34.0945 3624 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:18:35.0008 3624 HidBatt - ok
18:18:35.0039 3624 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:18:35.0101 3624 HidBth - ok
18:18:35.0133 3624 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:18:35.0211 3624 HidIr - ok
18:18:35.0273 3624 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
18:18:35.0382 3624 hidserv - ok
18:18:35.0460 3624 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:18:35.0507 3624 HidUsb - ok
18:18:35.0569 3624 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:18:35.0679 3624 hkmsvc - ok
18:18:35.0772 3624 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:18:35.0850 3624 HomeGroupListener - ok
18:18:35.0928 3624 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:18:35.0991 3624 HomeGroupProvider - ok
18:18:36.0037 3624 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:18:36.0084 3624 HpSAMD - ok
18:18:36.0178 3624 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:18:36.0271 3624 HTTP - ok
18:18:36.0318 3624 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:18:36.0349 3624 hwpolicy - ok
18:18:36.0459 3624 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:18:36.0505 3624 i8042prt - ok
18:18:36.0693 3624 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:18:36.0755 3624 iaStorV - ok
18:18:36.0817 3624 [ 16A43ABB5A334C7842F4A60CF9FF8041 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
18:18:36.0849 3624 IBMPMDRV - ok
18:18:36.0880 3624 [ 32B778CCF1F3B1458EDDA98FB8431EAC ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
18:18:36.0911 3624 IBMPMSVC - ok
18:18:37.0051 3624 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:18:37.0083 3624 idsvc - ok
18:18:37.0410 3624 [ 2D18C9E1F23970DE32D78D3B1CDDA0A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:18:37.0753 3624 igfx - ok
18:18:37.0800 3624 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:18:37.0816 3624 iirsp - ok
18:18:37.0941 3624 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:18:38.0034 3624 IKEEXT - ok
18:18:38.0081 3624 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:18:38.0128 3624 intelide - ok
18:18:38.0455 3624 [ 2D18C9E1F23970DE32D78D3B1CDDA0A7 ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
18:18:38.0533 3624 intelkmd - ok
18:18:38.0596 3624 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:18:38.0627 3624 intelppm - ok
18:18:38.0658 3624 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:18:38.0721 3624 IPBusEnum - ok
18:18:38.0752 3624 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:18:38.0799 3624 IpFilterDriver - ok
18:18:38.0845 3624 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:18:38.0877 3624 iphlpsvc - ok
18:18:38.0939 3624 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:18:38.0986 3624 IPMIDRV - ok
18:18:39.0001 3624 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:18:39.0126 3624 IPNAT - ok
18:18:39.0282 3624 [ A9E53E1A9C4274EEBC00D36AE5ED40DE ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:18:39.0313 3624 iPod Service - ok
18:18:39.0360 3624 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:18:39.0391 3624 IRENUM - ok
18:18:39.0438 3624 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:18:39.0501 3624 isapnp - ok
18:18:39.0532 3624 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:18:39.0563 3624 iScsiPrt - ok
18:18:39.0610 3624 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:18:39.0625 3624 kbdclass - ok
18:18:39.0641 3624 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:18:39.0657 3624 kbdhid - ok
18:18:39.0688 3624 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:18:39.0703 3624 KeyIso - ok
18:18:39.0750 3624 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:18:39.0797 3624 KSecDD - ok
18:18:39.0844 3624 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:18:39.0859 3624 KSecPkg - ok
18:18:39.0891 3624 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:18:39.0953 3624 ksthunk - ok
18:18:40.0062 3624 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:18:40.0125 3624 KtmRm - ok
18:18:40.0234 3624 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
18:18:40.0312 3624 LanmanServer - ok
18:18:40.0374 3624 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:18:40.0437 3624 LanmanWorkstation - ok
18:18:40.0515 3624 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:18:40.0561 3624 lltdio - ok
18:18:40.0608 3624 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:18:40.0686 3624 lltdsvc - ok
18:18:40.0717 3624 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:18:40.0780 3624 lmhosts - ok
18:18:40.0811 3624 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:18:40.0827 3624 LSI_FC - ok
18:18:40.0842 3624 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:18:40.0858 3624 LSI_SAS - ok
18:18:40.0873 3624 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:18:40.0905 3624 LSI_SAS2 - ok
18:18:40.0936 3624 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:18:40.0951 3624 LSI_SCSI - ok
18:18:40.0967 3624 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:18:41.0029 3624 luafv - ok
18:18:41.0123 3624 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:18:41.0154 3624 MBAMProtector - ok
18:18:41.0295 3624 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:18:41.0326 3624 MBAMScheduler - ok
18:18:41.0373 3624 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:18:41.0388 3624 MBAMService - ok
18:18:41.0419 3624 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:18:41.0435 3624 Mcx2Svc - ok
18:18:41.0466 3624 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:18:41.0482 3624 megasas - ok
18:18:41.0497 3624 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:18:41.0513 3624 MegaSR - ok
18:18:41.0575 3624 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:18:41.0607 3624 MMCSS - ok
18:18:41.0638 3624 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:18:41.0747 3624 Modem - ok
18:18:41.0794 3624 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:18:41.0856 3624 monitor - ok
18:18:41.0903 3624 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
18:18:41.0950 3624 mouclass - ok
18:18:41.0997 3624 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:18:42.0043 3624 mouhid - ok
18:18:42.0090 3624 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:18:42.0121 3624 mountmgr - ok
18:18:42.0215 3624 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:18:42.0246 3624 MozillaMaintenance - ok
18:18:42.0324 3624 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:18:42.0355 3624 MpFilter - ok
18:18:42.0387 3624 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:18:42.0418 3624 mpio - ok
18:18:42.0449 3624 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:18:42.0511 3624 mpsdrv - ok
18:18:42.0589 3624 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:18:42.0667 3624 MpsSvc - ok
18:18:42.0699 3624 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:18:42.0777 3624 MRxDAV - ok
18:18:42.0823 3624 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:18:42.0886 3624 mrxsmb - ok
18:18:42.0917 3624 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:18:42.0979 3624 mrxsmb10 - ok
18:18:43.0026 3624 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:18:43.0057 3624 mrxsmb20 - ok
18:18:43.0089 3624 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:18:43.0104 3624 msahci - ok
18:18:43.0135 3624 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:18:43.0167 3624 msdsm - ok
18:18:43.0198 3624 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:18:43.0245 3624 MSDTC - ok
18:18:43.0291 3624 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:18:43.0338 3624 Msfs - ok
18:18:43.0401 3624 [ E7826E9F372D4B57C3A56872A24385D9 ] MsgPlusService C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
18:18:43.0432 3624 MsgPlusService ( UnsignedFile.Multi.Generic ) - warning
18:18:43.0432 3624 MsgPlusService - detected UnsignedFile.Multi.Generic (1)
18:18:43.0479 3624 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:18:43.0541 3624 mshidkmdf - ok
18:18:43.0557 3624 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:18:43.0572 3624 msisadrv - ok
18:18:43.0619 3624 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:18:43.0713 3624 MSiSCSI - ok
18:18:43.0728 3624 msiserver - ok
18:18:43.0775 3624 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:18:43.0853 3624 MSKSSRV - ok
18:18:43.0900 3624 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:18:43.0947 3624 MsMpSvc - ok
18:18:43.0978 3624 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:18:44.0071 3624 MSPCLOCK - ok
18:18:44.0134 3624 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:18:44.0259 3624 MSPQM - ok
18:18:44.0305 3624 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:18:44.0352 3624 MsRPC - ok
18:18:44.0383 3624 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:18:44.0399 3624 mssmbios - ok
18:18:44.0461 3624 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:18:44.0555 3624 MSTEE - ok

 

[Auvic]

18:18:44.0571 3624 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:18:44.0586 3624 MTConfig - ok
18:18:44.0617 3624 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:18:44.0664 3624 Mup - ok
18:18:44.0711 3624 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:18:44.0773 3624 napagent - ok
18:18:44.0820 3624 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:18:44.0898 3624 NativeWifiP - ok
18:18:44.0945 3624 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:18:45.0023 3624 NDIS - ok
18:18:45.0039 3624 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:18:45.0101 3624 NdisCap - ok
18:18:45.0117 3624 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:18:45.0179 3624 NdisTapi - ok
18:18:45.0210 3624 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:18:45.0304 3624 Ndisuio - ok
18:18:45.0366 3624 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:18:45.0460 3624 NdisWan - ok
18:18:45.0538 3624 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:18:45.0600 3624 NDProxy - ok
18:18:45.0725 3624 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:18:45.0850 3624 NetBIOS - ok
18:18:46.0037 3624 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:18:46.0146 3624 NetBT - ok
18:18:46.0162 3624 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:18:46.0193 3624 Netlogon - ok
18:18:46.0552 3624 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:18:46.0614 3624 Netman - ok
18:18:46.0817 3624 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:18:46.0926 3624 netprofm - ok
18:18:46.0957 3624 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:18:46.0989 3624 NetTcpPortSharing - ok
18:18:47.0394 3624 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
18:18:47.0550 3624 NETw5s64 - ok
18:18:47.0971 3624 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
18:18:48.0268 3624 netw5v64 - ok
18:18:48.0299 3624 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:18:48.0315 3624 nfrd960 - ok
18:18:48.0361 3624 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:18:48.0377 3624 NisDrv - ok
18:18:48.0424 3624 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
18:18:48.0439 3624 NisSrv - ok
18:18:48.0549 3624 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:18:48.0580 3624 NlaSvc - ok
18:18:48.0611 3624 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:18:48.0658 3624 Npfs - ok
18:18:48.0720 3624 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:18:48.0829 3624 nsi - ok
18:18:48.0892 3624 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:18:49.0017 3624 nsiproxy - ok
18:18:49.0219 3624 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:18:49.0297 3624 Ntfs - ok
18:18:49.0346 3624 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:18:49.0424 3624 Null - ok
18:18:49.0471 3624 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:18:49.0502 3624 nvraid - ok
18:18:49.0533 3624 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:18:49.0580 3624 nvstor - ok
18:18:49.0596 3624 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:18:49.0627 3624 nv_agp - ok
18:18:49.0643 3624 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:18:49.0674 3624 ohci1394 - ok
18:18:49.0736 3624 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:18:49.0783 3624 p2pimsvc - ok
18:18:49.0814 3624 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:18:49.0830 3624 p2psvc - ok
18:18:49.0861 3624 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:18:49.0923 3624 Parport - ok
18:18:49.0970 3624 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:18:49.0986 3624 partmgr - ok
18:18:50.0001 3624 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:18:50.0033 3624 PcaSvc - ok
18:18:50.0095 3624 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:18:50.0142 3624 pci - ok
18:18:50.0173 3624 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:18:50.0189 3624 pciide - ok
18:18:50.0220 3624 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:18:50.0251 3624 pcmcia - ok
18:18:50.0267 3624 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:18:50.0282 3624 pcw - ok
18:18:50.0298 3624 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:18:50.0345 3624 PEAUTH - ok
18:18:50.0563 3624 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:18:50.0688 3624 PeerDistSvc - ok
18:18:50.0828 3624 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:18:50.0875 3624 PerfHost - ok
18:18:50.0969 3624 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:18:51.0078 3624 pla - ok
18:18:51.0125 3624 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:18:51.0203 3624 PlugPlay - ok
18:18:51.0249 3624 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:18:51.0281 3624 PNRPAutoReg - ok
18:18:51.0312 3624 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:18:51.0327 3624 PNRPsvc - ok
18:18:51.0374 3624 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:18:51.0499 3624 PolicyAgent - ok
18:18:51.0546 3624 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:18:51.0655 3624 Power - ok
18:18:51.0686 3624 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:18:51.0749 3624 PptpMiniport - ok
18:18:51.0780 3624 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:18:51.0827 3624 Processor - ok
18:18:51.0873 3624 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:18:51.0936 3624 ProfSvc - ok
18:18:51.0967 3624 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:18:51.0998 3624 ProtectedStorage - ok
18:18:52.0029 3624 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:18:52.0123 3624 Psched - ok
18:18:52.0185 3624 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:18:52.0263 3624 ql2300 - ok
18:18:52.0295 3624 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:18:52.0326 3624 ql40xx - ok
18:18:52.0373 3624 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:18:52.0419 3624 QWAVE - ok
18:18:52.0435 3624 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:18:52.0497 3624 QWAVEdrv - ok
18:18:52.0513 3624 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:18:52.0575 3624 RasAcd - ok
18:18:52.0622 3624 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:18:52.0685 3624 RasAgileVpn - ok
18:18:52.0700 3624 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:18:52.0809 3624 RasAuto - ok
18:18:52.0841 3624 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:18:52.0934 3624 Rasl2tp - ok
18:18:52.0965 3624 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:18:53.0028 3624 RasMan - ok
18:18:53.0059 3624 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:18:53.0153 3624 RasPppoe - ok
18:18:53.0184 3624 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:18:53.0262 3624 RasSstp - ok
18:18:53.0309 3624 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:18:53.0355 3624 rdbss - ok
18:18:53.0371 3624 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:18:53.0402 3624 rdpbus - ok
18:18:53.0418 3624 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:18:53.0496 3624 RDPCDD - ok
18:18:53.0543 3624 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:18:53.0589 3624 RDPDR - ok
18:18:53.0621 3624 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:18:53.0699 3624 RDPENCDD - ok
18:18:53.0730 3624 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:18:53.0745 3624 RDPREFMP - ok
18:18:53.0823 3624 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:18:53.0901 3624 RdpVideoMiniport - ok
18:18:53.0948 3624 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:18:53.0995 3624 RDPWD - ok
18:18:54.0042 3624 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:18:54.0073 3624 rdyboost - ok
18:18:54.0104 3624 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:18:54.0182 3624 RemoteAccess - ok
18:18:54.0229 3624 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:18:54.0307 3624 RemoteRegistry - ok
18:18:54.0338 3624 [ 2A43F9E6DBDE12BC0C104785C3B3F5DF ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
18:18:54.0369 3624 rismxdp - ok
18:18:54.0401 3624 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:18:54.0463 3624 RpcEptMapper - ok
18:18:54.0479 3624 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:18:54.0525 3624 RpcLocator - ok
18:18:54.0557 3624 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:18:54.0619 3624 RpcSs - ok
18:18:54.0635 3624 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:18:54.0697 3624 rspndr - ok
18:18:54.0728 3624 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:18:54.0791 3624 s3cap - ok
18:18:54.0806 3624 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:18:54.0837 3624 SamSs - ok
18:18:54.0900 3624 [ 99DF79C258B3342B6C8A5F802998DE56 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:18:54.0931 3624 SASDIFSV - ok
18:18:54.0947 3624 [ 2859C35C0651E8EB0D86D48E740388F2 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:18:54.0978 3624 SASKUTIL - ok
18:18:55.0009 3624 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:18:55.0040 3624 sbp2port - ok
18:18:55.0087 3624 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:18:55.0181 3624 SCardSvr - ok
18:18:55.0212 3624 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:18:55.0290 3624 scfilter - ok
18:18:55.0352 3624 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:18:55.0415 3624 Schedule - ok
18:18:55.0446 3624 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:18:55.0477 3624 SCPolicySvc - ok
18:18:55.0508 3624 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
18:18:55.0571 3624 sdbus - ok
18:18:55.0617 3624 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:18:55.0680 3624 SDRSVC - ok
18:18:55.0727 3624 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:18:55.0805 3624 secdrv - ok
18:18:55.0836 3624 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:18:55.0898 3624 seclogon - ok
18:18:55.0929 3624 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
18:18:56.0054 3624 SENS - ok
18:18:56.0070 3624 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:18:56.0085 3624 SensrSvc - ok
18:18:56.0101 3624 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:18:56.0117 3624 Serenum - ok
18:18:56.0148 3624 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:18:56.0148 3624 Serial - ok
18:18:56.0179 3624 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:18:56.0210 3624 sermouse - ok
18:18:56.0257 3624 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:18:56.0351 3624 SessionEnv - ok
18:18:56.0382 3624 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:18:56.0413 3624 sffdisk - ok
18:18:56.0429 3624 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:18:56.0491 3624 sffp_mmc - ok
18:18:56.0491 3624 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:18:56.0522 3624 sffp_sd - ok
18:18:56.0553 3624 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:18:56.0585 3624 sfloppy - ok
18:18:56.0647 3624 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:18:56.0772 3624 SharedAccess - ok
18:18:56.0819 3624 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:18:56.0865 3624 ShellHWDetection - ok
18:18:56.0881 3624 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:18:56.0912 3624 SiSRaid2 - ok
18:18:56.0928 3624 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:18:56.0943 3624 SiSRaid4 - ok
18:18:57.0006 3624 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:18:57.0037 3624 SkypeUpdate - ok
18:18:57.0068 3624 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:18:57.0162 3624 Smb - ok
18:18:57.0224 3624 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:18:57.0271 3624 SNMPTRAP - ok
18:18:57.0302 3624 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:18:57.0333 3624 spldr - ok
18:18:57.0380 3624 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:18:57.0443 3624 Spooler - ok
18:18:57.0599 3624 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:18:57.0677 3624 sppsvc - ok
18:18:57.0708 3624 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:18:57.0817 3624 sppuinotify - ok
18:18:57.0848 3624 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:18:57.0895 3624 srv - ok
18:18:57.0942 3624 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:18:58.0004 3624 srv2 - ok
18:18:58.0051 3624 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:18:58.0098 3624 SrvHsfHDA - ok
18:18:58.0160 3624 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:18:58.0238 3624 SrvHsfV92 - ok
18:18:58.0269 3624 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:18:58.0301 3624 SrvHsfWinac - ok
18:18:58.0316 3624 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:18:58.0332 3624 srvnet - ok
18:18:58.0363 3624 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:18:58.0425 3624 SSDPSRV - ok
18:18:58.0441 3624 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:18:58.0472 3624 SstpSvc - ok
18:18:58.0519 3624 Steam Client Service - ok
18:18:58.0550 3624 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:18:58.0581 3624 stexstor - ok
18:18:58.0628 3624 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:18:58.0675 3624 stisvc - ok
18:18:58.0722 3624 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:18:58.0737 3624 storflt - ok
18:18:58.0769 3624 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:18:58.0784 3624 storvsc - ok
18:18:58.0815 3624 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:18:58.0831 3624 swenum - ok
18:18:58.0878 3624 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:18:58.0987 3624 swprv - ok
18:18:59.0003 3624 Synth3dVsc - ok
18:18:59.0096 3624 [ 868DFB220A18312A12CEF01BA9AC069B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:18:59.0127 3624 SynTP - ok
18:18:59.0221 3624 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:18:59.0330 3624 SysMain - ok
18:18:59.0361 3624 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:18:59.0424 3624 TabletInputService - ok
18:18:59.0455 3624 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:18:59.0564 3624 TapiSrv - ok
18:18:59.0595 3624 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:18:59.0627 3624 TBS - ok
18:18:59.0705 3624 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:18:59.0798 3624 Tcpip - ok
18:18:59.0845 3624 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:18:59.0876 3624 TCPIP6 - ok
18:18:59.0907 3624 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:18:59.0923 3624 tcpipreg - ok
18:18:59.0970 3624 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:19:00.0032 3624 TDPIPE - ok
18:19:00.0063 3624 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:19:00.0079 3624 TDTCP - ok
18:19:00.0126 3624 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:19:00.0173 3624 tdx - ok
18:19:00.0188 3624 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:19:00.0204 3624 TermDD - ok
18:19:00.0235 3624 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:19:00.0266 3624 TermService - ok
18:19:00.0313 3624 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:19:00.0360 3624 Themes - ok
18:19:00.0391 3624 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:19:00.0438 3624 THREADORDER - ok
18:19:00.0469 3624 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
18:19:00.0500 3624 TPM - ok
18:19:00.0516 3624 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:19:00.0578 3624 TrkWks - ok
18:19:00.0656 3624 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:19:00.0734 3624 TrustedInstaller - ok
18:19:00.0765 3624 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:19:00.0843 3624 tssecsrv - ok
18:19:00.0875 3624 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:19:00.0921 3624 TsUsbFlt - ok
18:19:00.0937 3624 tsusbhub - ok
18:19:00.0984 3624 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:19:01.0062 3624 tunnel - ok
18:19:01.0093 3624 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:19:01.0124 3624 uagp35 - ok
18:19:01.0171 3624 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:19:01.0311 3624 udfs - ok
18:19:01.0358 3624 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:19:01.0436 3624 UI0Detect - ok
18:19:01.0467 3624 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:19:01.0514 3624 uliagpkx - ok
18:19:01.0530 3624 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:19:01.0592 3624 umbus - ok
18:19:01.0639 3624 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:19:01.0670 3624 UmPass - ok
18:19:01.0873 3624 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
18:19:02.0029 3624 UmRdpService - ok
18:19:02.0497 3624 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:19:02.0684 3624 upnphost - ok
18:19:02.0856 3624 [ 54D4B48D443E7228BF64CF7CDC3118AC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:19:03.0012 3624 USBAAPL64 - ok
18:19:03.0059 3624 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:19:03.0090 3624 usbaudio - ok
18:19:03.0121 3624 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:19:03.0183 3624 usbccgp - ok
18:19:03.0215 3624 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:19:03.0277 3624 usbcir - ok
18:19:03.0308 3624 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:19:03.0371 3624 usbehci - ok
18:19:03.0433 3624 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:19:03.0495 3624 usbhub - ok
18:19:03.0527 3624 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:19:03.0573 3624 usbohci - ok
18:19:03.0605 3624 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:19:03.0651 3624 usbprint - ok
18:19:03.0683 3624 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:19:03.0792 3624 USBSTOR - ok
18:19:03.0823 3624 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:19:03.0854 3624 usbuhci - ok
18:19:03.0901 3624 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:19:04.0010 3624 UxSms - ok
18:19:04.0026 3624 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:19:04.0041 3624 VaultSvc - ok
18:19:04.0073 3624 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:19:04.0104 3624 vdrvroot - ok
18:19:04.0213 3624 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:19:04.0322 3624 vds - ok
18:19:04.0369 3624 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:19:04.0431 3624 vga - ok
18:19:04.0463 3624 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:19:04.0509 3624 VgaSave - ok
18:19:04.0525 3624 VGPU - ok
18:19:04.0603 3624 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:19:04.0650 3624 vhdmp - ok
18:19:04.0728 3624 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:19:04.0806 3624 viaide - ok
18:19:04.0931 3624 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:19:04.0993 3624 vmbus - ok
18:19:05.0024 3624 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:19:05.0258 3624 VMBusHID - ok
18:19:05.0321 3624 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:19:05.0399 3624 volmgr - ok
18:19:05.0508 3624 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:19:05.0539 3624 volmgrx - ok
18:19:05.0601 3624 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:19:05.0648 3624 volsnap - ok
18:19:05.0742 3624 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:19:05.0789 3624 vsmraid - ok
18:19:06.0241 3624 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:19:06.0399 3624 VSS - ok
18:19:06.0445 3624 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:19:06.0646 3624 vwifibus - ok
18:19:06.0740 3624 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:19:06.0857 3624 vwififlt - ok
18:19:07.0706 3624 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:19:07.0854 3624 W32Time - ok
18:19:07.0940 3624 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:19:08.0030 3624 WacomPen - ok
18:19:08.0115 3624 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:19:08.0233 3624 WANARP - ok
18:19:08.0285 3624 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:19:08.0315 3624 Wanarpv6 - ok
18:19:09.0112 3624 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:19:09.0242 3624 WatAdminSvc - ok
18:19:09.0614 3624 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:19:09.0776 3624 wbengine - ok
18:19:10.0041 3624 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:19:10.0145 3624 WbioSrvc - ok
18:19:10.0273 3624 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:19:10.0399 3624 wcncsvc - ok
18:19:10.0441 3624 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:19:10.0516 3624 WcsPlugInService - ok
18:19:10.0620 3624 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:19:10.0665 3624 Wd - ok
18:19:10.0911 3624 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:19:10.0969 3624 Wdf01000 - ok
18:19:10.0998 3624 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:19:11.0583 3624 WdiServiceHost - ok
18:19:11.0624 3624 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:19:11.0649 3624 WdiSystemHost - ok
18:19:11.0717 3624 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:19:11.0781 3624 WebClient - ok
18:19:11.0840 3624 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:19:11.0936 3624 Wecsvc - ok
18:19:11.0963 3624 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:19:12.0147 3624 wercplsupport - ok
18:19:12.0277 3624 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:19:12.0380 3624 WerSvc - ok
18:19:12.0490 3624 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:19:12.0523 3624 WfpLwf - ok
18:19:12.0548 3624 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:19:12.0592 3624 WIMMount - ok
18:19:12.0669 3624 WinDefend - ok
18:19:12.0681 3624 WinHttpAutoProxySvc - ok
18:19:12.0904 3624 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:19:12.0993 3624 Winmgmt - ok
18:19:14.0206 3624 WinRing0_1_2_0 - ok
18:19:14.0531 3624 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:19:14.0630 3624 WinRM - ok
18:19:14.0786 3624 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:19:14.0832 3624 WinUsb - ok
18:19:14.0895 3624 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:19:14.0988 3624 Wlansvc - ok
18:19:15.0129 3624 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:19:15.0176 3624 wlidsvc - ok
18:19:15.0207 3624 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:19:15.0254 3624 WmiAcpi - ok
18:19:15.0332 3624 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:19:15.0394 3624 wmiApSrv - ok
18:19:15.0441 3624 WMPNetworkSvc - ok
18:19:15.0472 3624 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:19:15.0519 3624 WPCSvc - ok
18:19:15.0566 3624 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:19:15.0644 3624 WPDBusEnum - ok
18:19:15.0675 3624 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:19:15.0784 3624 ws2ifsl - ok
18:19:15.0815 3624 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
18:19:15.0878 3624 wscsvc - ok
18:19:15.0893 3624 WSearch - ok
18:19:16.0018 3624 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:19:16.0065 3624 wuauserv - ok
18:19:16.0096 3624 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:19:16.0174 3624 WudfPf - ok
18:19:16.0221 3624 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:19:16.0283 3624 WUDFRd - ok
18:19:16.0314 3624 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:19:16.0377 3624 wudfsvc - ok
18:19:16.0424 3624 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:19:16.0486 3624 WwanSvc - ok
18:19:16.0502 3624 ================ Scan global ===============================
18:19:16.0548 3624 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:19:16.0580 3624 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:19:16.0642 3624 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:19:16.0673 3624 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:19:16.0720 3624 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:19:16.0720 3624 [Global] - ok
18:19:16.0720 3624 ================ Scan MBR ==================================
18:19:16.0736 3624 [ A863D80CBA35AABC0F9D12FBBF33CA0A ] \Device\Harddisk0\DR0
18:19:17.0141 3624 \Device\Harddisk0\DR0 - ok
18:19:17.0141 3624 ================ Scan VBR ==================================
18:19:17.0157 3624 [ 3735DB8413332BF848E1950E2CB6BEE1 ] \Device\Harddisk0\DR0\Partition1
18:19:17.0157 3624 \Device\Harddisk0\DR0\Partition1 - ok
18:19:17.0188 3624 [ 7AA504E61C90ED85BA2F6D5C568DA462 ] \Device\Harddisk0\DR0\Partition2
18:19:17.0188 3624 \Device\Harddisk0\DR0\Partition2 - ok
18:19:17.0188 3624 ============================================================
18:19:17.0188 3624 Scan finished
18:19:17.0188 3624 ============================================================
18:19:17.0219 3616 Detected object count: 2
18:19:17.0219 3616 Actual detected object count: 2
18:19:21.0166 3616 !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
18:19:21.0166 3616 !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:19:21.0166 3616 MsgPlusService ( UnsignedFile.Multi.Generic ) - skipped by user
18:19:21.0166 3616 MsgPlusService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:19:23.0974 1896 Deinitialize success

 

[Jay Pfoutz]

Great...well that didn't find the problem. :\

OTL Quick Scan

Please download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe.
• Click Quick Scan button and let the program run uninterrupted.
• It will produce a log for you called OTL.txt, please post it in your next reply.
• You may need to use two posts to get it all.

 

[Auvic]

It did kick out this:

18:10:14.0547 2864 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
18:10:14.0594 2864 \Device\Harddisk0\DR0 - ok
18:10:14.0594 2864 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
18:10:33.0034 3376 Deinitialize success

Should I run the OTL anyway?

 

[Jay Pfoutz]

Good to know!

Go ahead with OTL.

 

[Auvic]

OTL logfile created on: 3/1/2013 1:57:52 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vincent\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.90 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 54.90% Memory free
5.80 Gb Paging File | 4.46 Gb Available in Paging File | 76.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 143.13 Gb Total Space | 86.09 Gb Free Space | 60.15% Space Free | Partition Type: NTFS

Computer Name: NOISELESS | User Name: Vincent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/01 01:55:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vincent\Downloads\OTL.exe
PRC - [2013/01/23 16:02:11 | 000,802,304 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/03/22 09:41:42 | 004,494,848 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe
PRC - [2012/03/21 15:57:07 | 000,119,296 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin


========== Modules (No Company Name) ==========

MOD - [2012/03/18 10:10:52 | 008,499,712 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\QtGui4.dll
MOD - [2012/03/18 10:07:57 | 002,347,520 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\QtCore4.dll
MOD - [2012/03/18 10:07:57 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\imageformats\qjpeg4.dll
MOD - [2012/03/18 10:07:55 | 000,863,744 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\QtNetwork4.dll
MOD - [2012/03/18 10:07:54 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\imageformats\qgif4.dll
MOD - [2012/01/15 15:50:08 | 000,370,688 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\libsndfile.dll
MOD - [2012/01/15 15:50:00 | 000,390,656 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\lame_enc.dll
MOD - [2011/03/21 16:30:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/02/01 14:14:48 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/02/01 14:14:48 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/06/29 11:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/08/24 16:00:14 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/06/01 02:02:16 | 000,043,568 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2013/02/28 09:04:54 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/14 03:14:02 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/06 11:17:58 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/03/21 15:57:07 | 000,119,296 | ---- | M] (Yuna Software) [Auto | Running] -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/11 02:28:54 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/04/22 23:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/17 12:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 12:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/09/22 14:47:16 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2009/09/22 14:47:16 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/15 18:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009/08/24 16:33:30 | 006,104,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/24 16:33:30 | 006,104,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2009/08/24 15:10:06 | 000,135,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/07/22 05:57:58 | 000,647,168 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/08/22 21:10:26 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2007/06/01 02:01:52 | 000,026,928 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2006/11/18 13:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E 5E 7F 55 BC 6D CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: %7B7edcdfc0-3056-11e0-91fa-0800200c9a66%7D:0.1
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Vincent\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Vincent\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/06 11:17:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/06 11:17:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/06 11:17:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/06 11:17:33 | 000,000,000 | ---D | M]

[2012/07/29 15:41:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vincent\AppData\Roaming\Mozilla\Extensions
[2012/10/23 14:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\9sijq2hf.default\extensions
[2012/07/29 15:41:52 | 000,001,229 | ---- | M] () (No name found) -- C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\9sijq2hf.default\extensions\{7edcdfc0-3056-11e0-91fa-0800200c9a66}.xpi
[2013/02/27 07:30:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/06 11:17:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/02/06 11:17:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/02/06 11:17:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/02/06 11:17:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/02/06 11:17:59 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/26 16:49:48 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/26 16:49:48 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://gmail.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Vincent\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Vincent\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Vincent\AppData\Local\Google\Chrome\Application\25.0.1364.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Vincent\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: WinToFlash Suggestor = C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\acaoakiamfeidcmgooclgeleejkbaecf\1.2.5_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (WinToFlash Suggestor) - {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [googletalk] C:\Users\Vincent\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O9 - Extra 'Tools' menuitem : WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8EF9626B-2251-4C5E-BD17-D5F3E0E98B03} https://management.pna.utexas.edu/idengineswpa/tools/xc_loader_activex.ocx (xc_loader_activex.cntMain)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25EC66F7-E07D-453E-AAE1-390EDA1EABC6}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD783C53-2E55-4428-BABB-30C58E4C8B16}: DhcpNameServer = 10.160.220.60 10.160.16.66
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/01 01:56:10 | 000,000,000 | ---D | C] -- C:\Users\Vincent\Desktop\Poster
[2013/02/27 07:31:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/02/25 18:10:09 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/02/21 15:30:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/21 14:14:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/02/21 14:06:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/21 14:06:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/21 14:06:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/21 14:06:30 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/02/21 14:06:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/21 14:06:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/21 08:33:30 | 000,000,000 | ---D | C] -- C:\Users\Vincent\AppData\Local\{204111F5-15AE-42FB-A538-2E3389C97BFA}
[2013/02/18 12:01:56 | 000,000,000 | ---D | C] -- C:\Users\Vincent\AppData\Local\{EED1305B-9DD2-4032-8537-95EFFDB2D9DD}
[2013/02/18 00:01:42 | 000,000,000 | ---D | C] -- C:\Users\Vincent\AppData\Local\{9DE0C5F1-3237-48E8-AF0E-0F292E388FE7}
[2013/02/16 20:59:49 | 000,000,000 | ---D | C] -- C:\Users\Vincent\AppData\Local\{F774E98B-9AD2-4D4E-B30D-DEEEE8469B8A}
[2013/02/15 09:56:42 | 000,000,000 | ---D | C] -- C:\Users\Vincent\Desktop\Cancer Cytogenetics
[2013/02/14 22:24:27 | 000,000,000 | ---D | C] -- C:\Users\Vincent\AppData\Local\{7AAB4094-6685-4332-9873-60CC0C6F9DCA}
[2013/02/14 09:00:10 | 000,000,000 | ---D | C] -- C:\Users\Vincent\AppData\Local\{CACC86CB-0E85-49B5-A088-28B305BC08C2}
[2013/02/13 09:39:11 | 000,000,000 | ---D | C] -- C:\Users\Vincent\AppData\Local\{B14D8464-B386-43EB-82A3-84C27A16B971}
[2013/02/11 09:04:34 | 000,000,000 | ---D | C] -- C:\Users\Vincent\AppData\Local\{BA1A6346-7B0E-4F78-814F-B5DB5EF60BEC}
[2013/02/10 21:04:10 | 000,000,000 | ---D | C] -- C:\Users\Vincent\AppData\Local\{3714717F-5132-44A5-9F8A-4D71A95EB04F}
[2013/02/08 21:02:37 | 000,000,000 | ---D | C] -- C:\Users\Vincent\AppData\Local\{439E0B16-A624-4791-8EE6-97F6C14ADA51}
[2013/02/08 09:05:22 | 000,000,000 | ---D | C] -- C:\Users\Vincent\AppData\Local\Programs
[2013/02/08 09:02:12 | 000,000,000 | ---D | C] -- C:\Users\Vincent\AppData\Local\{165321E6-EC59-483B-B20E-1AABB9D6A469}
[2013/02/06 14:52:27 | 000,000,000 | ---D | C] -- C:\Users\Vincent\AppData\Local\{5B6D8BCE-2660-4B7A-8FB0-6B5733B561E1}
[2013/02/06 11:17:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/06 10:29:45 | 000,000,000 | ---D | C] -- C:\Users\Vincent\AppData\Local\{153F2C24-CD44-4680-A12D-70D722C17682}
[2013/02/04 12:07:41 | 000,000,000 | ---D | C] -- C:\Users\Vincent\AppData\Local\{E6EA3636-AB3A-46A1-A516-D6E58FBB74F5}
[2013/02/04 12:03:22 | 000,000,000 | ---D | C] -- C:\Users\Vincent\AppData\Local\{0F82E8E7-B153-4930-AAFE-35CD58E9B5DD}
[2013/02/04 00:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/02/04 00:21:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/02/03 21:20:39 | 000,000,000 | ---D | C] -- C:\Users\Vincent\AppData\Local\{C6EB04E4-AA14-4F8A-8854-31293D71494C}
[2013/02/01 15:28:00 | 000,000,000 | ---D | C] -- C:\Users\Vincent\Desktop\FISH
[2013/02/01 07:33:22 | 000,000,000 | ---D | C] -- C:\Users\Vincent\AppData\Local\{AFFDF80A-2FC5-44A8-8B14-C28BE23A70E2}
[2013/01/31 08:28:14 | 000,000,000 | ---D | C] -- C:\Users\Vincent\AppData\Local\{AFBC5FFE-90FB-4070-AC2F-1A82C1A60946}
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/01 02:00:36 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/01 02:00:36 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/01 01:57:14 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/01 01:57:14 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/01 01:57:14 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/01 01:57:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-955836838-487028394-284100168-1000UA.job
[2013/03/01 01:51:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/01 01:51:42 | 2334,138,368 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/28 15:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/28 13:33:14 | 000,030,483 | ---- | M] () -- C:\Users\Vincent\Desktop\Poster citations.odt
[2013/02/28 09:56:31 | 001,097,501 | ---- | M] () -- C:\Users\Vincent\Desktop\NEJMoa-ALK-NSCLC.pdf
[2013/02/28 09:04:39 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-955836838-487028394-284100168-1000Core.job
[2013/02/22 08:38:05 | 000,002,332 | ---- | M] () -- C:\Users\Vincent\Desktop\Google Chrome.lnk
[2013/02/17 00:21:58 | 000,024,436 | ---- | M] () -- C:\Users\Vincent\Desktop\Evaluation.odt
[2013/02/16 21:01:02 | 001,107,093 | ---- | M] () -- C:\Users\Vincent\Desktop\NEJMoa-ALK-NSCLC (1).pdf
[2013/02/15 10:43:03 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/15 10:00:03 | 000,294,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/08 09:05:39 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/28 13:33:13 | 000,030,483 | ---- | C] () -- C:\Users\Vincent\Desktop\Poster citations.odt
[2013/02/28 09:56:30 | 001,097,501 | ---- | C] () -- C:\Users\Vincent\Desktop\NEJMoa-ALK-NSCLC.pdf
[2013/02/21 14:06:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/21 14:06:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/21 14:06:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/21 14:06:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/21 14:06:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/16 21:01:02 | 001,107,093 | ---- | C] () -- C:\Users\Vincent\Desktop\NEJMoa-ALK-NSCLC (1).pdf
[2013/02/14 23:10:58 | 000,024,436 | ---- | C] () -- C:\Users\Vincent\Desktop\Evaluation.odt
[2012/08/30 07:13:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/01 01:24:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/03/11 02:32:49 | 000,000,000 | ---D | M] -- C:\Users\Vincent\AppData\Roaming\DAEMON Tools Lite
[2012/06/12 07:28:38 | 000,000,000 | ---D | M] -- C:\Users\Vincent\AppData\Roaming\Dropbox
[2012/09/06 08:09:59 | 000,000,000 | ---D | M] -- C:\Users\Vincent\AppData\Roaming\Juniper Networks
[2011/03/19 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\Vincent\AppData\Roaming\Mumble
[2011/02/01 14:15:15 | 000,000,000 | ---D | M] -- C:\Users\Vincent\AppData\Roaming\OpenOffice.org
[2012/03/12 20:24:51 | 000,000,000 | ---D | M] -- C:\Users\Vincent\AppData\Roaming\RIFT
[2012/12/18 13:32:45 | 000,000,000 | ---D | M] -- C:\Users\Vincent\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >

 

[Jay Pfoutz]

Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.

• Be sure to print out and follow the instructions provided on that same page for performing a scan.
• Caution: This is a beta version so also read the disclaimer and back up all your data before using.
• When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
• Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
• Copy and paste the contents of these two log files in your next reply.

Hitman Pro

Please download Hitman Pro

• After the download completes please double click the program to run it.
• Accept the terms of the license agreement and click Next
• Let the scan run. It will not take long
• When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
• Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
• Upload log.xml here for review please

 

[Auvic]

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.02.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Vincent :: NOISELESS [administrator]

3/2/2013 5:30:55 PM
mbar-log-2013-03-02 (17-30-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30730
Time elapsed: 18 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.527000 GHz
Memory total: 3112185856, free: 1162383360

------------ Kernel report ------------
03/02/2013 17:12:34
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\pcmcia.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atipmdag.sys
\SystemRoot\system32\DRIVERS\igdpmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\e1y60x64.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw5s64.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\drivers\sdbus.sys
\SystemRoot\system32\DRIVERS\rixdpx64.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\VSTAZL6.SYS
\SystemRoot\system32\DRIVERS\VSTDPV6.SYS
\SystemRoot\system32\DRIVERS\VSTCNXT6.SYS
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\clbcatq.dll
\Windows\System32\msctf.dll
\Windows\System32\wininet.dll
\Windows\System32\shlwapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\setupapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\lpk.dll
\Windows\System32\ole32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\shell32.dll
\Windows\System32\iertutil.dll
\Windows\System32\imagehlp.dll
\Windows\System32\ws2_32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\kernel32.dll
\Windows\System32\normaliz.dll
\Windows\System32\sechost.dll
\Windows\System32\usp10.dll
\Windows\System32\nsi.dll
\Windows\System32\imm32.dll
\Windows\System32\difxapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\psapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\user32.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004576060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80043c9680
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.03.02.13
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004576060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004575490, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004576060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80043c9680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00af07690, 0xfffffa8004576060, 0xfffffa8008b61790
Lower DeviceData: 0xfffff8a008c1fbb0, 0xfffffa80043c9680, 0xfffffa8004659090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: ED1F86F7

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 300165120

Partition 2 type is Other (0x12)
Partition is NOT ACTIVE.
Partition starts at LBA: 300371968 Numsec = 12206080

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================

 

[Auvic]

HitmanPro 3.7.2.190
www.hitmanpro.com
 
   Computer name . . . . : NOISELESS
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : Noiseless\Vincent
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2013-03-02 17:31:57
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 39s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 0
 
   Objects scanned . . . : 1,744,499
   Files scanned . . . . : 76,552
   Remnants scanned  . . : 799,575 files / 868,372 keys

a

 

[Auvic]

So far so good, seems like.

 

[Jay Pfoutz]

Great...time to check for remnants, my friend...

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
• Click Start or wait for the scanner to load.
• Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, there are a couple of things to keep in mind:
• 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
• 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
• Open the logfile from wherever you saved it
• Copy and paste the contents in your next reply.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
• Error messages
• Fake antivirus alerts or the icon in the system tray
• svchost.exe running at 100%
• System crashes or blue screen of death

Note: Absence of issues does not mean that you're protected in the future.

 

[Jay Pfoutz]

This going okay?

 

[Auvic]

It was going okay, but it decided to freeze / not boot up again today.

I sort of wonder if I might be overheating it, and causing it to freeze/not boot, but sometimes I can run it for hours on end without issues. I'll try and get that ESET scan up as soon as I can get my laptop itself to start working again, but I'm sort of leaning towards the possibility of a hardware issue at this point.

 

[Jay Pfoutz]

Let me know what happens...

 

[Auvic]

So far, no luck. I managed to get it to start booting, but it froze on the windows loading screen, haha.

 

[Jay Pfoutz]

Probably is a hardware issue...

Run MEMTEST for 5 passes: http://www.pchelpforum.com/memory/113776-memtest86-how.html

Let me know the results of it.

Note: it's important to run MEMTEST for 5 passes, because sometimes only one or two passes won't spot the issue.