Solved Random audio and Google search PC infection

[Jeshman]

Do I also need to do this step?

Then, follow the directions here to set your system for Minidumps (much smaller than the MEMORY.DMP file): http://www.carrona.org/setmini.html

 

[Jeshman]

I did this last step and my computer did go to the blue screen a few times now. So I wrote down the Technical information:
***STOP: 0x0000008E (0xC0000005, 0x8714C26E, 0xB7205A08, 0x00000000)

I don't know if this helps, but I thought I would let you know.

 

[Jay Pfoutz]

Thanks for the info.

Really appears to be a bunch of memory issues. Most of the blue screens are associated with KERNEL_MODE_EXCEPTIONs and SYSTEM_THREAD_EXCEPTIONs. Many times, if they are repeated, it aims towards memory issues.

Other issues could be: insufficient disk space, device driver issues, video card issues, BIOS issues, hardware incompatibility, or faulty system service.


Reboot your computer, and when you see the first screen, press the Spacebar or F8 to access the boot manager. Once there, use the arrow key to go down to Windows Memory Diagnostic.

Please let the test run. When finished, let me know of the results.

 

[Jeshman]

It said that there were no memory problems detected.

 

[Jay Pfoutz]

Okie dokie. Time to work with Driver Verifier.

To use driver verifier:
- First make sure you can access Safe Mode (with Networking preferably), by tapping [F8] during startup. If verifier detects a problem, you may not be able to start in normal mode, so it is very important that you can access Safe Mode to disable it.
- Go to Start and in the run/search bar type in verifier and press [Enter].
- At the start of wizard, click Next.
- Click Automatically select all drivers installed on this computer followed by Finish, and then restart the PC.

If you receive any BSOD's during the course of using verifier, please upload the logs, as they will contain the results of any driver problems.

To turn off driver verifier, simply go back to the verifier wizard again in Safe Mode, and select Delete existing settings.

 

[Jeshman]

I had the BSOD'S come up during verifier. Here is the zip files. I could not get verifier to run.

 

[Jay Pfoutz]

Go Start type in CMD and right-click on it in the results pane and select Run as Administrator.
Type in: sfc /scannow
Press enter.

After the first run, reboot your computer. Do a second run. Now the scan and fix is finished.

Let me know of any BSODs, upload DMP files, etc.

 

[Jeshman]

When I did the 2nd run it said "windows resource protection did not find any integrity violations"
But I was still getting audio noise and I tried to open my photo shop and it went to BSODs.

 

[Jay Pfoutz]

I don't see anymore issues than that of a driver issue, but let's look again here...

Please delete the old copy of ComboFix and down a fresh version From BleepingComputer.com

ComboFix Script

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the codebox below into it:
  

  ClearJavaCache::

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
• Please post the contents of the log in your next reply.

 

[Jeshman]

Here is the new log info.

ComboFix 12-07-31.06 - Hal 08/03/2012 7:50.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.776 [GMT -6:00]
Running from: c:\users\Hal\Desktop\ComboFix.exe
Command switches used :: c:\users\Hal\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-03 to 2012-08-03 )))))))))))))))))))))))))))))))
.
.
2012-08-03 14:05 . 2012-08-03 14:07 -------- d-----w- c:\users\Hal\AppData\Local\temp
2012-08-03 14:05 . 2012-08-03 14:05 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-03 14:05 . 2012-08-03 14:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-03 13:33 . 2012-08-03 13:33 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{69DC220E-0805-4F58-933E-7F1FE6FE7D7A}\offreg.dll
2012-08-02 22:07 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{69DC220E-0805-4F58-933E-7F1FE6FE7D7A}\mpengine.dll
2012-08-01 18:57 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-23 14:36 . 2012-07-23 14:36 -------- d-----w- c:\program files\ESET
2012-07-20 19:28 . 2012-07-20 19:28 100864 ----a-w- C:\pwldipow.sys
2012-07-11 12:15 . 2012-07-11 12:15 -------- d-----w- c:\program files\Windows Portable Devices
2012-07-11 11:36 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 11:34 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-07-11 11:34 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-07-11 11:34 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-07-11 11:11 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-11 11:11 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-07-11 11:11 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-11 11:11 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-11 08:22 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-07-11 08:22 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-11 08:22 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-11 08:22 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 08:22 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 08:22 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 08:21 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 08:21 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 08:21 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 08:21 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-07-11 08:21 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-07-11 08:21 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-07-10 14:23 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-07-10 14:23 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-07-10 14:23 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-07-10 14:23 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-07-10 14:23 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-07-10 14:23 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-07-10 14:23 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-07-10 14:23 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-07-10 14:21 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-07-10 14:21 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2012-07-10 14:21 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2012-07-10 14:21 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2012-07-10 14:21 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2012-07-10 14:21 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-10 14:21 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-10 14:21 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-10 14:21 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-07-10 14:20 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-07-10 14:08 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-07-10 13:49 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-07-10 13:49 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-10 13:49 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-10 13:49 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-10 13:49 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-07-10 13:49 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-10 13:49 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-07-10 13:49 . 2012-06-02 21:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-10 13:49 . 2012-06-02 21:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-10 02:26 . 2012-07-10 02:26 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-07-10 02:26 . 2012-07-10 02:26 98816 ----a-w- c:\windows\system32\mfps.dll
2012-07-10 02:26 . 2012-07-10 02:26 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-07-10 02:26 . 2012-07-10 02:26 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-07-10 02:26 . 2012-07-10 02:26 2873344 ----a-w- c:\windows\system32\mf.dll
2012-07-10 02:26 . 2012-07-10 02:26 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-07-10 02:23 . 2012-07-10 02:23 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-07-10 02:23 . 2012-07-10 02:23 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-07-10 02:23 . 2012-07-10 02:23 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-07-10 02:23 . 2012-07-10 02:23 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-07-10 02:23 . 2012-07-10 02:23 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-07-10 02:23 . 2012-07-10 02:23 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-07-10 02:23 . 2012-07-10 02:23 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-07-10 01:56 . 2012-07-10 01:56 -------- d-----w- c:\windows\system32\ca-ES
2012-07-10 01:56 . 2012-07-10 01:56 -------- d-----w- c:\windows\system32\eu-ES
2012-07-10 01:56 . 2012-07-10 01:56 -------- d-----w- c:\windows\system32\vi-VN
2012-07-10 01:46 . 2012-07-10 01:46 -------- d-----w- c:\windows\system32\SPReview
2012-07-10 01:13 . 2009-04-11 05:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2012-07-10 01:13 . 2009-04-11 05:27 57856 ----a-w- c:\windows\system32\compcln.exe
2012-07-10 01:01 . 2009-04-11 05:32 141288 ----a-w- c:\windows\system32\drivers\ecache.sys
2012-07-10 01:00 . 2009-04-11 05:28 378368 ----a-w- c:\windows\system32\imapi2.dll
2012-07-10 00:59 . 2009-04-11 05:28 558080 ----a-w- c:\windows\system32\sysmain.dll
2012-07-10 00:58 . 2009-04-11 05:32 53224 ----a-w- c:\windows\system32\drivers\termdd.sys
2012-07-10 00:44 . 2012-07-10 00:44 -------- d-----w- c:\windows\system32\EventProviders
2012-07-09 18:28 . 2012-07-09 18:28 -------- d-----w- c:\users\Hal\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-18 19:07 . 2012-04-03 14:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-18 19:07 . 2011-07-26 04:59 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-10 02:23 . 2012-07-10 02:23 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-07-10 01:54 . 2007-03-24 07:35 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2012-07-10 01:54 . 2007-03-24 07:35 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2012-07-03 19:46 . 2011-03-03 05:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-17 23:53 . 2009-12-17 23:34 214167816 ----a-w- c:\program files\Nero-9.4.26.0_trial.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-07 39408]
"Spotify"="c:\users\Hal\AppData\Roaming\Spotify\Spotify.exe" [2012-06-09 9478320]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Spotify Web Helper"="c:\users\Hal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-09 932528]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-09-28 155648]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-01 1838592]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]
"CTXFIREG"="CTxfiReg.exe" [2006-11-28 44032]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-11-28 20480]
"CTHelper"="CTHELPER.EXE" [2006-11-28 19456]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-25 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-25 129560]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-27 202256]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-unins...VgyMDEwKzItRjEwTTEwRCsy&prod=92&ver=10.0.1204" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2006-11-28 28672]
.
c:\users\Hal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2643686760-567394002-1274692540-1000]
"EnableNotificationsRef"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-13 21:49]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-13 21:49]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2643686760-567394002-1274692540-1000Core1cb6f1766cf05cd.job
- c:\users\Hal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-16 05:25]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2643686760-567394002-1274692540-1000UA.job
- c:\users\Hal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-16 05:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-03 08:07
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,83,aa,c1,33,fc,4f,42,bb,d5,19,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(11676)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2012-08-03 08:14:49
ComboFix-quarantined-files.txt 2012-08-03 14:14
ComboFix2.txt 2012-07-23 04:52
.
Pre-Run: 6,686,035,968 bytes free
Post-Run: 8,276,791,296 bytes free
.
- - End Of File - - A0BAEE7E7BA541850A06B2FF7FECEA3B

 

[Jay Pfoutz]

Hmm...that log is clean. What type of audio are you hearing?

 

[Jeshman]

It is random commercials and tv/news clips that play 5 seconds or so of a clip, also it can be more than one audio at a time. The sounds seem to be layerd. If I unplug my internet it will stop. I have looked at my task manager and the cpu it running like mad when this is happening. I can hear the computer running and cewing away. This all slows down the computer. Seems like it happens all the time but randomly stops and starts when ever it wants to. But I also have another problem...When I have been loading up Photo shop it crashes the computer and goes to BSODs every time. I don't know if this is the only program I am having this problem with, but it seems to be. Others still work. I am attaching the lastes log for you to look at.

 

[Jeshman]

Newer minidump files

 

[Jay Pfoutz]

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

 

[Jeshman]

Here is the log for TDSSKiller.

 

[Jay Pfoutz]

Good work. Run it again please. Don't attach logs. Please just post in reply.

 

[Jeshman]

5992 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
16:33:43.0660 5992 ============================================================
16:33:43.0660 5992 Current date / time: 2012/08/06 16:33:43.0660
16:33:43.0660 5992 SystemInfo:
16:33:43.0660 5992
16:33:43.0660 5992 OS Version: 6.0.6002 ServicePack: 2.0
16:33:43.0660 5992 Product type: Workstation
16:33:43.0660 5992 ComputerName: HAL-PC
16:33:43.0660 5992 UserName: Hal
16:33:43.0660 5992 Windows directory: C:\Windows
16:33:43.0660 5992 System windows directory: C:\Windows
16:33:43.0660 5992 Processor architecture: Intel x86
16:33:43.0660 5992 Number of processors: 2
16:33:43.0660 5992 Page size: 0x1000
16:33:43.0660 5992 Boot type: Normal boot
16:33:43.0660 5992 ============================================================
16:33:44.0612 5992 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:33:44.0628 5992 ============================================================
16:33:44.0628 5992 \Device\Harddisk0\DR0:
16:33:44.0628 5992 MBR partitions:
16:33:44.0628 5992 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1400000
16:33:44.0628 5992 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1414000, BlocksNum 0x115F1000
16:33:44.0628 5992 ============================================================
16:33:44.0643 5992 C: <-> \Device\Harddisk0\DR0\Partition1
16:33:44.0674 5992 D: <-> \Device\Harddisk0\DR0\Partition0
16:33:44.0674 5992 ============================================================
16:33:44.0690 5992 Initialize success
16:33:44.0690 5992 ============================================================
16:33:45.0613 6616 ============================================================
16:33:45.0613 6616 Scan started
16:33:45.0613 6616 Mode: Manual;
16:33:45.0614 6616 ============================================================
16:33:46.0511 6616 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:33:46.0514 6616 ACPI - ok
16:33:46.0562 6616 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
16:33:46.0563 6616 adfs - ok
16:33:46.0895 6616 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:33:46.0895 6616 AdobeARMservice - ok
16:33:47.0004 6616 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
16:33:47.0004 6616 adp94xx - ok
16:33:47.0051 6616 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
16:33:47.0051 6616 adpahci - ok
16:33:47.0061 6616 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
16:33:47.0061 6616 adpu160m - ok
16:33:47.0081 6616 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
16:33:47.0081 6616 adpu320 - ok
16:33:47.0141 6616 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
16:33:47.0141 6616 AeLookupSvc - ok
16:33:47.0191 6616 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:33:47.0191 6616 AFD - ok
16:33:47.0211 6616 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
16:33:47.0211 6616 agp440 - ok
16:33:47.0241 6616 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:33:47.0251 6616 aic78xx - ok
16:33:47.0301 6616 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
16:33:47.0301 6616 ALG - ok
16:33:47.0321 6616 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
16:33:47.0321 6616 aliide - ok
16:33:47.0371 6616 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
16:33:47.0371 6616 amdagp - ok
16:33:47.0401 6616 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
16:33:47.0401 6616 amdide - ok
16:33:47.0411 6616 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
16:33:47.0421 6616 AmdK7 - ok
16:33:47.0431 6616 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
16:33:47.0431 6616 AmdK8 - ok
16:33:47.0471 6616 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
16:33:47.0471 6616 Appinfo - ok
16:33:47.0571 6616 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:33:47.0571 6616 Apple Mobile Device - ok
16:33:47.0651 6616 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
16:33:47.0651 6616 arc - ok
16:33:47.0681 6616 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
16:33:47.0681 6616 arcsas - ok
16:33:47.0741 6616 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:33:47.0741 6616 AsyncMac - ok
16:33:47.0751 6616 atapi (a779ca2c76da4fcb595e692c05e8e4eb) C:\Windows\system32\drivers\atapi.sys
16:33:47.0761 6616 atapi - ok
16:33:47.0811 6616 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
16:33:47.0821 6616 AudioEndpointBuilder - ok
16:33:47.0821 6616 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
16:33:47.0821 6616 Audiosrv - ok
16:33:47.0951 6616 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
16:33:47.0961 6616 BBSvc - ok
16:33:48.0011 6616 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:33:48.0011 6616 Beep - ok
16:33:48.0101 6616 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
16:33:48.0101 6616 BFE - ok
16:33:48.0171 6616 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
16:33:48.0181 6616 BITS - ok
16:33:48.0181 6616 blbdrive - ok
16:33:48.0291 6616 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
16:33:48.0291 6616 Bonjour Service - ok
16:33:48.0337 6616 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:33:48.0339 6616 bowser - ok
16:33:48.0376 6616 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:33:48.0377 6616 BrFiltLo - ok
16:33:48.0390 6616 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:33:48.0390 6616 BrFiltUp - ok
16:33:48.0445 6616 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
16:33:48.0447 6616 Browser - ok
16:33:48.0448 6616 Scan interrupted by user!
16:33:48.0448 6616 Scan interrupted by user!
16:33:48.0448 6616 Scan interrupted by user!
16:33:48.0448 6616 ============================================================
16:33:48.0448 6616 Scan finished
16:33:48.0448 6616 ============================================================
16:33:48.0463 7364 Detected object count: 0
16:33:48.0463 7364 Actual detected object count: 0
16:33:52.0776 5684 ============================================================
16:33:52.0776 5684 Scan started
16:33:52.0776 5684 Mode: Manual; SigCheck; TDLFS;
16:33:52.0776 5684 ============================================================
16:33:52.0916 5684 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:33:53.0072 5684 ACPI - ok
16:33:53.0119 5684 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
16:33:53.0135 5684 adfs - ok
16:33:53.0275 5684 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:33:53.0291 5684 AdobeARMservice - ok
16:33:53.0337 5684 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
16:33:53.0353 5684 adp94xx - ok
16:33:53.0384 5684 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
16:33:53.0415 5684 adpahci - ok
16:33:53.0431 5684 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
16:33:53.0447 5684 adpu160m - ok
16:33:53.0478 5684 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
16:33:53.0493 5684 adpu320 - ok
16:33:53.0540 5684 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
16:33:53.0587 5684 AeLookupSvc - ok
16:33:53.0634 5684 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:33:53.0665 5684 AFD - ok
16:33:53.0681 5684 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
16:33:53.0696 5684 agp440 - ok
16:33:53.0727 5684 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:33:53.0743 5684 aic78xx - ok
16:33:53.0790 5684 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
16:33:53.0821 5684 ALG - ok
16:33:53.0837 5684 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
16:33:53.0852 5684 aliide - ok
16:33:53.0868 5684 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
16:33:53.0883 5684 amdagp - ok
16:33:53.0915 5684 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
16:33:53.0930 5684 amdide - ok
16:33:53.0946 5684 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
16:33:53.0993 5684 AmdK7 - ok
16:33:54.0008 5684 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
16:33:54.0071 5684 AmdK8 - ok
16:33:54.0102 5684 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
16:33:54.0133 5684 Appinfo - ok
16:33:54.0211 5684 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:33:54.0227 5684 Apple Mobile Device - ok
16:33:54.0258 5684 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
16:33:54.0273 5684 arc - ok
16:33:54.0305 5684 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
16:33:54.0320 5684 arcsas - ok
16:33:54.0367 5684 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:33:54.0398 5684 AsyncMac - ok
16:33:54.0414 5684 atapi (a779ca2c76da4fcb595e692c05e8e4eb) C:\Windows\system32\drivers\atapi.sys
16:33:54.0429 5684 atapi - ok
16:33:54.0492 5684 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
16:33:54.0523 5684 AudioEndpointBuilder - ok
16:33:54.0523 5684 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
16:33:54.0554 5684 Audiosrv - ok
16:33:54.0648 5684 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
16:33:54.0663 5684 BBSvc - ok
16:33:54.0710 5684 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:33:54.0741 5684 Beep - ok
16:33:54.0788 5684 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
16:33:54.0819 5684 BFE - ok
16:33:54.0882 5684 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
16:33:54.0929 5684 BITS - ok
16:33:54.0929 5684 blbdrive - ok
16:33:55.0007 5684 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
16:33:55.0022 5684 Bonjour Service - ok
16:33:55.0085 5684 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:33:55.0100 5684 bowser - ok
16:33:55.0131 5684 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:33:55.0147 5684 BrFiltLo - ok
16:33:55.0163 5684 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:33:55.0194 5684 BrFiltUp - ok
16:33:55.0241 5684 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
16:33:55.0272 5684 Browser - ok
16:33:55.0303 5684 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:33:55.0365 5684 Brserid - ok
16:33:55.0365 5684 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:33:55.0428 5684 BrSerWdm - ok
16:33:55.0443 5684 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:33:55.0490 5684 BrUsbMdm - ok
16:33:55.0506 5684 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:33:55.0553 5684 BrUsbSer - ok
16:33:55.0584 5684 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:33:55.0631 5684 BTHMODEM - ok
16:33:55.0802 5684 catchme - ok
16:33:55.0849 5684 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:33:55.0880 5684 cdfs - ok
16:33:55.0911 5684 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:33:55.0943 5684 cdrom - ok
16:33:55.0978 5684 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
16:33:56.0008 5684 CertPropSvc - ok
16:33:56.0018 5684 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
16:33:56.0068 5684 circlass - ok
16:33:56.0108 5684 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:33:56.0138 5684 CLFS - ok
16:33:56.0218 5684 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:33:56.0228 5684 clr_optimization_v2.0.50727_32 - ok
16:33:56.0359 5684 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:33:56.0379 5684 clr_optimization_v4.0.30319_32 - ok
16:33:56.0395 5684 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
16:33:56.0412 5684 cmdide - ok
16:33:56.0429 5684 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
16:33:56.0446 5684 Compbatt - ok
16:33:56.0451 5684 COMSysApp - ok
16:33:56.0485 5684 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
16:33:56.0502 5684 crcdisk - ok
16:33:56.0569 5684 Creative Audio Pack Licensing Service (571be8568485c68ff88a99bb203c4eeb) C:\Program Files\Common Files\Creative Labs Shared\Service\APLicensing.exe
16:33:56.0576 5684 Creative Audio Pack Licensing Service ( UnsignedFile.Multi.Generic ) - warning
16:33:56.0576 5684 Creative Audio Pack Licensing Service - detected UnsignedFile.Multi.Generic (1)
16:33:56.0625 5684 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\Windows\system32\CTsvcCDA.exe
16:33:56.0633 5684 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
16:33:56.0633 5684 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
16:33:56.0655 5684 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
16:33:56.0706 5684 Crusoe - ok
16:33:56.0754 5684 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
16:33:56.0777 5684 CryptSvc - ok
16:33:56.0824 5684 ctac32k (4205a0d6fb15607de770baed1384dde9) C:\Windows\system32\drivers\ctac32k.sys
16:33:56.0862 5684 ctac32k - ok
16:33:56.0912 5684 ctaud2k (cbb745c3d667ec97b0a97cd90d08862b) C:\Windows\system32\drivers\ctaud2k.sys
16:33:56.0944 5684 ctaud2k - ok
16:33:56.0988 5684 ctdvda2k (cde9343a54087b6ccaa4b750bf69e16e) C:\Windows\system32\drivers\ctdvda2k.sys
16:33:57.0016 5684 ctdvda2k - ok
16:33:57.0031 5684 ctprxy2k (c3b98679d01a65c325ed300835207a00) C:\Windows\system32\drivers\ctprxy2k.sys
16:33:57.0045 5684 ctprxy2k - ok
16:33:57.0070 5684 ctsfm2k (b588d53cb153dfb74c875428920d3744) C:\Windows\system32\drivers\ctsfm2k.sys
16:33:57.0097 5684 ctsfm2k - ok
16:33:57.0183 5684 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
16:33:57.0198 5684 ctxusbm - ok
16:33:57.0263 5684 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
16:33:57.0300 5684 DcomLaunch - ok
16:33:57.0341 5684 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:33:57.0362 5684 DfsC - ok
16:33:57.0492 5684 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
16:33:57.0544 5684 DFSR - ok
16:33:57.0703 5684 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
16:33:57.0732 5684 Dhcp - ok
16:33:57.0792 5684 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:33:57.0812 5684 disk - ok
16:33:57.0846 5684 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\Windows\system32\DLA\DLABMFSM.SYS
16:33:57.0861 5684 DLABMFSM - ok
16:33:57.0875 5684 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\Windows\system32\DLA\DLABOIOM.SYS
16:33:57.0889 5684 DLABOIOM - ok
16:33:57.0935 5684 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
16:33:57.0950 5684 DLACDBHM - ok
16:33:57.0962 5684 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\Windows\system32\DLA\DLADResM.SYS
16:33:57.0976 5684 DLADResM - ok
16:33:57.0990 5684 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\Windows\system32\DLA\DLAIFS_M.SYS
16:33:58.0009 5684 DLAIFS_M - ok
16:33:58.0018 5684 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\Windows\system32\DLA\DLAOPIOM.SYS
16:33:58.0033 5684 DLAOPIOM - ok
16:33:58.0038 5684 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\Windows\system32\DLA\DLAPoolM.SYS
16:33:58.0052 5684 DLAPoolM - ok
16:33:58.0059 5684 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\Windows\system32\Drivers\DLARTL_M.SYS
16:33:58.0075 5684 DLARTL_M - ok
16:33:58.0083 5684 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\Windows\system32\DLA\DLAUDFAM.SYS
16:33:58.0103 5684 DLAUDFAM - ok
16:33:58.0115 5684 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\Windows\system32\DLA\DLAUDF_M.SYS
16:33:58.0138 5684 DLAUDF_M - ok
16:33:58.0221 5684 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
16:33:58.0237 5684 Dnscache - ok
16:33:58.0284 5684 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
16:33:58.0315 5684 dot3svc - ok
16:33:58.0362 5684 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
16:33:58.0409 5684 Dot4 - ok
16:33:58.0440 5684 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:33:58.0471 5684 Dot4Print - ok
16:33:58.0487 5684 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
16:33:58.0518 5684 dot4usb - ok
16:33:58.0568 5684 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
16:33:58.0598 5684 DPS - ok
16:33:58.0648 5684 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:33:58.0678 5684 drmkaud - ok
16:33:58.0688 5684 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS
16:33:58.0708 5684 DRVMCDB - ok
16:33:58.0738 5684 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
16:33:58.0748 5684 DRVNDDM - ok
16:33:58.0818 5684 DSBrokerService (01d5b95d0a12a916bbdc258629113258) C:\Program Files\DellSupport\brkrsvc.exe
16:33:58.0828 5684 DSBrokerService ( UnsignedFile.Multi.Generic ) - warning
16:33:58.0828 5684 DSBrokerService - detected UnsignedFile.Multi.Generic (1)
16:33:58.0848 5684 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
16:33:58.0848 5684 DSproct ( UnsignedFile.Multi.Generic ) - warning
16:33:58.0848 5684 DSproct - detected UnsignedFile.Multi.Generic (1)
16:33:58.0858 5684 dsunidrv (64fa28c15dd71a80bef3527e1ef07df6) C:\Program Files\DellSupport\Drivers\dsunidrv.sys
16:33:58.0868 5684 dsunidrv ( UnsignedFile.Multi.Generic ) - warning
16:33:58.0868 5684 dsunidrv - detected UnsignedFile.Multi.Generic (1)
16:33:58.0938 5684 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:33:58.0978 5684 DXGKrnl - ok
16:33:59.0038 5684 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
16:33:59.0088 5684 e1express - ok
16:33:59.0118 5684 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:33:59.0178 5684 E1G60 - ok
16:33:59.0238 5684 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
16:33:59.0268 5684 EapHost - ok
16:33:59.0318 5684 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:33:59.0348 5684 Ecache - ok
16:33:59.0428 5684 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
16:33:59.0458 5684 ehRecvr - ok
16:33:59.0498 5684 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
16:33:59.0518 5684 ehSched - ok
16:33:59.0548 5684 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
16:33:59.0568 5684 ehstart - ok
16:33:59.0598 5684 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
16:33:59.0628 5684 elxstor - ok
16:33:59.0708 5684 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
16:33:59.0758 5684 EMDMgmt - ok
16:33:59.0818 5684 emupia (b8c3723e87ecb190b8ee7b21a9e70a15) C:\Windows\system32\drivers\emupia2k.sys
16:33:59.0838 5684 emupia - ok
16:33:59.0938 5684 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
16:33:59.0978 5684 EventSystem - ok
16:34:00.0028 5684 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:34:00.0048 5684 exfat - ok
16:34:00.0138 5684 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:34:00.0168 5684 fastfat - ok
16:34:00.0218 5684 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
16:34:00.0268 5684 fdc - ok
16:34:00.0318 5684 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
16:34:00.0368 5684 fdPHost - ok
16:34:00.0376 5684 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
16:34:00.0434 5684 FDResPub - ok
16:34:00.0493 5684 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:34:00.0522 5684 FileInfo - ok
16:34:00.0572 5684 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:34:00.0604 5684 Filetrace - ok
16:34:00.0706 5684 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:34:00.0747 5684 FLEXnet Licensing Service - ok
16:34:00.0766 5684 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
16:34:00.0816 5684 flpydisk - ok
16:34:00.0876 5684 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:34:00.0908 5684 FltMgr - ok
16:34:01.0009 5684 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
16:34:01.0064 5684 FontCache - ok
16:34:01.0176 5684 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:34:01.0199 5684 FontCache3.0.0.0 - ok
16:34:01.0256 5684 fssfltr (574cea4d3510ec905c0163c42d305ba5) C:\Windows\system32\DRIVERS\fssfltr.sys
16:34:01.0272 5684 fssfltr - ok
16:34:01.0461 5684 fsssvc (9b1622ebeb31b3411b13382ffcb8737d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
16:34:01.0499 5684 fsssvc - ok
16:34:01.0551 5684 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
16:34:01.0572 5684 Fs_Rec - ok
16:34:01.0645 5684 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
16:34:01.0663 5684 gagp30kx - ok
16:34:01.0707 5684 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:34:01.0720 5684 GEARAspiWDM - ok
16:34:01.0798 5684 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
16:34:01.0859 5684 gpsvc - ok
16:34:02.0014 5684 gupdate1c9d414ab8c82f8 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
16:34:02.0034 5684 gupdate1c9d414ab8c82f8 - ok
16:34:02.0073 5684 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
16:34:02.0089 5684 gupdatem - ok
16:34:02.0156 5684 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:34:02.0182 5684 gusvc - ok
16:34:02.0262 5684 ha20x2k (4f0e90e6a49e4df6e46087da0c92f2fd) C:\Windows\system32\drivers\ha20x2k.sys
16:34:02.0300 5684 ha20x2k - ok
16:34:02.0443 5684 HDAudBus (ffb271303ba3c59d9c97b7af1175de95) C:\Windows\system32\drivers\hdaudbus.sys
16:34:02.0462 5684 HDAudBus - ok
16:34:02.0484 5684 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:34:02.0536 5684 HidBth - ok

 

[Jeshman]

553 5684 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:34:02.0603 5684 HidIr - ok
16:34:02.0639 5684 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
16:34:02.0660 5684 hidserv - ok
16:34:02.0683 5684 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:34:02.0711 5684 HidUsb - ok
16:34:02.0755 5684 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
16:34:02.0788 5684 hkmsvc - ok
16:34:02.0818 5684 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
16:34:02.0835 5684 HpCISSs - ok
16:34:03.0037 5684 hpqcxs08 (e4e285a3766b4a57401feeaf66cb07b5) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
16:34:03.0046 5684 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
16:34:03.0046 5684 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
16:34:03.0090 5684 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
16:34:03.0098 5684 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
16:34:03.0098 5684 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
16:34:03.0144 5684 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\Windows\system32\DRIVERS\HPZid412.sys
16:34:03.0151 5684 HPZid412 ( UnsignedFile.Multi.Generic ) - warning
16:34:03.0151 5684 HPZid412 - detected UnsignedFile.Multi.Generic (1)
16:34:03.0167 5684 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\Windows\system32\DRIVERS\HPZipr12.sys
16:34:03.0174 5684 HPZipr12 ( UnsignedFile.Multi.Generic ) - warning
16:34:03.0174 5684 HPZipr12 - detected UnsignedFile.Multi.Generic (1)
16:34:03.0189 5684 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\Windows\system32\DRIVERS\HPZius12.sys
16:34:03.0195 5684 HPZius12 ( UnsignedFile.Multi.Generic ) - warning
16:34:03.0195 5684 HPZius12 - detected UnsignedFile.Multi.Generic (1)
16:34:03.0262 5684 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:34:03.0315 5684 HSF_DPV - ok
16:34:03.0386 5684 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
16:34:03.0412 5684 HSXHWBS2 - ok
16:34:03.0475 5684 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
16:34:03.0513 5684 HTTP - ok
16:34:03.0569 5684 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
16:34:03.0604 5684 i2omp - ok
16:34:03.0651 5684 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:34:03.0666 5684 i8042prt - ok
16:34:03.0760 5684 IAANTMON (0bcee844a02747dd7f1e30352e619f2e) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
16:34:03.0760 5684 IAANTMON ( UnsignedFile.Multi.Generic ) - warning
16:34:03.0760 5684 IAANTMON - detected UnsignedFile.Multi.Generic (1)
16:34:03.0807 5684 iaStor (e9f704ca833bd24bfaa3b4a59707633a) C:\Windows\system32\drivers\iastor.sys
16:34:03.0822 5684 iaStor - ok
16:34:03.0854 5684 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
16:34:03.0885 5684 iaStorV - ok
16:34:04.0025 5684 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
16:34:04.0025 5684 IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:34:04.0025 5684 IDriverT - detected UnsignedFile.Multi.Generic (1)
16:34:04.0134 5684 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:34:04.0197 5684 idsvc - ok
16:34:04.0446 5684 igfx (bbace0293b73bf8c7cb591f2d06f26fa) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:34:04.0493 5684 igfx - ok
16:34:04.0618 5684 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:34:04.0634 5684 iirsp - ok
16:34:04.0696 5684 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
16:34:04.0743 5684 IKEEXT - ok
16:34:04.0758 5684 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
16:34:04.0774 5684 intelide - ok
16:34:04.0821 5684 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:34:04.0852 5684 intelppm - ok
16:34:04.0899 5684 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
16:34:04.0930 5684 IPBusEnum - ok
16:34:04.0977 5684 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:34:05.0008 5684 IpFilterDriver - ok
16:34:05.0055 5684 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
16:34:05.0086 5684 iphlpsvc - ok
16:34:05.0086 5684 IpInIp - ok
16:34:05.0102 5684 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
16:34:05.0164 5684 IPMIDRV - ok
16:34:05.0195 5684 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:34:05.0242 5684 IPNAT - ok
16:34:05.0382 5684 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
16:34:05.0476 5684 iPod Service - ok
16:34:05.0538 5684 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:34:05.0570 5684 IRENUM - ok
16:34:05.0601 5684 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
16:34:05.0616 5684 isapnp - ok
16:34:05.0679 5684 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:34:05.0710 5684 iScsiPrt - ok
16:34:05.0741 5684 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:34:05.0772 5684 iteatapi - ok
16:34:05.0772 5684 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:34:05.0788 5684 iteraid - ok
16:34:05.0835 5684 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:34:05.0850 5684 kbdclass - ok
16:34:05.0882 5684 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:34:05.0897 5684 kbdhid - ok
16:34:05.0944 5684 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:34:05.0975 5684 KeyIso - ok
16:34:06.0006 5684 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
16:34:06.0022 5684 KSecDD - ok
16:34:06.0100 5684 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
16:34:06.0131 5684 KtmRm - ok
16:34:06.0209 5684 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
16:34:06.0225 5684 LanmanServer - ok
16:34:06.0303 5684 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
16:34:06.0334 5684 LanmanWorkstation - ok
16:34:06.0381 5684 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:34:06.0412 5684 lltdio - ok
16:34:06.0474 5684 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
16:34:06.0506 5684 lltdsvc - ok
16:34:06.0537 5684 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
16:34:06.0599 5684 lmhosts - ok
16:34:06.0630 5684 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
16:34:06.0646 5684 LSI_FC - ok
16:34:06.0662 5684 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
16:34:06.0677 5684 LSI_SAS - ok
16:34:06.0708 5684 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
16:34:06.0724 5684 LSI_SCSI - ok
16:34:06.0771 5684 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:34:06.0802 5684 luafv - ok
16:34:06.0833 5684 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
16:34:06.0864 5684 Mcx2Svc - ok
16:34:06.0896 5684 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:34:06.0911 5684 mdmxsdk - ok
16:34:06.0927 5684 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
16:34:06.0942 5684 megasas - ok
16:34:06.0958 5684 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
16:34:06.0989 5684 MMCSS - ok
16:34:07.0036 5684 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:34:07.0067 5684 Modem - ok
16:34:07.0098 5684 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:34:07.0130 5684 monitor - ok
16:34:07.0176 5684 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:34:07.0192 5684 mouclass - ok
16:34:07.0239 5684 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:34:07.0270 5684 mouhid - ok
16:34:07.0317 5684 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:34:07.0327 5684 MountMgr - ok
16:34:07.0407 5684 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
16:34:07.0437 5684 MpFilter - ok
16:34:07.0477 5684 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
16:34:07.0497 5684 mpio - ok
16:34:07.0727 5684 MpKsl26bde174 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8AB8122B-E9ED-4537-95C7-8613F7F0E429}\MpKsl26bde174.sys
16:34:07.0747 5684 MpKsl26bde174 - ok
16:34:07.0817 5684 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:34:07.0847 5684 mpsdrv - ok
16:34:07.0937 5684 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
16:34:07.0967 5684 MpsSvc - ok
16:34:07.0997 5684 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:34:08.0007 5684 Mraid35x - ok
16:34:08.0067 5684 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:34:08.0087 5684 MRxDAV - ok
16:34:08.0137 5684 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:34:08.0157 5684 mrxsmb - ok
16:34:08.0217 5684 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:34:08.0237 5684 mrxsmb10 - ok
16:34:08.0277 5684 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:34:08.0297 5684 mrxsmb20 - ok
16:34:08.0317 5684 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
16:34:08.0337 5684 msahci - ok
16:34:08.0357 5684 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
16:34:08.0377 5684 msdsm - ok
16:34:08.0408 5684 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
16:34:08.0442 5684 MSDTC - ok
16:34:08.0494 5684 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:34:08.0527 5684 Msfs - ok
16:34:08.0557 5684 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:34:08.0574 5684 msisadrv - ok
16:34:08.0633 5684 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
16:34:08.0667 5684 MSiSCSI - ok
16:34:08.0672 5684 msiserver - ok
16:34:08.0711 5684 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:34:08.0742 5684 MSKSSRV - ok
16:34:08.0862 5684 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:34:08.0880 5684 MsMpSvc - ok
16:34:08.0928 5684 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:34:08.0959 5684 MSPCLOCK - ok
16:34:09.0019 5684 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:34:09.0052 5684 MSPQM - ok
16:34:09.0109 5684 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:34:09.0133 5684 MsRPC - ok
16:34:09.0177 5684 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:34:09.0196 5684 mssmbios - ok
16:34:09.0216 5684 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:34:09.0250 5684 MSTEE - ok
16:34:09.0307 5684 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:34:09.0328 5684 Mup - ok
16:34:09.0408 5684 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
16:34:09.0439 5684 napagent - ok
16:34:09.0486 5684 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:34:09.0517 5684 NativeWifiP - ok
16:34:09.0579 5684 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:34:09.0610 5684 NDIS - ok
16:34:09.0657 5684 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:34:09.0704 5684 NdisTapi - ok
16:34:09.0751 5684 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:34:09.0798 5684 Ndisuio - ok
16:34:09.0833 5684 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:34:09.0853 5684 NdisWan - ok
16:34:09.0883 5684 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:34:09.0913 5684 NDProxy - ok
16:34:10.0093 5684 Nero BackItUp Scheduler 4.0 (0ff3c6aa3e0fe0eb316df5449b569463) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
16:34:10.0193 5684 Nero BackItUp Scheduler 4.0 - ok
16:34:10.0273 5684 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
16:34:10.0273 5684 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:34:10.0273 5684 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:34:10.0343 5684 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:34:10.0373 5684 NetBIOS - ok
16:34:10.0443 5684 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:34:10.0463 5684 netbt - ok
16:34:10.0513 5684 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:34:10.0533 5684 Netlogon - ok
16:34:10.0633 5684 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
16:34:10.0693 5684 Netman - ok
16:34:10.0743 5684 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
16:34:10.0783 5684 netprofm - ok
16:34:10.0953 5684 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:34:10.0973 5684 NetTcpPortSharing - ok
16:34:11.0013 5684 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:34:11.0023 5684 nfrd960 - ok
16:34:11.0083 5684 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:34:11.0113 5684 NisDrv - ok
16:34:11.0243 5684 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
16:34:11.0273 5684 NisSrv - ok
16:34:11.0313 5684 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
16:34:11.0353 5684 NlaSvc - ok
16:34:11.0403 5684 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:34:11.0414 5684 Npfs - ok
16:34:11.0469 5684 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
16:34:11.0503 5684 nsi - ok
16:34:11.0543 5684 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:34:11.0576 5684 nsiproxy - ok
16:34:11.0667 5684 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:34:11.0709 5684 Ntfs - ok
16:34:11.0764 5684 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:34:11.0819 5684 ntrigdigi - ok
16:34:11.0870 5684 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:34:11.0904 5684 Null - ok
16:34:11.0939 5684 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
16:34:11.0956 5684 nvraid - ok
16:34:11.0975 5684 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
16:34:11.0993 5684 nvstor - ok
16:34:12.0501 5684 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
16:34:12.0520 5684 nv_agp - ok
16:34:12.0525 5684 NwlnkFlt - ok
16:34:12.0533 5684 NwlnkFwd - ok
16:34:13.0986 5684 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:34:14.0017 5684 odserv - ok
16:34:14.0033 5684 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
16:34:14.0095 5684 ohci1394 - ok
16:34:14.0548 5684 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:34:14.0579 5684 ose - ok
16:34:14.0641 5684 ossrv (3719d5e255ca16dade6d6b595c957493) C:\Windows\system32\drivers\ctoss2k.sys
16:34:14.0657 5684 ossrv - ok
16:34:15.0609 5684 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:34:15.0640 5684 p2pimsvc - ok
16:34:15.0640 5684 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:34:15.0671 5684 p2psvc - ok
16:34:15.0811 5684 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:34:15.0874 5684 Parport - ok
16:34:16.0077 5684 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
16:34:16.0092 5684 partmgr - ok
16:34:16.0139 5684 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:34:16.0186 5684 Parvdm - ok
16:34:16.0237 5684 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
16:34:16.0257 5684 PcaSvc - ok
16:34:16.0587 5684 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:34:16.0617 5684 pci - ok
16:34:16.0647 5684 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
16:34:16.0657 5684 pciide - ok
16:34:16.0787 5684 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:34:16.0797 5684 pcmcia - ok
16:34:16.0887 5684 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:34:16.0947 5684 PEAUTH - ok
16:34:17.0007 5684 pfc (2c1eb94c24a6a1d3434481b0a5fa9c08) C:\Windows\system32\drivers\pfc.sys
16:34:17.0017 5684 pfc ( UnsignedFile.Multi.Generic ) - warning
16:34:17.0017 5684 pfc - detected UnsignedFile.Multi.Generic (1)
16:34:17.0447 5684 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
16:34:17.0547 5684 pla - ok
16:34:17.0777 5684 PLFlash DeviceIoControl Service (e406a33046228bd89f0c2db5c172f19c) C:\Windows\system32\IoctlSvc.exe
16:34:17.0787 5684 PLFlash DeviceIoControl Service - ok
16:34:17.0857 5684 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
16:34:17.0887 5684 PlugPlay - ok
16:34:17.0947 5684 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
16:34:17.0957 5684 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:34:17.0957 5684 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:34:18.0037 5684 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:34:18.0067 5684 PNRPAutoReg - ok
16:34:18.0077 5684 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:34:18.0107 5684 PNRPsvc - ok
16:34:18.0207 5684 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
16:34:18.0247 5684 PolicyAgent - ok
16:34:18.0327 5684 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:34:18.0357 5684 PptpMiniport - ok
16:34:18.0377 5684 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
16:34:18.0427 5684 Processor - ok
16:34:18.0460 5684 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
16:34:18.0491 5684 ProfSvc - ok
16:34:18.0561 5684 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:34:18.0584 5684 ProtectedStorage - ok
16:34:18.0628 5684 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:34:18.0656 5684 PSched - ok
16:34:18.0702 5684 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\Windows\system32\Drivers\PxHelp20.sys
16:34:18.0709 5684 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
16:34:18.0709 5684 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
16:34:18.0909 5684 QBCFMonitorService (f6ea2dce39f1accb2c6c38d61fc79075) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
16:34:18.0915 5684 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
16:34:18.0915 5684 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
16:34:18.0997 5684 QBFCService (bab30d2799754f6ea22f0b9076311793) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
16:34:19.0004 5684 QBFCService ( UnsignedFile.Multi.Generic ) - warning
16:34:19.0004 5684 QBFCService - detected UnsignedFile.Multi.Generic (1)
16:34:19.0107 5684 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
16:34:19.0140 5684 ql2300 - ok
16:34:19.0166 5684 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:34:19.0184 5684 ql40xx - ok
16:34:19.0239 5684 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
16:34:19.0263 5684 QWAVE - ok
16:34:19.0311 5684 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:34:19.0331 5684 QWAVEdrv - ok
16:34:19.0437 5684 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
16:34:19.0591 5684 R300 - ok
16:34:19.0745 5684 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:34:19.0777 5684 RasAcd - ok
16:34:19.0847 5684 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
16:34:19.0882 5684 RasAuto - ok
16:34:19.0936 5684 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:34:19.0968 5684 Rasl2tp - ok
16:34:20.0029 5684 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
16:34:20.0061 5684 RasMan - ok
16:34:20.0104 5684 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:34:20.0130 5684 RasPppoe - ok
16:34:20.0143 5684 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:34:20.0163 5684 RasSstp - ok
16:34:20.0194 5684 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:34:20.0222 5684 rdbss - ok
16:34:20.0261 5684 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:34:20.0292 5684 RDPCDD - ok
16:34:20.0331 5684 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
16:34:20.0350 5684 rdpdr - ok
16:34:20.0367 5684 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:34:20.0399 5684 RDPENCDD - ok
16:34:20.0479 5684 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
16:34:20.0500 5684 RDPWD - ok
16:34:20.0564 5684 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
16:34:20.0595 5684 RemoteAccess - ok
16:34:20.0642 5684 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
16:34:20.0673 5684 RemoteRegistry - ok
16:34:20.0814 5684 RoxMediaDB9 (ebcde8b48fadc6479d96a56d0a432160) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
16:34:20.0845 5684 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - warning
16:34:20.0845 5684 RoxMediaDB9 - detected UnsignedFile.Multi.Generic (1)
16:34:20.0892 5684 RoxWatch9 (ab2b1de1c8f31efce2384b14b3dc4260) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
16:34:20.0892 5684 RoxWatch9 ( UnsignedFile.Multi.Generic ) - warning
16:34:20.0892 5684 RoxWatch9 - detected UnsignedFile.Multi.Generic (1)
16:34:20.0954 5684 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
16:34:20.0985 5684 RpcLocator - ok
16:34:21.0032 5684 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
16:34:21.0079 5684 RpcSs - ok
16:34:21.0157 5684 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:34:21.0188 5684 rspndr - ok
16:34:21.0251 5684 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:34:21.0266 5684 SamSs - ok
16:34:21.0306 5684 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:34:21.0316 5684 sbp2port - ok
16:34:21.0366 5684 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
16:34:21.0406 5684 SCardSvr - ok
16:34:21.0462 5684 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
16:34:21.0494 5684 Schedule - ok
16:34:21.0544 5684 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
16:34:21.0571 5684 SCPolicySvc - ok
16:34:21.0640 5684 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
16:34:21.0665 5684 SDRSVC - ok
16:34:21.0856 5684 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
16:34:21.0878 5684 SeaPort - ok
16:34:21.0927 5684 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:34:21.0980 5684 secdrv - ok
16:34:22.0039 5684 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
16:34:22.0074 5684 seclogon - ok
16:34:22.0123 5684 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
16:34:22.0166 5684 SENS - ok
16:34:22.0195 5684 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:34:22.0249 5684 Serenum - ok
16:34:22.0281 5684 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:34:22.0334 5684 Serial - ok
16:34:22.0407 5684 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:34:22.0440 5684 sermouse - ok
16:34:22.0928 5684 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
16:34:22.0963 5684 SessionEnv - ok
16:34:23.0057 5684 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
16:34:23.0108 5684 sffdisk - ok
16:34:23.0164 5684 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
16:34:23.0215 5684 sffp_mmc - ok
16:34:23.0284 5684 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
16:34:23.0336 5684 sffp_sd - ok
16:34:23.0372 5684 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:34:23.0423 5684 sfloppy - ok
16:34:23.0480 5684 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
16:34:23.0537 5684 SharedAccess - ok
16:34:24.0145 5684 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
16:34:24.0177 5684 ShellHWDetection - ok
16:34:24.0239 5684 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
16:34:24.0255 5684 sisagp - ok
16:34:24.0270 5684 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
16:34:24.0286 5684 SiSRaid2 - ok
16:34:24.0301 5684 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
16:34:24.0317 5684 SiSRaid4 - ok
16:34:24.0427 5684 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files\Skype\Updater\Updater.exe
16:34:24.0457 5684 SkypeUpdate - ok
16:34:24.0717 5684 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
16:34:24.0827 5684 slsvc - ok
16:34:24.0987 5684 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
16:34:25.0017 5684 SLUINotify - ok
16:34:25.0117 5684 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:34:25.0147 5684 Smb - ok
16:34:25.0217 5684 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
16:34:25.0237 5684 SNMPTRAP - ok
16:34:25.0297 5684 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:34:25.0317 5684 spldr - ok
16:34:25.0387 5684 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
16:34:25.0407 5684 Spooler - ok
16:34:25.0458 5684 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:34:25.0477 5684 srv - ok
16:34:25.0527 5684 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:34:25.0548 5684 srv2 - ok
16:34:25.0565 5684 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:34:25.0586 5684 srvnet - ok
16:34:25.0654 5684 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
16:34:25.0690 5684 SSDPSRV - ok
16:34:25.0752 5684 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
16:34:25.0777 5684 SstpSvc - ok
16:34:25.0832 5684 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
16:34:25.0862 5684 stisvc - ok
16:34:25.0975 5684 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
16:34:25.0982 5684 stllssvr ( UnsignedFile.Multi.Generic ) - warning
16:34:25.0982 5684 stllssvr - detected UnsignedFile.Multi.Generic (1)
16:34:26.0025 5684 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:34:26.0043 5684 swenum - ok
16:34:26.0114 5684 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
16:34:26.0147 5684 swprv - ok
16:34:26.0181 5684 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:34:26.0198 5684 Symc8xx - ok
16:34:26.0235 5684 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:34:26.0252 5684 Sym_hi - ok
16:34:26.0274 5684 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:34:26.0290 5684 Sym_u3 - ok
16:34:26.0335 5684 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
16:34:26.0373 5684 SysMain - ok
16:34:26.0419 5684 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
16:34:26.0445 5684 TabletInputService - ok
16:34:26.0499 5684 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
16:34:26.0531 5684 TapiSrv - ok
16:34:26.0600 5684 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
16:34:26.0635 5684 TBS - ok
16:34:26.0712 5684 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
16:34:26.0750 5684 Tcpip - ok
16:34:26.0764 5684 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
16:34:26.0800 5684 Tcpip6 - ok
16:34:26.0832 5684 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
16:34:26.0852 5684 tcpipreg - ok
16:34:26.0900 5684 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:34:26.0932 5684 TDPIPE - ok
16:34:26.0970 5684 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:34:27.0001 5684 TDTCP - ok
16:34:27.0043 5684 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
16:34:27.0069 5684 tdx - ok
16:34:27.0118 5684 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:34:27.0138 5684 TermDD - ok
16:34:27.0224 5684 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
16:34:27.0276 5684 TermService - ok
16:34:27.0333 5684 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
16:34:27.0358 5684 Themes - ok
16:34:27.0404 5684 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
16:34:27.0439 5684 THREADORDER - ok
16:34:27.0487 5684 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
16:34:27.0522 5684 TrkWks - ok
16:34:27.0609 5684 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
16:34:27.0625 5684 TrustedInstaller - ok
16:34:27.0687 5684 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:34:27.0718 5684 tssecsrv - ok
16:34:27.0796 5684 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:34:27.0812 5684 tunmp - ok
16:34:27.0859 5684 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:34:27.0874 5684 tunnel - ok
16:34:27.0921 5684 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
16:34:27.0937 5684 uagp35 - ok
16:34:27.0983 5684 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:34:28.0015 5684 udfs - ok
16:34:28.0093 5684 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
16:34:28.0124 5684 UI0Detect - ok
16:34:28.0171 5684 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
16:34:28.0186 5684 uliagpkx - ok
16:34:28.0217 5684 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
16:34:28.0233 5684 uliahci - ok
16:34:28.0249 5684 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:34:28.0274 5684 UlSata - ok
16:34:28.0304 5684 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:34:28.0314 5684 ulsata2 - ok
16:34:28.0364 5684 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:34:28.0404 5684 umbus - ok
16:34:28.0484 5684 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
16:34:28.0524 5684 upnphost - ok
16:34:28.0554 5684 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
16:34:28.0574 5684 USBAAPL - ok
16:34:28.0574 5684 usbbus - ok
16:34:28.0624 5684 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:34:28.0654 5684 usbccgp - ok
16:34:28.0684 5684 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:34:28.0734 5684 usbcir - ok
16:34:28.0734 5684 UsbDiag - ok
16:34:28.0764 5684 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:34:28.0794 5684 usbehci - ok
16:34:28.0844 5684 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:34:28.0874 5684 usbhub - ok
16:34:28.0884 5684 USBModem - ok
16:34:28.0934 5684 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:34:28.0984 5684 usbohci - ok
16:34:29.0034 5684 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:34:29.0074 5684 usbprint - ok
16:34:29.0114 5684 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:34:29.0144 5684 usbscan - ok
16:34:29.0194 5684 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:34:29.0224 5684 USBSTOR - ok
16:34:29.0274 5684 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:34:29.0294 5684 usbuhci - ok
16:34:29.0364 5684 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
16:34:29.0394 5684 UxSms - ok
16:34:29.0454 5684 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
16:34:29.0484 5684 vds - ok
16:34:29.0514 5684 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
16:34:29.0564 5684 vga - ok
16:34:29.0614 5684 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:34:29.0644 5684 VgaSave - ok
16:34:29.0664 5684 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
16:34:29.0684 5684 viaagp - ok
16:34:29.0694 5684 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
16:34:29.0754 5684 ViaC7 - ok
16:34:29.0764 5684 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
16:34:29.0784 5684 viaide - ok
16:34:29.0824 5684 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:34:29.0844 5684 volmgr - ok
16:34:29.0904 5684 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:34:29.0924 5684 volmgrx - ok
16:34:29.0974 5684 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:34:30.0004 5684 volsnap - ok
16:34:30.0084 5684 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
16:34:30.0094 5684 vsmraid - ok
16:34:30.0184 5684 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
16:34:30.0234 5684 VSS - ok
16:34:30.0284 5684 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
16:34:30.0314 5684 W32Time - ok
16:34:30.0394 5684 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:34:30.0444 5684 WacomPen - ok
16:34:30.0511 5684 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:34:30.0538 5684 Wanarp - ok
16:34:30.0542 5684 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:34:30.0571 5684 Wanarpv6 - ok
16:34:30.0641 5684 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
16:34:30.0671 5684 wcncsvc - ok
16:34:30.0726 5684 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
16:34:30.0756 5684 WcsPlugInService - ok
16:34:30.0810 5684 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
16:34:30.0827 5684 Wd - ok
16:34:30.0894 5684 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:34:30.0920 5684 Wdf01000 - ok
16:34:30.0966 5684 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
16:34:31.0001 5684 WdiServiceHost - ok
16:34:31.0005 5684 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
16:34:31.0041 5684 WdiSystemHost - ok
16:34:31.0103 5684 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
16:34:31.0128 5684 WebClient - ok
16:34:31.0158 5684 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
16:34:31.0182 5684 Wecsvc - ok
16:34:31.0211 5684 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
16:34:31.0242 5684 wercplsupport - ok
16:34:31.0301 5684 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
16:34:31.0332 5684 WerSvc - ok
16:34:31.0389 5684 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:34:31.0415 5684 winachsf - ok
16:34:31.0542 5684 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
16:34:31.0572 5684 WinDefend - ok
16:34:31.0579 5684 WinHttpAutoProxySvc - ok
16:34:31.0675 5684 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
16:34:31.0714 5684 Winmgmt - ok
16:34:31.0791 5684 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
16:34:31.0835 5684 WinRM - ok
16:34:31.0929 5684 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
16:34:31.0959 5684 Wlansvc - ok
16:34:32.0145 5684 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:34:32.0189 5684 wlidsvc - ok
16:34:32.0383 5684 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
16:34:32.0434 5684 WmiAcpi - ok
16:34:32.0559 5684 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
16:34:32.0590 5684 wmiApSrv - ok
16:34:32.0731 5684 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:34:32.0762 5684 WMPNetworkSvc - ok
16:34:32.0856 5684 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
16:34:32.0871 5684 WPCSvc - ok
16:34:32.0918 5684 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
16:34:32.0949 5684 WPDBusEnum - ok
16:34:33.0012 5684 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:34:33.0027 5684 WpdUsb - ok
16:34:33.0199 5684 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:34:33.0246 5684 WPFFontCache_v0400 - ok
16:34:33.0324 5684 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:34:33.0355 5684 ws2ifsl - ok
16:34:33.0402 5684 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
16:34:33.0433 5684 wscsvc - ok
16:34:33.0464 5684 WSearch - ok
16:34:33.0589 5684 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
16:34:33.0651 5684 wuauserv - ok
16:34:33.0823 5684 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:34:33.0870 5684 WUDFRd - ok
16:34:33.0932 5684 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
16:34:33.0963 5684 wudfsvc - ok
16:34:34.0041 5684 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
16:34:34.0057 5684 XAudio - ok
16:34:34.0119 5684 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
16:34:34.0135 5684 XAudioService - ok
16:34:34.0182 5684 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:34:34.0981 5684 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:34:34.0981 5684 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:34:35.0011 5684 Boot (0x1200) (54563840599216a7a5f20d799a61a49f) \Device\Harddisk0\DR0\Partition0
16:34:35.0011 5684 \Device\Harddisk0\DR0\Partition0 - ok
16:34:35.0021 5684 Boot (0x1200) (d2848d12f986e7e72c6646bbdc54c9b5) \Device\Harddisk0\DR0\Partition1
16:34:35.0021 5684 \Device\Harddisk0\DR0\Partition1 - ok
16:34:35.0021 5684 ============================================================
16:34:35.0021 5684 Scan finished
16:34:35.0021 5684 ============================================================
16:34:35.0031 6520 Detected object count: 22
16:34:35.0031 6520 Actual detected object count: 22
16:34:44.0569 6520 Creative Audio Pack Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:44.0569 6520 Creative Audio Pack Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:44.0569 6520 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:44.0569 6520 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:44.0569 6520 DSBrokerService ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:44.0569 6520 DSBrokerService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:44.0569 6520 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:44.0569 6520 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:44.0569 6520 dsunidrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:44.0569 6520 dsunidrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:44.0569 6520 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:44.0569 6520 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:44.0569 6520 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:44.0569 6520 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:44.0569 6520 HPZid412 ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:44.0569 6520 HPZid412 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:44.0584 6520 HPZipr12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:44.0584 6520 HPZipr12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:44.0584 6520 HPZius12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:44.0584 6520 HPZius12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:44.0584 6520 IAANTMON ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:44.0584 6520 IAANTMON ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:44.0584 6520 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:44.0584 6520 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:44.0584 6520 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:44.0584 6520 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:44.0584 6520 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:44.0584 6520 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:44.0584 6520 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:44.0584 6520 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:44.0584 6520 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:44.0584 6520 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:44.0600 6520 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:44.0600 6520 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:44.0600 6520 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:44.0600 6520 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:44.0600 6520 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:44.0600 6520 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:44.0600 6520 RoxWatch9 ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:44.0600 6520 RoxWatch9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:44.0600 6520 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
16:34:44.0600 6520 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:34:44.0600 6520 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:34:44.0600 6520 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
16:34:46.0952 0820 Deinitialize success

 

[Jay Pfoutz]

Please re-run aswMBR and post a log...

 

[Jeshman]

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-07 14:52:22
-----------------------------
14:52:22.802 OS Version: Windows 6.0.6002 Service Pack 2
14:52:22.802 Number of processors: 2 586 0x604
14:52:22.804 ComputerName: HAL-PC UserName: Hal
14:52:23.394 Initialize success
14:53:40.599 AVAST engine defs: 12080701
14:54:18.658 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:54:18.661 Disk 0 Vendor: ST316081 3.AD Size: 152587MB BusType: 3
14:54:18.665 Disk 0 MBR read successfully
14:54:18.668 Disk 0 MBR scan
14:54:18.677 Disk 0 Windows VISTA default MBR code
14:54:18.681 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
14:54:18.721 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 81920
14:54:18.749 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 142306 MB offset 21053440
14:54:18.780 Disk 0 scanning sectors +312496128
14:54:18.871 Disk 0 scanning C:\Windows\system32\drivers
14:54:46.748 Service scanning
14:55:13.746 Service MpKsl45c73e5c c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77044092-9772-4F0C-8C13-097C5B34B4D7}\MpKsl45c73e5c.sys **LOCKED** 32
14:55:47.571 Modules scanning
14:55:56.319 Disk 0 trace - called modules:
14:55:56.361 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
14:55:56.367 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860a5ac8]
14:55:56.375 3 CLASSPNP.SYS[885a68b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x855d4030]
14:55:58.342 AVAST engine scan C:\Windows
14:56:11.244 AVAST engine scan C:\Windows\system32
15:02:51.392 AVAST engine scan C:\Windows\system32\drivers
15:03:23.022 AVAST engine scan C:\Users\Hal
15:34:20.126 AVAST engine scan C:\ProgramData
15:43:35.460 Scan finished successfully
15:58:22.914 Disk 0 MBR has been saved successfully to "C:\Users\Hal\Desktop\MBR.dat"
15:58:22.943 The log file has been saved successfully to "C:\Users\Hal\Desktop\aswMBR.txt"

 

[Jay Pfoutz]

Excellent work!

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
• Error messages
• Fake antivirus alerts or the icon in the system tray
• svchost.exe running at 100%
• System crashes or blue screen of death

 

[Jeshman]

I think the problems have been fixed. Google search seems to be fine. I haven't heard any audio in a few days. And Photo shop no longer crashes the machine. Also the computer seems to be running faster, less boging down.
I'll let you know if anything else comes up.
Thanks for all your help.
Jesh

 

[Jay Pfoutz]

Great. Let's finish up here...you can start a new topic if something arises.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
• Select System
• On the left select Advance System Settings and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name I.e. Clean
• Select Create

Now we can purge the infected ones

• Go back to the System and Maintenance page
• Select Performance Information and Tools
• On the left select Open Disk Cleanup
• Select Files from all users and accept the warning if you get one
• In the drop down box select your main drive I.e. C
• For a few moments the system will make some calculations:
  
  
• Select the More Options tab
  
  
• In the System Restore and Shadow Backups select Clean up
  
  
• Select Delete on the pop up
• Select OK
• Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
• Double click OTC.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Tell me in your next reply, if you have completed these tasks:

• Cleaned System Restore
• Ran OTC
• Ran TFC
• Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.

 

[Jeshman]

Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Java(TM) 6 Update 31
Java(TM) SE Runtime Environment 6
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java version out of Date!
Adobe Reader 8 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

 

[Jeshman]

Everything seems to be working much better. I don't seem to be having any problems.