Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

Post by JonEJet on Tue 17 Sep 2013, 8:35 am

First topic message reminder :

Using G/F's laptop......keyboard disables.....'Caps lock pops on by itself

Need help

Rkill 2.6.1 by Lawrence Abrams (Grinler)
[You must be registered and logged in to see this link.]
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
[You must be registered and logged in to see this link.]

Program started at: 09/16/2013 04:36:27 PM in x86 mode.
Windows Version: Windows 7 Ultimate N Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* WMPNetworkSvc [Missing Service]
* WPDBusEnum [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 09/16/2013 04:37:17 PM
Execution time: 0 hours(s), 0 minute(s), and 49 seconds(s)


OTL logfile created on: 9/16/2013 4:00:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tree\Downloads
Ultimate Edition N Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 62.34% Memory free
5.74 Gb Paging File | 4.53 Gb Available in Paging File | 78.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 204.43 Gb Free Space | 87.82% Space Free | Partition Type: NTFS

Computer Name: TREE-PC | User Name: Tree | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/16 15:59:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tree\Downloads\OTL.exe
PRC - [2013/09/02 16:35:59 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/08/22 21:34:16 | 000,206,624 | ---- | M] (Web Layers) -- C:\Program Files\Web Layers\updateWebLayers.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin


========== Modules (No Company Name) ==========

MOD - [2013/09/02 16:35:56 | 000,410,576 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppgooglenaclpluginchrome.dll
MOD - [2013/09/02 16:35:55 | 013,599,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
MOD - [2013/09/02 16:35:54 | 004,053,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll
MOD - [2013/09/02 16:35:04 | 000,709,584 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
MOD - [2013/09/02 16:35:03 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\libegl.dll
MOD - [2013/09/02 16:35:01 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/25 17:03:47 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll


========== Services (SafeList) ==========

SRV - [2013/09/13 19:35:12 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/22 21:34:16 | 000,206,624 | ---- | M] (Web Layers) [Auto | Running] -- C:\Program Files\Web Layers\updateWebLayers.exe -- (Update Web Layers)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/25 14:21:29 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Tree\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/11/20 17:31:22 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 17:31:16 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 17:30:52 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 17:30:52 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 17:30:52 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 17:30:52 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 17:30:52 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 17:30:52 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 17:30:52 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 17:30:52 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 17:30:52 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/20 17:30:51 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2009/09/21 17:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 18:02:53 | 000,347,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/07/13 18:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 32 DB B9 71 41 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/25 14:38:25 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Tree\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Tree\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Tree\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Tree\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! WebRep = C:\Users\Tree\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Tree\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Tree\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/09/16 15:46:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - Startup: C:\Users\Tree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.7.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8776BE5-A86F-4B19-895A-8D1EFD46A490}: DhcpNameServer = 208.59.247.45 208.59.247.46
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8776BE5-A86F-4B19-895A-8D1EFD46A490}: NameServer = 8.8.4.4,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C74D307F-C742-4632-A66A-669C268F5494}: DhcpNameServer = 207.172.3.8 207.172.3.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD2A99C5-B6CA-4337-A09D-6644DBE112AF}: DhcpNameServer = 208.59.247.45 208.59.247.46
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/16 15:47:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/09/16 15:47:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/09/16 15:47:44 | 000,000,000 | ---D | C] -- C:\Users\Tree\AppData\Local\temp
[2013/09/16 15:33:48 | 000,173,119 | ---- | C] (Eric_71) -- C:\Users\Tree\Desktop\Rooter exe.exe
[2013/09/16 13:41:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/09/16 13:41:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/09/16 13:41:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/09/14 13:46:03 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/14 13:39:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/09/13 03:03:57 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/09/13 03:03:55 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/09/13 03:03:53 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/09/13 03:03:53 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/09/13 03:03:52 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/09/13 03:03:49 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/13 03:03:49 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/09/13 03:03:49 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/09/13 03:03:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/09/13 03:03:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/09/12 12:35:08 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013/09/12 12:35:06 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/09/12 12:35:00 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/09/12 12:34:59 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/09/12 12:34:59 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/09/12 12:34:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/12 12:34:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/12 12:34:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/09/12 12:34:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/09/12 12:34:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/12 12:34:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/12 12:34:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/12 12:34:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/09/12 12:34:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/12 12:34:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/12 12:34:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/09/12 12:34:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/12 12:34:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/09/12 12:34:59 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/09/12 12:34:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/09/12 12:34:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/12 12:34:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/12 12:34:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/09/12 12:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/09/12 12:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/09/12 12:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/12 12:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/12 12:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/12 12:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/09/12 12:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/12 12:34:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/09/12 12:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/08/24 18:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/08/24 18:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\Web Layers
[2013/08/24 18:47:16 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr100.dll
[2013/08/24 18:47:16 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp100.dll
[2013/08/24 18:46:49 | 000,000,000 | ---D | C] -- C:\Users\Tree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flash Movie Player
[2013/08/24 18:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Movie Player
[2013/08/24 18:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\Flash Movie Player
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/16 15:59:23 | 000,020,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/16 15:59:23 | 000,020,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/16 15:52:10 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/16 15:51:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/16 15:51:52 | 2312,105,984 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/16 15:46:17 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/09/16 15:33:50 | 000,173,119 | ---- | M] (Eric_71) -- C:\Users\Tree\Desktop\Rooter exe.exe
[2013/09/16 14:37:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/16 14:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/14 21:06:34 | 348,811,311 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/09/13 19:35:10 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/09/13 19:35:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/09/13 03:22:04 | 000,285,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/12 14:16:26 | 000,000,884 | RHS- | M] () -- C:\Users\Tree\ntuser.pol
[2013/09/05 21:42:26 | 000,002,129 | ---- | M] () -- C:\Users\Tree\Desktop\Google Chrome.lnk
[2013/09/05 21:42:26 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/24 18:46:49 | 000,001,008 | ---- | M] () -- C:\Users\Tree\Desktop\Flash Movie Player.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/16 15:50:59 | 000,001,071 | ---- | C] () -- C:\Users\Tree\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/16 15:50:49 | 000,002,129 | ---- | C] () -- C:\Users\Tree\Desktop\Google Chrome.lnk
[2013/09/16 13:41:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/09/16 13:41:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/09/16 13:41:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/09/16 13:41:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/09/16 13:41:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/24 18:48:47 | 000,000,884 | RHS- | C] () -- C:\Users\Tree\ntuser.pol
[2013/08/24 18:46:49 | 000,001,008 | ---- | C] () -- C:\Users\Tree\Desktop\Flash Movie Player.lnk

========== ZeroAccess Check ==========

[2009/07/14 00:09:29 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:31:11 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


'CMX;V
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tree\Downloads
Ultimate Edition N Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 62.34% Memory free
5.74 Gb Paging File | 4.53 Gb Available in Paging File | 78.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 204.43 Gb Free Space | 87.82% Space Free | Partition Type: NTFS

Computer Name: TREE-PC | User Name: Tree | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00ACA211-EE73-44DE-AD81-A33945761865}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{09D384D8-DAB9-4F55-A341-9CE86264B114}" = lport=139 | protocol=6 | dir=in | app=system |
"{2B303554-5C4C-4D71-800C-06EF3FC52F43}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{34A5D4EC-0DD2-4684-A79A-B24F3B5D0C3B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4113E7F6-7B9D-4DCD-8186-D81FB7060A90}" = lport=137 | protocol=17 | dir=in | app=system |
"{5383F8D5-5495-4D39-BB75-673EE243D6EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7D84A3DA-91B4-43A5-B26A-AAA6A9F4F0FF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{84CF0C1F-DF32-49A1-9391-2C50782CB5C3}" = rport=139 | protocol=6 | dir=out | app=system |
"{8B99EE20-20A1-41C6-99A4-008226D9422F}" = lport=138 | protocol=17 | dir=in | app=system |
"{91F423EB-9F03-472B-8AB2-0E0082EFF250}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9A50E8B3-A1FC-4556-BAA8-B91121A14405}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9E6AE802-3BD6-453A-8F5F-462DF6EDAAEB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B1F9B160-432A-4432-93AB-1EF2360376AF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BA75EE70-9A79-4F65-AC2A-5A73E6283446}" = rport=138 | protocol=17 | dir=out | app=system |
"{D10658DD-CD66-4ADE-ACF7-3D7A0BB85D8C}" = rport=445 | protocol=6 | dir=out | app=system |
"{D7FA8C84-24A5-44A5-8054-62AC038A6B2C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DBE5755C-71EC-4551-B79D-0F6464A3DC64}" = lport=445 | protocol=6 | dir=in | app=system |
"{E3ACBC40-F914-4366-AAD6-E11ED648701C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E813CCE7-3D43-4C13-A9BB-FCD6443DD30D}" = rport=137 | protocol=17 | dir=out | app=system |
"{EE661088-CEE3-4C6A-BA35-DBC67692B90D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6858254-FFF9-445C-8264-C87FBFB78FED}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FB0E71E8-96C0-463B-9864-DBE94DBE85C8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3F8D89FD-07E4-4524-8D96-837D9E2AA32E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{412937EE-C7DE-4F8E-921A-330533544FC6}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4448AD76-486E-4DCA-852E-9EB8987349D5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6BD5CB31-D905-4D92-8E92-C3AAD4A0ECCB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7F1B4905-B54D-496C-A74B-8655576F5418}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C6FA9815-119F-4D56-926D-68863FED8DCD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D08F0C19-BD34-4F22-8A62-7D4C8E440598}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F0CB75FF-2E56-4497-A31D-8BC0C701B331}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FB37BBCB-5D32-4064-8EAA-5A4A5D8B9711}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Flash Movie Player" = Flash Movie Player 1.5
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/16/2013 3:32:55 PM | Computer Name = Tree-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Rooter.exe, version: 0.1.1.1, time stamp:
0x4a429fb9 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp:
0x51db96c5 Exception code: 0xc0000005 Fault offset: 0x00055f99 Faulting process id:
0xe7c Faulting application start time: 0x01ceb31386022b02 Faulting application path:
C:\Users\Tree\Downloads\Rooter.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: c8afcf67-1f06-11e3-90de-001e33b25256

Error - 9/16/2013 3:34:06 PM | Computer Name = Tree-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Rooter exe.exe, version: 0.1.1.1, time
stamp: 0x4a429fb9 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time
stamp: 0x51db96c5 Exception code: 0xc0000005 Fault offset: 0x0005ed7d Faulting process
id: 0xf78 Faulting application start time: 0x01ceb313b2113254 Faulting application
path: C:\Users\Tree\Desktop\Rooter exe.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: f2c1492e-1f06-11e3-90de-001e33b25256

Error - 9/16/2013 3:37:16 PM | Computer Name = Tree-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Rooter exe.exe, version: 0.1.1.1, time
stamp: 0x4a429fb9 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time
stamp: 0x51db96c5 Exception code: 0xc0000005 Fault offset: 0x00055f99 Faulting process
id: 0x794 Faulting application start time: 0x01ceb3141b823cc1 Faulting application
path: C:\Users\Tree\Desktop\Rooter exe.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 642c6226-1f07-11e3-9de9-001e33b25256

Error - 9/16/2013 3:37:48 PM | Computer Name = Tree-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Rooter exe.exe, version: 0.1.1.1, time
stamp: 0x4a429fb9 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time
stamp: 0x51db96c5 Exception code: 0xc0000005 Fault offset: 0x00055f99 Faulting process
id: 0x108 Faulting application start time: 0x01ceb3142e248267 Faulting application
path: C:\Users\Tree\Desktop\Rooter exe.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 770c8b92-1f07-11e3-9de9-001e33b25256

Error - 9/16/2013 3:38:03 PM | Computer Name = Tree-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/16/2013 3:40:38 PM | Computer Name = Tree-PC | Source = VSS | ID = 18
Description =

Error - 9/16/2013 3:40:38 PM | Computer Name = Tree-PC | Source = VSS | ID = 8193
Description =

Error - 9/16/2013 3:40:38 PM | Computer Name = Tree-PC | Source = System Restore | ID = 8193
Description =

Error - 9/16/2013 3:48:39 PM | Computer Name = Tree-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Rooter exe.exe, version: 0.1.1.1, time
stamp: 0x4a429fb9 Faulting module name: ntdll.dll, version: 6.1.7601.18205, time
stamp: 0x51db96c5 Exception code: 0xc0000005 Fault offset: 0x00055f99 Faulting process
id: 0x790 Faulting application start time: 0x01ceb315b32120ed Faulting application
path: C:\Users\Tree\Desktop\Rooter exe.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: fb00f15a-1f08-11e3-9de9-001e33b25256

Error - 9/16/2013 3:53:45 PM | Computer Name = Tree-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 9/16/2013 3:46:48 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2013 3:46:48 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2013 3:46:48 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2013 3:47:54 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2013 3:47:54 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2013 3:47:54 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2013 3:47:55 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 9/16/2013 3:48:06 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2013 3:48:06 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/16/2013 3:48:06 PM | Computer Name = Tree-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down


Re: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

Post by Superdave on Fri 20 Sep 2013, 11:51 am

Can you post a screenshot to show me what's happening?

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

Post by JonEJet on Fri 20 Sep 2013, 12:01 pm

not sure it will show wyo anything.......it jst forces me to the bottom of each page I'm browsing......and the caps lock tab is popping on and off frequently


right now I'm having no problems.....but it wil come back

When I sign off and restart the computer....I get a quick flash of a black screen with some sort of "joker"....so I know it's infected with something

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

Post by Superdave on Fri 20 Sep 2013, 12:22 pm

Ok, let's try to run MBAM in Safe Mode.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

Post by JonEJet on Fri 20 Sep 2013, 12:43 pm

Did quick scan

v'CMXMalwarebytes Anti-Malware 1.75.0.1300;VV
[You must be registered and logged in to see this link.]

Database version: v2013.09.18.01

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16686
Tree :: TREE-PC [administrator]

9/19/2013 9:27:00 PM
mbam-log-2013-09-19 (21-27-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189351
Time elapsed: 3 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

Post by Superdave on Fri 20 Sep 2013, 12:45 pm


  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

Post by JonEJet on Fri 20 Sep 2013, 1:04 pm

RogueKiller V8.6.12 [Sep 18 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : [You must be registered and logged in to see this link.]
Website : [You must be registered and logged in to see this link.]
Blog : [You must be registered and logged in to see this link.]

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Tree [Admin rights]
Mode : Scan -- Date : 09/19/2013 22:02:25
| ARK || FAK || MBR |

Bad processes : 0

Registry Entries : 3
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Scheduled tasks : 0

Startup Entries : 0

Web browsers : 0

Particular Files / Folders:

Driver : [LOADED]

External Hives:

Infection :

HOSTS File:
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - Hitachi HTS543225L9SA00 ATA Device +++++
--- User ---
[MBR] 1fd5845997dc416a317fed465928bddd
[BSP] 269e08151baa3366ac5c2bd2e5a11350 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_09192013_220225.txt >>




JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

Post by JonEJet on Fri 20 Sep 2013, 1:11 pm

BTW...Thank you very much for trying to help me with this.....greatly appreciated

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

Post by Superdave on Sat 21 Sep 2013, 6:15 am

Please run RogueKiller again and delete those items.


  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.



  • If an infected file is detected, the default action will be Cure, click on Continue.



  • If a suspicious file is detected, the default action will be Skip, click on Continue.



  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.



  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

Post by JonEJet on Sat 21 Sep 2013, 7:03 am

RogueKiller V8.6.12 [Sep 18 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : [You must be registered and logged in to see this link.]
Website : [You must be registered and logged in to see this link.]
Blog : [You must be registered and logged in to see this link.]

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Tree [Admin rights]
Mode : Remove -- Date : 09/20/2013 16:02:20
| ARK || FAK || MBR |

Bad processes : 0

Registry Entries : 0

Scheduled tasks : 0

Startup Entries : 0

Web browsers : 0

Particular Files / Folders:

Driver : [LOADED]

External Hives:

Infection :

HOSTS File:
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - Hitachi HTS543225L9SA00 ATA Device +++++
--- User ---
[MBR] 1fd5845997dc416a317fed465928bddd
[BSP] 269e08151baa3366ac5c2bd2e5a11350 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_09202013_160220.txt >>
RKreport[0]_D_09192013_220449.txt;RKreport[0]_D_09202013_155910.txt;RKreport[0]_S_09192013_220225.txt
RKreport[0]_S_09202013_155846.txt;RKreport[0]_S_09202013_160200.txt



JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

Post by JonEJet on Sat 21 Sep 2013, 7:29 am

16:15:02.0972 5356 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:15:03.0415 5356 ============================================================
16:15:03.0415 5356 Current date / time: 2013/09/20 16:15:03.0415
16:15:03.0415 5356 SystemInfo:
16:15:03.0415 5356
16:15:03.0415 5356 OS Version: 6.1.7601 ServicePack: 1.0
16:15:03.0415 5356 Product type: Workstation
16:15:03.0416 5356 ComputerName: TREE-PC
16:15:03.0416 5356 UserName: Tree
16:15:03.0416 5356 Windows directory: C:\Windows
16:15:03.0416 5356 System windows directory: C:\Windows
16:15:03.0416 5356 Processor architecture: Intel x86
16:15:03.0416 5356 Number of processors: 2
16:15:03.0416 5356 Page size: 0x1000
16:15:03.0416 5356 Boot type: Normal boot
16:15:03.0416 5356 ============================================================
16:15:04.0565 5356 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:15:04.0581 5356 ============================================================
16:15:04.0581 5356 \Device\Harddisk0\DR0:
16:15:04.0587 5356 MBR partitions:
16:15:04.0587 5356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:15:04.0587 5356 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
16:15:04.0587 5356 ============================================================
16:15:04.0643 5356 C: <-> \Device\Harddisk0\DR0\Partition2
16:15:04.0643 5356 ============================================================
16:15:04.0643 5356 Initialize success
16:15:04.0643 5356 ============================================================
16:15:19.0219 5316 ============================================================
16:15:19.0219 5316 Scan started
16:15:19.0219 5316 Mode: Manual; SigCheck; TDLFS;
16:15:19.0219 5316 ============================================================
16:15:19.0664 5316 ================ Scan system memory ========================
16:15:19.0664 5316 System memory - ok
16:15:19.0665 5316 ================ Scan services =============================
16:15:19.0872 5316 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:15:19.0999 5316 1394ohci - ok
16:15:20.0143 5316 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:15:20.0181 5316 ACPI - ok
16:15:20.0274 5316 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:15:20.0310 5316 AcpiPmi - ok
16:15:20.0448 5316 [ 24A0876D07EF356DCBC1D7A7929354AB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:15:20.0483 5316 AdobeFlashPlayerUpdateSvc - ok
16:15:20.0540 5316 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:15:20.0583 5316 adp94xx - ok
16:15:20.0607 5316 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:15:20.0644 5316 adpahci - ok
16:15:20.0667 5316 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:15:20.0699 5316 adpu320 - ok
16:15:20.0734 5316 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:15:20.0794 5316 AeLookupSvc - ok
16:15:20.0836 5316 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
16:15:20.0876 5316 AFD - ok
16:15:20.0942 5316 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
16:15:20.0998 5316 AgereSoftModem - ok
16:15:21.0028 5316 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
16:15:21.0058 5316 agp440 - ok
16:15:21.0099 5316 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:15:21.0129 5316 aic78xx - ok
16:15:21.0176 5316 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
16:15:21.0210 5316 ALG - ok
16:15:21.0243 5316 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
16:15:21.0272 5316 aliide - ok
16:15:21.0303 5316 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:15:21.0333 5316 amdagp - ok
16:15:21.0348 5316 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
16:15:21.0376 5316 amdide - ok
16:15:21.0403 5316 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:15:21.0437 5316 AmdK8 - ok
16:15:21.0454 5316 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:15:21.0489 5316 AmdPPM - ok
16:15:21.0523 5316 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:15:21.0554 5316 amdsata - ok
16:15:21.0589 5316 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:15:21.0621 5316 amdsbs - ok
16:15:21.0641 5316 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:15:21.0670 5316 amdxata - ok
16:15:21.0703 5316 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
16:15:21.0762 5316 AppID - ok
16:15:21.0799 5316 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:15:21.0857 5316 AppIDSvc - ok
16:15:21.0893 5316 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
16:15:21.0929 5316 Appinfo - ok
16:15:22.0026 5316 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:15:22.0061 5316 Apple Mobile Device - ok
16:15:22.0106 5316 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
16:15:22.0141 5316 AppMgmt - ok
16:15:22.0174 5316 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
16:15:22.0204 5316 arc - ok
16:15:22.0215 5316 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:15:22.0247 5316 arcsas - ok
16:15:22.0274 5316 [ 0AE43C6C411254049279C2EE55630F95 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
16:15:22.0311 5316 aswFsBlk - ok
16:15:22.0349 5316 [ 6693141560B1615D8DCCF0D8EB00087E ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
16:15:22.0376 5316 aswMonFlt - ok
16:15:22.0397 5316 [ 225013C16FE096714D71649AD7A20E8B ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
16:15:22.0424 5316 aswRdr - ok
16:15:22.0456 5316 [ DCB199B967375753B5019EC15F008F53 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
16:15:22.0510 5316 aswSnx - ok
16:15:22.0537 5316 [ B32873E5A1443C0A1E322266E203BF10 ] aswSP C:\Windows\system32\drivers\aswSP.sys
16:15:22.0572 5316 aswSP - ok
16:15:22.0602 5316 [ 6FF544175A9180C5D88534D3D9C9A9F7 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
16:15:22.0629 5316 aswTdi - ok
16:15:22.0663 5316 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:15:22.0724 5316 AsyncMac - ok
16:15:22.0756 5316 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
16:15:22.0784 5316 atapi - ok
16:15:22.0856 5316 [ AC4ADAC154563AB41CC79B0257BC685A ] athr C:\Windows\system32\DRIVERS\athr.sys
16:15:22.0916 5316 athr - ok
16:15:22.0959 5316 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:15:23.0027 5316 AudioEndpointBuilder - ok
16:15:23.0045 5316 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:15:23.0114 5316 Audiosrv - ok
16:15:23.0163 5316 [ 4041D31508A2A084DFB42C595854090F ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:15:23.0190 5316 avast! Antivirus - ok
16:15:23.0222 5316 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:15:23.0264 5316 AxInstSV - ok
16:15:23.0316 5316 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
16:15:23.0355 5316 b06bdrv - ok
16:15:23.0383 5316 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
16:15:23.0419 5316 b57nd60x - ok
16:15:23.0453 5316 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
16:15:23.0488 5316 BDESVC - ok
16:15:23.0501 5316 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
16:15:23.0565 5316 Beep - ok
16:15:23.0612 5316 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
16:15:23.0680 5316 BFE - ok
16:15:23.0726 5316 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
16:15:23.0805 5316 BITS - ok
16:15:23.0838 5316 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:15:23.0871 5316 blbdrive - ok
16:15:23.0925 5316 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:15:23.0958 5316 Bonjour Service - ok
16:15:23.0992 5316 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:15:24.0025 5316 bowser - ok
16:15:24.0040 5316 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:15:24.0079 5316 BrFiltLo - ok
16:15:24.0112 5316 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:15:24.0147 5316 BrFiltUp - ok
16:15:24.0188 5316 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:15:24.0252 5316 BridgeMP - ok
16:15:24.0303 5316 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
16:15:24.0339 5316 Browser - ok
16:15:24.0357 5316 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:15:24.0396 5316 Brserid - ok
16:15:24.0411 5316 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:15:24.0448 5316 BrSerWdm - ok
16:15:24.0478 5316 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:15:24.0514 5316 BrUsbMdm - ok
16:15:24.0534 5316 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:15:24.0567 5316 BrUsbSer - ok
16:15:24.0588 5316 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:15:24.0625 5316 BTHMODEM - ok
16:15:24.0677 5316 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
16:15:24.0740 5316 bthserv - ok
16:15:24.0902 5316 catchme - ok
16:15:24.0949 5316 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:15:25.0011 5316 cdfs - ok
16:15:25.0058 5316 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:15:25.0092 5316 cdrom - ok
16:15:25.0124 5316 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
16:15:25.0184 5316 CertPropSvc - ok
16:15:25.0222 5316 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
16:15:25.0258 5316 circlass - ok
16:15:25.0281 5316 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
16:15:25.0318 5316 CLFS - ok
16:15:25.0375 5316 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:15:25.0403 5316 clr_optimization_v2.0.50727_32 - ok
16:15:25.0472 5316 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:15:25.0499 5316 clr_optimization_v4.0.30319_32 - ok
16:15:25.0537 5316 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:15:25.0569 5316 CmBatt - ok
16:15:25.0601 5316 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:15:25.0629 5316 cmdide - ok
16:15:25.0668 5316 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
16:15:25.0721 5316 CNG - ok
16:15:25.0748 5316 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:15:25.0778 5316 Compbatt - ok
16:15:25.0836 5316 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:15:25.0873 5316 CompositeBus - ok
16:15:25.0888 5316 COMSysApp - ok
16:15:25.0913 5316 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:15:25.0941 5316 crcdisk - ok
16:15:25.0991 5316 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:15:26.0029 5316 CryptSvc - ok
16:15:26.0075 5316 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
16:15:26.0114 5316 CSC - ok
16:15:26.0143 5316 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
16:15:26.0187 5316 CscService - ok
16:15:26.0226 5316 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
16:15:26.0300 5316 DcomLaunch - ok
16:15:26.0338 5316 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
16:15:26.0406 5316 defragsvc - ok
16:15:26.0446 5316 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:15:26.0505 5316 DfsC - ok
16:15:26.0553 5316 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:15:26.0593 5316 Dhcp - ok
16:15:26.0606 5316 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
16:15:26.0670 5316 discache - ok
16:15:26.0711 5316 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
16:15:26.0741 5316 Disk - ok
16:15:26.0770 5316 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
16:15:26.0803 5316 dmvsc - ok
16:15:26.0833 5316 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:15:26.0872 5316 Dnscache - ok
16:15:26.0902 5316 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
16:15:26.0966 5316 dot3svc - ok
16:15:26.0993 5316 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
16:15:27.0060 5316 DPS - ok
16:15:27.0091 5316 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:15:27.0127 5316 drmkaud - ok
16:15:27.0174 5316 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:15:27.0226 5316 DXGKrnl - ok
16:15:27.0263 5316 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
16:15:27.0330 5316 EapHost - ok
16:15:27.0458 5316 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
16:15:27.0561 5316 ebdrv - ok
16:15:27.0671 5316 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
16:15:27.0708 5316 EFS - ok
16:15:27.0757 5316 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:15:27.0799 5316 elxstor - ok
16:15:27.0814 5316 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:15:27.0848 5316 ErrDev - ok
16:15:27.0906 5316 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
16:15:27.0975 5316 EventSystem - ok
16:15:28.0014 5316 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
16:15:28.0082 5316 exfat - ok
16:15:28.0102 5316 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:15:28.0166 5316 fastfat - ok
16:15:28.0199 5316 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
16:15:28.0245 5316 Fax - ok
16:15:28.0262 5316 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
16:15:28.0295 5316 fdc - ok
16:15:28.0326 5316 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
16:15:28.0393 5316 fdPHost - ok
16:15:28.0406 5316 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
16:15:28.0471 5316 FDResPub - ok
16:15:28.0487 5316 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:15:28.0517 5316 FileInfo - ok
16:15:28.0529 5316 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:15:28.0593 5316 Filetrace - ok
16:15:28.0635 5316 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:15:28.0668 5316 flpydisk - ok
16:15:28.0691 5316 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:15:28.0725 5316 FltMgr - ok
16:15:28.0788 5316 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
16:15:28.0843 5316 FontCache - ok
16:15:28.0893 5316 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:15:28.0917 5316 FontCache3.0.0.0 - ok
16:15:28.0939 5316 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:15:28.0969 5316 FsDepends - ok
16:15:29.0006 5316 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:15:29.0035 5316 Fs_Rec - ok
16:15:29.0062 5316 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:15:29.0105 5316 fvevol - ok
16:15:29.0124 5316 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:15:29.0155 5316 gagp30kx - ok
16:15:29.0196 5316 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:15:29.0218 5316 GEARAspiWDM - ok
16:15:29.0268 5316 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
16:15:29.0342 5316 gpsvc - ok
16:15:29.0469 5316 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:15:29.0494 5316 gupdate - ok
16:15:29.0510 5316 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:15:29.0534 5316 gupdatem - ok
16:15:29.0564 5316 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:15:29.0596 5316 hcw85cir - ok
16:15:29.0650 5316 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:15:29.0691 5316 HdAudAddService - ok
16:15:29.0721 5316 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:15:29.0760 5316 HDAudBus - ok
16:15:29.0770 5316 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:15:29.0804 5316 HidBatt - ok
16:15:29.0822 5316 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:15:29.0861 5316 HidBth - ok
16:15:29.0900 5316 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
16:15:29.0936 5316 HidIr - ok
16:15:29.0967 5316 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
16:15:30.0034 5316 hidserv - ok
16:15:30.0054 5316 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:15:30.0089 5316 HidUsb - ok
16:15:30.0121 5316 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:15:30.0185 5316 hkmsvc - ok
16:15:30.0208 5316 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:15:30.0248 5316 HomeGroupListener - ok
16:15:30.0292 5316 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:15:30.0333 5316 HomeGroupProvider - ok
16:15:30.0368 5316 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:15:30.0399 5316 HpSAMD - ok
16:15:30.0432 5316 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:15:30.0501 5316 HTTP - ok
16:15:30.0519 5316 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:15:30.0548 5316 hwpolicy - ok
16:15:30.0582 5316 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:15:30.0617 5316 i8042prt - ok
16:15:30.0672 5316 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:15:30.0710 5316 iaStorV - ok
16:15:30.0775 5316 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:15:30.0825 5316 idsvc - ok
16:15:31.0013 5316 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
16:15:31.0165 5316 igfx ( UnsignedFile.Multi.Generic ) - warning
16:15:31.0165 5316 igfx - detected UnsignedFile.Multi.Generic (1)
16:15:31.0275 5316 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:15:31.0305 5316 iirsp - ok
16:15:31.0357 5316 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
16:15:31.0434 5316 IKEEXT - ok
16:15:31.0467 5316 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
16:15:31.0496 5316 intelide - ok
16:15:31.0535 5316 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:15:31.0568 5316 intelppm - ok
16:15:31.0599 5316 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:15:31.0666 5316 IPBusEnum - ok
16:15:31.0693 5316 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:15:31.0755 5316 IpFilterDriver - ok
16:15:31.0810 5316 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:15:31.0856 5316 iphlpsvc - ok
16:15:31.0888 5316 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:15:31.0924 5316 IPMIDRV - ok
16:15:31.0943 5316 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:15:32.0007 5316 IPNAT - ok
16:15:32.0061 5316 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:15:32.0101 5316 iPod Service - ok
16:15:32.0119 5316 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:15:32.0161 5316 IRENUM - ok
16:15:32.0191 5316 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:15:32.0220 5316 isapnp - ok
16:15:32.0240 5316 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:15:32.0275 5316 iScsiPrt - ok
16:15:32.0316 5316 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:15:32.0346 5316 kbdclass - ok
16:15:32.0371 5316 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:15:32.0405 5316 kbdhid - ok
16:15:32.0428 5316 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
16:15:32.0464 5316 KeyIso - ok
16:15:32.0492 5316 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:15:32.0522 5316 KSecDD - ok
16:15:32.0535 5316 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:15:32.0568 5316 KSecPkg - ok
16:15:32.0609 5316 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
16:15:32.0683 5316 KtmRm - ok
16:15:32.0721 5316 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
16:15:32.0790 5316 LanmanServer - ok
16:15:32.0827 5316 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:15:32.0896 5316 LanmanWorkstation - ok
16:15:32.0949 5316 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:15:33.0011 5316 lltdio - ok
16:15:33.0043 5316 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:15:33.0113 5316 lltdsvc - ok
16:15:33.0135 5316 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
16:15:33.0200 5316 lmhosts - ok
16:15:33.0237 5316 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:15:33.0269 5316 LSI_FC - ok
16:15:33.0294 5316 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:15:33.0325 5316 LSI_SAS - ok
16:15:33.0341 5316 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:15:33.0372 5316 LSI_SAS2 - ok
16:15:33.0403 5316 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:15:33.0435 5316 LSI_SCSI - ok
16:15:33.0449 5316 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
16:15:33.0513 5316 luafv - ok
16:15:33.0535 5316 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
16:15:33.0565 5316 megasas - ok
16:15:33.0590 5316 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:15:33.0626 5316 MegaSR - ok
16:15:33.0658 5316 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
16:15:33.0731 5316 MMCSS - ok
16:15:33.0752 5316 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
16:15:33.0814 5316 Modem - ok
16:15:33.0844 5316 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:15:33.0881 5316 monitor - ok
16:15:33.0905 5316 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:15:33.0936 5316 mouclass - ok
16:15:33.0968 5316 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:15:34.0001 5316 mouhid - ok
16:15:34.0015 5316 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:15:34.0046 5316 mountmgr - ok
16:15:34.0075 5316 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
16:15:34.0108 5316 mpio - ok
16:15:34.0126 5316 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:15:34.0187 5316 mpsdrv - ok
16:15:34.0240 5316 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:15:34.0316 5316 MpsSvc - ok
16:15:34.0333 5316 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:15:34.0374 5316 MRxDAV - ok
16:15:34.0412 5316 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:15:34.0446 5316 mrxsmb - ok
16:15:34.0465 5316 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:15:34.0501 5316 mrxsmb10 - ok
16:15:34.0526 5316 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:15:34.0562 5316 mrxsmb20 - ok
16:15:34.0586 5316 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
16:15:34.0615 5316 msahci - ok
16:15:34.0649 5316 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:15:34.0681 5316 msdsm - ok
16:15:34.0713 5316 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
16:15:34.0754 5316 MSDTC - ok
16:15:34.0785 5316 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:15:34.0847 5316 Msfs - ok
16:15:34.0860 5316 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:15:34.0923 5316 mshidkmdf - ok
16:15:34.0938 5316 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:15:34.0968 5316 msisadrv - ok
16:15:35.0011 5316 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:15:35.0075 5316 MSiSCSI - ok
16:15:35.0084 5316 msiserver - ok
16:15:35.0136 5316 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:15:35.0199 5316 MSKSSRV - ok
16:15:35.0218 5316 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:15:35.0279 5316 MSPCLOCK - ok
16:15:35.0289 5316 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:15:35.0351 5316 MSPQM - ok
16:15:35.0370 5316 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:15:35.0404 5316 MsRPC - ok
16:15:35.0426 5316 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:15:35.0456 5316 mssmbios - ok
16:15:35.0465 5316 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:15:35.0530 5316 MSTEE - ok
16:15:35.0541 5316 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:15:35.0574 5316 MTConfig - ok
16:15:35.0594 5316 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
16:15:35.0624 5316 Mup - ok
16:15:35.0661 5316 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
16:15:35.0735 5316 napagent - ok
16:15:35.0803 5316 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:15:35.0846 5316 NativeWifiP - ok
16:15:35.0908 5316 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:15:35.0958 5316 NDIS - ok
16:15:36.0001 5316 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:15:36.0066 5316 NdisCap - ok
16:15:36.0101 5316 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:15:36.0159 5316 NdisTapi - ok
16:15:36.0176 5316 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:15:36.0236 5316 Ndisuio - ok
16:15:36.0264 5316 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:15:36.0323 5316 NdisWan - ok
16:15:36.0362 5316 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:15:36.0420 5316 NDProxy - ok
16:15:36.0443 5316 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:15:36.0507 5316 NetBIOS - ok
16:15:36.0531 5316 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:15:36.0593 5316 NetBT - ok
16:15:36.0605 5316 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
16:15:36.0643 5316 Netlogon - ok
16:15:36.0694 5316 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
16:15:36.0768 5316 Netman - ok
16:15:36.0795 5316 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
16:15:36.0871 5316 netprofm - ok
16:15:36.0908 5316 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:15:36.0934 5316 NetTcpPortSharing - ok
16:15:36.0970 5316 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:15:37.0004 5316 nfrd960 - ok
16:15:37.0042 5316 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
16:15:37.0085 5316 NlaSvc - ok
16:15:37.0100 5316 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:15:37.0163 5316 Npfs - ok
16:15:37.0193 5316 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
16:15:37.0262 5316 nsi - ok
16:15:37.0274 5316 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:15:37.0337 5316 nsiproxy - ok
16:15:37.0415 5316 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:15:37.0481 5316 Ntfs - ok
16:15:37.0513 5316 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
16:15:37.0574 5316 Null - ok
16:15:37.0601 5316 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:15:37.0634 5316 nvraid - ok
16:15:37.0668 5316 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:15:37.0701 5316 nvstor - ok
16:15:37.0733 5316 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:15:37.0766 5316 nv_agp - ok
16:15:37.0791 5316 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:15:37.0825 5316 ohci1394 - ok
16:15:37.0863 5316 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:15:37.0906 5316 p2pimsvc - ok
16:15:37.0934 5316 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
16:15:37.0979 5316 p2psvc - ok
16:15:37.0999 5316 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
16:15:38.0034 5316 Parport - ok
16:15:38.0058 5316 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:15:38.0089 5316 partmgr - ok
16:15:38.0132 5316 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:15:38.0164 5316 Parvdm - ok
16:15:38.0188 5316 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:15:38.0237 5316 PcaSvc - ok
16:15:38.0256 5316 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
16:15:38.0290 5316 pci - ok
16:15:38.0306 5316 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
16:15:38.0336 5316 pciide - ok
16:15:38.0363 5316 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:15:38.0397 5316 pcmcia - ok
16:15:38.0417 5316 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
16:15:38.0448 5316 pcw - ok
16:15:38.0506 5316 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:15:38.0582 5316 PEAUTH - ok
16:15:38.0633 5316 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:15:38.0693 5316 PeerDistSvc - ok
16:15:38.0789 5316 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
16:15:38.0888 5316 pla - ok
16:15:38.0939 5316 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:15:38.0986 5316 PlugPlay - ok
16:15:39.0020 5316 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:15:39.0059 5316 PNRPAutoReg - ok
16:15:39.0085 5316 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:15:39.0132 5316 PNRPsvc - ok
16:15:39.0176 5316 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:15:39.0245 5316 PolicyAgent - ok
16:15:39.0290 5316 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
16:15:39.0360 5316 Power - ok
16:15:39.0399 5316 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:15:39.0462 5316 PptpMiniport - ok
16:15:39.0481 5316 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
16:15:39.0514 5316 Processor - ok
16:15:39.0548 5316 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
16:15:39.0589 5316 ProfSvc - ok
16:15:39.0605 5316 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:15:39.0643 5316 ProtectedStorage - ok
16:15:39.0675 5316 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:15:39.0738 5316 Psched - ok
16:15:39.0812 5316 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:15:39.0884 5316 ql2300 - ok
16:15:39.0899 5316 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:15:39.0931 5316 ql40xx - ok
16:15:39.0974 5316 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
16:15:40.0025 5316 QWAVE - ok
16:15:40.0061 5316 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:15:40.0103 5316 QWAVEdrv - ok
16:15:40.0121 5316 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:15:40.0183 5316 RasAcd - ok
16:15:40.0206 5316 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:15:40.0264 5316 RasAgileVpn - ok
16:15:40.0294 5316 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
16:15:40.0365 5316 RasAuto - ok
16:15:40.0379 5316 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:15:40.0442 5316 Rasl2tp - ok
16:15:40.0480 5316 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
16:15:40.0551 5316 RasMan - ok
16:15:40.0574 5316 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:15:40.0637 5316 RasPppoe - ok
16:15:40.0665 5316 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:15:40.0725 5316 RasSstp - ok
16:15:40.0748 5316 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:15:40.0813 5316 rdbss - ok
16:15:40.0834 5316 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:15:40.0871 5316 rdpbus - ok
16:15:40.0885 5316 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:15:40.0943 5316 RDPCDD - ok
16:15:40.0987 5316 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:15:41.0020 5316 RDPDR - ok
16:15:41.0056 5316 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:15:41.0115 5316 RDPENCDD - ok
16:15:41.0143 5316 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:15:41.0200 5316 RDPREFMP - ok
16:15:41.0248 5316 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:15:41.0279 5316 RdpVideoMiniport - ok
16:15:41.0309 5316 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:15:41.0345 5316 RDPWD - ok
16:15:41.0379 5316 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:15:41.0412 5316 rdyboost - ok
16:15:41.0442 5316 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
16:15:41.0507 5316 RemoteAccess - ok
16:15:41.0537 5316 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:15:41.0612 5316 RemoteRegistry - ok
16:15:41.0649 5316 [ 0F6756EF8BDA6DFA7BE50465C83132BB ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
16:15:41.0678 5316 RimUsb - ok
16:15:41.0700 5316 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:15:41.0770 5316 RpcEptMapper - ok
16:15:41.0786 5316 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
16:15:41.0826 5316 RpcLocator - ok
16:15:41.0859 5316 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
16:15:41.0932 5316 RpcSs - ok
16:15:41.0970 5316 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:15:42.0033 5316 rspndr - ok
16:15:42.0089 5316 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
16:15:42.0123 5316 RTL8167 - ok
16:15:42.0176 5316 [ CA5A4FBFE341F13733955B8AAC98F0B5 ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys
16:15:42.0219 5316 RTL8187B - ok
16:15:42.0242 5316 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:15:42.0274 5316 s3cap - ok
16:15:42.0294 5316 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
16:15:42.0333 5316 SamSs - ok
16:15:42.0377 5316 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:15:42.0408 5316 sbp2port - ok
16:15:42.0437 5316 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:15:42.0506 5316 SCardSvr - ok
16:15:42.0527 5316 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:15:42.0587 5316 scfilter - ok
16:15:42.0624 5316 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
16:15:42.0706 5316 Schedule - ok
16:15:42.0724 5316 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:15:42.0787 5316 SCPolicySvc - ok
16:15:42.0812 5316 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:15:42.0859 5316 SDRSVC - ok
16:15:42.0888 5316 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:15:42.0950 5316 secdrv - ok
16:15:42.0985 5316 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
16:15:43.0055 5316 seclogon - ok
16:15:43.0103 5316 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
16:15:43.0173 5316 SENS - ok
16:15:43.0200 5316 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:15:43.0240 5316 SensrSvc - ok
16:15:43.0263 5316 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:15:43.0296 5316 Serenum - ok
16:15:43.0329 5316 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
16:15:43.0363 5316 Serial - ok
16:15:43.0374 5316 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:15:43.0409 5316 sermouse - ok
16:15:43.0460 5316 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
16:15:43.0528 5316 SessionEnv - ok
16:15:43.0551 5316 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:15:43.0588 5316 sffdisk - ok
16:15:43.0597 5316 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:15:43.0635 5316 sffp_mmc - ok
16:15:43.0674 5316 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:15:43.0709 5316 sffp_sd - ok
16:15:43.0720 5316 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:15:43.0754 5316 sfloppy - ok
16:15:43.0807 5316 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:15:43.0879 5316 SharedAccess - ok
16:15:43.0911 5316 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:15:43.0984 5316 ShellHWDetection - ok
16:15:44.0000 5316 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:15:44.0031 5316 sisagp - ok
16:15:44.0061 5316 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:15:44.0093 5316 SiSRaid2 - ok
16:15:44.0123 5316 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:15:44.0154 5316 SiSRaid4 - ok
16:15:44.0191 5316 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:15:44.0254 5316 Smb - ok
16:15:44.0298 5316 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:15:44.0339 5316 SNMPTRAP - ok
16:15:44.0351 5316 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
16:15:44.0381 5316 spldr - ok
16:15:44.0417 5316 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
16:15:44.0463 5316 Spooler - ok
16:15:44.0576 5316 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
16:15:44.0716 5316 sppsvc - ok
16:15:44.0732 5316 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:15:44.0800 5316 sppuinotify - ok
16:15:44.0840 5316 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:15:44.0882 5316 srv - ok
16:15:44.0913 5316 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:15:44.0951 5316 srv2 - ok
16:15:44.0987 5316 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:15:45.0021 5316 srvnet - ok
16:15:45.0051 5316 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:15:45.0125 5316 SSDPSRV - ok
16:15:45.0148 5316 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:15:45.0216 5316 SstpSvc - ok
16:15:45.0247 5316 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:15:45.0276 5316 stexstor - ok
16:15:45.0376 5316 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
16:15:45.0435 5316 StiSvc - ok
16:15:45.0512 5316 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:15:45.0542 5316 storflt - ok
16:15:45.0562 5316 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:15:45.0593 5316 storvsc - ok
16:15:45.0612 5316 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:15:45.0642 5316 swenum - ok
16:15:45.0684 5316 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
16:15:45.0761 5316 swprv - ok
16:15:45.0785 5316 [ F2AD8960812FD111E20E84659EF19D43 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
16:15:45.0817 5316 Synth3dVsc - ok
16:15:45.0861 5316 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
16:15:45.0934 5316 SysMain - ok
16:15:45.0963 5316 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:15:46.0012 5316 TabletInputService - ok
16:15:46.0041 5316 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
16:15:46.0122 5316 TapiSrv - ok
16:15:46.0146 5316 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
16:15:46.0218 5316 TBS - ok
16:15:46.0279 5316 [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:15:46.0348 5316 Tcpip - ok
16:15:46.0413 5316 [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:15:46.0482 5316 TCPIP6 - ok
16:15:46.0522 5316 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:15:46.0554 5316 tcpipreg - ok
16:15:46.0590 5316 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:15:46.0622 5316 TDPIPE - ok
16:15:46.0649 5316 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:15:46.0681 5316 TDTCP - ok
16:15:46.0698 5316 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:15:46.0758 5316 tdx - ok
16:15:46.0788 5316 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:15:46.0818 5316 TermDD - ok
16:15:46.0838 5316 [ 052306FD76793D5D5AB5D9891FD1ADBB ] terminpt C:\Windows\system32\drivers\terminpt.sys
16:15:46.0871 5316 terminpt - ok
16:15:46.0918 5316 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
16:15:46.0996 5316 TermService - ok
16:15:47.0015 5316 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
16:15:47.0065 5316 Themes - ok
16:15:47.0079 5316 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
16:15:47.0148 5316 THREADORDER - ok
16:15:47.0189 5316 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
16:15:47.0260 5316 TrkWks - ok
16:15:47.0324 5316 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:15:47.0385 5316 TrustedInstaller - ok
16:15:47.0413 5316 [ B37B08F2E5EEB1A37E448E09BACE1101 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:15:47.0445 5316 tssecsrv - ok
16:15:47.0464 5316 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:15:47.0497 5316 TsUsbFlt - ok
16:15:47.0522 5316 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:15:47.0554 5316 TsUsbGD - ok
16:15:47.0596 5316 [ 045ACB987C650D8186C6B4A692223860 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
16:15:47.0629 5316 tsusbhub - ok
16:15:47.0657 5316 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:15:47.0719 5316 tunnel - ok
16:15:47.0776 5316 [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
16:15:47.0801 5316 TVALZ - ok
16:15:47.0842 5316 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:15:47.0872 5316 uagp35 - ok
16:15:47.0898 5316 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:15:47.0961 5316 udfs - ok
16:15:48.0005 5316 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:15:48.0048 5316 UI0Detect - ok
16:15:48.0075 5316 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:15:48.0106 5316 uliagpkx - ok
16:15:48.0132 5316 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:15:48.0168 5316 umbus - ok
16:15:48.0219 5316 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
16:15:48.0251 5316 UmPass - ok
16:15:48.0287 5316 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
16:15:48.0331 5316 UmRdpService - ok
16:15:48.0409 5316 [ A4EBD4E00551E4DE87BCF466E686ECCC ] Update Web Layers C:\Program Files\Web Layers\updateWebLayers.exe
16:15:48.0438 5316 Update Web Layers - ok
16:15:48.0472 5316 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
16:15:48.0549 5316 upnphost - ok
16:15:48.0600 5316 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
16:15:48.0633 5316 USBAAPL - ok
16:15:48.0659 5316 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:15:48.0693 5316 usbccgp - ok
16:15:48.0740 5316 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:15:48.0777 5316 usbcir - ok
16:15:48.0790 5316 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:15:48.0827 5316 usbehci - ok
16:15:48.0867 5316 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:15:48.0904 5316 usbhub - ok
16:15:48.0927 5316 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:15:48.0959 5316 usbohci - ok
16:15:48.0989 5316 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:15:49.0025 5316 usbprint - ok
16:15:49.0041 5316 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:15:49.0076 5316 USBSTOR - ok
16:15:49.0111 5316 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:15:49.0143 5316 usbuhci - ok
16:15:49.0175 5316 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
16:15:49.0243 5316 UxSms - ok
16:15:49.0261 5316 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
16:15:49.0298 5316 VaultSvc - ok
16:15:49.0332 5316 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:15:49.0363 5316 vdrvroot - ok
16:15:49.0398 5316 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
16:15:49.0476 5316 vds - ok
16:15:49.0499 5316 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:15:49.0536 5316 vga - ok
16:15:49.0547 5316 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:15:49.0610 5316 VgaSave - ok
16:15:49.0618 5316 VGPU - ok
16:15:49.0647 5316 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:15:49.0681 5316 vhdmp - ok
16:15:49.0707 5316 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:15:49.0738 5316 viaagp - ok
16:15:49.0760 5316 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:15:49.0794 5316 ViaC7 - ok
16:15:49.0824 5316 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
16:15:49.0853 5316 viaide - ok
16:15:49.0886 5316 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:15:49.0921 5316 vmbus - ok
16:15:49.0942 5316 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:15:49.0974 5316 VMBusHID - ok
16:15:50.0009 5316 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:15:50.0039 5316 volmgr - ok
16:15:50.0063 5316 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:15:50.0101 5316 volmgrx - ok
16:15:50.0135 5316 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:15:50.0171 5316 volsnap - ok
16:15:50.0205 5316 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:15:50.0239 5316 vsmraid - ok
16:15:50.0298 5316 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
16:15:50.0388 5316 VSS - ok
16:15:50.0410 5316 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:15:50.0451 5316 vwifibus - ok
16:15:50.0497 5316 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:15:50.0536 5316 vwififlt - ok
16:15:50.0574 5316 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
16:15:50.0651 5316 W32Time - ok
16:15:50.0671 5316 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:15:50.0709 5316 WacomPen - ok
16:15:50.0740 5316 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:15:50.0800 5316 WANARP - ok
16:15:50.0808 5316 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:15:50.0868 5316 Wanarpv6 - ok
16:15:50.0957 5316 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:15:51.0032 5316 WatAdminSvc - ok
16:15:51.0092 5316 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
16:15:51.0160 5316 wbengine - ok
16:15:51.0182 5316 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:15:51.0234 5316 WbioSrvc - ok
16:15:51.0269 5316 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:15:51.0322 5316 wcncsvc - ok
16:15:51.0345 5316 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:15:51.0387 5316 WcsPlugInService - ok
16:15:51.0415 5316 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
16:15:51.0445 5316 Wd - ok
16:15:51.0494 5316 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:15:51.0543 5316 Wdf01000 - ok
16:15:51.0566 5316 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:15:51.0614 5316 WdiServiceHost - ok
16:15:51.0621 5316 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:15:51.0670 5316 WdiSystemHost - ok
16:15:51.0702 5316 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
16:15:51.0755 5316 WebClient - ok
16:15:51.0773 5316 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:15:51.0848 5316 Wecsvc - ok
16:15:51.0862 5316 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:15:51.0931 5316 wercplsupport - ok
16:15:51.0954 5316 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
16:15:52.0027 5316 WerSvc - ok
16:15:52.0063 5316 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:15:52.0124 5316 WfpLwf - ok
16:15:52.0137 5316 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:15:52.0167 5316 WIMMount - ok
16:15:52.0241 5316 [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:15:52.0287 5316 WinDefend - ok
16:15:52.0306 5316 WinHttpAutoProxySvc - ok
16:15:52.0367 5316 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:15:52.0429 5316 Winmgmt - ok
16:15:52.0496 5316 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
16:15:52.0592 5316 WinRM - ok
16:15:52.0656 5316 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:15:52.0723 5316 Wlansvc - ok
16:15:52.0741 5316 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:15:52.0774 5316 WmiAcpi - ok
16:15:52.0809 5316 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:15:52.0844 5316 wmiApSrv - ok
16:15:52.0873 5316 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:15:52.0914 5316 WPCSvc - ok
16:15:52.0946 5316 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:15:53.0009 5316 ws2ifsl - ok
16:15:53.0026 5316 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
16:15:53.0078 5316 wscsvc - ok
16:15:53.0086 5316 WSearch - ok
16:15:53.0187 5316 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:15:53.0289 5316 wuauserv - ok
16:15:53.0321 5316 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:15:53.0354 5316 WudfPf - ok
16:15:53.0379 5316 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:15:53.0422 5316 wudfsvc - ok
16:15:53.0457 5316 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
16:15:53.0503 5316 WwanSvc - ok
16:15:53.0558 5316 [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
16:15:53.0596 5316 yukonw7 - ok
16:15:53.0632 5316 ================ Scan global ===============================
16:15:53.0657 5316 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:15:53.0696 5316 [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
16:15:53.0719 5316 [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
16:15:53.0760 5316 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:15:53.0806 5316 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:15:53.0818 5316 [Global] - ok
16:15:53.0819 5316 ================ Scan MBR ==================================
16:15:53.0832 5316 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:15:54.0170 5316 \Device\Harddisk0\DR0 - ok
16:15:54.0171 5316 ================ Scan VBR ==================================
16:15:54.0176 5316 [ 847C0A8801A14265C710948CC5403BA4 ] \Device\Harddisk0\DR0\Partition1
16:15:54.0179 5316 \Device\Harddisk0\DR0\Partition1 - ok
16:15:54.0211 5316 [ ABF0CAE324BEF1080AC0AAC1253605D7 ] \Device\Harddisk0\DR0\Partition2
16:15:54.0213 5316 \Device\Harddisk0\DR0\Partition2 - ok
16:15:54.0217 5316 ============================================================
16:15:54.0217 5316 Scan finished
16:15:54.0217 5316 ============================================================
16:15:54.0241 5212 Detected object count: 1
16:15:54.0241 5212 Actual detected object count: 1
16:16:07.0180 5212 C:\Windows\system32\DRIVERS\igdkmd32.sys - copied to quarantine
16:16:07.0361 5212 HKLM\SYSTEM\ControlSet001\services\igfx - will be deleted on reboot
16:16:07.0449 5212 HKLM\SYSTEM\ControlSet002\services\igfx - will be deleted on reboot
16:16:07.0589 5212 C:\Windows\system32\DRIVERS\igdkmd32.sys - will be deleted on reboot
16:16:07.0589 5212 igfx ( UnsignedFile.Multi.Generic ) - User select action: Delete
16:17:18.0162 4892 Deinitialize success

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

Post by JonEJet on Sat 21 Sep 2013, 7:33 am

16:18:54.0957 2832 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:18:56.0127 2832 ============================================================
16:18:56.0127 2832 Current date / time: 2013/09/20 16:18:56.0127
16:18:56.0127 2832 SystemInfo:
16:18:56.0127 2832
16:18:56.0127 2832 OS Version: 6.1.7601 ServicePack: 1.0
16:18:56.0127 2832 Product type: Workstation
16:18:56.0127 2832 ComputerName: TREE-PC
16:18:56.0127 2832 UserName: Tree
16:18:56.0127 2832 Windows directory: C:\Windows
16:18:56.0127 2832 System windows directory: C:\Windows
16:18:56.0127 2832 Processor architecture: Intel x86
16:18:56.0127 2832 Number of processors: 2
16:18:56.0127 2832 Page size: 0x1000
16:18:56.0127 2832 Boot type: Normal boot
16:18:56.0127 2832 ============================================================
16:18:59.0445 2832 BG loaded
16:19:00.0288 2832 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:19:00.0438 2832 ============================================================
16:19:00.0438 2832 \Device\Harddisk0\DR0:
16:19:00.0488 2832 MBR partitions:
16:19:00.0488 2832 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:19:00.0488 2832 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
16:19:00.0488 2832 ============================================================
16:19:00.0758 2832 C: <-> \Device\Harddisk0\DR0\Partition2
16:19:00.0758 2832 ============================================================
16:19:00.0758 2832 Initialize success
16:19:00.0758 2832 ============================================================
16:19:07.0256 2792 Deinitialize success

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

Post by JonEJet on Sat 21 Sep 2013, 7:39 am

Something happened....my resolution changed.....it almost seems I'm browsing in safe mode now???

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

Post by Superdave on Sat 21 Sep 2013, 12:20 pm

my resolution changed.....it almost seems I'm browsing in safe mode now???.
That's because one of the graphic drivers was infected; C:\Windows\system32\DRIVERS\igdkmd32.sys - will be deleted on reboot.
You will have to upgrade you graphics drivers. Do you have your OS disk? You may have to do a Repair.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

Post by JonEJet on Sat 21 Sep 2013, 1:09 pm

No, sure don't.....But I can live with it now.....no problems since last scan.......pretty damn happy about it

Thanks.....I knew there was something infecting the computer

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

Post by Superdave on Sun 22 Sep 2013, 9:43 am

If you don't have the OS disk you must have a recovery on a separate partition of your hard drive. Please follow the instructions here to run the Repair option. This will not affect your files or important data.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

Post by JonEJet on Sun 22 Sep 2013, 9:59 am

That did it my man!!! Awesome

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

Post by Superdave on Sun 22 Sep 2013, 10:42 am

Well, that is good news. Let's do some cleanup.

To uninstall ComboFix


  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall




(Note: Make sure there's a space between the word ComboFix and the forward-slash.)


  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

********************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
*****************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
*******************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

Post by JonEJet on Sun 22 Sep 2013, 12:35 pm

You guys are the best.....thanks again

JonEJet

Senior Surfer
Senior Surfer

Posts : 210
Joined : 2009-07-17
Operating System : XP

View user profile

Back to top Go down

Re: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

Post by Superdave on Sun 22 Sep 2013, 12:42 pm

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Something going on.........'cmx;v'cmx;v :V'cmx;v SEE...Lol

Post by Sponsored content Today at 12:45 pm


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum