Windows 7 shared PC

[amachell]

Hi Shared PC seems a bit infected with various stuff. Can anyone help?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:17:12, on 19/08/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_30 0_271.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_30 0_271.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Steam] "E:\Games\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [pqhdasjnkntjvcc] C:\ProgramData\pqhdasjn.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: p0j99p.exe.lnk = C:\Windows\System32\rundll32.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService. exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8283 bytes

[Jintan]

Hello again amachell,

Yes, you have a malware startup showing here. Let's get a more detailed look.

Right off see if you can access Safe Mode, where the malware is less active. At startup tap the F8 key about once per half-second, then select Safe Mode with Networking from the menu that will appear.



The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.

• Double click the aswMBR.exe icon to run it
• If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
• If avast! antivirus is already installed, just do the next step.
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

A lot, but comprehensive, and will make sure we get a good view of everything.

[amachell]

Whoops, double post. See below

[amachell]

Hi Jintan. Thanks for the help again

I ran a few malware programs since posting and your reply including avast!, so some of my machine may have been cleaned up. I've just followed your instructions and here are the results:

OTL:
OTL logfile created on: 21/08/2012 18:20:21 - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Alex\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.47 Gb Available Physical Memory | 80.83% Memory free
16.00 Gb Paging File | 14.51 Gb Available in Paging File | 90.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.73 Gb Total Space | 77.07 Gb Free Space | 33.11% Space Free | Partition Type: NTFS
Drive E: | 232.83 Gb Total Space | 139.44 Gb Free Space | 59.89% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/21 18:19:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2012/07/18 18:21:28 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/18 18:21:23 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/01/26 23:55:38 | 000,203,776 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/15 00:46:45 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService. exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/02 13:27:13 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/18 18:21:28 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/01/09 19:37:30 | 000,066,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/16 11:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Stopped] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/07/20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 16:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/05/20 21:48:16 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 00:37:22 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/01/26 23:13:34 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/07/06 04:13:12 | 000,280,344 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtenic64.sys -- (RTLE8023x64)
DRV:64bit: - [2010/06/23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/05/07 17:55:48 | 000,020,056 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dvmio.sys -- (DVMIO)
DRV:64bit: - [2010/04/27 10:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/27 10:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3806545296-3197327432-130616434-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3806545296-3197327432-130616434-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3806545296-3197327432-130616434-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E C2 43 A8 C2 56 CD 01 [binary data]
IE - HKU\S-1-5-21-3806545296-3197327432-130616434-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3806545296-3197327432-130616434-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3806545296-3197327432-130616434-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3806545296-3197327432-130616434-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo.co.uk"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23f cfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/28 15:26:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 18:21:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/10 20:22:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{47B4 DBC4-C46A-11E1-8270-B8AC6F996F26}: C:\Users\Alex\AppData\Local\{47B4DBC4-C46A-11E1-8270-B8AC6F996F26}\ [2012/07/02 18:21:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 18:21:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/10 20:22:20 | 000,000,000 | ---D | M]

[2011/01/09 13:12:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2012/05/02 20:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\7wap4 e1c.default\extensions
[2012/03/19 18:51:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/28 15:26:30 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/07/02 18:21:02 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\ALEX\APPDATA\LOCAL\{47B4DBC4-C46A-11E1-8270-B8AC6F996F26}
[2012/07/18 18:21:29 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/10 20:22:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/26 17:59:45 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/26 17:59:45 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/26 17:59:45 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/26 17:59:47 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/04/26 17:59:45 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1 .2.145_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O4:64bit: - HKLM..\Run: [ExpressGateBIOSSwitch] C:\ASUS.SYS\config\EGSwitch.exe (DeviceVM, Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3806545296-3197327432-130616434-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3806545296-3197327432-130616434-1000..\Run: [Steam] E:\Games\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Expl orer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Expl orer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Syst em: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Syst em: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F5D27 FA-DA3F-4781-9C26-FF634DFAB34D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B34DB E8-21BC-48D3-93C0-4D215FBD0D5D}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/21 18:19:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2012/08/21 18:16:08 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/20 18:22:54 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Google
[2012/08/20 18:22:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/08/20 18:22:42 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/20 18:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/08/20 18:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/20 17:33:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012/08/20 17:33:18 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\Anti-Malware
[2012/08/19 17:45:55 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\ElevatedDiagnostics
[2012/08/19 13:11:53 | 000,000,000 | ---D | C] -- C:\ProgramData\qdxlofpfkakwmej
[2012/08/16 20:30:45 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\Activision
[2012/08/15 01:09:33 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/15 01:09:31 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/15 01:09:31 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/15 01:09:31 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/15 01:09:30 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/15 01:09:30 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/08/15 01:09:29 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 01:09:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/15 01:09:28 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/15 01:09:28 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/15 01:09:16 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/08/15 01:09:16 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/15 01:09:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/15 01:09:16 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/15 01:09:16 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/15 01:09:15 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/15 01:09:15 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/15 01:09:12 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/14 18:22:59 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/08/03 17:30:25 | 000,108,144 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll
[2012/07/29 16:17:46 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\jvbsevwe

========== Files - Modified Within 30 Days ==========

[2012/08/21 18:19:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2012/08/21 18:17:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/21 18:17:14 | 2146,738,175 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/21 18:16:13 | 000,000,342 | -H-- | M] () -- C:\dvmexp.idx
[2012/08/21 18:13:48 | 000,015,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/21 18:13:48 | 000,015,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/21 17:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/20 18:26:14 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/20 18:22:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/19 13:11:54 | 000,000,051 | ---- | M] () -- C:\ProgramData\tzrmbarasjzxplx
[2012/08/19 10:25:09 | 000,000,045 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\msconfig.ini
[2012/08/17 12:46:49 | 002,044,397 | ---- | M] () -- C:\Users\Alex\Desktop\IMG_0745.JPG
[2012/08/15 03:20:07 | 000,279,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/15 00:46:45 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/15 00:46:45 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/10 21:19:28 | 000,729,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/10 21:19:28 | 000,630,542 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/10 21:19:28 | 000,111,626 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/06 21:56:23 | 000,027,824 | ---- | M] () -- C:\Users\Alex\Desktop\4958838_700b.jpg
[2012/08/03 17:30:25 | 000,108,144 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll

========== Files Created - No Company Name ==========

[2012/08/20 18:26:14 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/20 18:22:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/08/19 13:11:48 | 000,000,051 | ---- | C] () -- C:\ProgramData\tzrmbarasjzxplx
[2012/08/17 17:32:51 | 002,044,397 | ---- | C] () -- C:\Users\Alex\Desktop\IMG_0745.JPG
[2012/08/15 18:07:55 | 000,000,045 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\msconfig.ini
[2012/08/06 21:56:21 | 000,027,824 | ---- | C] () -- C:\Users\Alex\Desktop\4958838_700b.jpg
[2012/07/02 18:21:41 | 000,001,696 | ---- | C] () -- C:\Users\Alex\AppData\Local\{35aa94ce-592f-2077-b2f1-650dd50a4d5b}\U\00000001.@
[2012/06/30 14:17:09 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012/01/11 21:28:59 | 000,002,048 | -HS- | C] () -- C:\Users\Alex\AppData\Local\{35aa94ce-592f-2077-b2f1-650dd50a4d5b}\@
[2011/10/30 16:09:03 | 000,016,258 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/05/20 21:43:36 | 000,000,976 | ---- | C] () -- C:\Windows\eReg.dat
[2011/03/29 20:08:13 | 000,000,151 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\default.rss
[2011/01/09 21:45:27 | 000,000,313 | ---- | C] () -- C:\Windows\doom3.ini
[2011/01/09 19:37:31 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/01/09 19:37:30 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/01/09 19:37:28 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/01/09 18:28:50 | 000,735,282 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/03 17:46:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/01/03 17:32:09 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/01/03 17:32:09 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/01/03 17:32:06 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/01/03 17:32:06 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/01/03 17:29:17 | 000,039,365 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/01/03 17:22:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/01/03 17:22:21 | 000,030,207 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/12/21 03:27:22 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

< End of report >

Extras:
OTL Extras logfile created on: 21/08/2012 18:20:21 - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Alex\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.47 Gb Available Physical Memory | 80.83% Memory free
16.00 Gb Paging File | 14.51 Gb Available in Paging File | 90.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.73 Gb Total Space | 77.07 Gb Free Space | 33.11% Space Free | Partition Type: NTFS
Drive E: | 232.83 Gb Total Space | 139.44 Gb Free Space | 59.89% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3806545296-3197327432-130616434-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedA ccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedA ccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedA ccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedA ccess\Parameters\FirewallPolicy\FirewallRules]
"{1271CB65-C8DB-4C02-853A-51D4221BB5B9}" = rport=139 | protocol=6 | dir=out | app=system |
"{1464561B-B8F7-4571-AAB1-C4C7991BB908}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{192AA370-6F2C-44A0-9195-B47ABA513C71}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1DC74DEC-5FBD-4888-AB50-BF417382EC06}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{246D3ABD-7E56-48B0-A76A-BC2CE31BC537}" = lport=445 | protocol=6 | dir=in | app=system |
"{25B0C3ED-8F7A-4BB3-A6CC-B3F3E1D8097B}" = rport=138 | protocol=17 | dir=out | app=system |
"{2EA184CB-D040-43E2-91AF-326F12AAA7E8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{42F1818F-854F-4BE4-8E35-9F61AF5BF774}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A5D3B74-FB34-4F40-AAB0-F2237075EA00}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4D48DCE2-C286-47CF-ADB7-4D4CFDB6C0AC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D581DA4-D16B-4522-A3FD-39B2636A92B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{51E80BF6-0362-4D66-BB0A-B8F12A9F3C8A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5A43D0AA-E8D8-4064-A6FD-FFD8BCB1A430}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5AC85A69-0866-4DCD-BC09-E839F3526A85}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5D472166-B4E3-4370-8B04-410FE7107E39}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{61AE5939-1EF4-44F8-9B45-CC26D8C73ACB}" = lport=139 | protocol=6 | dir=in | app=system |
"{61F8E345-AD1B-4CF9-964B-C4FAC7239A92}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6865A29B-514F-4425-A2D9-3B6241F3DA63}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6AD26056-E4D7-48B6-9FEC-6FF5D8DD69C2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7DDAE098-2210-4900-AFAD-66BFE9ADFFE0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7F6BBB74-257D-48B6-969D-F3DA78D3176C}" = lport=137 | protocol=17 | dir=in | app=system |
"{847FA781-D4DA-4C23-A359-F11C65E60AB8}" = rport=137 | protocol=17 | dir=out | app=system |
"{891C8F29-34C7-4AD8-B21E-E76BC8002E35}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C9D2CB5-D2D4-4434-89E9-69DE9899B492}" = lport=138 | protocol=17 | dir=in | app=system |
"{A3A0B333-7766-47E7-A0C4-D65752529AE9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AB75B7DA-8053-4456-B3C7-57B629C9A68B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B27A6A02-3585-4E07-B7E2-69DAF82534B8}" = rport=445 | protocol=6 | dir=out | app=system |
"{B38D3573-04D9-4627-B212-AA6B9F040F0A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BD2467EC-02B6-47BB-9212-96A89A7CF982}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BE7E59BE-46AB-41E7-9C4B-300DD1A0DD42}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E413BC6D-62D3-4596-A995-694148E0FC55}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E90188B0-6321-4457-87CA-E370BEBF01D3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF3BC58B-5914-4865-89B1-6790A4D0B124}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedA ccess\Parameters\FirewallPolicy\FirewallRules]
"{07667969-7AF2-4DB6-9D76-12CCC691E086}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{0A5DD9C0-7487-4CD2-B356-B96CE7EFC47F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0FC5668A-6D7F-4B29-9AC7-34AFD79B12FD}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{1A4F929F-66B0-4C4B-8875-AD86827E2EEF}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{1B66EAE4-AA50-4074-881B-3719D4E71193}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1C486D7B-EF1A-4B02-9C90-FA23D5DBCA60}" = protocol=17 | dir=in | app=e:\games\starcraft ii\starcraft ii.exe |
"{2085E695-9D56-4B24-96D4-EC19552996DD}" = protocol=6 | dir=in | app=e:\games\bfme\game.dat |
"{2653BDE7-4F30-4EAE-B0A5-73F3070F9DAC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{39689409-29BF-4327-B687-BED774BC8A99}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{3A0BBC87-0218-4C9A-9840-6B967E7D2F93}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{40B1B18D-EB6B-48A4-9634-891A9401C926}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\call of duty black ops\blackops.exe |
"{46AA3E2B-57FB-44CC-848F-287DF39DC968}" = protocol=17 | dir=in | app=e:\games\gearsofwar\binaries\wargame-g4wlive.exe |
"{4C4FADA9-3C1E-4D58-B253-74DEB8240D7D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4F0569DF-6A37-453A-8D91-1DAE89C96FDE}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{5948BE6E-187A-436F-A905-97B6B53F4EFB}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{5BF21784-00C5-4DD7-82C3-A867A8047DBD}" = protocol=6 | dir=in | app=e:\games\strongholdlegends\strongholdlegends.exe |
"{5D0456E7-FA57-43A3-90DB-876EA9D506F7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5E8DCC98-12FE-4BAF-8259-31754EA17F54}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{64916D35-1863-4640-8CF4-43169035D730}" = protocol=17 | dir=in | app=e:\games\strongholdlegends\strongholdlegends.exe |
"{6708E34C-8575-4F05-9493-A8941288092D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6B428C1E-31E6-47EA-9ED5-2C42411BB211}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E13EEE3-F5D9-4D10-8666-287AE4086306}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{74328A11-F24A-4C08-BDBE-E55828BA5EF1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{76445D73-BD32-46E4-A286-C9C11EF749A4}" = protocol=6 | dir=in | app=e:\games\gearsofwar\binaries\wargame-g4wlive.exe |
"{77AA7A03-7E6D-4CBF-9FA0-A005751AAD4F}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{86DA2C59-C7D4-428A-B13F-3F8A07625EF4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{889EA53E-8BD1-45D8-85F7-1149B2407995}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{8AECDB3A-E92F-4362-B045-AD6F4C832CA8}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{8C6EB3F2-E987-4220-970F-495F6C629CA5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8DF5603F-EB61-463D-91B1-DA7032555D43}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8E3CBD95-0CFD-4C0E-AF1C-8BB6A9D3E461}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8EE77012-FAE2-45E8-AE3D-1C6502AAE018}" = protocol=6 | dir=in | app=e:\games\starcraft ii\starcraft ii.exe |
"{8EFC4E68-D3F7-4975-9E70-10EE8E25CDD0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8F8DF877-5860-43A1-95CE-113267D80CE5}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\call of duty black ops\blackops.exe |
"{9252F875-0DC7-4961-A615-4A604D7C8D53}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{92F673B3-EB47-4F4E-8486-80C93D5FBBBF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9404CEC6-A1FF-4405-AF4E-CF8AAF5DEC93}" = protocol=6 | dir=out | app=system |
"{972B381F-6A68-44E8-B373-3E827CC14809}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9E306FE5-FBA7-46CE-8A4C-E81B246C519C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A5294F30-F049-4617-8B79-1840EF610741}" = protocol=17 | dir=in | app=e:\games\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{AED98A36-AF63-4E6B-BC1B-1AE7A774A2D8}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{BBE25658-7A80-41C9-90AA-62B841E7AF97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BD83DD5B-94DF-4B93-8107-B31CF0D3E587}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{C3537424-FE80-4AB6-9A00-00E0E2EBA7CC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D7F34BB7-34B8-426B-AB4D-00F9D6C5301D}" = protocol=6 | dir=in | app=e:\games\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{DD9828AB-56CD-495A-97AA-B97CA0553E3A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E5C3A471-7CA8-4C64-89C0-21DFD9460538}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E923A51C-B18E-450A-9968-7ADAA3DFFAFC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E9E85847-E8E4-43CD-BB4C-7C96C2C00611}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{EBCDE28D-07B8-443D-BBEE-2CCC408B4BC8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC35C972-D9DA-4675-9B76-9D9101B29AAD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EF68D565-E80D-48EB-A193-3020E61B0636}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F0C96F4A-45FC-4278-9B7F-071CA4EE4AAB}" = protocol=17 | dir=in | app=e:\games\bfme\game.dat |
"{F2EC96A8-CCB9-492D-B25B-B89C1D89BF6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{3CECE942-791B-4194-B51B-7B4D4085FD2B}C:\users\alex\downloads\starcraft_2_eu_en-gb.exe" = protocol=6 | dir=in | app=c:\users\alex\downloads\starcraft_2_eu_en-gb.exe |
"TCP Query User{5B02F067-F05D-4F2E-A644-439AED7078C9}E:\games\crysis wars\bin32\crysis.exe" = protocol=6 | dir=in | app=e:\games\crysis wars\bin32\crysis.exe |
"TCP Query User{5FE08846-859F-4E1C-A984-C5BE07CCEEAB}E:\games\c&c generals\zerohour\game.dat" = protocol=6 | dir=in | app=e:\games\c&c generals\zerohour\game.dat |
"TCP Query User{71F19E08-3DD6-4BB9-A7C6-E71DB0EA9C89}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{87D9AF99-1DBE-4B7A-9FF0-92E5C9C382CB}E:\games\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=e:\games\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{910D5215-5789-4B9B-AF20-9A2B2D499850}E:\games\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=e:\games\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{A00B2BA7-AC5C-4FF3-AA07-76713DEF938A}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{A793A662-FA6F-45F2-B8B0-3DD39D6ED0EC}E:\games\aoe3\empires2.icd" = protocol=6 | dir=in | app=e:\games\aoe3\empires2.icd |
"TCP Query User{C522637A-8A14-4D2A-96B5-5A1EB6E94FCC}E:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=e:\games\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{032D10D1-58EF-4A95-8C1D-DB8A2B610FEF}E:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=e:\games\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{1DBA1B9B-890F-40E3-B7D3-08059B87F715}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{4007D0E6-3103-44A1-AF24-51BE970CB022}E:\games\aoe3\empires2.icd" = protocol=17 | dir=in | app=e:\games\aoe3\empires2.icd |
"UDP Query User{65C5E549-983C-47AF-ABFF-CAEF4A91920A}C:\users\alex\downloads\starcraft_2_eu_en-gb.exe" = protocol=17 | dir=in | app=c:\users\alex\downloads\starcraft_2_eu_en-gb.exe |
"UDP Query User{B14BCE50-C4F6-4844-AA90-00E11CC5840F}E:\games\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=e:\games\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{C921FCA5-C3C0-40D6-A547-EABE54D3F5A8}E:\games\c&c generals\zerohour\game.dat" = protocol=17 | dir=in | app=e:\games\c&c generals\zerohour\game.dat |
"UDP Query User{DCAD5BA9-AAD8-4659-A178-06BCED26E478}E:\games\crysis wars\bin32\crysis.exe" = protocol=17 | dir=in | app=e:\games\crysis wars\bin32\crysis.exe |
"UDP Query User{DE1A52CA-9DA5-4808-BFEE-1CDCC0DD529D}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{EF70D025-9456-4C58-8D85-5912EA965662}E:\games\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=e:\games\starcraft ii\versions\base21029\sc2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{38B4F79A-CC5F-96DF-0AFC-682FC2692BA5}" = ccc-utility64
"{49C81962-DCD2-8746-FC64-19A541B48113}" = ATI Catalyst Install Manager
"{4FEDA15F-C426-5241-0794-FDC432C67710}" = AMD Drag and Drop Transcoding
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{ABCF7983-3860-318E-EB24-E89E8AEC1967}" = ATI AVIVO64 Codecs
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall]
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DDEC3B9-5C3A-B46E-2F8F-6A83079D77D6}" = ccc-core-static
"{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"{11F04D55-8EC5-66FD-DF7E-20CAC68812C6}" = CCC Help English
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26809808-FA2D-1C8E-C52B-3D493C403C17}" = CCC Help Japanese
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AA4F3AA-2CDD-42F1-3EFA-08A915915638}" = Catalyst Control Center Graphics Previews Common
"{2D854C57-2C5E-A0D5-E59B-3E7B5E1411CD}" = CCC Help Norwegian
"{304A0462-1905-F55F-182A-B2A2A8593110}" = CCC Help Chinese Standard
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{379DE402-807D-4F46-D47B-FD5275B07EF4}" = CCC Help Italian
"{381DF9C7-494F-85C2-4F94-D6BAA5F1CB0B}" = CCC Help Chinese Traditional
"{3E63E473-B8E2-4340-AD77-46AC3BA7D6B6}" = Catalyst Control Center - Branding
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = The Battle for Middle-earth (tm)
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B413494-28A6-11C0-7012-715E2E578A1B}" = CCC Help Spanish
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DC7539C-56B5-CCBE-8A1E-6A108E71889C}" = Catalyst Control Center InstallProxy
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C1EAF33-82AD-4A63-B56D-4739172714DF}" = Lords of the Realm III
"{804519C9-0CEE-A1CC-D4E2-DFEBEACBCB29}" = Catalyst Control Center Graphics Previews Vista
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B083CEAD-4E0E-0E56-7D69-01DBB8A456FB}" = CCC Help Danish
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B22C231D-F642-7B0E-D112-C5871C2FD8C5}" = CCC Help German
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B7AF2E06-E8A5-CC9E-ED58-9D7A63BFF7BC}" = CCC Help French
"{BCFF5DE4-0B38-6034-6F86-3C3596F195F9}" = CCC Help Dutch
"{BFF8B634-D083-99A1-813B-126B3497B318}" = CCC Help Finnish
"{C548A5B3-A90C-B87A-018A-5E84B9830F87}" = Catalyst Control Center Localization All
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{ce2eba2e-cb90-4342-9a33-c13cb6ac510c}" = Nero 9 Essentials
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1A019FE-6196-D19B-C40F-E1C02E18B46D}" = CCC Help Swedish
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F8AE2978-3A1B-0542-C3FE-8941F3C016C2}" = HydraVision
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.0.0
"Age of Empires 2.0" = Microsoft Age of Empires II
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX Setup
"DOSBox 0.74 Installer" = DOSBox 0.74 Installer 0.74
"Dungeon Keeper II" = Dungeon Keeper 2
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"Lords of the Realm II" = Lords of the Realm II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 en-GB)" = Mozilla Firefox 14.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenTTD" = OpenTTD 1.2.1
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 550" = Left 4 Dead 2
"VLC media player" = VLC media player 1.1.9
"Warcraft III" = Warcraft III
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13/08/2012 21:51:40 | Computer Name = Alex-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 13/08/2012 21:51:40 | Computer Name = Alex-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11076

Error - 13/08/2012 21:51:40 | Computer Name = Alex-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11076

Error - 18/08/2012 11:20:31 | Computer Name = Alex-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 14.0.1.4577 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: f28 Start
Time: 01cd7d215efe65ce Termination Time: 39 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 3bdb5912-e948-11e1-8429-bcaec586bb6e

Error - 19/08/2012 19:06:02 | Computer Name = Alex-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.

System
Error: A system shutdown is in progress. .

Error - 20/08/2012 12:44:23 | Computer Name = Alex-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerPlugin_11_3_300_271.exe, version:
11.3.300.271, time stamp: 0x5026ffac Faulting module name: unknown, version: 0.0.0.0,
time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting
process id: 0x414 Faulting application start time: 0x01cd7ef01f5e527f Faulting application
path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_30 0_271.exe Faulting
module path: unknown Report Id: 4b9f0821-eae6-11e1-aa0c-bcaec586bb6e

Error - 20/08/2012 13:22:13 | Computer Name = Alex-PC | Source = System Restore | ID = 8193
Description =

Error - 20/08/2012 13:22:42 | Computer Name = Alex-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\AVAST Software\Avast\asOutExt64.dll".
Dependent
Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyTo ken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 20/08/2012 16:51:47 | Computer Name = Alex-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.

System
Error: A system shutdown is in progress. .

Error - 21/08/2012 13:18:55 | Computer Name = Alex-PC | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 21/08/2012 13:17:44 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 21/08/2012 13:17:45 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 21/08/2012 13:19:34 | Computer Name = Alex-PC | Source = DCOM | ID = 10005
Description =

Error - 21/08/2012 13:19:34 | Computer Name = Alex-PC | Source = DCOM | ID = 10005
Description =

Error - 21/08/2012 13:19:40 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 21/08/2012 13:19:40 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 21/08/2012 13:19:40 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 21/08/2012 13:24:40 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 21/08/2012 13:24:40 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 21/08/2012 13:24:40 | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >
-------------------------------------------------------------------------------------------------

GMER did not find anything, so there is no logfile

-------------------------------------------------------------------------------------------------

ASWMBR:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-21 18:43:26
-----------------------------
18:43:26.090 OS Version: Windows x64 6.1.7601 Service Pack 1
18:43:26.090 Number of processors: 2 586 0x170A
18:43:26.090 ComputerName: ALEX-PC UserName: Alex
18:43:26.605 Initialize success
18:47:38.172 AVAST engine defs: 12082100
18:49:05.844 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
18:49:05.844 Disk 0 Vendor: ST3250620NS ____3BKS Size: 238418MB BusType: 3
18:49:05.844 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-5
18:49:05.844 Disk 1 Vendor: WDC_WD2500YS-18SHB2 20.06C07 Size: 238418MB BusType: 3
18:49:05.844 Disk 0 MBR read successfully
18:49:05.860 Disk 0 MBR scan
18:49:05.860 Disk 0 Windows 7 default MBR code
18:49:05.860 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:49:05.876 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238316 MB offset 206848
18:49:05.891 Disk 0 scanning C:\Windows\system32\drivers
18:49:13.816 Service scanning
18:49:21.289 Service MSICDSetup D:\CDriver64.sys **LOCKED** 21
18:49:29.837 Modules scanning
18:49:29.837 Disk 0 trace - called modules:
18:49:29.853 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
18:49:29.853 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007650060]
18:49:29.853 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa800742a520]
18:49:29.869 5 ACPI.sys[fffff88000f957a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8007170060]
18:49:30.711 AVAST engine scan C:\Windows
18:49:32.489 AVAST engine scan C:\Windows\system32
18:51:39.564 AVAST engine scan C:\Windows\system32\drivers
18:51:48.784 AVAST engine scan C:\Users\Alex
18:52:37.774 File: C:\Users\Alex\AppData\Local\{35aa94ce-592f-2077-b2f1-650dd50a4d5b}\U\00000001.@ **INFECTED** Win32:Malware-gen
18:56:14.094 AVAST engine scan C:\ProgramData
18:58:48.987 Scan finished successfully
18:59:29.551 Disk 0 MBR has been saved successfully to "C:\Users\Alex\Desktop\MBR.dat"
18:59:29.551 The log file has been saved successfully to "C:\Users\Alex\Desktop\aswMBR.txt"


Danke!

[Jintan]

ZAccess bootkit/rootkit infection showing. I assume you made some changes, as that malware startup seems missing now. Also the logs show parts of Avast there, as well as Security Essentials, which is a problem in itself - they may have been corrupting each other. For now, the malware needs to be addressed first.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Click here and download Kaspersky's TDSSKiller to your desktop, but as you download it, rename it to larry.com then click that file to run TDSSKiller.

In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot (Reboot Now) if requested.
When the scan completes it will create a log file on your C drive.

Similar in name to this:

C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt

Your copy will be different - some of those numbers will reflect the date/time it was just run by you there.

Copy/paste those contents back here please. If it does locate malware, but does not prompt for a reboot, go ahead and do reboot.

[amachell]

No threats found


18:03:32.0895 1960 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
18:03:33.0035 1960 ============================================================
18:03:33.0035 1960 Current date / time: 2012/08/22 18:03:33.0035
18:03:33.0035 1960 SystemInfo:
18:03:33.0035 1960
18:03:33.0035 1960 OS Version: 6.1.7601 ServicePack: 1.0
18:03:33.0035 1960 Product type: Workstation
18:03:33.0035 1960 ComputerName: ALEX-PC
18:03:33.0035 1960 UserName: Alex
18:03:33.0035 1960 Windows directory: C:\Windows
18:03:33.0035 1960 System windows directory: C:\Windows
18:03:33.0035 1960 Running under WOW64
18:03:33.0035 1960 Processor architecture: Intel x64
18:03:33.0035 1960 Number of processors: 2
18:03:33.0035 1960 Page size: 0x1000
18:03:33.0035 1960 Boot type: Safe boot with network
18:03:33.0035 1960 ============================================================
18:03:34.0876 1960 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x1C027, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
18:03:34.0892 1960 Drive \Device\Harddisk1\DR1 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:03:34.0892 1960 ============================================================
18:03:34.0892 1960 \Device\Harddisk0\DR0:
18:03:34.0892 1960 MBR partitions:
18:03:34.0892 1960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:03:34.0892 1960 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D176000
18:03:34.0892 1960 \Device\Harddisk1\DR1:
18:03:34.0892 1960 MBR partitions:
18:03:34.0892 1960 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1A8000
18:03:34.0892 1960 ============================================================
18:03:34.0907 1960 C: <-> \Device\Harddisk0\DR0\Partition2
18:03:34.0923 1960 E: <-> \Device\Harddisk1\DR1\Partition1
18:03:34.0923 1960 ============================================================
18:03:34.0923 1960 Initialize success
18:03:34.0923 1960 ============================================================
18:03:47.0777 1684 ============================================================
18:03:47.0777 1684 Scan started
18:03:47.0777 1684 Mode: Manual;
18:03:47.0777 1684 ============================================================
18:03:48.0682 1684 ================ Scan system memory ========================
18:03:48.0682 1684 System memory - ok
18:03:48.0682 1684 ================ Scan services =============================
18:03:48.0807 1684 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:03:48.0822 1684 1394ohci - ok
18:03:48.0869 1684 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:03:48.0869 1684 ACPI - ok
18:03:48.0885 1684 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:03:48.0885 1684 AcpiPmi - ok
18:03:48.0978 1684 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService. exe
18:03:48.0994 1684 AdobeFlashPlayerUpdateSvc - ok
18:03:49.0025 1684 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:03:49.0025 1684 adp94xx - ok
18:03:49.0041 1684 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:03:49.0056 1684 adpahci - ok
18:03:49.0072 1684 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:03:49.0072 1684 adpu320 - ok
18:03:49.0103 1684 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:03:49.0103 1684 AeLookupSvc - ok
18:03:49.0134 1684 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:03:49.0166 1684 AFD - ok
18:03:49.0197 1684 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:03:49.0197 1684 agp440 - ok
18:03:49.0197 1684 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:03:49.0212 1684 ALG - ok
18:03:49.0244 1684 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:03:49.0244 1684 aliide - ok
18:03:49.0275 1684 [ 5EBA5E837D6635AEA999BAE47E186C6F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:03:49.0275 1684 AMD External Events Utility - ok
18:03:49.0290 1684 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:03:49.0290 1684 amdide - ok
18:03:49.0306 1684 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:03:49.0306 1684 AmdK8 - ok
18:03:49.0493 1684 [ DCC8177244FE79C61C4E73C65E63922A ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:03:49.0618 1684 amdkmdag - ok
18:03:49.0649 1684 [ 7FE67D107329DC2CF89136A8E19BCEB7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:03:49.0649 1684 amdkmdap - ok
18:03:49.0665 1684 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:03:49.0665 1684 AmdPPM - ok
18:03:49.0696 1684 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:03:49.0696 1684 amdsata - ok
18:03:49.0712 1684 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:03:49.0712 1684 amdsbs - ok
18:03:49.0727 1684 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:03:49.0727 1684 amdxata - ok
18:03:49.0774 1684 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:03:49.0774 1684 AppID - ok
18:03:49.0805 1684 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:03:49.0805 1684 AppIDSvc - ok
18:03:49.0836 1684 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:03:49.0852 1684 Appinfo - ok
18:03:49.0930 1684 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:03:49.0930 1684 Apple Mobile Device - ok
18:03:49.0961 1684 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
18:03:49.0961 1684 AppMgmt - ok
18:03:49.0992 1684 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:03:49.0992 1684 arc - ok
18:03:50.0008 1684 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:03:50.0008 1684 arcsas - ok
18:03:50.0039 1684 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
18:03:50.0039 1684 AsIO - ok
18:03:50.0070 1684 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:03:50.0070 1684 AsyncMac - ok
18:03:50.0102 1684 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:03:50.0102 1684 atapi - ok
18:03:50.0180 1684 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:03:50.0195 1684 AudioEndpointBuilder - ok
18:03:50.0195 1684 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:03:50.0211 1684 AudioSrv - ok
18:03:50.0242 1684 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:03:50.0242 1684 AxInstSV - ok
18:03:50.0273 1684 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:03:50.0273 1684 b06bdrv - ok
18:03:50.0304 1684 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:03:50.0304 1684 b57nd60a - ok
18:03:50.0351 1684 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
18:03:50.0382 1684 BCM43XX - ok
18:03:50.0414 1684 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:03:50.0414 1684 BDESVC - ok
18:03:50.0429 1684 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:03:50.0429 1684 Beep - ok
18:03:50.0460 1684 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:03:50.0476 1684 BFE - ok
18:03:50.0492 1684 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:03:50.0507 1684 BITS - ok
18:03:50.0538 1684 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:03:50.0538 1684 blbdrive - ok
18:03:50.0601 1684 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:03:50.0601 1684 Bonjour Service - ok
18:03:50.0632 1684 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:03:50.0632 1684 bowser - ok
18:03:50.0663 1684 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:03:50.0663 1684 BrFiltLo - ok
18:03:50.0663 1684 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:03:50.0663 1684 BrFiltUp - ok
18:03:50.0710 1684 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:03:50.0710 1684 Browser - ok
18:03:50.0726 1684 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:03:50.0726 1684 Brserid - ok
18:03:50.0726 1684 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:03:50.0726 1684 BrSerWdm - ok
18:03:50.0741 1684 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:03:50.0741 1684 BrUsbMdm - ok
18:03:50.0741 1684 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:03:50.0757 1684 BrUsbSer - ok
18:03:50.0772 1684 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:03:50.0772 1684 BTHMODEM - ok
18:03:50.0788 1684 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:03:50.0788 1684 bthserv - ok
18:03:50.0804 1684 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:03:50.0804 1684 cdfs - ok
18:03:50.0850 1684 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:03:50.0850 1684 cdrom - ok
18:03:50.0897 1684 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:03:50.0897 1684 CertPropSvc - ok
18:03:50.0897 1684 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:03:50.0897 1684 circlass - ok
18:03:50.0928 1684 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:03:50.0928 1684 CLFS - ok
18:03:50.0975 1684 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:03:50.0975 1684 clr_optimization_v2.0.50727_32 - ok
18:03:51.0006 1684 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:03:51.0006 1684 clr_optimization_v2.0.50727_64 - ok
18:03:51.0084 1684 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:03:51.0116 1684 clr_optimization_v4.0.30319_32 - ok
18:03:51.0147 1684 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:03:51.0147 1684 clr_optimization_v4.0.30319_64 - ok
18:03:51.0162 1684 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:03:51.0162 1684 CmBatt - ok
18:03:51.0178 1684 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:03:51.0178 1684 cmdide - ok
18:03:51.0225 1684 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:03:51.0225 1684 CNG - ok
18:03:51.0240 1684 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:03:51.0240 1684 Compbatt - ok
18:03:51.0256 1684 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:03:51.0256 1684 CompositeBus - ok
18:03:51.0272 1684 COMSysApp - ok
18:03:51.0287 1684 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:03:51.0287 1684 crcdisk - ok
18:03:51.0334 1684 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:03:51.0334 1684 CryptSvc - ok
18:03:51.0365 1684 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
18:03:51.0381 1684 CSC - ok
18:03:51.0396 1684 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
18:03:51.0396 1684 CscService - ok
18:03:51.0459 1684 [ A5D3D53178394CC7A8A26BB532575B59 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
18:03:51.0459 1684 dc3d - ok
18:03:51.0506 1684 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:03:51.0506 1684 DcomLaunch - ok
18:03:51.0537 1684 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:03:51.0552 1684 defragsvc - ok
18:03:51.0584 1684 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:03:51.0584 1684 DfsC - ok
18:03:51.0599 1684 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:03:51.0615 1684 Dhcp - ok
18:03:51.0630 1684 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:03:51.0646 1684 discache - ok
18:03:51.0662 1684 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:03:51.0662 1684 Disk - ok
18:03:51.0693 1684 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:03:51.0708 1684 Dnscache - ok
18:03:51.0724 1684 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:03:51.0740 1684 dot3svc - ok
18:03:51.0771 1684 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:03:51.0771 1684 DPS - ok
18:03:51.0802 1684 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:03:51.0802 1684 drmkaud - ok
18:03:51.0833 1684 [ FB9BEF3401EE5ECC2603311B9C64F44A ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:03:51.0833 1684 dtsoftbus01 - ok
18:03:51.0880 1684 [ A298AEA9FCA253E7EFF040A08C7C6376 ] DVMIO C:\Windows\system32\DRIVERS\dvmio.sys
18:03:51.0880 1684 DVMIO - ok
18:03:51.0927 1684 [ E5B95C75557120881076C45CD146D72C ] DvmMDES C:\ASUS.SYS\config\DVMExportService.exe
18:03:51.0927 1684 DvmMDES - ok
18:03:51.0989 1684 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:03:51.0989 1684 DXGKrnl - ok
18:03:52.0020 1684 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:03:52.0020 1684 EapHost - ok
18:03:52.0098 1684 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:03:52.0161 1684 ebdrv - ok
18:03:52.0192 1684 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:03:52.0192 1684 EFS - ok
18:03:52.0223 1684 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:03:52.0239 1684 ehRecvr - ok
18:03:52.0270 1684 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:03:52.0270 1684 ehSched - ok
18:03:52.0286 1684 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:03:52.0301 1684 elxstor - ok
18:03:52.0332 1684 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:03:52.0332 1684 ErrDev - ok
18:03:52.0364 1684 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:03:52.0364 1684 EventSystem - ok
18:03:52.0379 1684 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:03:52.0379 1684 exfat - ok
18:03:52.0395 1684 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:03:52.0395 1684 fastfat - ok
18:03:52.0442 1684 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:03:52.0442 1684 Fax - ok
18:03:52.0457 1684 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:03:52.0457 1684 fdc - ok
18:03:52.0473 1684 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:03:52.0488 1684 fdPHost - ok
18:03:52.0488 1684 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:03:52.0488 1684 FDResPub - ok
18:03:52.0504 1684 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:03:52.0504 1684 FileInfo - ok
18:03:52.0520 1684 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:03:52.0520 1684 Filetrace - ok
18:03:52.0535 1684 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:03:52.0535 1684 flpydisk - ok
18:03:52.0535 1684 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:03:52.0551 1684 FltMgr - ok
18:03:52.0598 1684 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:03:52.0613 1684 FontCache - ok
18:03:52.0676 1684 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFo ntCache.exe
18:03:52.0676 1684 FontCache3.0.0.0 - ok
18:03:52.0676 1684 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:03:52.0676 1684 FsDepends - ok
18:03:52.0722 1684 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:03:52.0722 1684 Fs_Rec - ok
18:03:52.0769 1684 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:03:52.0769 1684 fvevol - ok
18:03:52.0785 1684 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:03:52.0785 1684 gagp30kx - ok
18:03:52.0816 1684 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:03:52.0816 1684 GEARAspiWDM - ok
18:03:52.0863 1684 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:03:52.0878 1684 gpsvc - ok
18:03:52.0894 1684 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:03:52.0894 1684 hcw85cir - ok
18:03:52.0941 1684 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:03:52.0941 1684 HdAudAddService - ok
18:03:52.0956 1684 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:03:52.0956 1684 HDAudBus - ok
18:03:52.0972 1684 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:03:52.0972 1684 HidBatt - ok
18:03:52.0988 1684 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:03:52.0988 1684 HidBth - ok
18:03:52.0988 1684 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:03:53.0003 1684 HidIr - ok
18:03:53.0019 1684 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:03:53.0019 1684 hidserv - ok
18:03:53.0034 1684 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:03:53.0034 1684 HidUsb - ok
18:03:53.0066 1684 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:03:53.0081 1684 hkmsvc - ok
18:03:53.0112 1684 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:03:53.0112 1684 HomeGroupListener - ok
18:03:53.0144 1684 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:03:53.0159 1684 HomeGroupProvider - ok
18:03:53.0175 1684 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:03:53.0175 1684 HpSAMD - ok
18:03:53.0222 1684 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:03:53.0222 1684 HTTP - ok
18:03:53.0268 1684 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:03:53.0268 1684 hwpolicy - ok
18:03:53.0300 1684 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:03:53.0315 1684 i8042prt - ok
18:03:53.0362 1684 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:03:53.0362 1684 iaStorV - ok
18:03:53.0424 1684 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:03:53.0424 1684 idsvc - ok
18:03:53.0456 1684 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:03:53.0456 1684 iirsp - ok
18:03:53.0471 1684 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:03:53.0487 1684 IKEEXT - ok
18:03:53.0565 1684 [ F5872A11EB4F6DB170D636CD4E53CA9F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:03:53.0596 1684 IntcAzAudAddService - ok
18:03:53.0627 1684 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:03:53.0643 1684 intelide - ok
18:03:53.0643 1684 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:03:53.0643 1684 intelppm - ok
18:03:53.0674 1684 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:03:53.0674 1684 IPBusEnum - ok
18:03:53.0721 1684 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:03:53.0721 1684 IpFilterDriver - ok
18:03:53.0752 1684 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:03:53.0768 1684 iphlpsvc - ok
18:03:53.0783 1684 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:03:53.0783 1684 IPMIDRV - ok
18:03:53.0799 1684 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:03:53.0799 1684 IPNAT - ok
18:03:53.0861 1684 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:03:53.0892 1684 iPod Service - ok
18:03:53.0908 1684 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:03:53.0908 1684 IRENUM - ok
18:03:53.0924 1684 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:03:53.0924 1684 isapnp - ok
18:03:53.0939 1684 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:03:53.0955 1684 iScsiPrt - ok
18:03:53.0970 1684 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:03:53.0970 1684 kbdclass - ok
18:03:53.0986 1684 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:03:53.0986 1684 kbdhid - ok
18:03:54.0002 1684 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:03:54.0002 1684 KeyIso - ok
18:03:54.0033 1684 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:03:54.0033 1684 KSecDD - ok
18:03:54.0064 1684 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:03:54.0064 1684 KSecPkg - ok
18:03:54.0095 1684 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:03:54.0095 1684 ksthunk - ok
18:03:54.0111 1684 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:03:54.0111 1684 KtmRm - ok
18:03:54.0158 1684 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:03:54.0173 1684 LanmanServer - ok
18:03:54.0204 1684 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:03:54.0204 1684 LanmanWorkstation - ok
18:03:54.0236 1684 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:03:54.0236 1684 lltdio - ok
18:03:54.0251 1684 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:03:54.0267 1684 lltdsvc - ok
18:03:54.0282 1684 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:03:54.0282 1684 lmhosts - ok
18:03:54.0298 1684 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:03:54.0298 1684 LSI_FC - ok
18:03:54.0314 1684 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:03:54.0329 1684 LSI_SAS - ok
18:03:54.0329 1684 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:03:54.0329 1684 LSI_SAS2 - ok
18:03:54.0345 1684 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:03:54.0345 1684 LSI_SCSI - ok
18:03:54.0360 1684 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:03:54.0360 1684 luafv - ok
18:03:54.0423 1684 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:03:54.0423 1684 MBAMProtector - ok
18:03:54.0501 1684 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:03:54.0516 1684 MBAMService - ok
18:03:54.0563 1684 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:03:54.0563 1684 Mcx2Svc - ok
18:03:54.0579 1684 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:03:54.0579 1684 megasas - ok
18:03:54.0594 1684 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:03:54.0594 1684 MegaSR - ok
18:03:54.0626 1684 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:03:54.0626 1684 MMCSS - ok
18:03:54.0641 1684 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:03:54.0641 1684 Modem - ok
18:03:54.0657 1684 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:03:54.0672 1684 monitor - ok
18:03:54.0688 1684 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:03:54.0688 1684 mouclass - ok
18:03:54.0704 1684 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:03:54.0704 1684 mouhid - ok
18:03:54.0735 1684 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:03:54.0735 1684 mountmgr - ok
18:03:54.0844 1684 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:03:54.0844 1684 MozillaMaintenance - ok
18:03:54.0891 1684 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:03:54.0906 1684 MpFilter - ok
18:03:54.0938 1684 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:03:54.0938 1684 mpio - ok
18:03:54.0953 1684 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:03:54.0953 1684 mpsdrv - ok
18:03:55.0000 1684 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:03:55.0000 1684 MpsSvc - ok
18:03:55.0047 1684 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:03:55.0047 1684 MRxDAV - ok
18:03:55.0078 1684 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:03:55.0078 1684 mrxsmb - ok
18:03:55.0109 1684 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:03:55.0109 1684 mrxsmb10 - ok
18:03:55.0125 1684 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:03:55.0125 1684 mrxsmb20 - ok
18:03:55.0156 1684 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:03:55.0156 1684 msahci - ok
18:03:55.0187 1684 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:03:55.0187 1684 msdsm - ok
18:03:55.0218 1684 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:03:55.0218 1684 MSDTC - ok
18:03:55.0250 1684 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:03:55.0250 1684 Msfs - ok
18:03:55.0265 1684 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:03:55.0265 1684 mshidkmdf - ok
18:03:55.0265 1684 MSICDSetup - ok
18:03:55.0281 1684 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:03:55.0281 1684 msisadrv - ok
18:03:55.0296 1684 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:03:55.0296 1684 MSiSCSI - ok
18:03:55.0312 1684 msiserver - ok
18:03:55.0359 1684 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:03:55.0359 1684 MSKSSRV - ok
18:03:55.0390 1684 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
18:03:55.0390 1684 MsMpSvc - ok
18:03:55.0406 1684 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:03:55.0406 1684 MSPCLOCK - ok
18:03:55.0406 1684 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:03:55.0406 1684 MSPQM - ok
18:03:55.0452 1684 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:03:55.0452 1684 MsRPC - ok
18:03:55.0468 1684 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:03:55.0468 1684 mssmbios - ok
18:03:55.0484 1684 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:03:55.0484 1684 MSTEE - ok
18:03:55.0484 1684 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:03:55.0484 1684 MTConfig - ok
18:03:55.0515 1684 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
18:03:55.0515 1684 MTsensor - ok
18:03:55.0530 1684 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:03:55.0530 1684 Mup - ok
18:03:55.0577 1684 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:03:55.0593 1684 napagent - ok
18:03:55.0624 1684 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:03:55.0624 1684 NativeWifiP - ok
18:03:55.0686 1684 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
18:03:55.0702 1684 NDIS - ok
18:03:55.0718 1684 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:03:55.0718 1684 NdisCap - ok
18:03:55.0733 1684 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:03:55.0733 1684 NdisTapi - ok
18:03:55.0764 1684 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:03:55.0764 1684 Ndisuio - ok
18:03:55.0796 1684 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:03:55.0811 1684 NdisWan - ok
18:03:55.0842 1684 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:03:55.0842 1684 NDProxy - ok
18:03:55.0967 1684 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
18:03:55.0967 1684 Nero BackItUp Scheduler 4.0 - ok
18:03:55.0983 1684 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:03:55.0983 1684 NetBIOS - ok
18:03:56.0030 1684 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:03:56.0030 1684 NetBT - ok
18:03:56.0030 1684 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:03:56.0030 1684 Netlogon - ok
18:03:56.0076 1684 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:03:56.0076 1684 Netman - ok
18:03:56.0092 1684 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:03:56.0092 1684 netprofm - ok
18:03:56.0123 1684 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:03:56.0123 1684 NetTcpPortSharing - ok
18:03:56.0139 1684 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:03:56.0139 1684 nfrd960 - ok
18:03:56.0201 1684 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:03:56.0201 1684 NisDrv - ok
18:03:56.0217 1684 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
18:03:56.0217 1684 NisSrv - ok
18:03:56.0232 1684 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:03:56.0248 1684 NlaSvc - ok
18:03:56.0264 1684 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:03:56.0264 1684 Npfs - ok
18:03:56.0279 1684 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:03:56.0279 1684 nsi - ok
18:03:56.0310 1684 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:03:56.0310 1684 nsiproxy - ok
18:03:56.0357 1684 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:03:56.0404 1684 Ntfs - ok
18:03:56.0435 1684 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
18:03:56.0435 1684 NuidFltr - ok
18:03:56.0451 1684 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:03:56.0451 1684 Null - ok
18:03:56.0482 1684 [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
18:03:56.0482 1684 nusb3hub - ok
18:03:56.0498 1684 [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:03:56.0498 1684 nusb3xhc - ok
18:03:56.0529 1684 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:03:56.0544 1684 nvraid - ok
18:03:56.0544 1684 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:03:56.0544 1684 nvstor - ok
18:03:56.0591 1684 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:03:56.0591 1684 nv_agp - ok
18:03:56.0622 1684 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:03:56.0622 1684 ohci1394 - ok
18:03:56.0685 1684 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:03:56.0700 1684 ose - ok
18:03:56.0716 1684 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:03:56.0732 1684 p2pimsvc - ok
18:03:56.0747 1684 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:03:56.0763 1684 p2psvc - ok
18:03:56.0794 1684 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:03:56.0794 1684 Parport - ok
18:03:56.0841 1684 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:03:56.0841 1684 partmgr - ok
18:03:56.0841 1684 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:03:56.0841 1684 PcaSvc - ok
18:03:56.0872 1684 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:03:56.0888 1684 pci - ok
18:03:56.0903 1684 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:03:56.0903 1684 pciide - ok
18:03:56.0919 1684 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:03:56.0934 1684 pcmcia - ok
18:03:56.0934 1684 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:03:56.0934 1684 pcw - ok
18:03:56.0966 1684 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:03:56.0966 1684 PEAUTH - ok
18:03:56.0997 1684 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:03:57.0028 1684 PeerDistSvc - ok
18:03:57.0075 1684 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:03:57.0200 1684 PerfHost - ok
18:03:57.0262 1684 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:03:57.0278 1684 pla - ok
18:03:57.0324 1684 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:03:57.0324 1684 PlugPlay - ok
18:03:57.0340 1684 PnkBstrA - ok
18:03:57.0356 1684 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:03:57.0356 1684 PNRPAutoReg - ok
18:03:57.0371 1684 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:03:57.0371 1684 PNRPsvc - ok
18:03:57.0418 1684 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
18:03:57.0418 1684 Point64 - ok
18:03:57.0465 1684 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:03:57.0480 1684 PolicyAgent - ok
18:03:57.0496 1684 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:03:57.0496 1684 Power - ok
18:03:57.0543 1684 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:03:57.0543 1684 PptpMiniport - ok
18:03:57.0574 1684 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:03:57.0574 1684 Processor - ok
18:03:57.0621 1684 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:03:57.0621 1684 ProfSvc - ok
18:03:57.0636 1684 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:03:57.0636 1684 ProtectedStorage - ok
18:03:57.0683 1684 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:03:57.0683 1684 Psched - ok
18:03:57.0730 1684 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:03:57.0761 1684 ql2300 - ok
18:03:57.0777 1684 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:03:57.0777 1684 ql40xx - ok
18:03:57.0808 1684 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:03:57.0808 1684 QWAVE - ok
18:03:57.0824 1684 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:03:57.0824 1684 QWAVEdrv - ok
18:03:57.0839 1684 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:03:57.0839 1684 RasAcd - ok
18:03:57.0855 1684 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:03:57.0855 1684 RasAgileVpn - ok
18:03:57.0855 1684 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:03:57.0855 1684 RasAuto - ok
18:03:57.0886 1684 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:03:57.0902 1684 Rasl2tp - ok
18:03:57.0933 1684 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:03:57.0933 1684 RasMan - ok
18:03:57.0948 1684 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:03:57.0948 1684 RasPppoe - ok
18:03:57.0964 1684 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:03:57.0964 1684 RasSstp - ok
18:03:58.0011 1684 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:03:58.0011 1684 rdbss - ok
18:03:58.0011 1684 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:03:58.0011 1684 rdpbus - ok
18:03:58.0026 1684 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:03:58.0026 1684 RDPCDD - ok
18:03:58.0058 1684 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:03:58.0073 1684 RDPDR - ok
18:03:58.0089 1684 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:03:58.0089 1684 RDPENCDD - ok
18:03:58.0104 1684 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:03:58.0104 1684 RDPREFMP - ok
18:03:58.0167 1684 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:03:58.0167 1684 RdpVideoMiniport - ok
18:03:58.0198 1684 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:03:58.0198 1684 RDPWD - ok
18:03:58.0229 1684 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:03:58.0229 1684 rdyboost - ok
18:03:58.0260 1684 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:03:58.0260 1684 RemoteAccess - ok
18:03:58.0276 1684 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:03:58.0292 1684 RemoteRegistry - ok
18:03:58.0292 1684 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:03:58.0292 1684 RpcEptMapper - ok
18:03:58.0307 1684 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:03:58.0307 1684 RpcLocator - ok
18:03:58.0354 1684 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:03:58.0354 1684 RpcSs - ok
18:03:58.0385 1684 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:03:58.0385 1684 rspndr - ok
18:03:58.0416 1684 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:03:58.0416 1684 RTL8167 - ok
18:03:58.0448 1684 [ 55D5947298501C38095733F16EEB36C5 ] RTLE8023x64 C:\Windows\system32\DRIVERS\Rtenic64.sys
18:03:58.0448 1684 RTLE8023x64 - ok
18:03:58.0479 1684 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:03:58.0479 1684 s3cap - ok
18:03:58.0494 1684 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:03:58.0494 1684 SamSs - ok
18:03:58.0510 1684 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:03:58.0510 1684 sbp2port - ok
18:03:58.0526 1684 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:03:58.0526 1684 SCardSvr - ok
18:03:58.0572 1684 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:03:58.0572 1684 scfilter - ok
18:03:58.0619 1684 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:03:58.0635 1684 Schedule - ok
18:03:58.0682 1684 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:03:58.0682 1684 SCPolicySvc - ok
18:03:58.0713 1684 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:03:58.0713 1684 SDRSVC - ok
18:03:58.0744 1684 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:03:58.0744 1684 secdrv - ok
18:03:58.0775 1684 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:03:58.0791 1684 seclogon - ok
18:03:58.0806 1684 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:03:58.0806 1684 SENS - ok
18:03:58.0806 1684 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:03:58.0806 1684 SensrSvc - ok
18:03:58.0822 1684 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:03:58.0822 1684 Serenum - ok
18:03:58.0838 1684 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:03:58.0838 1684 Serial - ok
18:03:58.0869 1684 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:03:58.0869 1684 sermouse - ok
18:03:58.0916 1684 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:03:58.0916 1684 SessionEnv - ok
18:03:58.0931 1684 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:03:58.0931 1684 sffdisk - ok
18:03:58.0947 1684 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:03:58.0947 1684 sffp_mmc - ok
18:03:58.0947 1684 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:03:58.0947 1684 sffp_sd - ok
18:03:58.0962 1684 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:03:58.0962 1684 sfloppy - ok
18:03:58.0978 1684 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:03:58.0978 1684 SharedAccess - ok
18:03:59.0025 1684 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:03:59.0025 1684 ShellHWDetection - ok
18:03:59.0056 1684 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:03:59.0056 1684 SiSRaid2 - ok
18:03:59.0072 1684 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:03:59.0072 1684 SiSRaid4 - ok
18:03:59.0087 1684 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:03:59.0087 1684 Smb - ok
18:03:59.0134 1684 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:03:59.0134 1684 SNMPTRAP - ok
18:03:59.0134 1684 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:03:59.0134 1684 spldr - ok
18:03:59.0181 1684 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:03:59.0196 1684 Spooler - ok
18:03:59.0290 1684 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:03:59.0352 1684 sppsvc - ok
18:03:59.0368 1684 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:03:59.0368 1684 sppuinotify - ok
18:03:59.0415 1684 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:03:59.0415 1684 srv - ok
18:03:59.0430 1684 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:03:59.0430 1684 srv2 - ok
18:03:59.0446 1684 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:03:59.0446 1684 srvnet - ok
18:03:59.0477 1684 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:03:59.0477 1684 SSDPSRV - ok
18:03:59.0493 1684 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:03:59.0493 1684 SstpSvc - ok
18:03:59.0540 1684 Steam Client Service - ok
18:03:59.0571 1684 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:03:59.0571 1684 stexstor - ok
18:03:59.0602 1684 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:03:59.0618 1684 stisvc - ok
18:03:59.0649 1684 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:03:59.0649 1684 storflt - ok
18:03:59.0664 1684 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
18:03:59.0664 1684 StorSvc - ok
18:03:59.0696 1684 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:03:59.0696 1684 storvsc - ok
18:03:59.0711 1684 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:03:59.0711 1684 swenum - ok
18:03:59.0742 1684 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:03:59.0742 1684 swprv - ok
18:03:59.0758 1684 Synth3dVsc - ok
18:03:59.0820 1684 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:03:59.0852 1684 SysMain - ok
18:03:59.0883 1684 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:03:59.0883 1684 TabletInputService - ok
18:03:59.0898 1684 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:03:59.0914 1684 TapiSrv - ok
18:03:59.0930 1684 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:03:59.0930 1684 TBS - ok
18:03:59.0992 1684 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:04:00.0039 1684 Tcpip - ok
18:04:00.0101 1684 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:04:00.0101 1684 TCPIP6 - ok
18:04:00.0148 1684 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:04:00.0148 1684 tcpipreg - ok
18:04:00.0164 1684 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:04:00.0164 1684 TDPIPE - ok
18:04:00.0210 1684 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:04:00.0210 1684 TDTCP - ok
18:04:00.0257 1684 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:04:00.0257 1684 tdx - ok
18:04:00.0288 1684 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:04:00.0288 1684 TermDD - ok
18:04:00.0335 1684 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:04:00.0335 1684 TermService - ok
18:04:00.0351 1684 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:04:00.0366 1684 Themes - ok
18:04:00.0382 1684 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:04:00.0382 1684 THREADORDER - ok
18:04:00.0413 1684 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:04:00.0413 1684 TrkWks - ok
18:04:00.0460 1684 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:04:00.0460 1684 TrustedInstaller - ok
18:04:00.0507 1684 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:04:00.0507 1684 tssecsrv - ok
18:04:00.0538 1684 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:04:00.0538 1684 TsUsbFlt - ok
18:04:00.0554 1684 tsusbhub - ok
18:04:00.0600 1684 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:04:00.0600 1684 tunnel - ok
18:04:00.0632 1684 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:04:00.0632 1684 uagp35 - ok
18:04:00.0663 1684 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:04:00.0678 1684 udfs - ok
18:04:00.0694 1684 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:04:00.0694 1684 UI0Detect - ok
18:04:00.0710 1684 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:04:00.0710 1684 uliagpkx - ok
18:04:00.0756 1684 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:04:00.0756 1684 umbus - ok
18:04:00.0756 1684 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:04:00.0756 1684 UmPass - ok
18:04:00.0803 1684 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
18:04:00.0803 1684 UmRdpService - ok
18:04:00.0819 1684 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:04:00.0834 1684 upnphost - ok
18:04:00.0866 1684 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:04:00.0866 1684 USBAAPL64 - ok
18:04:00.0912 1684 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:04:00.0912 1684 usbccgp - ok
18:04:00.0944 1684 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:04:00.0944 1684 usbcir - ok
18:04:00.0959 1684 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:04:00.0959 1684 usbehci - ok
18:04:00.0990 1684 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:04:00.0990 1684 usbhub - ok
18:04:01.0006 1684 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:04:01.0006 1684 usbohci - ok
18:04:01.0022 1684 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:04:01.0022 1684 usbprint - ok
18:04:01.0053 1684 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:04:01.0053 1684 USBSTOR - ok
18:04:01.0068 1684 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:04:01.0068 1684 usbuhci - ok
18:04:01.0084 1684 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:04:01.0084 1684 UxSms - ok
18:04:01.0084 1684 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:04:01.0100 1684 VaultSvc - ok
18:04:01.0115 1684 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:04:01.0115 1684 vdrvroot - ok
18:04:01.0162 1684 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:04:01.0178 1684 vds - ok
18:04:01.0193 1684 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:04:01.0193 1684 vga - ok
18:04:01.0209 1684 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:04:01.0209 1684 VgaSave - ok
18:04:01.0209 1684 VGPU - ok
18:04:01.0256 1684 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:04:01.0256 1684 vhdmp - ok
18:04:01.0287 1684 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:04:01.0287 1684 viaide - ok
18:04:01.0302 1684 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:04:01.0302 1684 vmbus - ok
18:04:01.0318 1684 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:04:01.0318 1684 VMBusHID - ok
18:04:01.0334 1684 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:04:01.0334 1684 volmgr - ok
18:04:01.0365 1684 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:04:01.0365 1684 volmgrx - ok
18:04:01.0380 1684 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:04:01.0396 1684 volsnap - ok
18:04:01.0412 1684 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:04:01.0412 1684 vsmraid - ok
18:04:01.0474 1684 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:04:01.0505 1684 VSS - ok
18:04:01.0521 1684 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:04:01.0521 1684 vwifibus - ok
18:04:01.0536 1684 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:04:01.0536 1684 vwififlt - ok
18:04:01.0568 1684 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:04:01.0568 1684 W32Time - ok
18:04:01.0599 1684 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:04:01.0599 1684 WacomPen - ok
18:04:01.0614 1684 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:04:01.0614 1684 WANARP - ok
18:04:01.0630 1684 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:04:01.0630 1684 Wanarpv6 - ok
18:04:01.0692 1684 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:04:01.0708 1684 WatAdminSvc - ok
18:04:01.0770 1684 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:04:01.0802 1684 wbengine - ok
18:04:01.0817 1684 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:04:01.0833 1684 WbioSrvc - ok
18:04:01.0864 1684 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:04:01.0880 1684 wcncsvc - ok
18:04:01.0895 1684 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:04:01.0895 1684 WcsPlugInService - ok
18:04:01.0895 1684 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:04:01.0895 1684 Wd - ok
18:04:01.0942 1684 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
18:04:01.0942 1684 WDC_SAM - ok
18:04:01.0958 1684 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:04:01.0973 1684 Wdf01000 - ok
18:04:01.0973 1684 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:04:01.0973 1684 WdiServiceHost - ok
18:04:01.0989 1684 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:04:01.0989 1684 WdiSystemHost - ok
18:04:02.0004 1684 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:04:02.0004 1684 WebClient - ok
18:04:02.0020 1684 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:04:02.0020 1684 Wecsvc - ok
18:04:02.0036 1684 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:04:02.0036 1684 wercplsupport - ok
18:04:02.0051 1684 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:04:02.0051 1684 WerSvc - ok
18:04:02.0067 1684 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:04:02.0067 1684 WfpLwf - ok
18:04:02.0098 1684 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:04:02.0098 1684 WIMMount - ok
18:04:02.0098 1684 WinDefend - ok
18:04:02.0114 1684 WinHttpAutoProxySvc - ok
18:04:02.0176 1684 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:04:02.0176 1684 Winmgmt - ok
18:04:02.0254 1684 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:04:02.0301 1684 WinRM - ok
18:04:02.0348 1684 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:04:02.0348 1684 WinUsb - ok
18:04:02.0394 1684 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:04:02.0410 1684 Wlansvc - ok
18:04:02.0535 1684 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:04:02.0582 1684 wlidsvc - ok
18:04:02.0613 1684 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:04:02.0613 1684 WmiAcpi - ok
18:04:02.0628 1684 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:04:02.0628 1684 wmiApSrv - ok
18:04:02.0644 1684 WMPNetworkSvc - ok
18:04:02.0660 1684 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:04:02.0660 1684 WPCSvc - ok
18:04:02.0691 1684 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:04:02.0691 1684 WPDBusEnum - ok
18:04:02.0722 1684 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:04:02.0722 1684 ws2ifsl - ok
18:04:02.0722 1684 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:04:02.0722 1684 wscsvc - ok
18:04:02.0738 1684 WSearch - ok
18:04:02.0816 1684 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:04:02.0862 1684 wuauserv - ok
18:04:02.0878 1684 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:04:02.0878 1684 WudfPf - ok
18:04:02.0909 1684 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:04:02.0909 1684 WUDFRd - ok
18:04:02.0956 1684 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:04:02.0956 1684 wudfsvc - ok
18:04:02.0987 1684 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:04:02.0987 1684 WwanSvc - ok
18:04:03.0003 1684 ================ Scan global ===============================
18:04:03.0034 1684 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:04:03.0050 1684 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:04:03.0065 1684 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:04:03.0081 1684 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:04:03.0096 1684 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:04:03.0096 1684 [Global] - ok
18:04:03.0096 1684 ================ Scan MBR ==================================
18:04:03.0112 1684 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:04:03.0237 1684 \Device\Harddisk0\DR0 - ok
18:04:03.0237 1684 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
18:04:03.0237 1684 \Device\Harddisk1\DR1 - ok
18:04:03.0237 1684 ================ Scan VBR ==================================
18:04:03.0237 1684 [ 38FEF9D7A54CC809F50E560BCB0A0EA0 ] \Device\Harddisk0\DR0\Partition1
18:04:03.0237 1684 \Device\Harddisk0\DR0\Partition1 - ok
18:04:03.0252 1684 [ 8E113D47847E120C47CF1D75B36D4968 ] \Device\Harddisk0\DR0\Partition2
18:04:03.0252 1684 \Device\Harddisk0\DR0\Partition2 - ok
18:04:03.0268 1684 [ D219E9913761400A4B07745C64D18BA6 ] \Device\Harddisk1\DR1\Partition1
18:04:03.0268 1684 \Device\Harddisk1\DR1\Partition1 - ok
18:04:03.0268 1684 ============================================================
18:04:03.0268 1684 Scan finished
18:04:03.0268 1684 ============================================================
18:04:03.0268 0276 Detected object count: 0
18:04:03.0268 0276 Actual detected object count: 0
18:04:17.0214 1708 ============================================================
18:04:17.0214 1708 Scan started
18:04:17.0214 1708 Mode: Manual;
18:04:17.0214 1708 ============================================================
18:04:17.0620 1708 ================ Scan system memory ========================
18:04:17.0620 1708 System memory - ok
18:04:17.0620 1708 ================ Scan services =============================
18:04:17.0729 1708 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:04:17.0729 1708 1394ohci - ok
18:04:17.0760 1708 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:04:17.0760 1708 ACPI - ok
18:04:17.0792 1708 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:04:17.0792 1708 AcpiPmi - ok
18:04:17.0870 1708 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService. exe
18:04:17.0870 1708 AdobeFlashPlayerUpdateSvc - ok
18:04:17.0901 1708 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:04:17.0901 1708 adp94xx - ok
18:04:17.0932 1708 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:04:17.0932 1708 adpahci - ok
18:04:17.0932 1708 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:04:17.0932 1708 adpu320 - ok
18:04:17.0963 1708 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:04:17.0963 1708 AeLookupSvc - ok
18:04:17.0994 1708 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:04:17.0994 1708 AFD - ok
18:04:18.0010 1708 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:04:18.0010 1708 agp440 - ok
18:04:18.0026 1708 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:04:18.0026 1708 ALG - ok
18:04:18.0041 1708 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:04:18.0041 1708 aliide - ok
18:04:18.0057 1708 [ 5EBA5E837D6635AEA999BAE47E186C6F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:04:18.0057 1708 AMD External Events Utility - ok
18:04:18.0072 1708 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:04:18.0072 1708 amdide - ok
18:04:18.0088 1708 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:04:18.0088 1708 AmdK8 - ok
18:04:18.0275 1708 [ DCC8177244FE79C61C4E73C65E63922A ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:04:18.0306 1708 amdkmdag - ok
18:04:18.0322 1708 [ 7FE67D107329DC2CF89136A8E19BCEB7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:04:18.0322 1708 amdkmdap - ok
18:04:18.0338 1708 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:04:18.0338 1708 AmdPPM - ok
18:04:18.0369 1708 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:04:18.0369 1708 amdsata - ok
18:04:18.0384 1708 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:04:18.0384 1708 amdsbs - ok
18:04:18.0400 1708 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:04:18.0400 1708 amdxata - ok
18:04:18.0431 1708 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:04:18.0431 1708 AppID - ok
18:04:18.0462 1708 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:04:18.0462 1708 AppIDSvc - ok
18:04:18.0494 1708 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:04:18.0494 1708 Appinfo - ok
18:04:18.0587 1708 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:04:18.0587 1708 Apple Mobile Device - ok
18:04:18.0587 1708 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
18:04:18.0603 1708 AppMgmt - ok
18:04:18.0603 1708 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:04:18.0618 1708 arc - ok
18:04:18.0618 1708 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:04:18.0618 1708 arcsas - ok
18:04:18.0650 1708 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
18:04:18.0650 1708 AsIO - ok
18:04:18.0665 1708 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:04:18.0665 1708 AsyncMac - ok
18:04:18.0712 1708 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:04:18.0712 1708 atapi - ok
18:04:18.0759 1708 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:04:18.0759 1708 AudioEndpointBuilder - ok
18:04:18.0790 1708 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:04:18.0790 1708 AudioSrv - ok
18:04:18.0821 1708 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:04:18.0821 1708 AxInstSV - ok
18:04:18.0852 1708 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:04:18.0852 1708 b06bdrv - ok
18:04:18.0852 1708 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:04:18.0868 1708 b57nd60a - ok
18:04:18.0899 1708 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
18:04:18.0915 1708 BCM43XX - ok
18:04:18.0930 1708 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:04:18.0930 1708 BDESVC - ok
18:04:18.0946 1708 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:04:18.0946 1708 Beep - ok
18:04:18.0962 1708 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:04:18.0962 1708 BFE - ok
18:04:18.0993 1708 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:04:18.0993 1708 BITS - ok
18:04:19.0008 1708 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:04:19.0008 1708 blbdrive - ok
18:04:19.0071 1708 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:04:19.0071 1708 Bonjour Service - ok
18:04:19.0102 1708 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:04:19.0118 1708 bowser - ok
18:04:19.0118 1708 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:04:19.0118 1708 BrFiltLo - ok
18:04:19.0133 1708 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:04:19.0133 1708 BrFiltUp - ok
18:04:19.0164 1708 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:04:19.0164 1708 Browser - ok
18:04:19.0180 1708 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:04:19.0180 1708 Brserid - ok
18:04:19.0180 1708 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:04:19.0180 1708 BrSerWdm - ok
18:04:19.0196 1708 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:04:19.0196 1708 BrUsbMdm - ok
18:04:19.0196 1708 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:04:19.0196 1708 BrUsbSer - ok
18:04:19.0211 1708 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:04:19.0211 1708 BTHMODEM - ok
18:04:19.0242 1708 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:04:19.0242 1708 bthserv - ok
18:04:19.0242 1708 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:04:19.0242 1708 cdfs - ok
18:04:19.0289 1708 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:04:19.0289 1708 cdrom - ok
18:04:19.0320 1708 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:04:19.0320 1708 CertPropSvc - ok
18:04:19.0320 1708 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:04:19.0336 1708 circlass - ok
18:04:19.0352 1708 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:04:19.0352 1708 CLFS - ok
18:04:19.0398 1708 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:04:19.0398 1708 clr_optimization_v2.0.50727_32 - ok
18:04:19.0445 1708 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:04:19.0445 1708 clr_optimization_v2.0.50727_64 - ok
18:04:19.0508 1708 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:04:19.0508 1708 clr_optimization_v4.0.30319_32 - ok
18:04:19.0554 1708 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:04:19.0554 1708 clr_optimization_v4.0.30319_64 - ok
18:04:19.0570 1708 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:04:19.0570 1708 CmBatt - ok
18:04:19.0586 1708 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:04:19.0586 1708 cmdide - ok
18:04:19.0617 1708 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:04:19.0632 1708 CNG - ok
18:04:19.0648 1708 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:04:19.0648 1708 Compbatt - ok
18:04:19.0648 1708 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:04:19.0648 1708 CompositeBus - ok
18:04:19.0664 1708 COMSysApp - ok
18:04:19.0664 1708 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:04:19.0664 1708 crcdisk - ok
18:04:19.0695 1708 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:04:19.0695 1708 CryptSvc - ok
18:04:19.0788 1708 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
18:04:19.0788 1708 CSC - ok
18:04:19.0882 1708 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
18:04:19.0882 1708 CscService - ok
18:04:19.0929 1708 [ A5D3D53178394CC7A8A26BB532575B59 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
18:04:19.0929 1708 dc3d - ok
18:04:20.0054 1708 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:04:20.0069 1708 DcomLaunch - ok
18:04:20.0132 1708 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:04:20.0132 1708 defragsvc - ok
18:04:20.0178 1708 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:04:20.0178 1708 DfsC - ok
18:04:20.0225 1708 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:04:20.0225 1708 Dhcp - ok
18:04:20.0256 1708 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:04:20.0256 1708 discache - ok
18:04:20.0272 1708 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:04:20.0272 1708 Disk - ok
18:04:20.0334 1708 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:04:20.0334 1708 Dnscache - ok
18:04:20.0381 1708 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:04:20.0381 1708 dot3svc - ok
18:04:20.0428 1708 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:04:20.0428 1708 DPS - ok
18:04:20.0444 1708 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:04:20.0444 1708 drmkaud - ok
18:04:20.0475 1708 [ FB9BEF3401EE5ECC2603311B9C64F44A ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:04:20.0475 1708 dtsoftbus01 - ok
18:04:20.0490 1708 [ A298AEA9FCA253E7EFF040A08C7C6376 ] DVMIO C:\Windows\system32\DRIVERS\dvmio.sys
18:04:20.0490 1708 DVMIO - ok
18:04:20.0537 1708 [ E5B95C75557120881076C45CD146D72C ] DvmMDES C:\ASUS.SYS\config\DVMExportService.exe
18:04:20.0553 1708 DvmMDES - ok
18:04:20.0600 1708 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:04:20.0600 1708 DXGKrnl - ok
18:04:20.0615 1708 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:04:20.0615 1708 EapHost - ok
18:04:20.0709 1708 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:04:20.0724 1708 ebdrv - ok
18:04:20.0756 1708 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:04:20.0756 1708 EFS - ok
18:04:20.0802 1708 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:04:20.0802 1708 ehRecvr - ok
18:04:20.0834 1708 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:04:20.0834 1708 ehSched - ok
18:04:20.0849 1708 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:04:20.0849 1708 elxstor - ok
18:04:20.0880 1708 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:04:20.0880 1708 ErrDev - ok
18:04:20.0912 1708 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:04:20.0912 1708 EventSystem - ok
18:04:20.0927 1708 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:04:20.0927 1708 exfat - ok
18:04:20.0943 1708 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:04:20.0943 1708 fastfat - ok
18:04:20.0974 1708 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:04:20.0974 1708 Fax - ok
18:04:20.0990 1708 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:04:20.0990 1708 fdc - ok
18:04:21.0005 1708 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:04:21.0005 1708 fdPHost - ok
18:04:21.0021 1708 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:04:21.0021 1708 FDResPub - ok
18:04:21.0036 1708 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:04:21.0036 1708 FileInfo - ok
18:04:21.0036 1708 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:04:21.0036 1708 Filetrace - ok
18:04:21.0052 1708 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:04:21.0052 1708 flpydisk - ok
18:04:21.0083 1708 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:04:21.0083 1708 FltMgr - ok
18:04:21.0146 1708 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:04:21.0146 1708 FontCache - ok
18:04:21.0192 1708 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFo ntCache.exe
18:04:21.0192 1708 FontCache3.0.0.0 - ok
18:04:21.0208 1708 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:04:21.0208 1708 FsDepends - ok
18:04:21.0239 1708 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:04:21.0239 1708 Fs_Rec - ok
18:04:21.0333 1708 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:04:21.0333 1708 fvevol - ok
18:04:21.0348 1708 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:04:21.0348 1708 gagp30kx - ok
18:04:21.0395 1708 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:04:21.0395 1708 GEARAspiWDM - ok
18:04:21.0536 1708 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:04:21.0536 1708 gpsvc - ok
18:04:21.0551 1708 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:04:21.0551 1708 hcw85cir - ok
18:04:21.0645 1708 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:04:21.0645 1708 HdAudAddService - ok
18:04:21.0692 1708 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:04:21.0692 1708 HDAudBus - ok
18:04:21.0738 1708 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:04:21.0738 1708 HidBatt - ok
18:04:21.0754 1708 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:04:21.0754 1708 HidBth - ok
18:04:21.0770 1708 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:04:21.0770 1708 HidIr - ok
18:04:21.0785 1708 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:04:21.0785 1708 hidserv - ok
18:04:21.0816 1708 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:04:21.0816 1708 HidUsb - ok
18:04:21.0848 1708 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:04:21.0848 1708 hkmsvc - ok
18:04:21.0894 1708 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:04:21.0894 1708 HomeGroupListener - ok
18:04:21.0910 1708 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:04:21.0910 1708 HomeGroupProvider - ok
18:04:21.0926 1708 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:04:21.0926 1708 HpSAMD - ok
18:04:21.0972 1708 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:04:21.0972 1708 HTTP - ok
18:04:22.0004 1708 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:04:22.0004 1708 hwpolicy - ok
18:04:22.0050 1708 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:04:22.0050 1708 i8042prt - ok
18:04:22.0082 1708 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:04:22.0097 1708 iaStorV - ok
18:04:22.0128 1708 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:04:22.0144 1708 idsvc - ok
18:04:22.0160 1708 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:04:22.0160 1708 iirsp - ok
18:04:22.0191 1708 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:04:22.0191 1708 IKEEXT - ok
18:04:22.0253 1708 [ F5872A11EB4F6DB170D636CD4E53CA9F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:04:22.0269 1708 IntcAzAudAddService - ok
18:04:22.0300 1708 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:04:22.0300 1708 intelide - ok
18:04:22.0316 1708 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:04:22.0316 1708 intelppm - ok
18:04:22.0347 1708 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:04:22.0347 1708 IPBusEnum - ok
18:04:22.0378 1708 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:04:22.0394 1708 IpFilterDriver - ok
18:04:22.0472 1708 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:04:22.0472 1708 iphlpsvc - ok
18:04:22.0518 1708 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:04:22.0518 1708 IPMIDRV - ok
18:04:22.0550 1708 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:04:22.0550 1708 IPNAT - ok
18:04:22.0706 1708 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:04:22.0706 1708 iPod Service - ok
18:04:22.0721 1708 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:04:22.0721 1708 IRENUM - ok
18:04:22.0768 1708 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:04:22.0768 1708 isapnp - ok
18:04:22.0830 1708 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:04:22.0830 1708 iScsiPrt - ok
18:04:22.0877 1708 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:04:22.0877 1708 kbdclass - ok
18:04:22.0893 1708 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:04:22.0893 1708 kbdhid - ok
18:04:22.0893 1708 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:04:22.0893 1708 KeyIso - ok
18:04:22.0940 1708 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:04:22.0940 1708 KSecDD - ok
18:04:23.0002 1708 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:04:23.0002 1708 KSecPkg - ok
18:04:23.0033 1708 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:04:23.0033 1708 ksthunk - ok
18:04:23.0096 1708 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:04:23.0096 1708 KtmRm - ok
18:04:23.0158 1708 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:04:23.0158 1708 LanmanServer - ok
18:04:23.0205 1708 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:04:23.0205 1708 LanmanWorkstation - ok
18:04:23.0220 1708 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:04:23.0220 1708 lltdio - ok
18:04:23.0267 1708 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:04:23.0267 1708 lltdsvc - ok
18:04:23.0267 1708 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:04:23.0267 1708 lmhosts - ok
18:04:23.0283 1708 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:04:23.0283 1708 LSI_FC - ok
18:04:23.0314 1708 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:04:23.0314 1708 LSI_SAS - ok
18:04:23.0330 1708 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:04:23.0330 1708 LSI_SAS2 - ok
18:04:23.0345 1708 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:04:23.0345 1708 LSI_SCSI - ok
18:04:23.0376 1708 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:04:23.0376 1708 luafv - ok
18:04:23.0408 1708 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:04:23.0408 1708 MBAMProtector - ok
18:04:23.0532 1708 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:04:23.0532 1708 MBAMService - ok
18:04:23.0564 1708 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:04:23.0564 1708 Mcx2Svc - ok
18:04:23.0579 1708 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:04:23.0579 1708 megasas - ok
18:04:23.0610 1708 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:04:23.0610 1708 MegaSR - ok
18:04:23.0642 1708 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:04:23.0642 1708 MMCSS - ok
18:04:23.0657 1708 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:04:23.0657 1708 Modem - ok
18:04:23.0657 1708 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:04:23.0657 1708 monitor - ok
18:04:23.0673 1708 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:04:23.0673 1708 mouclass - ok
18:04:23.0688 1708 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:04:23.0688 1708 mouhid - ok
18:04:23.0720 1708 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:04:23.0720 1708 mountmgr - ok
18:04:23.0782 1708 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:04:23.0782 1708 MozillaMaintenance - ok
18:04:23.0813 1708 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:04:23.0813 1708 MpFilter - ok
18:04:23.0844 1708 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:04:23.0844 1708 mpio - ok
18:04:23.0860 1708 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:04:23.0860 1708 mpsdrv - ok
18:04:23.0907 1708 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:04:23.0907 1708 MpsSvc - ok
18:04:23.0938 1708 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:04:23.0938 1708 MRxDAV - ok
18:04:23.0969 1708 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:04:23.0969 1708 mrxsmb - ok
18:04:24.0000 1708 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:04:24.0016 1708 mrxsmb10 - ok
18:04:24.0016 1708 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:04:24.0016 1708 mrxsmb20 - ok
18:04:24.0047 1708 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:04:24.0047 1708 msahci - ok
18:04:24.0063 1708 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:04:24.0063 1708 msdsm - ok
18:04:24.0078 1708 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:04:24.0094 1708 MSDTC - ok
18:04:24.0110 1708 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:04:24.0110 1708 Msfs - ok
18:04:24.0110 1708 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:04:24.0110 1708 mshidkmdf - ok
18:04:24.0110 1708 MSICDSetup - ok
18:04:24.0125 1708 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:04:24.0125 1708 msisadrv - ok
18:04:24.0156 1708 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:04:24.0172 1708 MSiSCSI - ok
18:04:24.0172 1708 msiserver - ok
18:04:24.0188 1708 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:04:24.0188 1708 MSKSSRV - ok
18:04:24.0219 1708 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
18:04:24.0219 1708 MsMpSvc - ok
18:04:24.0234 1708 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:04:24.0234 1708 MSPCLOCK - ok
18:04:24.0234 1708 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:04:24.0234 1708 MSPQM - ok
18:04:24.0281 1708 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:04:24.0281 1708 MsRPC - ok
18:04:24.0297 1708 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:04:24.0297 1708 mssmbios - ok
18:04:24.0312 1708 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:04:24.0312 1708 MSTEE - ok
18:04:24.0328 1708 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:04:24.0328 1708 MTConfig - ok
18:04:24.0359 1708 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
18:04:24.0359 1708 MTsensor - ok
18:04:24.0359 1708 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:04:24.0359 1708 Mup - ok
18:04:24.0406 1708 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:04:24.0406 1708 napagent - ok
18:04:24.0437 1708 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:04:24.0437 1708 NativeWifiP - ok
18:04:24.0484 1708 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
18:04:24.0500 1708 NDIS - ok
18:04:24.0500 1708 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:04:24.0500 1708 NdisCap - ok
18:04:24.0515 1708 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:04:24.0515 1708 NdisTapi - ok
18:04:24.0546 1708 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:04:24.0546 1708 Ndisuio - ok
18:04:24.0593 1708 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:04:24.0593 1708 NdisWan - ok
18:04:24.0624 1708 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:04:24.0624 1708 NDProxy - ok
18:04:24.0718 1708 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
18:04:24.0734 1708 Nero BackItUp Scheduler 4.0 - ok
18:04:24.0734 1708 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:04:24.0734 1708 NetBIOS - ok
18:04:24.0780 1708 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:04:24.0780 1708 NetBT - ok
18:04:24.0796 1708 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:04:24.0796 1708 Netlogon - ok
18:04:24.0812 1708 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:04:24.0827 1708 Netman - ok
18:04:24.0843 1708 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:04:24.0843 1708 netprofm - ok
18:04:24.0858 1708 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:04:24.0858 1708 NetTcpPortSharing - ok
18:04:24.0874 1708 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:04:24.0874 1708 nfrd960 - ok
18:04:24.0905 1708 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:04:24.0905 1708 NisDrv - ok
18:04:24.0936 1708 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
18:04:24.0952 1708 NisSrv - ok
18:04:24.0968 1708 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:04:24.0968 1708 NlaSvc - ok
18:04:24.0968 1708 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:04:24.0968 1708 Npfs - ok
18:04:24.0999 1708 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:04:24.0999 1708 nsi - ok
18:04:24.0999 1708 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:04:24.0999 1708 nsiproxy - ok
18:04:25.0061 1708 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:04:25.0077 1708 Ntfs - ok
18:04:25.0108 1708 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
18:04:25.0108 1708 NuidFltr - ok
18:04:25.0124 1708 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:04:25.0124 1708 Null - ok
18:04:25.0155 1708 [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
18:04:25.0155 1708 nusb3hub - ok
18:04:25.0170 1708 [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:04:25.0170 1708 nusb3xhc - ok
18:04:25.0202 1708 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:04:25.0202 1708 nvraid - ok
18:04:25.0217 1708 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:04:25.0217 1708 nvstor - ok
18:04:25.0233 1708 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:04:25.0233 1708 nv_agp - ok
18:04:25.0280 1708 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:04:25.0280 1708 ohci1394 - ok
18:04:25.0326 1708 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:04:25.0326 1708 ose - ok
18:04:25.0358 1708 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:04:25.0358 1708 p2pimsvc - ok
18:04:25.0373 1708 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:04:25.0373 1708 p2psvc - ok
18:04:25.0404 1708 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:04:25.0404 1708 Parport - ok
18:04:25.0436 1708 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:04:25.0436 1708 partmgr - ok
18:04:25.0451 1708 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:04:25.0451 1708 PcaSvc - ok
18:04:25.0498 1708 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:04:25.0498 1708 pci - ok
18:04:25.0514 1708 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:04:25.0514 1708 pciide - ok
18:04:25.0560 1708 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:04:25.0560 1708 pcmcia - ok
18:04:25.0576 1708 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:04:25.0576 1708 pcw - ok
18:04:25.0607 1708 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:04:25.0607 1708 PEAUTH - ok
18:04:25.0732 1708 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:04:25.0732 1708 PeerDistSvc - ok
18:04:26.0028 1708 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:04:26.0028 1708 PerfHost - ok
18:04:26.0091 1708 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:04:26.0091 1708 pla - ok
18:04:26.0138 1708 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:04:26.0138 1708 PlugPlay - ok
18:04:26.0138 1708 PnkBstrA - ok
18:04:26.0169 1708 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:04:26.0169 1708 PNRPAutoReg - ok
18:04:26.0184 1708 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:04:26.0184 1708 PNRPsvc - ok
18:04:26.0216 1708 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
18:04:26.0216 1708 Point64 - ok
18:04:26.0262 1708 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:04:26.0262 1708 PolicyAgent - ok
18:04:26.0294 1708 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:04:26.0294 1708 Power - ok
18:04:26.0340 1708 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:04:26.0340 1708 PptpMiniport - ok
18:04:26.0372 1708 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:04:26.0372 1708 Processor - ok
18:04:26.0403 1708 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:04:26.0403 1708 ProfSvc - ok
18:04:26.0418 1708 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:04:26.0418 1708 ProtectedStorage - ok
18:04:26.0465 1708 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:04:26.0465 1708 Psched - ok
18:04:26.0512 1708 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:04:26.0512 1708 ql2300 - ok
18:04:26.0528 1708 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:04:26.0528 1708 ql40xx - ok
18:04:26.0559 1708 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:04:26.0559 1708 QWAVE - ok
18:04:26.0574 1708 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:04:26.0574 1708 QWAVEdrv - ok
18:04:26.0574 1708 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:04:26.0574 1708 RasAcd - ok
18:04:26.0590 1708 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:04:26.0590 1708 RasAgileVpn - ok
18:04:26.0606 1708 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:04:26.0606 1708 RasAuto - ok
18:04:26.0637 1708 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:04:26.0637 1708 Rasl2tp - ok
18:04:26.0684 1708 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:04:26.0684 1708 RasMan - ok
18:04:26.0684 1708 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:04:26.0684 1708 RasPppoe - ok
18:04:26.0699 1708 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:04:26.0699 1708 RasSstp - ok
18:04:26.0746 1708 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:04:26.0746 1708 rdbss - ok
18:04:26.0746 1708 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:04:26.0746 1708 rdpbus - ok
18:04:26.0762 1708 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:04:26.0762 1708 RDPCDD - ok
18:04:26.0808 1708 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:04:26.0808 1708 RDPDR - ok
18:04:26.0824 1708 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:04:26.0824 1708 RDPENCDD - ok
18:04:26.0824 1708 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:04:26.0824 1708 RDPREFMP - ok
18:04:26.0871 1708 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:04:26.0871 1708 RdpVideoMiniport - ok
18:04:26.0902 1708 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:04:26.0902 1708 RDPWD - ok
18:04:26.0918 1708 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:04:26.0918 1708 rdyboost - ok
18:04:26.0933 1708 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:04:26.0949 1708 RemoteAccess - ok
18:04:26.0964 1708 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:04:26.0964 1708 RemoteRegistry - ok
18:04:26.0980 1708 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:04:26.0980 1708 RpcEptMapper - ok
18:04:27.0011 1708 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:04:27.0011 1708 RpcLocator - ok
18:04:27.0042 1708 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:04:27.0058 1708 RpcSs - ok
18:04:27.0074 1708 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:04:27.0074 1708 rspndr - ok
18:04:27.0105 1708 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:04:27.0105 1708 RTL8167 - ok
18:04:27.0120 1708 [ 55D5947298501C38095733F16EEB36C5 ] RTLE8023x64 C:\Windows\system32\DRIVERS\Rtenic64.sys
18:04:27.0120 1708 RTLE8023x64 - ok
18:04:27.0152 1708 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:04:27.0152 1708 s3cap - ok
18:04:27.0167 1708 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:04:27.0167 1708 SamSs - ok
18:04:27.0183 1708 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:04:27.0183 1708 sbp2port - ok
18:04:27.0214 1708 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:04:27.0214 1708 SCardSvr - ok
18:04:27.0245 1708 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:04:27.0245 1708 scfilter - ok
18:04:27.0292 1708 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:04:27.0308 1708 Schedule - ok
18:04:27.0339 1708 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:04:27.0339 1708 SCPolicySvc - ok
18:04:27.0386 1708 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:04:27.0386 1708 SDRSVC - ok
18:04:27.0417 1708 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:04:27.0417 1708 secdrv - ok
18:04:27.0448 1708 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:04:27.0448 1708 seclogon - ok
18:04:27.0464 1708 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:04:27.0464 1708 SENS - ok
18:04:27.0479 1708 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:04:27.0479 1708 SensrSvc - ok
18:04:27.0479 1708 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:04:27.0479 1708 Serenum - ok
18:04:27.0495 1708 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:04:27.0495 1708 Serial - ok
18:04:27.0542 1708 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:04:27.0542 1708 sermouse - ok
18:04:27.0573 1708 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:04:27.0588 1708 SessionEnv - ok
18:04:27.0588 1708 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:04:27.0588 1708 sffdisk - ok
18:04:27.0604 1708 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:04:27.0604 1708 sffp_mmc - ok
18:04:27.0620 1708 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:04:27.0620 1708 sffp_sd - ok
18:04:27.0635 1708 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:04:27.0635 1708 sfloppy - ok
18:04:27.0651 1708 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:04:27.0651 1708 SharedAccess - ok
18:04:27.0682 1708 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:04:27.0698 1708 ShellHWDetection - ok
18:04:27.0698 1708 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:04:27.0698 1708 SiSRaid2 - ok
18:04:27.0713 1708 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:04:27.0713 1708 SiSRaid4 - ok
18:04:27.0729 1708 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:04:27.0729 1708 Smb - ok
18:04:27.0760 1708 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:04:27.0760 1708 SNMPTRAP - ok
18:04:27.0760 1708 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:04:27.0760 1708 spldr - ok
18:04:27.0807 1708 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:04:27.0822 1708 Spooler - ok
18:04:27.0916 1708 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:04:27.0932 1708 sppsvc - ok
18:04:27.0947 1708 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:04:27.0947 1708 sppuinotify - ok
18:04:27.0994 1708 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:04:27.0994 1708 srv - ok
18:04:28.0072 1708 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:04:28.0072 1708 srv2 - ok
18:04:28.0088 1708 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:04:28.0088 1708 srvnet - ok
18:04:28.0119 1708 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:04:28.0119 1708 SSDPSRV - ok
18:04:28.0150 1708 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:04:28.0150 1708 SstpSvc - ok
18:04:28.0181 1708 Steam Client Service - ok
18:04:28.0212 1708 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:04:28.0212 1708 stexstor - ok
18:04:28.0306 1708 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:04:28.0306 1708 stisvc - ok
18:04:28.0337 1708 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:04:28.0337 1708 storflt - ok
18:04:28.0368 1708 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
18:04:28.0368 1708 StorSvc - ok
18:04:28.0415 1708 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:04:28.0415 1708 storvsc - ok
18:04:28.0462 1708 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:04:28.0462 1708 swenum - ok
18:04:28.0509 1708 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:04:28.0509 1708 swprv - ok
18:04:28.0509 1708 Synth3dVsc - ok
18:04:28.0758 1708 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:04:28.0774 1708 SysMain - ok
18:04:28.0805 1708 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:04:28.0805 1708 TabletInputService - ok
18:04:28.0852 1708 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:04:28.0852 1708 TapiSrv - ok
18:04:28.0868 1708 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:04:28.0868 1708 TBS - ok
18:04:28.0946 1708 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:04:28.0946 1708 Tcpip - ok
18:04:28.0992 1708 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:04:29.0008 1708 TCPIP6 - ok
18:04:29.0055 1708 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:04:29.0055 1708 tcpipreg - ok
18:04:29.0086 1708 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:04:29.0086 1708 TDPIPE - ok
18:04:29.0117 1708 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:04:29.0117 1708 TDTCP - ok
18:04:29.0148 1708 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:04:29.0148 1708 tdx - ok
18:04:29.0180 1708 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:04:29.0180 1708 TermDD - ok
18:04:29.0226 1708 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:04:29.0226 1708 TermService - ok
18:04:29.0258 1708 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:04:29.0258 1708 Themes - ok
18:04:29.0289 1708 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:04:29.0289 1708 THREADORDER - ok
18:04:29.0304 1708 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:04:29.0304 1708 TrkWks - ok
18:04:29.0367 1708 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:04:29.0367 1708 TrustedInstaller - ok
18:04:29.0398 1708 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:04:29.0398 1708 tssecsrv - ok
18:04:29.0429 1708 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:04:29.0429 1708 TsUsbFlt - ok
18:04:29.0429 1708 tsusbhub - ok
18:04:29.0476 1708 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:04:29.0476 1708 tunnel - ok
18:04:29.0507 1708 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:04:29.0507 1708 uagp35 - ok
18:04:29.0554 1708 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:04:29.0554 1708 udfs - ok
18:04:29.0554 1708 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:04:29.0554 1708 UI0Detect - ok
18:04:29.0585 1708 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:04:29.0585 1708 uliagpkx - ok
18:04:29.0616 1708 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:04:29.0616 1708 umbus - ok
18:04:29.0632 1708 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:04:29.0632 1708 UmPass - ok
18:04:29.0663 1708 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
18:04:29.0663 1708 UmRdpService - ok
18:04:29.0679 1708 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:04:29.0694 1708 upnphost - ok
18:04:29.0726 1708 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:04:29.0726 1708 USBAAPL64 - ok
18:04:29.0757 1708 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:04:29.0757 1708 usbccgp - ok
18:04:29.0772 1708 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:04:29.0772 1708 usbcir - ok
18:04:29.0804 1708 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:04:29.0804 1708 usbehci - ok
18:04:29.0819 1708 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:04:29.0819 1708 usbhub - ok
18:04:29.0835 1708 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:04:29.0835 1708 usbohci - ok
18:04:29.0850 1708 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:04:29.0850 1708 usbprint - ok
18:04:29.0882 1708 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:04:29.0882 1708 USBSTOR - ok
18:04:29.0897 1708 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:04:29.0897 1708 usbuhci - ok
18:04:29.0913 1708 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:04:29.0913 1708 UxSms - ok
18:04:29.0913 1708 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:04:29.0928 1708 VaultSvc - ok
18:04:29.0944 1708 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:04:29.0944 1708 vdrvroot - ok
18:04:29.0975 1708 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:04:29.0991 1708 vds - ok
18:04:29.0991 1708 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:04:29.0991 1708 vga - ok
18:04:30.0006 1708 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:04:30.0006 1708 VgaSave - ok
18:04:30.0006 1708 VGPU - ok
18:04:30.0053 1708 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:04:30.0053 1708 vhdmp - ok
18:04:30.0084 1708 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:04:30.0084 1708 viaide - ok
18:04:30.0116 1708 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:04:30.0116 1708 vmbus - ok
18:04:30.0131 1708 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:04:30.0131 1708 VMBusHID - ok
18:04:30.0131 1708 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:04:30.0147 1708 volmgr - ok
18:04:30.0178 1708 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:04:30.0178 1708 volmgrx - ok
18:04:30.0194 1708 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:04:30.0194 1708 volsnap - ok
18:04:30.0225 1708 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:04:30.0225 1708 vsmraid - ok
18:04:30.0287 1708 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:04:30.0287 1708 VSS - ok
18:04:30.0318 1708 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:04:30.0318 1708 vwifibus - ok
18:04:30.0334 1708 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:04:30.0334 1708 vwififlt - ok
18:04:30.0350 1708 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:04:30.0365 1708 W32Time - ok
18:04:30.0365 1708 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:04:30.0365 1708 WacomPen - ok
18:04:30.0396 1708 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:04:30.0396 1708 WANARP - ok
18:04:30.0396 1708 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:04:30.0396 1708 Wanarpv6 - ok
18:04:30.0459 1708 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:04:30.0459 1708 WatAdminSvc - ok
18:04:30.0506 1708 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:04:30.0506 1708 wbengine - ok
18:04:30.0521 1708 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:04:30.0521 1708 WbioSrvc - ok
18:04:30.0568 1708 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:04:30.0568 1708 wcncsvc - ok
18:04:30.0584 1708 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:04:30.0584 1708 WcsPlugInService - ok
18:04:30.0599 1708 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:04:30.0599 1708 Wd - ok
18:04:30.0630 1708 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
18:04:30.0630 1708 WDC_SAM - ok
18:04:30.0646 1708 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:04:30.0646 1708 Wdf01000 - ok
18:04:30.0677 1708 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:04:30.0677 1708 WdiServiceHost - ok
18:04:30.0677 1708 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:04:30.0677 1708 WdiSystemHost - ok
18:04:30.0693 1708 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:04:30.0708 1708 WebClient - ok
18:04:30.0724 1708 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:04:30.0724 1708 Wecsvc - ok
18:04:30.0740 1708 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:04:30.0740 1708 wercplsupport - ok
18:04:30.0755 1708 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:04:30.0755 1708 WerSvc - ok
18:04:30.0755 1708 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:04:30.0755 1708 WfpLwf - ok
18:04:30.0771 1708 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:04:30.0786 1708 WIMMount - ok
18:04:30.0786 1708 WinDefend - ok
18:04:30.0802 1708 WinHttpAutoProxySvc - ok
18:04:30.0864 1708 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:04:30.0864 1708 Winmgmt - ok
18:04:31.0052 1708 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:04:31.0052 1708 WinRM - ok
18:04:31.0098 1708 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:04:31.0098 1708 WinUsb - ok
18:04:31.0223 1708 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:04:31.0239 1708 Wlansvc - ok
18:04:31.0551 1708 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:04:31.0566 1708 wlidsvc - ok
18:04:31.0598 1708 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:04:31.0598 1708 WmiAcpi - ok
18:04:31.0629 1708 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:04:31.0629 1708 wmiApSrv - ok
18:04:31.0644 1708 WMPNetworkSvc - ok
18:04:31.0676 1708 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:04:31.0676 1708 WPCSvc - ok
18:04:31.0707 1708 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:04:31.0707 1708 WPDBusEnum - ok
18:04:31.0722 1708 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:04:31.0722 1708 ws2ifsl - ok
18:04:31.0738 1708 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:04:31.0738 1708 wscsvc - ok
18:04:31.0738 1708 WSearch - ok
18:04:31.0832 1708 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:04:31.0832 1708 wuauserv - ok
18:04:31.0847 1708 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:04:31.0847 1708 WudfPf - ok
18:04:31.0894 1708 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:04:31.0894 1708 WUDFRd - ok
18:04:31.0925 1708 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:04:31.0925 1708 wudfsvc - ok
18:04:31.0956 1708 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:04:31.0956 1708 WwanSvc - ok
18:04:31.0956 1708 ================ Scan global ===============================
18:04:31.0988 1708 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:04:32.0003 1708 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:04:32.0019 1708 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:04:32.0034 1708 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:04:32.0066 1708 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:04:32.0066 1708 [Global] - ok
18:04:32.0066 1708 ================ Scan MBR ==================================
18:04:32.0081 1708 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:04:32.0190 1708 \Device\Harddisk0\DR0 - ok
18:04:32.0190 1708 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
18:04:32.0206 1708 \Device\Harddisk1\DR1 - ok
18:04:32.0206 1708 ================ Scan VBR ==================================
18:04:32.0206 1708 [ 38FEF9D7A54CC809F50E560BCB0A0EA0 ] \Device\Harddisk0\DR0\Partition1
18:04:32.0206 1708 \Device\Harddisk0\DR0\Partition1 - ok
18:04:32.0206 1708 [ 8E113D47847E120C47CF1D75B36D4968 ] \Device\Harddisk0\DR0\Partition2
18:04:32.0222 1708 \Device\Harddisk0\DR0\Partition2 - ok
18:04:32.0222 1708 [ D219E9913761400A4B07745C64D18BA6 ] \Device\Harddisk1\DR1\Partition1
18:04:32.0222 1708 \Device\Harddisk1\DR1\Partition1 - ok
18:04:32.0222 1708 ============================================================
18:04:32.0222 1708 Scan finished
18:04:32.0222 1708 ============================================================
18:04:32.0222 1292 Detected object count: 0
18:04:32.0222 1292 Actual detected object count: 0

[Jintan]

That didn't locate it - we move to the next phase then.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

[amachell]

Hi Jintan,
As requested

ComboFix 12-08-22.03 - Alex 23/08/2012 19:46:49.1.2 - x64 NETWORK
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.44.1033.18.8191.7158 [GMT 1:00]
Running from: c:\users\Alex\Desktop\ComboFix.exe

* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\l_u0_0.pad
c:\programdata\ntuser.dat
c:\programdata\tzrmbarasjzxplx
c:\users\Alex\AppData\Local\fxgcbkjf.log
c:\users\Alex\AppData\Local\htwuckmc.log
c:\users\Alex\AppData\Local\lfplsskg.log
c:\users\Alex\AppData\Local\sifxhuxo.log
c:\users\Alex\AppData\Local\tymldufo.log
c:\users\Alex\AppData\Local\uvcebcif.log
c:\users\Alex\AppData\Local\xrasjnoj.log
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\p0j99p.exe.lnk
c:\users\Alex\AppData\Roaming\msconfig.ini
c:\windows\SysWow64\CmdLineExt.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-23 to 2012-08-23 )))))))))))))))))))))))))))))))
.
.
2012-08-23 17:00 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCC90FA7-969E-49D2-9880-467313B4AE10}\mpengine.dll
2012-08-21 18:32 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-20 17:22 . 2012-08-20 18:34 -------- d-----w- c:\program files (x86)\Google
2012-08-20 17:22 . 2012-08-20 17:25 -------- d-----w- c:\users\Alex\AppData\Local\Google
2012-08-20 17:22 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-20 17:22 . 2012-08-21 17:18 -------- d-----w- c:\programdata\AVAST Software
2012-08-20 17:22 . 2012-08-20 17:22 -------- d-----w- c:\program files\AVAST Software
2012-08-20 16:33 . 2012-08-20 17:12 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-08-19 16:45 . 2012-08-19 16:45 -------- d-----w- c:\users\Alex\AppData\Local\ElevatedDiagnostics
2012-08-19 12:26 . 2012-08-19 12:26 -------- d-----w- c:\users\Guest\AppData\Local\Macromedia
2012-08-19 12:25 . 2012-08-19 12:25 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes
2012-08-19 12:11 . 2012-08-19 12:12 -------- d-----w- c:\programdata\qdxlofpfkakwmej
2012-08-16 19:30 . 2012-08-16 19:30 -------- d-----w- c:\users\Alex\AppData\Local\Activision
2012-08-14 17:22 . 2012-08-14 17:22 -------- d-----w- c:\windows\Sun
2012-07-29 15:17 . 2012-07-30 17:08 -------- d-----w- c:\users\Alex\AppData\Local\jvbsevwe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 02:00 . 2011-01-09 12:31 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-14 23:46 . 2012-05-28 16:55 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-14 23:46 . 2011-11-29 12:20 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 12:46 . 2011-06-05 19:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-09 05:43 . 2012-07-11 21:29 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 21:29 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 21:29 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 21:29 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 21:29 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 21:29 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 21:29 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 13:11 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 13:11 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 13:11 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 13:11 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 13:11 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 13:11 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 13:11 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-21 13:11 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-21 13:11 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 21:29 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 21:29 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 21:29 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 21:29 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 21:29 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 21:29 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 21:29 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 21:29 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 21:29 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run]
"Steam"="e:\games\Steam\steam.exe" [2012-08-05 1353080]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Cu rrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion \policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\MsMpSvc]
@="Service"
.
R1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2010-05-07 20056]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 203776]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.303 19\mscorsvw.exe [2010-03-18 138576]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-16 319488]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdate Service.exe [2012-08-14 250056]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 9085952]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 299520]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam .sys [2012-07-03 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys [2010-07-06 280344]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc .sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-09 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-20 254528]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 52584]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService. exe [2012-05-28 23:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
"ExpressGateBIOSSwitch"="c:\asus.sys\config\EGSwitch.exe " [2010-05-10 618600]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\7wap4 e1c.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo.co.uk
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C 63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\ FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C 63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C 63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_ 300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C 63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_ 271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_ 271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_ 271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_ 271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E 3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E 3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E 3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-23 19:56:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-23 18:56
.
Pre-Run: 96,955,551,744 bytes free
Post-Run: 97,280,131,072 bytes free
.
- - End Of File - - 3BBA70213D66E2F3F5DA3C0EE3C28EE0


Thanks!

[Jintan]

ComboFix took out those random-named "log" files, which may not likely be actual log files (it takes a nano-second to change a file name to an executable file, and run it).

Run aswMBR again please, and post that log.

[amachell]

Thanks Jintan:

ComboFix 12-08-25.04 - Alex 26/08/2012 13:25:05.2.2 - x64 NETWORK
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.44.1033.18.8191.7000 [GMT 1:00]
Running from: c:\users\Alex\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-26 to 2012-08-26 )))))))))))))))))))))))))))))))
.
.
2012-08-26 12:30 . 2012-08-26 12:30 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-26 12:30 . 2012-08-26 12:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-20 17:22 . 2012-08-20 18:34 -------- d-----w- c:\program files (x86)\Google
2012-08-20 17:22 . 2012-08-20 17:25 -------- d-----w- c:\users\Alex\AppData\Local\Google
2012-08-20 17:22 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-20 17:22 . 2012-08-21 17:18 -------- d-----w- c:\programdata\AVAST Software
2012-08-20 17:22 . 2012-08-20 17:22 -------- d-----w- c:\program files\AVAST Software
2012-08-20 16:33 . 2012-08-20 17:12 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-08-19 16:45 . 2012-08-19 16:45 -------- d-----w- c:\users\Alex\AppData\Local\ElevatedDiagnostics
2012-08-19 12:26 . 2012-08-19 12:26 -------- d-----w- c:\users\Guest\AppData\Local\Macromedia
2012-08-19 12:25 . 2012-08-19 12:25 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes
2012-08-19 12:11 . 2012-08-19 12:12 -------- d-----w- c:\programdata\qdxlofpfkakwmej
2012-08-16 19:30 . 2012-08-16 19:30 -------- d-----w- c:\users\Alex\AppData\Local\Activision
2012-08-14 17:22 . 2012-08-14 17:22 -------- d-----w- c:\windows\Sun
2012-07-29 15:17 . 2012-07-30 17:08 -------- d-----w- c:\users\Alex\AppData\Local\jvbsevwe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 02:00 . 2011-01-09 12:31 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-14 23:46 . 2012-05-28 16:55 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-14 23:46 . 2011-11-29 12:20 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 12:46 . 2011-06-05 19:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-09 05:43 . 2012-07-11 21:29 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 21:29 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 21:29 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 21:29 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 21:29 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 21:29 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 21:29 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 13:11 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 13:11 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 13:11 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 13:11 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 13:11 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 13:11 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 13:11 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-21 13:11 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-21 13:11 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 21:29 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 21:29 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 21:29 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 21:29 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 21:29 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 21:29 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 21:29 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 21:29 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 21:29 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-23_18.52.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-03 16:47 . 2012-08-26 09:00 39916 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_Syste mData.bin
+ 2009-07-14 05:10 . 2012-08-26 09:00 42012 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemDat a.bin
+ 2011-01-03 16:38 . 2012-08-26 09:00 14976 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3806545296-3197327432-130616434-1000_UserData.bin
- 2011-01-03 16:38 . 2012-08-23 16:51 14976 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3806545296-3197327432-130616434-1000_UserData.bin
+ 2011-01-03 20:07 . 2012-08-26 09:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Mic rosoft\Windows\Cookies\index.dat
- 2011-01-03 20:07 . 2012-08-23 16:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Mic rosoft\Windows\Cookies\index.dat
+ 2011-01-03 20:07 . 2012-08-26 09:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Micro soft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-03 20:07 . 2012-08-23 16:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Micro soft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-23 16:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Micro soft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-26 09:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Micro soft\Windows\History\History.IE5\index.dat
+ 2011-01-09 12:06 . 2012-08-26 08:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Mi crosoft\Windows\Cookies\index.dat
- 2011-01-09 12:06 . 2012-08-23 16:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Mi crosoft\Windows\Cookies\index.dat
- 2011-01-09 12:06 . 2012-08-23 16:50 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Micr osoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-09 12:06 . 2012-08-26 08:58 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Micr osoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-09 12:06 . 2012-08-26 08:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Micr osoft\Windows\History\History.IE5\index.dat
- 2011-01-09 12:06 . 2012-08-23 16:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Micr osoft\Windows\History\History.IE5\index.dat
+ 2011-01-09 12:06 . 2012-08-26 12:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Micr osoft\Windows\Cookies\index.dat
- 2011-01-09 12:06 . 2012-08-23 18:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Micr osoft\Windows\Cookies\index.dat
- 2011-01-09 12:06 . 2012-08-23 18:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Micros oft\Windows\History\History.IE5\index.dat
+ 2011-01-09 12:06 . 2012-08-26 12:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Micros oft\Windows\History\History.IE5\index.dat
+ 2011-03-30 22:39 . 2012-08-26 02:20 3910 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-03-30 22:39 . 2012-08-19 03:22 3910 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-08-23 18:52 . 2012-08-23 18:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastal ive1.dat
+ 2012-08-26 12:31 . 2012-08-26 12:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastal ive1.dat
+ 2012-08-26 12:31 . 2012-08-26 12:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastal ive0.dat
- 2012-08-23 18:52 . 2012-08-23 18:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastal ive0.dat
- 2009-07-14 05:01 . 2012-08-23 18:30 243884 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCa che-System.dat
+ 2009-07-14 05:01 . 2012-08-26 12:22 243884 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCa che-System.dat
+ 2011-01-09 12:37 . 2012-08-26 12:22 59351348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCa che-S-1-5-21-3806545296-3197327432-130616434-1000-8192.dat
- 2011-01-09 12:37 . 2012-08-22 23:20 59351348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCa che-S-1-5-21-3806545296-3197327432-130616434-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run]
"Steam"="e:\games\Steam\steam.exe" [2012-08-05 1353080]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Cu rrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Cu rrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion \policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \Minimal\MsMpSvc]
@="Service"
.
R1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2010-05-07 20056]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 203776]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.303 19\mscorsvw.exe [2010-03-18 138576]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-16 319488]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdate Service.exe [2012-08-14 250056]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-26 9085952]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-26 299520]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam .sys [2012-07-03 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys [2010-07-06 280344]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc .sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-09 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-20 254528]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 52584]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService. exe [2012-05-28 23:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
"ExpressGateBIOSSwitch"="c:\asus.sys\config\EGSwitch.exe " [2010-05-10 618600]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\7wap4 e1c.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo.co.uk
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C 63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\ FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C 63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C 63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_ 300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C 63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_ 271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_ 271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_ 271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_ 271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CD B70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E 3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E 3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E 3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-26 13:35:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-26 12:35
ComboFix2.txt 2012-08-23 18:56
.
Pre-Run: 94,626,295,808 bytes free
Post-Run: 94,289,543,168 bytes free
.
- - End Of File - - 2018DD4F6012DDA919D9F6D85FE4C116