I believe I have been hacked - help would be greatly appreciate :)
05-23-2013
, 08:42 PM
Hey all,
I am fairly certain my computer has been compromised. I had what seemed like a normal conversation with a skype buddy I frequently chat with and he sent me what looked like a .jpg file but turned out to be an application. I foolishly opened it. I feel like an idiot since I consider myself generally savvy with this stuff but what's done is done. I tried to ask the "buddy" (i believe his skype had been hacked) for proof it was him and he signed off, and i believe deleted me as his friend.
I have tried to contact him independently over the phone but it's 1:30am where he lives so I probably won't hear back for a while. Also, the evidence seems pretty damning.
I don't mind formatting my computer, I have done it before a few times and it seems like the surest way to ensure the problem is gone. What I would like to know is whether or not I have to format all my hard drives or just my C drive where the OS is held. If it's all of them I may cry. I am running Windows 7 Home Premium with Service Pack 1.
I've run the programs indicated in the FAQ and here are the logs. Here are the two DDS logs:
and
Here is the Malwarebytes log:
And finally HiJackThis:
*I wasn't sure to post plain text, put them in code form, or quote them. Let me know if the format isn't ideal and I can change it.
I appreciate any and all help! Ideally I would like to be able to simply remove the virus/program/trojan/whatever (if it is there) but if that's not possible I don't mind formatting. I play relatively high stakes poker and want to be 100% sure that I am safe and nobody is able to view my screen or see what I type or any such stuff.
Let me know if any more information is required, and thank you fine people in advance
Roy
I am fairly certain my computer has been compromised. I had what seemed like a normal conversation with a skype buddy I frequently chat with and he sent me what looked like a .jpg file but turned out to be an application. I foolishly opened it. I feel like an idiot since I consider myself generally savvy with this stuff but what's done is done. I tried to ask the "buddy" (i believe his skype had been hacked) for proof it was him and he signed off, and i believe deleted me as his friend.
I have tried to contact him independently over the phone but it's 1:30am where he lives so I probably won't hear back for a while. Also, the evidence seems pretty damning.
I don't mind formatting my computer, I have done it before a few times and it seems like the surest way to ensure the problem is gone. What I would like to know is whether or not I have to format all my hard drives or just my C drive where the OS is held. If it's all of them I may cry. I am running Windows 7 Home Premium with Service Pack 1.
I've run the programs indicated in the FAQ and here are the logs. Here are the two DDS logs:
Code:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.21.2
Run by GodlikeRoy at 10:29:22 on 2013-05-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8069.5143 [GMT 10:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\postgreSQL\bin\pg_ctl.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
c:\postgreSQL\bin\postgres.exe
c:\postgreSQL\bin\postgres.exe
c:\postgreSQL\bin\postgres.exe
c:\postgreSQL\bin\postgres.exe
c:\postgreSQL\bin\postgres.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\GodlikeRoy\Downloads\320.18-desktop-win8-win7-winvista-64bit-english-whql.exe
C:\NVIDIA\DisplayDriver\320.18\Win8_WinVista_Win7_64\English\setup.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\GodlikeRoy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [flashupdate] C:\Users\GodlikeRoy\AppData\Roaming\flashupdate.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\GODLIK~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{35676E19-5ACD-4DE8-9C0F-C32AD2CE1A6F} : DHCPNameServer = 10.4.81.103 10.4.182.20
TCP: Interfaces\{3F1B3C4E-934D-46CD-BEAD-40165E8CBBFD} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{EE48E02E-46BD-4AA4-BAD4-A75C8FEB479E} : DHCPNameServer = 10.4.81.103 10.4.182.20
TCP: Interfaces\{FB6F2FA0-7A37-4E23-874E-74998CC5E0C3} : DHCPNameServer = 10.0.0.138
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll,C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
SSODL: WebCheck - <orphaned>
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2013-2-13 25904]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2013-4-19 25312]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-12-5 98888]
R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;c:/postgreSQL/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "c:/postgreSQL/data" -w --> c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
R2 WSWNA3100;WSWNA3100;C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2013-4-19 285152]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2013-2-13 395752]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-2-13 134696]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-2-13 786200]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2012-10-3 66360]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-2-13 646248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-16 1255736]
.
=============== Created Last 30 ================
.
2013-05-23 23:45:36 1215621 ----a-w- C:\Users\GodlikeRoy\AppData\Roaming\HEM.exe
2013-05-22 17:53:27 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3AF363AC-E997-4994-8B1D-2EE673F566D0}\offreg.dll
2013-05-21 22:34:41 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3AF363AC-E997-4994-8B1D-2EE673F566D0}\mpengine.dll
2013-05-15 07:59:11 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 07:59:11 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 07:59:11 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-15 07:59:10 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-15 07:59:10 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-15 07:59:10 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-15 07:59:10 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-15 07:59:06 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-12 22:49:40 -------- d-----w- C:\Program Files (x86)\StarCraft II
2013-04-29 00:34:39 -------- d-----w- C:\Users\GodlikeRoy\AppData\Local\gtk-2.0
.
==================== Find3M ====================
.
2013-05-05 21:16:13 2382848 ----a-w- C:\Windows\System32\mshtml****b
2013-05-05 19:12:55 2382848 ----a-w- C:\Windows\SysWow64\mshtml****b
2013-05-01 16:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-19 23:46:28 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-04-03 19:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-15 04:16:18 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-03-15 04:16:17 6398240 ----a-w- C:\Windows\System32\nvcpl.dll
2013-03-15 04:16:10 877856 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-03-14 11:07:52 559904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-03-13 16:24:01 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-03-07 02:50:08 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-07 02:50:08 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 10:29:28.96 ===============
Code:
. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 13/02/2013 3:16:57 PM System Uptime: 22/05/2013 4:02:03 AM (54 hours ago) . Motherboard: ASUSTeK COMPUTER INC. | | P8Z77-V DELUXE Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz | LGA1155 | 3401/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 238 GiB total, 136.051 GiB free. D: is FIXED (NTFS) - 1863 GiB total, 1368.855 GiB free. E: is FIXED (NTFS) - 1863 GiB total, 366.812 GiB free. F: is CDROM (CDFS) G: is Removable H: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: Description: Device ID: USB\VID_040E&PID_0100&ASMEDIAUSBD_HUB\5&2B3E474C&0&0 Manufacturer: Name: PNP Device ID: USB\VID_040E&PID_0100&ASMEDIAUSBD_HUB\5&2B3E474C&0&0 Service: . Class GUID: Description: Device ID: USB\VID_040E&PID_0100&ASMEDIAUSBD_HUB\5&FD093DC&0&0 Manufacturer: Name: PNP Device ID: USB\VID_040E&PID_0100&ASMEDIAUSBD_HUB\5&FD093DC&0&0 Service: . Class GUID: Description: Device ID: IUSB3\ROOT_HUB30\4&A3F7854&0 Manufacturer: Name: PNP Device ID: IUSB3\ROOT_HUB30\4&A3F7854&0 Service: . ==== System Restore Points =================== . RP52: 3/05/2013 9:26:32 PM - Windows Update RP53: 8/05/2013 7:47:46 AM - Windows Update RP54: 14/05/2013 10:13:47 PM - Windows Update RP55: 16/05/2013 3:00:10 AM - Windows Update RP56: 20/05/2013 1:21:04 PM - Installed Java 7 Update 21 RP57: 22/05/2013 8:34:19 AM - Windows Update . ==== Installed Programs ====================== . Adobe AIR Adobe Community Help Adobe Flash Player 11 Plugin Adobe Media Player Adobe Photoshop CS5 Apple Application Support Apple Mobile Device Support Apple Software Update µTorrent BigPond Broadband ADSL Bonjour Camtasia Studio 8 Citrix Authentication Manager Citrix Receiver Citrix Receiver (HDX Flash Redirection) Citrix Receiver Inside Citrix Receiver Updater Citrix Receiver(Aero) Citrix Receiver(DV) Citrix Receiver(USB) Full Tilt Poker GOM Player Google Chrome Holdem Manager 2 Image Resizer for Windows Image Resizer for Windows (64 bit) Intel(R) Network Connections Drivers Intel(R) Processor Graphics iTunes Java 7 Update 21 Java Auto Updater Logitech Gaming Software Logitech Gaming Software 8.40 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft_VC80_ATL_x86_x64 Microsoft_VC80_CRT_x86 Microsoft_VC80_CRT_x86_x64 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFC_x86_x64 Microsoft_VC80_MFCLOC_x86 Microsoft_VC80_MFCLOC_x86_x64 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 NETGEAR WNA3100 wireless USB 2.0 adapter NVIDIA 3D Vision Controller Driver 314.22 NVIDIA 3D Vision Driver 314.22 NVIDIA Control Panel 314.22 NVIDIA Graphics Driver 314.22 NVIDIA HD Audio Driver 1.3.23.1 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.1031 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.12.12 NVIDIA Update Components Online Plug-in OpenOffice.org 3.4.1 PDF Settings CS5 Picasa 3 Pidgin PokerStars PostgreSQL 8.4 ProPokerTools Odds Oracle 2.2.2 Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Self-service Plug-in Skype™ 6.1 StarCraft II SumatraPDF TableNinja WinDirStat 1.1.2 Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net (09/25/2008 3.1.0.101) Windows Driver Package - NETGEAR Inc. (RTL8187) Net (12/01/2006 6.1258.1201.2006) Windows Driver Package - Thomson (USB_RNDIS) Net (02/15/2007 2.0.0.0) WinRAR 4.20 (64-bit) . ==== Event Viewer Messages From Past Week ======== . 23/05/2013 5:15:34 PM, Error: nvlddmkm [14] - . ==== End Of File ===========================
Code:
Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.23.12 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 GodlikeRoy :: GODLIKEROY-PC [administrator] 24/05/2013 10:32:58 AM mbam-log-2013-05-24 (10-32-58).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 257991 Time elapsed: 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
Code:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:35:00 AM, on 24/05/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16483)
CHROME: 26.0.1410.64
Boot mode: Normal
Running processes:
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\GodlikeRoy\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\GodlikeRoy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [flashupdate] C:\Users\GodlikeRoy\AppData\Roaming\flashupdate.exe
O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll, C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: postgresql-8.4 - PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - c:/postgreSQL/bin/pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WSWNA3100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
--
End of file - 11701 bytes
I appreciate any and all help! Ideally I would like to be able to simply remove the virus/program/trojan/whatever (if it is there) but if that's not possible I don't mind formatting. I play relatively high stakes poker and want to be 100% sure that I am safe and nobody is able to view my screen or see what I type or any such stuff.
Let me know if any more information is required, and thank you fine people in advance
Roy
05-24-2013
, 03:51 AM
05-24-2013
, 04:52 AM
And here is the TDSSKiller log:
Thanks again for any help
Code:
18:50:37.0224 1676 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 18:50:38.0120 1676 ============================================================ 18:50:38.0120 1676 Current date / time: 2013/05/24 18:50:38.0120 18:50:38.0120 1676 SystemInfo: 18:50:38.0120 1676 18:50:38.0120 1676 OS Version: 6.1.7601 ServicePack: 1.0 18:50:38.0120 1676 Product type: Workstation 18:50:38.0120 1676 ComputerName: GODLIKEROY-PC 18:50:38.0120 1676 UserName: GodlikeRoy 18:50:38.0120 1676 Windows directory: C:\Windows 18:50:38.0120 1676 System windows directory: C:\Windows 18:50:38.0120 1676 Running under WOW64 18:50:38.0120 1676 Processor architecture: Intel x64 18:50:38.0120 1676 Number of processors: 8 18:50:38.0120 1676 Page size: 0x1000 18:50:38.0120 1676 Boot type: Normal boot 18:50:38.0120 1676 ============================================================ 18:50:38.0290 1676 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:50:38.0307 1676 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:50:38.0307 1676 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:50:38.0327 1676 ============================================================ 18:50:38.0327 1676 \Device\Harddisk0\DR0: 18:50:38.0327 1676 MBR partitions: 18:50:38.0327 1676 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 18:50:38.0327 1676 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1DCC0000 18:50:38.0327 1676 \Device\Harddisk1\DR1: 18:50:38.0327 1676 MBR partitions: 18:50:38.0327 1676 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800 18:50:38.0327 1676 \Device\Harddisk2\DR2: 18:50:38.0327 1676 MBR partitions: 18:50:38.0327 1676 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800 18:50:38.0327 1676 ============================================================ 18:50:38.0330 1676 C: <-> \Device\Harddisk0\DR0\Partition2 18:50:38.0368 1676 D: <-> \Device\Harddisk1\DR1\Partition1 18:50:38.0816 1676 E: <-> \Device\Harddisk2\DR2\Partition1 18:50:38.0816 1676 ============================================================ 18:50:38.0816 1676 Initialize success 18:50:38.0816 1676 ============================================================ 18:51:06.0862 1348 ============================================================ 18:51:06.0862 1348 Scan started 18:51:06.0863 1348 Mode: Manual; SigCheck; TDLFS; 18:51:06.0863 1348 ============================================================ 18:51:07.0430 1348 ================ Scan system memory ======================== 18:51:07.0430 1348 System memory - ok 18:51:07.0430 1348 ================ Scan services ============================= 18:51:07.0465 1348 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 18:51:07.0502 1348 1394ohci - ok 18:51:07.0507 1348 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 18:51:07.0517 1348 ACPI - ok 18:51:07.0519 1348 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 18:51:07.0526 1348 AcpiPmi - ok 18:51:07.0545 1348 [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 18:51:07.0551 1348 AdobeFlashPlayerUpdateSvc - ok 18:51:07.0556 1348 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 18:51:07.0565 1348 adp94xx - ok 18:51:07.0569 1348 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 18:51:07.0577 1348 adpahci - ok 18:51:07.0580 1348 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 18:51:07.0586 1348 adpu320 - ok 18:51:07.0589 1348 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 18:51:07.0607 1348 AeLookupSvc - ok 18:51:07.0612 1348 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 18:51:07.0622 1348 AFD - ok 18:51:07.0624 1348 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 18:51:07.0628 1348 agp440 - ok 18:51:07.0630 1348 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 18:51:07.0637 1348 ALG - ok 18:51:07.0639 1348 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 18:51:07.0643 1348 aliide - ok 18:51:07.0645 1348 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 18:51:07.0649 1348 amdide - ok 18:51:07.0651 1348 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 18:51:07.0657 1348 AmdK8 - ok 18:51:07.0659 1348 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 18:51:07.0665 1348 AmdPPM - ok 18:51:07.0667 1348 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys 18:51:07.0673 1348 amdsata - ok 18:51:07.0676 1348 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 18:51:07.0682 1348 amdsbs - ok 18:51:07.0683 1348 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys 18:51:07.0688 1348 amdxata - ok 18:51:07.0690 1348 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 18:51:07.0707 1348 AppID - ok 18:51:07.0709 1348 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 18:51:07.0727 1348 AppIDSvc - ok 18:51:07.0729 1348 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll 18:51:07.0735 1348 Appinfo - ok 18:51:07.0740 1348 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 18:51:07.0745 1348 Apple Mobile Device - ok 18:51:07.0747 1348 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 18:51:07.0752 1348 arc - ok 18:51:07.0754 1348 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 18:51:07.0760 1348 arcsas - ok 18:51:07.0764 1348 [ 08E2D77766CC05E75A0707207D9FC684 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys 18:51:07.0775 1348 asmtxhci - ok 18:51:07.0785 1348 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 18:51:07.0790 1348 aspnet_state - ok 18:51:07.0792 1348 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 18:51:07.0809 1348 AsyncMac - ok 18:51:07.0811 1348 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 18:51:07.0815 1348 atapi - ok 18:51:07.0821 1348 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 18:51:07.0843 1348 AudioEndpointBuilder - ok 18:51:07.0848 1348 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 18:51:07.0867 1348 AudioSrv - ok 18:51:07.0869 1348 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 18:51:07.0878 1348 AxInstSV - ok 18:51:07.0883 1348 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 18:51:07.0891 1348 b06bdrv - ok 18:51:07.0895 1348 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 18:51:07.0903 1348 b57nd60a - ok 18:51:07.0906 1348 [ 638AC077E7EF7D27D03062E486E8BF01 ] bcbtums C:\Windows\system32\drivers\bcbtums.sys 18:51:07.0911 1348 bcbtums - ok 18:51:07.0938 1348 [ FBC76C8D561D0AD159EF9452D9F328F6 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys 18:51:07.0980 1348 BCM43XX - ok 18:51:07.0983 1348 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 18:51:07.0989 1348 BDESVC - ok 18:51:07.0991 1348 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 18:51:08.0007 1348 Beep - ok 18:51:08.0014 1348 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 18:51:08.0035 1348 BFE - ok 18:51:08.0042 1348 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 18:51:08.0065 1348 BITS - ok 18:51:08.0067 1348 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 18:51:08.0073 1348 blbdrive - ok 18:51:08.0078 1348 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 18:51:08.0085 1348 Bonjour Service - ok 18:51:08.0094 1348 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 18:51:08.0101 1348 bowser - ok 18:51:08.0103 1348 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 18:51:08.0109 1348 BrFiltLo - ok 18:51:08.0111 1348 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 18:51:08.0117 1348 BrFiltUp - ok 18:51:08.0121 1348 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 18:51:08.0127 1348 Browser - ok 18:51:08.0131 1348 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 18:51:08.0139 1348 Brserid - ok 18:51:08.0141 1348 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 18:51:08.0148 1348 BrSerWdm - ok 18:51:08.0150 1348 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 18:51:08.0156 1348 BrUsbMdm - ok 18:51:08.0158 1348 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 18:51:08.0163 1348 BrUsbSer - ok 18:51:08.0165 1348 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 18:51:08.0171 1348 BthEnum - ok 18:51:08.0173 1348 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 18:51:08.0180 1348 BTHMODEM - ok 18:51:08.0182 1348 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 18:51:08.0190 1348 BthPan - ok 18:51:08.0195 1348 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 18:51:08.0204 1348 BTHPORT - ok 18:51:08.0207 1348 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 18:51:08.0224 1348 bthserv - ok 18:51:08.0226 1348 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 18:51:08.0232 1348 BTHUSB - ok 18:51:08.0234 1348 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 18:51:08.0251 1348 cdfs - ok 18:51:08.0254 1348 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 18:51:08.0261 1348 cdrom - ok 18:51:08.0263 1348 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 18:51:08.0280 1348 CertPropSvc - ok 18:51:08.0282 1348 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 18:51:08.0289 1348 circlass - ok 18:51:08.0293 1348 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 18:51:08.0301 1348 CLFS - ok 18:51:08.0306 1348 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:51:08.0310 1348 clr_optimization_v2.0.50727_32 - ok 18:51:08.0316 1348 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 18:51:08.0320 1348 clr_optimization_v2.0.50727_64 - ok 18:51:08.0328 1348 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:51:08.0333 1348 clr_optimization_v4.0.30319_32 - ok 18:51:08.0335 1348 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 18:51:08.0340 1348 clr_optimization_v4.0.30319_64 - ok 18:51:08.0342 1348 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 18:51:08.0348 1348 CmBatt - ok 18:51:08.0349 1348 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 18:51:08.0354 1348 cmdide - ok 18:51:08.0358 1348 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 18:51:08.0369 1348 CNG - ok 18:51:08.0372 1348 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 18:51:08.0376 1348 Compbatt - ok 18:51:08.0378 1348 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 18:51:08.0385 1348 CompositeBus - ok 18:51:08.0386 1348 COMSysApp - ok 18:51:08.0390 1348 [ A0050420B91E097C178DFC3C0598F67B ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe 18:51:08.0396 1348 cphs - ok 18:51:08.0398 1348 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 18:51:08.0403 1348 crcdisk - ok 18:51:08.0407 1348 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 18:51:08.0417 1348 CryptSvc - ok 18:51:08.0419 1348 [ C20E2A7A29F06A69C40E949255257B01 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys 18:51:08.0424 1348 ctxusbm - ok 18:51:08.0430 1348 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 18:51:08.0451 1348 DcomLaunch - ok 18:51:08.0455 1348 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 18:51:08.0474 1348 defragsvc - ok 18:51:08.0476 1348 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 18:51:08.0494 1348 DfsC - ok 18:51:08.0498 1348 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 18:51:08.0516 1348 Dhcp - ok 18:51:08.0519 1348 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 18:51:08.0535 1348 discache - ok 18:51:08.0537 1348 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 18:51:08.0542 1348 Disk - ok 18:51:08.0545 1348 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 18:51:08.0551 1348 Dnscache - ok 18:51:08.0555 1348 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 18:51:08.0573 1348 dot3svc - ok 18:51:08.0576 1348 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 18:51:08.0593 1348 DPS - ok 18:51:08.0595 1348 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 18:51:08.0602 1348 drmkaud - ok 18:51:08.0609 1348 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 18:51:08.0620 1348 DXGKrnl - ok 18:51:08.0624 1348 [ EAFCB4551836FF44EE775CEDDFA7A77E ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys 18:51:08.0630 1348 e1cexpress - ok 18:51:08.0632 1348 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 18:51:08.0650 1348 EapHost - ok 18:51:08.0670 1348 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 18:51:08.0700 1348 ebdrv - ok 18:51:08.0702 1348 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 18:51:08.0709 1348 EFS - ok 18:51:08.0715 1348 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 18:51:08.0726 1348 ehRecvr - ok 18:51:08.0728 1348 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 18:51:08.0734 1348 ehSched - ok 18:51:08.0739 1348 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 18:51:08.0748 1348 elxstor - ok 18:51:08.0750 1348 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 18:51:08.0755 1348 ErrDev - ok 18:51:08.0760 1348 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 18:51:08.0780 1348 EventSystem - ok 18:51:08.0783 1348 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 18:51:08.0801 1348 exfat - ok 18:51:08.0804 1348 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 18:51:08.0822 1348 fastfat - ok 18:51:08.0828 1348 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 18:51:08.0838 1348 Fax - ok 18:51:08.0840 1348 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 18:51:08.0846 1348 fdc - ok 18:51:08.0848 1348 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 18:51:08.0865 1348 fdPHost - ok 18:51:08.0866 1348 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 18:51:08.0883 1348 FDResPub - ok 18:51:08.0885 1348 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 18:51:08.0890 1348 FileInfo - ok 18:51:08.0892 1348 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 18:51:08.0909 1348 Filetrace - ok 18:51:08.0911 1348 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 18:51:08.0916 1348 flpydisk - ok 18:51:08.0920 1348 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 18:51:08.0927 1348 FltMgr - ok 18:51:08.0935 1348 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll 18:51:08.0960 1348 FontCache - ok 18:51:08.0962 1348 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 18:51:08.0966 1348 FontCache3.0.0.0 - ok 18:51:08.0968 1348 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 18:51:08.0973 1348 FsDepends - ok 18:51:08.0975 1348 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 18:51:08.0979 1348 Fs_Rec - ok 18:51:08.0982 1348 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 18:51:08.0990 1348 fvevol - ok 18:51:08.0992 1348 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 18:51:08.0997 1348 gagp30kx - ok 18:51:08.0998 1348 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 18:51:09.0002 1348 GEARAspiWDM - ok 18:51:09.0008 1348 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 18:51:09.0030 1348 gpsvc - ok 18:51:09.0033 1348 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 18:51:09.0038 1348 gusvc - ok 18:51:09.0040 1348 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 18:51:09.0046 1348 hcw85cir - ok 18:51:09.0049 1348 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 18:51:09.0059 1348 HdAudAddService - ok 18:51:09.0061 1348 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 18:51:09.0068 1348 HDAudBus - ok 18:51:09.0070 1348 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 18:51:09.0076 1348 HidBatt - ok 18:51:09.0078 1348 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 18:51:09.0085 1348 HidBth - ok 18:51:09.0087 1348 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 18:51:09.0094 1348 HidIr - ok 18:51:09.0096 1348 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 18:51:09.0113 1348 hidserv - ok 18:51:09.0115 1348 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 18:51:09.0120 1348 HidUsb - ok 18:51:09.0123 1348 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 18:51:09.0139 1348 hkmsvc - ok 18:51:09.0142 1348 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 18:51:09.0149 1348 HomeGroupListener - ok 18:51:09.0153 1348 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 18:51:09.0160 1348 HomeGroupProvider - ok 18:51:09.0162 1348 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 18:51:09.0167 1348 HpSAMD - ok 18:51:09.0173 1348 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 18:51:09.0194 1348 HTTP - ok 18:51:09.0196 1348 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 18:51:09.0200 1348 hwpolicy - ok 18:51:09.0202 1348 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 18:51:09.0208 1348 i8042prt - ok 18:51:09.0213 1348 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 18:51:09.0221 1348 iaStorV - ok 18:51:09.0228 1348 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 18:51:09.0240 1348 idsvc - ok 18:51:09.0340 1348 [ 0638D16029B1C800908D965AC78970C7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 18:51:09.0477 1348 igfx - ok 18:51:09.0480 1348 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 18:51:09.0485 1348 iirsp - ok 18:51:09.0492 1348 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 18:51:09.0515 1348 IKEEXT - ok 18:51:09.0517 1348 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 18:51:09.0522 1348 intelide - ok 18:51:09.0524 1348 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 18:51:09.0529 1348 intelppm - ok 18:51:09.0531 1348 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 18:51:09.0549 1348 IPBusEnum - ok 18:51:09.0551 1348 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:51:09.0567 1348 IpFilterDriver - ok 18:51:09.0573 1348 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 18:51:09.0594 1348 iphlpsvc - ok 18:51:09.0596 1348 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 18:51:09.0602 1348 IPMIDRV - ok 18:51:09.0604 1348 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 18:51:09.0621 1348 IPNAT - ok 18:51:09.0627 1348 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 18:51:09.0636 1348 iPod Service - ok 18:51:09.0638 1348 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 18:51:09.0645 1348 IRENUM - ok 18:51:09.0647 1348 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 18:51:09.0652 1348 isapnp - ok 18:51:09.0655 1348 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 18:51:09.0662 1348 iScsiPrt - ok 18:51:09.0668 1348 [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys 18:51:09.0677 1348 iusb3xhc - ok 18:51:09.0679 1348 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 18:51:09.0684 1348 kbdclass - ok 18:51:09.0685 1348 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 18:51:09.0691 1348 kbdhid - ok 18:51:09.0693 1348 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 18:51:09.0698 1348 KeyIso - ok 18:51:09.0700 1348 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 18:51:09.0705 1348 KSecDD - ok 18:51:09.0707 1348 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 18:51:09.0713 1348 KSecPkg - ok 18:51:09.0715 1348 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 18:51:09.0732 1348 ksthunk - ok 18:51:09.0736 1348 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 18:51:09.0756 1348 KtmRm - ok 18:51:09.0759 1348 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 18:51:09.0778 1348 LanmanServer - ok 18:51:09.0780 1348 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 18:51:09.0798 1348 LanmanWorkstation - ok 18:51:09.0801 1348 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys 18:51:09.0805 1348 LGBusEnum - ok 18:51:09.0807 1348 [ F7205E939F50B1C8D16F895916BE6756 ] LGSHidFilt C:\Windows\system32\DRIVERS\LGSHidFilt.Sys 18:51:09.0812 1348 LGSHidFilt - ok 18:51:09.0813 1348 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys 18:51:09.0817 1348 LGVirHid - ok 18:51:09.0819 1348 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 18:51:09.0836 1348 lltdio - ok 18:51:09.0839 1348 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 18:51:09.0858 1348 lltdsvc - ok 18:51:09.0860 1348 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 18:51:09.0877 1348 lmhosts - ok 18:51:09.0880 1348 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 18:51:09.0885 1348 LSI_FC - ok 18:51:09.0887 1348 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 18:51:09.0893 1348 LSI_SAS - ok 18:51:09.0895 1348 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 18:51:09.0899 1348 LSI_SAS2 - ok 18:51:09.0902 1348 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 18:51:09.0907 1348 LSI_SCSI - ok 18:51:09.0909 1348 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 18:51:09.0927 1348 luafv - ok 18:51:09.0930 1348 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 18:51:09.0936 1348 Mcx2Svc - ok 18:51:09.0938 1348 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 18:51:09.0943 1348 megasas - ok 18:51:09.0946 1348 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 18:51:09.0953 1348 MegaSR - ok 18:51:09.0955 1348 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 18:51:09.0959 1348 MEIx64 - ok 18:51:09.0961 1348 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 18:51:09.0978 1348 MMCSS - ok 18:51:09.0980 1348 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 18:51:09.0997 1348 Modem - ok 18:51:09.0999 1348 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 18:51:10.0006 1348 monitor - ok 18:51:10.0008 1348 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 18:51:10.0012 1348 mouclass - ok 18:51:10.0014 1348 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 18:51:10.0019 1348 mouhid - ok 18:51:10.0021 1348 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 18:51:10.0026 1348 mountmgr - ok 18:51:10.0029 1348 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 18:51:10.0035 1348 mpio - ok 18:51:10.0037 1348 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 18:51:10.0053 1348 mpsdrv - ok 18:51:10.0060 1348 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 18:51:10.0083 1348 MpsSvc - ok 18:51:10.0086 1348 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 18:51:10.0094 1348 MRxDAV - ok 18:51:10.0097 1348 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 18:51:10.0103 1348 mrxsmb - ok 18:51:10.0107 1348 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:51:10.0113 1348 mrxsmb10 - ok 18:51:10.0116 1348 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:51:10.0121 1348 mrxsmb20 - ok 18:51:10.0123 1348 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 18:51:10.0128 1348 msahci - ok 18:51:10.0130 1348 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 18:51:10.0136 1348 msdsm - ok 18:51:10.0138 1348 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 18:51:10.0146 1348 MSDTC - ok 18:51:10.0149 1348 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 18:51:10.0165 1348 Msfs - ok 18:51:10.0167 1348 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 18:51:10.0183 1348 mshidkmdf - ok 18:51:10.0185 1348 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 18:51:10.0189 1348 msisadrv - ok 18:51:10.0192 1348 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 18:51:10.0210 1348 MSiSCSI - ok 18:51:10.0212 1348 msiserver - ok 18:51:10.0214 1348 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 18:51:10.0230 1348 MSKSSRV - ok 18:51:10.0232 1348 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 18:51:10.0248 1348 MSPCLOCK - ok 18:51:10.0250 1348 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 18:51:10.0266 1348 MSPQM - ok 18:51:10.0270 1348 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 18:51:10.0278 1348 MsRPC - ok 18:51:10.0281 1348 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 18:51:10.0285 1348 mssmbios - ok 18:51:10.0286 1348 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 18:51:10.0303 1348 MSTEE - ok 18:51:10.0305 1348 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 18:51:10.0310 1348 MTConfig - ok 18:51:10.0312 1348 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 18:51:10.0316 1348 Mup - ok 18:51:10.0318 1348 [ A56731462518CCE74EB0DB38C2A04986 ] mv91cons C:\Windows\system32\DRIVERS\mv91cons.sys 18:51:10.0322 1348 mv91cons - ok 18:51:10.0326 1348 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 18:51:10.0347 1348 napagent - ok 18:51:10.0351 1348 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 18:51:10.0361 1348 NativeWifiP - ok 18:51:10.0368 1348 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys 18:51:10.0381 1348 NDIS - ok 18:51:10.0383 1348 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 18:51:10.0400 1348 NdisCap - ok 18:51:10.0402 1348 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 18:51:10.0418 1348 NdisTapi - ok 18:51:10.0420 1348 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 18:51:10.0436 1348 Ndisuio - ok 18:51:10.0439 1348 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 18:51:10.0456 1348 NdisWan - ok 18:51:10.0458 1348 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 18:51:10.0474 1348 NDProxy - ok 18:51:10.0476 1348 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys 18:51:10.0481 1348 Netaapl - ok 18:51:10.0482 1348 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 18:51:10.0499 1348 NetBIOS - ok 18:51:10.0503 1348 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 18:51:10.0520 1348 NetBT - ok 18:51:10.0522 1348 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 18:51:10.0527 1348 Netlogon - ok 18:51:10.0531 1348 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 18:51:10.0550 1348 Netman - ok 18:51:10.0553 1348 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:51:10.0558 1348 NetMsmqActivator - ok 18:51:10.0560 1348 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:51:10.0564 1348 NetPipeActivator - ok 18:51:10.0568 1348 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 18:51:10.0589 1348 netprofm - ok 18:51:10.0591 1348 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:51:10.0595 1348 NetTcpActivator - ok 18:51:10.0597 1348 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:51:10.0601 1348 NetTcpPortSharing - ok 18:51:10.0603 1348 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 18:51:10.0608 1348 nfrd960 - ok 18:51:10.0611 1348 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 18:51:10.0630 1348 NlaSvc - ok 18:51:10.0633 1348 [ C31FA031335EFF434B2D94278E74BCCE ] NPF C:\Windows\system32\DRIVERS\npf.sys 18:51:10.0637 1348 NPF - ok 18:51:10.0639 1348 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 18:51:10.0655 1348 Npfs - ok 18:51:10.0657 1348 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 18:51:10.0674 1348 nsi - ok 18:51:10.0676 1348 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 18:51:10.0692 1348 nsiproxy - ok 18:51:10.0704 1348 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 18:51:10.0725 1348 Ntfs - ok 18:51:10.0727 1348 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 18:51:10.0743 1348 Null - ok 18:51:10.0746 1348 [ B4F53BCA4C688FF47F04FA90098F896E ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 18:51:10.0751 1348 NVHDA - ok 18:51:10.0831 1348 [ 4EE399576F76D38C04745DB739BBC8C7 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 18:51:10.0915 1348 nvlddmkm - ok 18:51:10.0919 1348 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys 18:51:10.0925 1348 nvraid - ok 18:51:10.0928 1348 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys 18:51:10.0933 1348 nvstor - ok 18:51:10.0941 1348 [ 7335C3D78A7746D76D37F6722CC4A466 ] nvsvc C:\Windows\system32\nvvsvc.exe 18:51:10.0954 1348 nvsvc - ok 18:51:10.0963 1348 [ B7C53DA1C73FF39F4A6248643EFD979A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 18:51:10.0980 1348 nvUpdatusService - ok 18:51:10.0983 1348 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 18:51:10.0988 1348 nv_agp - ok 18:51:10.0990 1348 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 18:51:10.0996 1348 ohci1394 - ok 18:51:11.0000 1348 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 18:51:11.0009 1348 p2pimsvc - ok 18:51:11.0014 1348 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 18:51:11.0023 1348 p2psvc - ok 18:51:11.0025 1348 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 18:51:11.0031 1348 Parport - ok 18:51:11.0033 1348 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 18:51:11.0038 1348 partmgr - ok 18:51:11.0041 1348 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 18:51:11.0051 1348 PcaSvc - ok 18:51:11.0054 1348 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 18:51:11.0060 1348 pci - ok 18:51:11.0062 1348 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 18:51:11.0066 1348 pciide - ok 18:51:11.0069 1348 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 18:51:11.0075 1348 pcmcia - ok 18:51:11.0077 1348 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 18:51:11.0082 1348 pcw - ok 18:51:11.0086 1348 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 18:51:11.0108 1348 PEAUTH - ok 18:51:11.0111 1348 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 18:51:11.0116 1348 PerfHost - ok 18:51:11.0128 1348 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 18:51:11.0156 1348 pla - ok 18:51:11.0161 1348 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 18:51:11.0169 1348 PlugPlay - ok 18:51:11.0171 1348 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 18:51:11.0177 1348 PNRPAutoReg - ok 18:51:11.0180 1348 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 18:51:11.0187 1348 PNRPsvc - ok 18:51:11.0192 1348 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 18:51:11.0212 1348 PolicyAgent - ok 18:51:11.0214 1348 postgresql-8.4 - ok 18:51:11.0217 1348 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 18:51:11.0236 1348 Power - ok 18:51:11.0238 1348 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 18:51:11.0255 1348 PptpMiniport - ok 18:51:11.0257 1348 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 18:51:11.0263 1348 Processor - ok 18:51:11.0266 1348 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll 18:51:11.0284 1348 ProfSvc - ok 18:51:11.0286 1348 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 18:51:11.0291 1348 ProtectedStorage - ok 18:51:11.0294 1348 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 18:51:11.0311 1348 Psched - ok 18:51:11.0321 1348 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 18:51:11.0340 1348 ql2300 - ok 18:51:11.0342 1348 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 18:51:11.0348 1348 ql40xx - ok 18:51:11.0351 1348 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 18:51:11.0361 1348 QWAVE - ok 18:51:11.0363 1348 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 18:51:11.0371 1348 QWAVEdrv - ok 18:51:11.0372 1348 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 18:51:11.0389 1348 RasAcd - ok 18:51:11.0391 1348 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 18:51:11.0408 1348 RasAgileVpn - ok 18:51:11.0410 1348 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 18:51:11.0428 1348 RasAuto - ok 18:51:11.0431 1348 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 18:51:11.0448 1348 Rasl2tp - ok 18:51:11.0452 1348 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 18:51:11.0471 1348 RasMan - ok 18:51:11.0473 1348 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 18:51:11.0490 1348 RasPppoe - ok 18:51:11.0492 1348 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 18:51:11.0510 1348 RasSstp - ok 18:51:11.0513 1348 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 18:51:11.0531 1348 rdbss - ok 18:51:11.0533 1348 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 18:51:11.0540 1348 rdpbus - ok 18:51:11.0541 1348 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 18:51:11.0558 1348 RDPCDD - ok 18:51:11.0560 1348 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 18:51:11.0577 1348 RDPENCDD - ok 18:51:11.0579 1348 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 18:51:11.0595 1348 RDPREFMP - ok 18:51:11.0598 1348 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 18:51:11.0604 1348 RDPWD - ok 18:51:11.0607 1348 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 18:51:11.0614 1348 rdyboost - ok 18:51:11.0616 1348 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 18:51:11.0633 1348 RemoteAccess - ok 18:51:11.0636 1348 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 18:51:11.0655 1348 RemoteRegistry - ok 18:51:11.0658 1348 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 18:51:11.0666 1348 RFCOMM - ok 18:51:11.0668 1348 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 18:51:11.0686 1348 RpcEptMapper - ok 18:51:11.0687 1348 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 18:51:11.0693 1348 RpcLocator - ok 18:51:11.0698 1348 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 18:51:11.0716 1348 RpcSs - ok 18:51:11.0719 1348 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 18:51:11.0736 1348 rspndr - ok 18:51:11.0741 1348 [ 7F4F11527AF5A7E4526CB6A146B3E40C ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 18:51:11.0749 1348 RTL8167 - ok 18:51:11.0751 1348 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 18:51:11.0756 1348 SamSs - ok 18:51:11.0758 1348 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 18:51:11.0764 1348 sbp2port - ok 18:51:11.0767 1348 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 18:51:11.0785 1348 SCardSvr - ok 18:51:11.0787 1348 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 18:51:11.0803 1348 scfilter - ok 18:51:11.0811 1348 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 18:51:11.0837 1348 Schedule - ok 18:51:11.0840 1348 [ 6011CDF54BB6F4C69F38FACCDAD73D7E ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys 18:51:11.0844 1348 SCMNdisP - ok 18:51:11.0846 1348 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 18:51:11.0861 1348 SCPolicySvc - ok 18:51:11.0864 1348 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 18:51:11.0871 1348 SDRSVC - ok 18:51:11.0873 1348 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 18:51:11.0889 1348 secdrv - ok 18:51:11.0891 1348 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 18:51:11.0908 1348 seclogon - ok 18:51:11.0910 1348 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 18:51:11.0927 1348 SENS - ok 18:51:11.0929 1348 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 18:51:11.0935 1348 SensrSvc - ok 18:51:11.0937 1348 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 18:51:11.0942 1348 Serenum - ok 18:51:11.0945 1348 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 18:51:11.0951 1348 Serial - ok 18:51:11.0952 1348 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 18:51:11.0958 1348 sermouse - ok 18:51:11.0963 1348 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 18:51:11.0980 1348 SessionEnv - ok 18:51:11.0982 1348 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 18:51:11.0988 1348 sffdisk - ok 18:51:11.0990 1348 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 18:51:11.0996 1348 sffp_mmc - ok 18:51:11.0998 1348 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 18:51:12.0005 1348 sffp_sd - ok 18:51:12.0006 1348 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 18:51:12.0011 1348 sfloppy - ok 18:51:12.0015 1348 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 18:51:12.0035 1348 SharedAccess - ok 18:51:12.0039 1348 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 18:51:12.0058 1348 ShellHWDetection - ok 18:51:12.0060 1348 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 18:51:12.0065 1348 SiSRaid2 - ok 18:51:12.0067 1348 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 18:51:12.0072 1348 SiSRaid4 - ok 18:51:12.0074 1348 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 18:51:12.0091 1348 Smb - ok 18:51:12.0095 1348 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 18:51:12.0101 1348 SNMPTRAP - ok 18:51:12.0103 1348 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 18:51:12.0107 1348 spldr - ok 18:51:12.0112 1348 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe 18:51:12.0132 1348 Spooler - ok 18:51:12.0154 1348 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 18:51:12.0199 1348 sppsvc - ok 18:51:12.0217 1348 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 18:51:12.0234 1348 sppuinotify - ok 18:51:12.0238 1348 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 18:51:12.0247 1348 srv - ok 18:51:12.0252 1348 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 18:51:12.0260 1348 srv2 - ok 18:51:12.0263 1348 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 18:51:12.0268 1348 srvnet - ok 18:51:12.0271 1348 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 18:51:12.0290 1348 SSDPSRV - ok 18:51:12.0292 1348 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 18:51:12.0310 1348 SstpSvc - ok 18:51:12.0314 1348 [ 81F177C1954453AF407604160BD149CB ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 18:51:12.0321 1348 Stereo Service - ok 18:51:12.0323 1348 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 18:51:12.0328 1348 stexstor - ok 18:51:12.0333 1348 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 18:51:12.0345 1348 stisvc - ok 18:51:12.0347 1348 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 18:51:12.0351 1348 swenum - ok 18:51:12.0357 1348 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 18:51:12.0366 1348 SwitchBoard ( UnsignedFile****lti.Generic ) - warning 18:51:12.0366 1348 SwitchBoard - detected UnsignedFile****lti.Generic (1) 18:51:12.0371 1348 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 18:51:12.0393 1348 swprv - ok 18:51:12.0404 1348 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 18:51:12.0426 1348 SysMain - ok 18:51:12.0428 1348 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 18:51:12.0437 1348 TabletInputService - ok 18:51:12.0441 1348 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 18:51:12.0460 1348 TapiSrv - ok 18:51:12.0462 1348 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 18:51:12.0479 1348 TBS - ok 18:51:12.0492 1348 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 18:51:12.0515 1348 Tcpip - ok 18:51:12.0528 1348 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 18:51:12.0546 1348 TCPIP6 - ok 18:51:12.0549 1348 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 18:51:12.0565 1348 tcpipreg - ok 18:51:12.0568 1348 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 18:51:12.0573 1348 TDPIPE - ok 18:51:12.0574 1348 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 18:51:12.0579 1348 TDTCP - ok 18:51:12.0582 1348 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 18:51:12.0598 1348 tdx - ok 18:51:12.0600 1348 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 18:51:12.0605 1348 TermDD - ok 18:51:12.0610 1348 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 18:51:12.0632 1348 TermService - ok 18:51:12.0634 1348 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 18:51:12.0642 1348 Themes - ok 18:51:12.0645 1348 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 18:51:12.0661 1348 THREADORDER - ok 18:51:12.0664 1348 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 18:51:12.0682 1348 TrkWks - ok 18:51:12.0685 1348 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 18:51:12.0703 1348 TrustedInstaller - ok 18:51:12.0706 1348 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 18:51:12.0722 1348 tssecsrv - ok 18:51:12.0724 1348 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 18:51:12.0729 1348 TsUsbFlt - ok 18:51:12.0731 1348 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 18:51:12.0737 1348 TsUsbGD - ok 18:51:12.0739 1348 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 18:51:12.0756 1348 tunnel - ok 18:51:12.0759 1348 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 18:51:12.0764 1348 uagp35 - ok 18:51:12.0767 1348 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 18:51:12.0785 1348 udfs - ok 18:51:12.0789 1348 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 18:51:12.0795 1348 UI0Detect - ok 18:51:12.0797 1348 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 18:51:12.0802 1348 uliagpkx - ok 18:51:12.0804 1348 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 18:51:12.0810 1348 umbus - ok 18:51:12.0811 1348 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 18:51:12.0817 1348 UmPass - ok 18:51:12.0821 1348 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 18:51:12.0841 1348 upnphost - ok 18:51:12.0843 1348 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 18:51:12.0849 1348 USBAAPL64 - ok 18:51:12.0851 1348 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 18:51:12.0858 1348 usbaudio - ok 18:51:12.0861 1348 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 18:51:12.0866 1348 usbccgp - ok 18:51:12.0868 1348 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 18:51:12.0875 1348 usbcir - ok 18:51:12.0877 1348 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 18:51:12.0883 1348 usbehci - ok 18:51:12.0887 1348 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 18:51:12.0896 1348 usbhub - ok 18:51:12.0898 1348 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys 18:51:12.0903 1348 usbohci - ok 18:51:12.0905 1348 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys 18:51:12.0912 1348 usbprint - ok 18:51:12.0914 1348 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:51:12.0920 1348 USBSTOR - ok 18:51:12.0922 1348 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 18:51:12.0927 1348 usbuhci - ok 18:51:12.0930 1348 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 18:51:12.0938 1348 usbvideo - ok 18:51:12.0940 1348 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 18:51:12.0957 1348 UxSms - ok 18:51:12.0959 1348 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 18:51:12.0964 1348 VaultSvc - ok 18:51:12.0966 1348 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 18:51:12.0970 1348 vdrvroot - ok 18:51:12.0975 1348 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 18:51:12.0995 1348 vds - ok 18:51:12.0997 1348 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 18:51:13.0004 1348 vga - ok 18:51:13.0005 1348 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 18:51:13.0022 1348 VgaSave - ok 18:51:13.0025 1348 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 18:51:13.0031 1348 vhdmp - ok 18:51:13.0033 1348 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 18:51:13.0038 1348 viaide - ok 18:51:13.0040 1348 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 18:51:13.0044 1348 volmgr - ok 18:51:13.0048 1348 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 18:51:13.0056 1348 volmgrx - ok 18:51:13.0060 1348 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys 18:51:13.0067 1348 volsnap - ok 18:51:13.0069 1348 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 18:51:13.0075 1348 vsmraid - ok 18:51:13.0086 1348 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 18:51:13.0127 1348 VSS - ok 18:51:13.0129 1348 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 18:51:13.0135 1348 vwifibus - ok 18:51:13.0137 1348 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 18:51:13.0145 1348 vwififlt - ok 18:51:13.0149 1348 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 18:51:13.0168 1348 W32Time - ok 18:51:13.0171 1348 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 18:51:13.0177 1348 WacomPen - ok 18:51:13.0179 1348 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 18:51:13.0196 1348 WANARP - ok 18:51:13.0197 1348 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 18:51:13.0213 1348 Wanarpv6 - ok 18:51:13.0222 1348 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 18:51:13.0239 1348 WatAdminSvc - ok 18:51:13.0249 1348 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 18:51:13.0267 1348 wbengine - ok 18:51:13.0270 1348 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 18:51:13.0279 1348 WbioSrvc - ok 18:51:13.0283 1348 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 18:51:13.0295 1348 wcncsvc - ok 18:51:13.0297 1348 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 18:51:13.0302 1348 WcsPlugInService - ok 18:51:13.0304 1348 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 18:51:13.0309 1348 Wd - ok 18:51:13.0314 1348 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 18:51:13.0324 1348 Wdf01000 - ok 18:51:13.0327 1348 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 18:51:13.0336 1348 WdiServiceHost - ok 18:51:13.0338 1348 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 18:51:13.0346 1348 WdiSystemHost - ok 18:51:13.0349 1348 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 18:51:13.0359 1348 WebClient - ok 18:51:13.0363 1348 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 18:51:13.0382 1348 Wecsvc - ok 18:51:13.0384 1348 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 18:51:13.0401 1348 wercplsupport - ok 18:51:13.0403 1348 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 18:51:13.0421 1348 WerSvc - ok 18:51:13.0423 1348 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 18:51:13.0439 1348 WfpLwf - ok 18:51:13.0441 1348 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 18:51:13.0446 1348 WIMMount - ok 18:51:13.0447 1348 WinDefend - ok 18:51:13.0450 1348 WinHttpAutoProxySvc - ok 18:51:13.0457 1348 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 18:51:13.0475 1348 Winmgmt - ok 18:51:13.0488 1348 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 18:51:13.0520 1348 WinRM - ok 18:51:13.0523 1348 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 18:51:13.0530 1348 WinUsb - ok 18:51:13.0537 1348 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 18:51:13.0552 1348 Wlansvc - ok 18:51:13.0554 1348 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 18:51:13.0560 1348 WmiAcpi - ok 18:51:13.0564 1348 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 18:51:13.0571 1348 wmiApSrv - ok 18:51:13.0573 1348 WMPNetworkSvc - ok 18:51:13.0575 1348 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 18:51:13.0580 1348 WPCSvc - ok 18:51:13.0583 1348 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 18:51:13.0590 1348 WPDBusEnum - ok 18:51:13.0592 1348 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 18:51:13.0608 1348 ws2ifsl - ok 18:51:13.0610 1348 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 18:51:13.0620 1348 wscsvc - ok 18:51:13.0621 1348 WSearch - ok 18:51:13.0627 1348 [ D0697918519A4CF059C2C7E3B9E93A53 ] WSWNA3100 C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe 18:51:13.0633 1348 WSWNA3100 - ok 18:51:13.0648 1348 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 18:51:13.0676 1348 wuauserv - ok 18:51:13.0679 1348 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 18:51:13.0696 1348 WudfPf - ok 18:51:13.0699 1348 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 18:51:13.0716 1348 WUDFRd - ok 18:51:13.0719 1348 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 18:51:13.0736 1348 wudfsvc - ok 18:51:13.0739 1348 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 18:51:13.0749 1348 WwanSvc - ok 18:51:13.0754 1348 ================ Scan global =============================== 18:51:13.0756 1348 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 18:51:13.0759 1348 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 18:51:13.0763 1348 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 18:51:13.0766 1348 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 18:51:13.0770 1348 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 18:51:13.0771 1348 [Global] - ok 18:51:13.0771 1348 ================ Scan MBR ================================== 18:51:13.0773 1348 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 18:51:13.0843 1348 \Device\Harddisk0\DR0 - ok 18:51:13.0846 1348 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1 18:51:13.0895 1348 \Device\Harddisk1\DR1 - ok 18:51:13.0898 1348 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk2\DR2 18:51:13.0979 1348 \Device\Harddisk2\DR2 - ok 18:51:13.0979 1348 ================ Scan VBR ================================== 18:51:13.0982 1348 [ B5F0B0355D079AD976159A9EAA3E941D ] \Device\Harddisk0\DR0\Partition1 18:51:13.0983 1348 \Device\Harddisk0\DR0\Partition1 - ok 18:51:13.0986 1348 [ 02B3486EDADE5D78A3AFD10B11515130 ] \Device\Harddisk0\DR0\Partition2 18:51:13.0987 1348 \Device\Harddisk0\DR0\Partition2 - ok 18:51:13.0990 1348 [ BEFB19F7C40ECFACE7E04E395731700D ] \Device\Harddisk1\DR1\Partition1 18:51:13.0991 1348 \Device\Harddisk1\DR1\Partition1 - ok 18:51:13.0994 1348 [ D803C52431F481BEF0BF0E8BA6F5C23C ] \Device\Harddisk2\DR2\Partition1 18:51:13.0995 1348 \Device\Harddisk2\DR2\Partition1 - ok 18:51:13.0996 1348 ============================================================ 18:51:13.0996 1348 Scan finished 18:51:13.0996 1348 ============================================================ 18:51:14.0001 0912 Detected object count: 1 18:51:14.0001 0912 Actual detected object count: 1 18:51:41.0292 0912 SwitchBoard ( UnsignedFile****lti.Generic ) - skipped by user 18:51:41.0292 0912 SwitchBoard ( UnsignedFile****lti.Generic ) - User select action: Skip
05-24-2013
, 09:12 AM
05-25-2013
, 03:59 AM
Ok, so it seems that file is indeed bad, although one might think it belongs to holdem manager
Anyway, there is no startup entry that activates it, so it is quite harmless. We'll get rid of it:
Anyway, there is no startup entry that activates it, so it is quite harmless. We'll get rid of it:
- Please run OTL.exe again
- Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
Code:
:files
C:\Users\GodlikeRoy\AppData\Roaming\HEM.exe
C:\Windows\assembly\Desktop.ini
:otl
O4 - HKLM..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" File not found
O4 - HKCU..\Run: [flashupdate] C:\Users\GodlikeRoy\AppData\Roaming\flashupdate.exe File not found
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
:commands
[reboot]
- CAREFUL NOW! You must click the Run Fix button, NOT the Run Scan!
- If it asks to reboot the computer, please allow that.
- Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)
- Download TDSSKiller by Kaspersky from here and save it to your desktop
- Doubleclick TDSSKiller.exe to run the tool
- Click Change parameters
- Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
- Click the Start Scan button
- If threats are detected, you will need to choose options before clicking Continue
- For Suspicious objects choose the Skip action
- For Malicious objects choose the Cure action. If Cure is not available, choose Skip instead, never choose Delete.
- Click the Report button and copy/paste the contents of it into your next reply
- The report can also be found in the root of your Windows drive (most likely C:\).
05-26-2013
, 06:40 PM
One might indeed think that! Here is the OTL Log:
And the TDSSKiller Report:
How's it looking now?
Cheers
Code:
========== FILES ==========
C:\Users\GodlikeRoy\AppData\Roaming\HEM.exe moved successfully.
C:\Windows\assembly\Desktop.ini moved successfully.
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CitrixReceiver deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\flashupdate deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\Windows\Downloaded Program Files\swflash64.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.69.0 log created on 05272013_082306
Code:
08:38:18.0794 4612 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 08:38:19.0730 4612 ============================================================ 08:38:19.0730 4612 Current date / time: 2013/05/27 08:38:19.0730 08:38:19.0730 4612 SystemInfo: 08:38:19.0730 4612 08:38:19.0730 4612 OS Version: 6.1.7601 ServicePack: 1.0 08:38:19.0730 4612 Product type: Workstation 08:38:19.0730 4612 ComputerName: GODLIKEROY-PC 08:38:19.0730 4612 UserName: GodlikeRoy 08:38:19.0730 4612 Windows directory: C:\Windows 08:38:19.0730 4612 System windows directory: C:\Windows 08:38:19.0730 4612 Running under WOW64 08:38:19.0730 4612 Processor architecture: Intel x64 08:38:19.0730 4612 Number of processors: 8 08:38:19.0730 4612 Page size: 0x1000 08:38:19.0730 4612 Boot type: Normal boot 08:38:19.0730 4612 ============================================================ 08:38:19.0909 4612 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 08:38:19.0912 4612 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 08:38:19.0912 4612 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 08:38:19.0932 4612 ============================================================ 08:38:19.0932 4612 \Device\Harddisk0\DR0: 08:38:19.0933 4612 MBR partitions: 08:38:19.0933 4612 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 08:38:19.0933 4612 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1DCC0000 08:38:19.0933 4612 \Device\Harddisk1\DR1: 08:38:19.0933 4612 MBR partitions: 08:38:19.0933 4612 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800 08:38:19.0933 4612 \Device\Harddisk2\DR2: 08:38:19.0933 4612 MBR partitions: 08:38:19.0933 4612 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800 08:38:19.0933 4612 ============================================================ 08:38:19.0935 4612 C: <-> \Device\Harddisk0\DR0\Partition2 08:38:19.0957 4612 D: <-> \Device\Harddisk1\DR1\Partition1 08:38:19.0981 4612 E: <-> \Device\Harddisk2\DR2\Partition1 08:38:19.0981 4612 ============================================================ 08:38:19.0981 4612 Initialize success 08:38:19.0981 4612 ============================================================ 08:38:31.0975 4664 ============================================================ 08:38:31.0975 4664 Scan started 08:38:31.0975 4664 Mode: Manual; SigCheck; TDLFS; 08:38:31.0975 4664 ============================================================ 08:38:32.0052 4664 ================ Scan system memory ======================== 08:38:32.0052 4664 System memory - ok 08:38:32.0052 4664 ================ Scan services ============================= 08:38:32.0083 4664 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 08:38:32.0132 4664 1394ohci - ok 08:38:32.0139 4664 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 08:38:32.0152 4664 ACPI - ok 08:38:32.0154 4664 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 08:38:32.0162 4664 AcpiPmi - ok 08:38:32.0180 4664 [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 08:38:32.0189 4664 AdobeFlashPlayerUpdateSvc - ok 08:38:32.0194 4664 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 08:38:32.0206 4664 adp94xx - ok 08:38:32.0211 4664 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 08:38:32.0220 4664 adpahci - ok 08:38:32.0224 4664 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 08:38:32.0232 4664 adpu320 - ok 08:38:32.0235 4664 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 08:38:32.0253 4664 AeLookupSvc - ok 08:38:32.0259 4664 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 08:38:32.0269 4664 AFD - ok 08:38:32.0271 4664 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 08:38:32.0277 4664 agp440 - ok 08:38:32.0279 4664 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 08:38:32.0286 4664 ALG - ok 08:38:32.0287 4664 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 08:38:32.0292 4664 aliide - ok 08:38:32.0294 4664 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 08:38:32.0299 4664 amdide - ok 08:38:32.0301 4664 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 08:38:32.0307 4664 AmdK8 - ok 08:38:32.0309 4664 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 08:38:32.0316 4664 AmdPPM - ok 08:38:32.0319 4664 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys 08:38:32.0324 4664 amdsata - ok 08:38:32.0327 4664 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 08:38:32.0333 4664 amdsbs - ok 08:38:32.0335 4664 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys 08:38:32.0339 4664 amdxata - ok 08:38:32.0342 4664 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 08:38:32.0359 4664 AppID - ok 08:38:32.0361 4664 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 08:38:32.0379 4664 AppIDSvc - ok 08:38:32.0381 4664 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll 08:38:32.0388 4664 Appinfo - ok 08:38:32.0393 4664 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 08:38:32.0398 4664 Apple Mobile Device - ok 08:38:32.0400 4664 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 08:38:32.0406 4664 arc - ok 08:38:32.0408 4664 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 08:38:32.0413 4664 arcsas - ok 08:38:32.0418 4664 [ 08E2D77766CC05E75A0707207D9FC684 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys 08:38:32.0429 4664 asmtxhci - ok 08:38:32.0439 4664 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 08:38:32.0446 4664 aspnet_state - ok 08:38:32.0448 4664 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 08:38:32.0466 4664 AsyncMac - ok 08:38:32.0468 4664 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 08:38:32.0472 4664 atapi - ok 08:38:32.0478 4664 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 08:38:32.0500 4664 AudioEndpointBuilder - ok 08:38:32.0505 4664 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 08:38:32.0524 4664 AudioSrv - ok 08:38:32.0527 4664 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 08:38:32.0536 4664 AxInstSV - ok 08:38:32.0540 4664 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 08:38:32.0549 4664 b06bdrv - ok 08:38:32.0554 4664 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 08:38:32.0562 4664 b57nd60a - ok 08:38:32.0565 4664 [ 638AC077E7EF7D27D03062E486E8BF01 ] bcbtums C:\Windows\system32\drivers\bcbtums.sys 08:38:32.0569 4664 bcbtums - ok 08:38:32.0597 4664 [ FBC76C8D561D0AD159EF9452D9F328F6 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys 08:38:32.0634 4664 BCM43XX - ok 08:38:32.0637 4664 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 08:38:32.0643 4664 BDESVC - ok 08:38:32.0645 4664 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 08:38:32.0662 4664 Beep - ok 08:38:32.0668 4664 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 08:38:32.0689 4664 BFE - ok 08:38:32.0696 4664 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 08:38:32.0719 4664 BITS - ok 08:38:32.0721 4664 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 08:38:32.0727 4664 blbdrive - ok 08:38:32.0732 4664 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 08:38:32.0740 4664 Bonjour Service - ok 08:38:32.0742 4664 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 08:38:32.0748 4664 bowser - ok 08:38:32.0750 4664 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 08:38:32.0758 4664 BrFiltLo - ok 08:38:32.0759 4664 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 08:38:32.0766 4664 BrFiltUp - ok 08:38:32.0770 4664 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 08:38:32.0776 4664 Browser - ok 08:38:32.0780 4664 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 08:38:32.0788 4664 Brserid - ok 08:38:32.0790 4664 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 08:38:32.0798 4664 BrSerWdm - ok 08:38:32.0800 4664 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 08:38:32.0807 4664 BrUsbMdm - ok 08:38:32.0809 4664 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 08:38:32.0815 4664 BrUsbSer - ok 08:38:32.0817 4664 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 08:38:32.0823 4664 BthEnum - ok 08:38:32.0825 4664 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 08:38:32.0832 4664 BTHMODEM - ok 08:38:32.0834 4664 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 08:38:32.0842 4664 BthPan - ok 08:38:32.0847 4664 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 08:38:32.0857 4664 BTHPORT - ok 08:38:32.0859 4664 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 08:38:32.0877 4664 bthserv - ok 08:38:32.0879 4664 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 08:38:32.0885 4664 BTHUSB - ok 08:38:32.0887 4664 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 08:38:32.0905 4664 cdfs - ok 08:38:32.0908 4664 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 08:38:32.0915 4664 cdrom - ok 08:38:32.0917 4664 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 08:38:32.0934 4664 CertPropSvc - ok 08:38:32.0936 4664 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 08:38:32.0944 4664 circlass - ok 08:38:32.0948 4664 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 08:38:32.0957 4664 CLFS - ok 08:38:32.0962 4664 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 08:38:32.0967 4664 clr_optimization_v2.0.50727_32 - ok 08:38:32.0972 4664 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 08:38:32.0979 4664 clr_optimization_v2.0.50727_64 - ok 08:38:32.0987 4664 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 08:38:32.0999 4664 clr_optimization_v4.0.30319_32 - ok 08:38:33.0002 4664 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 08:38:33.0009 4664 clr_optimization_v4.0.30319_64 - ok 08:38:33.0011 4664 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 08:38:33.0017 4664 CmBatt - ok 08:38:33.0019 4664 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 08:38:33.0024 4664 cmdide - ok 08:38:33.0029 4664 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 08:38:33.0041 4664 CNG - ok 08:38:33.0043 4664 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 08:38:33.0048 4664 Compbatt - ok 08:38:33.0049 4664 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 08:38:33.0057 4664 CompositeBus - ok 08:38:33.0058 4664 COMSysApp - ok 08:38:33.0062 4664 [ A0050420B91E097C178DFC3C0598F67B ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe 08:38:33.0069 4664 cphs - ok 08:38:33.0071 4664 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 08:38:33.0076 4664 crcdisk - ok 08:38:33.0080 4664 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 08:38:33.0086 4664 CryptSvc - ok 08:38:33.0089 4664 [ C20E2A7A29F06A69C40E949255257B01 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys 08:38:33.0094 4664 ctxusbm - ok 08:38:33.0100 4664 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 08:38:33.0121 4664 DcomLaunch - ok 08:38:33.0125 4664 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 08:38:33.0144 4664 defragsvc - ok 08:38:33.0147 4664 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 08:38:33.0164 4664 DfsC - ok 08:38:33.0169 4664 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 08:38:33.0188 4664 Dhcp - ok 08:38:33.0190 4664 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 08:38:33.0208 4664 discache - ok 08:38:33.0210 4664 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 08:38:33.0215 4664 Disk - ok 08:38:33.0218 4664 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 08:38:33.0225 4664 Dnscache - ok 08:38:33.0229 4664 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 08:38:33.0247 4664 dot3svc - ok 08:38:33.0250 4664 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 08:38:33.0268 4664 DPS - ok 08:38:33.0270 4664 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 08:38:33.0276 4664 drmkaud - ok 08:38:33.0284 4664 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 08:38:33.0295 4664 DXGKrnl - ok 08:38:33.0299 4664 [ EAFCB4551836FF44EE775CEDDFA7A77E ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys 08:38:33.0305 4664 e1cexpress - ok 08:38:33.0308 4664 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 08:38:33.0325 4664 EapHost - ok 08:38:33.0346 4664 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 08:38:33.0377 4664 ebdrv - ok 08:38:33.0379 4664 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 08:38:33.0386 4664 EFS - ok 08:38:33.0393 4664 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 08:38:33.0405 4664 ehRecvr - ok 08:38:33.0407 4664 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 08:38:33.0413 4664 ehSched - ok 08:38:33.0418 4664 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 08:38:33.0428 4664 elxstor - ok 08:38:33.0430 4664 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 08:38:33.0436 4664 ErrDev - ok 08:38:33.0442 4664 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 08:38:33.0462 4664 EventSystem - ok 08:38:33.0465 4664 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 08:38:33.0484 4664 exfat - ok 08:38:33.0487 4664 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 08:38:33.0506 4664 fastfat - ok 08:38:33.0512 4664 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 08:38:33.0522 4664 Fax - ok 08:38:33.0524 4664 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 08:38:33.0531 4664 fdc - ok 08:38:33.0533 4664 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 08:38:33.0550 4664 fdPHost - ok 08:38:33.0552 4664 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 08:38:33.0569 4664 FDResPub - ok 08:38:33.0571 4664 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 08:38:33.0576 4664 FileInfo - ok 08:38:33.0578 4664 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 08:38:33.0595 4664 Filetrace - ok 08:38:33.0597 4664 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 08:38:33.0602 4664 flpydisk - ok 08:38:33.0606 4664 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 08:38:33.0613 4664 FltMgr - ok 08:38:33.0621 4664 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll 08:38:33.0646 4664 FontCache - ok 08:38:33.0648 4664 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 08:38:33.0653 4664 FontCache3.0.0.0 - ok 08:38:33.0655 4664 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 08:38:33.0660 4664 FsDepends - ok 08:38:33.0661 4664 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 08:38:33.0666 4664 Fs_Rec - ok 08:38:33.0669 4664 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 08:38:33.0676 4664 fvevol - ok 08:38:33.0679 4664 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 08:38:33.0684 4664 gagp30kx - ok 08:38:33.0686 4664 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 08:38:33.0689 4664 GEARAspiWDM - ok 08:38:33.0696 4664 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 08:38:33.0718 4664 gpsvc - ok 08:38:33.0721 4664 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 08:38:33.0727 4664 gusvc - ok 08:38:33.0729 4664 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 08:38:33.0735 4664 hcw85cir - ok 08:38:33.0739 4664 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 08:38:33.0749 4664 HdAudAddService - ok 08:38:33.0751 4664 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 08:38:33.0758 4664 HDAudBus - ok 08:38:33.0760 4664 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 08:38:33.0766 4664 HidBatt - ok 08:38:33.0768 4664 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 08:38:33.0776 4664 HidBth - ok 08:38:33.0778 4664 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 08:38:33.0784 4664 HidIr - ok 08:38:33.0786 4664 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 08:38:33.0804 4664 hidserv - ok 08:38:33.0806 4664 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 08:38:33.0811 4664 HidUsb - ok 08:38:33.0813 4664 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 08:38:33.0831 4664 hkmsvc - ok 08:38:33.0834 4664 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 08:38:33.0842 4664 HomeGroupListener - ok 08:38:33.0845 4664 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 08:38:33.0852 4664 HomeGroupProvider - ok 08:38:33.0854 4664 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 08:38:33.0859 4664 HpSAMD - ok 08:38:33.0865 4664 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 08:38:33.0887 4664 HTTP - ok 08:38:33.0889 4664 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 08:38:33.0894 4664 hwpolicy - ok 08:38:33.0896 4664 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 08:38:33.0902 4664 i8042prt - ok 08:38:33.0907 4664 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 08:38:33.0916 4664 iaStorV - ok 08:38:33.0923 4664 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 08:38:33.0936 4664 idsvc - ok 08:38:34.0038 4664 [ 0638D16029B1C800908D965AC78970C7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 08:38:34.0181 4664 igfx - ok 08:38:34.0184 4664 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 08:38:34.0189 4664 iirsp - ok 08:38:34.0196 4664 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 08:38:34.0220 4664 IKEEXT - ok 08:38:34.0222 4664 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 08:38:34.0227 4664 intelide - ok 08:38:34.0229 4664 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 08:38:34.0234 4664 intelppm - ok 08:38:34.0236 4664 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 08:38:34.0254 4664 IPBusEnum - ok 08:38:34.0256 4664 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 08:38:34.0273 4664 IpFilterDriver - ok 08:38:34.0278 4664 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 08:38:34.0299 4664 iphlpsvc - ok 08:38:34.0302 4664 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 08:38:34.0308 4664 IPMIDRV - ok 08:38:34.0310 4664 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 08:38:34.0328 4664 IPNAT - ok 08:38:34.0334 4664 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 08:38:34.0343 4664 iPod Service - ok 08:38:34.0345 4664 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 08:38:34.0353 4664 IRENUM - ok 08:38:34.0355 4664 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 08:38:34.0359 4664 isapnp - ok 08:38:34.0363 4664 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 08:38:34.0370 4664 iScsiPrt - ok 08:38:34.0377 4664 [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys 08:38:34.0386 4664 iusb3xhc - ok 08:38:34.0388 4664 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 08:38:34.0392 4664 kbdclass - ok 08:38:34.0394 4664 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 08:38:34.0400 4664 kbdhid - ok 08:38:34.0402 4664 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 08:38:34.0408 4664 KeyIso - ok 08:38:34.0410 4664 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 08:38:34.0415 4664 KSecDD - ok 08:38:34.0418 4664 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 08:38:34.0423 4664 KSecPkg - ok 08:38:34.0425 4664 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 08:38:34.0442 4664 ksthunk - ok 08:38:34.0446 4664 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 08:38:34.0467 4664 KtmRm - ok 08:38:34.0470 4664 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 08:38:34.0489 4664 LanmanServer - ok 08:38:34.0491 4664 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 08:38:34.0510 4664 LanmanWorkstation - ok 08:38:34.0513 4664 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys 08:38:34.0516 4664 LGBusEnum - ok 08:38:34.0519 4664 [ F7205E939F50B1C8D16F895916BE6756 ] LGSHidFilt C:\Windows\system32\DRIVERS\LGSHidFilt.Sys 08:38:34.0523 4664 LGSHidFilt - ok 08:38:34.0525 4664 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys 08:38:34.0528 4664 LGVirHid - ok 08:38:34.0530 4664 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 08:38:34.0548 4664 lltdio - ok 08:38:34.0551 4664 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 08:38:34.0571 4664 lltdsvc - ok 08:38:34.0573 4664 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 08:38:34.0590 4664 lmhosts - ok 08:38:34.0593 4664 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 08:38:34.0599 4664 LSI_FC - ok 08:38:34.0601 4664 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 08:38:34.0607 4664 LSI_SAS - ok 08:38:34.0609 4664 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 08:38:34.0614 4664 LSI_SAS2 - ok 08:38:34.0616 4664 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 08:38:34.0622 4664 LSI_SCSI - ok 08:38:34.0624 4664 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 08:38:34.0642 4664 luafv - ok 08:38:34.0644 4664 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 08:38:34.0651 4664 Mcx2Svc - ok 08:38:34.0653 4664 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 08:38:34.0658 4664 megasas - ok 08:38:34.0661 4664 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 08:38:34.0669 4664 MegaSR - ok 08:38:34.0671 4664 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 08:38:34.0674 4664 MEIx64 - ok 08:38:34.0677 4664 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 08:38:34.0695 4664 MMCSS - ok 08:38:34.0697 4664 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 08:38:34.0714 4664 Modem - ok 08:38:34.0716 4664 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 08:38:34.0723 4664 monitor - ok 08:38:34.0725 4664 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 08:38:34.0730 4664 mouclass - ok 08:38:34.0731 4664 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 08:38:34.0738 4664 mouhid - ok 08:38:34.0740 4664 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 08:38:34.0745 4664 mountmgr - ok 08:38:34.0747 4664 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 08:38:34.0753 4664 mpio - ok 08:38:34.0755 4664 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 08:38:34.0773 4664 mpsdrv - ok 08:38:34.0779 4664 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 08:38:34.0802 4664 MpsSvc - ok 08:38:34.0805 4664 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 08:38:34.0815 4664 MRxDAV - ok 08:38:34.0818 4664 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 08:38:34.0824 4664 mrxsmb - ok 08:38:34.0828 4664 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 08:38:34.0835 4664 mrxsmb10 - ok 08:38:34.0838 4664 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 08:38:34.0844 4664 mrxsmb20 - ok 08:38:34.0846 4664 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 08:38:34.0850 4664 msahci - ok 08:38:34.0853 4664 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 08:38:34.0858 4664 msdsm - ok 08:38:34.0861 4664 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 08:38:34.0869 4664 MSDTC - ok 08:38:34.0872 4664 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 08:38:34.0889 4664 Msfs - ok 08:38:34.0890 4664 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 08:38:34.0907 4664 mshidkmdf - ok 08:38:34.0909 4664 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 08:38:34.0914 4664 msisadrv - ok 08:38:34.0916 4664 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 08:38:34.0935 4664 MSiSCSI - ok 08:38:34.0937 4664 msiserver - ok 08:38:34.0939 4664 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 08:38:34.0956 4664 MSKSSRV - ok 08:38:34.0958 4664 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 08:38:34.0975 4664 MSPCLOCK - ok 08:38:34.0977 4664 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 08:38:34.0994 4664 MSPQM - ok 08:38:34.0998 4664 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 08:38:35.0006 4664 MsRPC - ok 08:38:35.0009 4664 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 08:38:35.0014 4664 mssmbios - ok 08:38:35.0015 4664 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 08:38:35.0032 4664 MSTEE - ok 08:38:35.0034 4664 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 08:38:35.0040 4664 MTConfig - ok 08:38:35.0042 4664 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 08:38:35.0046 4664 Mup - ok 08:38:35.0048 4664 [ A56731462518CCE74EB0DB38C2A04986 ] mv91cons C:\Windows\system32\DRIVERS\mv91cons.sys 08:38:35.0052 4664 mv91cons - ok 08:38:35.0056 4664 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 08:38:35.0077 4664 napagent - ok 08:38:35.0081 4664 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 08:38:35.0091 4664 NativeWifiP - ok 08:38:35.0099 4664 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys 08:38:35.0113 4664 NDIS - ok 08:38:35.0115 4664 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 08:38:35.0132 4664 NdisCap - ok 08:38:35.0134 4664 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 08:38:35.0151 4664 NdisTapi - ok 08:38:35.0153 4664 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 08:38:35.0170 4664 Ndisuio - ok 08:38:35.0173 4664 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 08:38:35.0191 4664 NdisWan - ok 08:38:35.0193 4664 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 08:38:35.0210 4664 NDProxy - ok 08:38:35.0212 4664 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys 08:38:35.0217 4664 Netaapl - ok 08:38:35.0219 4664 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 08:38:35.0236 4664 NetBIOS - ok 08:38:35.0240 4664 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 08:38:35.0258 4664 NetBT - ok 08:38:35.0260 4664 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 08:38:35.0265 4664 Netlogon - ok 08:38:35.0269 4664 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 08:38:35.0289 4664 Netman - ok 08:38:35.0292 4664 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:38:35.0301 4664 NetMsmqActivator - ok 08:38:35.0303 4664 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:38:35.0307 4664 NetPipeActivator - ok 08:38:35.0311 4664 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 08:38:35.0332 4664 netprofm - ok 08:38:35.0334 4664 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:38:35.0339 4664 NetTcpActivator - ok 08:38:35.0341 4664 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:38:35.0345 4664 NetTcpPortSharing - ok 08:38:35.0347 4664 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 08:38:35.0352 4664 nfrd960 - ok 08:38:35.0356 4664 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 08:38:35.0375 4664 NlaSvc - ok 08:38:35.0378 4664 [ C31FA031335EFF434B2D94278E74BCCE ] NPF C:\Windows\system32\DRIVERS\npf.sys 08:38:35.0382 4664 NPF - ok 08:38:35.0384 4664 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 08:38:35.0401 4664 Npfs - ok 08:38:35.0403 4664 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 08:38:35.0421 4664 nsi - ok 08:38:35.0422 4664 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 08:38:35.0440 4664 nsiproxy - ok 08:38:35.0452 4664 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 08:38:35.0472 4664 Ntfs - ok 08:38:35.0474 4664 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 08:38:35.0490 4664 Null - ok 08:38:35.0493 4664 [ B4F53BCA4C688FF47F04FA90098F896E ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 08:38:35.0499 4664 NVHDA - ok 08:38:35.0565 4664 [ 4EE399576F76D38C04745DB739BBC8C7 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 08:38:35.0648 4664 nvlddmkm - ok 08:38:35.0652 4664 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys 08:38:35.0658 4664 nvraid - ok 08:38:35.0661 4664 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys 08:38:35.0667 4664 nvstor - ok 08:38:35.0673 4664 [ 7335C3D78A7746D76D37F6722CC4A466 ] nvsvc C:\Windows\system32\nvvsvc.exe 08:38:35.0686 4664 nvsvc - ok 08:38:35.0697 4664 [ B7C53DA1C73FF39F4A6248643EFD979A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 08:38:35.0714 4664 nvUpdatusService - ok 08:38:35.0717 4664 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 08:38:35.0722 4664 nv_agp - ok 08:38:35.0724 4664 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 08:38:35.0730 4664 ohci1394 - ok 08:38:35.0734 4664 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 08:38:35.0742 4664 p2pimsvc - ok 08:38:35.0747 4664 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 08:38:35.0756 4664 p2psvc - ok 08:38:35.0758 4664 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 08:38:35.0764 4664 Parport - ok 08:38:35.0767 4664 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 08:38:35.0771 4664 partmgr - ok 08:38:35.0774 4664 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 08:38:35.0784 4664 PcaSvc - ok 08:38:35.0787 4664 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 08:38:35.0793 4664 pci - ok 08:38:35.0795 4664 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 08:38:35.0799 4664 pciide - ok 08:38:35.0803 4664 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 08:38:35.0809 4664 pcmcia - ok 08:38:35.0811 4664 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 08:38:35.0816 4664 pcw - ok 08:38:35.0820 4664 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 08:38:35.0842 4664 PEAUTH - ok 08:38:35.0845 4664 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 08:38:35.0851 4664 PerfHost - ok 08:38:35.0863 4664 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 08:38:35.0890 4664 pla - ok 08:38:35.0895 4664 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 08:38:35.0904 4664 PlugPlay - ok 08:38:35.0906 4664 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 08:38:35.0912 4664 PNRPAutoReg - ok 08:38:35.0915 4664 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 08:38:35.0922 4664 PNRPsvc - ok 08:38:35.0927 4664 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 08:38:35.0947 4664 PolicyAgent - ok 08:38:35.0950 4664 postgresql-8.4 - ok 08:38:35.0953 4664 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 08:38:35.0971 4664 Power - ok 08:38:35.0974 4664 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 08:38:35.0991 4664 PptpMiniport - ok 08:38:35.0993 4664 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 08:38:36.0000 4664 Processor - ok 08:38:36.0003 4664 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll 08:38:36.0021 4664 ProfSvc - ok 08:38:36.0023 4664 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 08:38:36.0028 4664 ProtectedStorage - ok 08:38:36.0031 4664 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 08:38:36.0048 4664 Psched - ok 08:38:36.0058 4664 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 08:38:36.0077 4664 ql2300 - ok 08:38:36.0080 4664 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 08:38:36.0085 4664 ql40xx - ok 08:38:36.0088 4664 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 08:38:36.0098 4664 QWAVE - ok 08:38:36.0100 4664 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 08:38:36.0108 4664 QWAVEdrv - ok 08:38:36.0110 4664 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 08:38:36.0127 4664 RasAcd - ok 08:38:36.0129 4664 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 08:38:36.0146 4664 RasAgileVpn - ok 08:38:36.0148 4664 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 08:38:36.0166 4664 RasAuto - ok 08:38:36.0169 4664 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 08:38:36.0186 4664 Rasl2tp - ok 08:38:36.0190 4664 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 08:38:36.0210 4664 RasMan - ok 08:38:36.0212 4664 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 08:38:36.0229 4664 RasPppoe - ok 08:38:36.0231 4664 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 08:38:36.0248 4664 RasSstp - ok 08:38:36.0252 4664 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 08:38:36.0271 4664 rdbss - ok 08:38:36.0272 4664 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 08:38:36.0279 4664 rdpbus - ok 08:38:36.0281 4664 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 08:38:36.0298 4664 RDPCDD - ok 08:38:36.0300 4664 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 08:38:36.0317 4664 RDPENCDD - ok 08:38:36.0319 4664 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 08:38:36.0336 4664 RDPREFMP - ok 08:38:36.0339 4664 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 08:38:36.0345 4664 RDPWD - ok 08:38:36.0348 4664 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 08:38:36.0354 4664 rdyboost - ok 08:38:36.0357 4664 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 08:38:36.0375 4664 RemoteAccess - ok 08:38:36.0378 4664 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 08:38:36.0397 4664 RemoteRegistry - ok 08:38:36.0400 4664 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 08:38:36.0409 4664 RFCOMM - ok 08:38:36.0411 4664 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 08:38:36.0429 4664 RpcEptMapper - ok 08:38:36.0431 4664 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 08:38:36.0437 4664 RpcLocator - ok 08:38:36.0442 4664 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 08:38:36.0461 4664 RpcSs - ok 08:38:36.0463 4664 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 08:38:36.0480 4664 rspndr - ok 08:38:36.0486 4664 [ 7F4F11527AF5A7E4526CB6A146B3E40C ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 08:38:36.0495 4664 RTL8167 - ok 08:38:36.0497 4664 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 08:38:36.0502 4664 SamSs - ok 08:38:36.0504 4664 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 08:38:36.0510 4664 sbp2port - ok 08:38:36.0513 4664 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 08:38:36.0532 4664 SCardSvr - ok 08:38:36.0534 4664 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 08:38:36.0551 4664 scfilter - ok 08:38:36.0559 4664 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 08:38:36.0584 4664 Schedule - ok 08:38:36.0588 4664 [ 6011CDF54BB6F4C69F38FACCDAD73D7E ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys 08:38:36.0591 4664 SCMNdisP - ok 08:38:36.0594 4664 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 08:38:36.0610 4664 SCPolicySvc - ok 08:38:36.0613 4664 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 08:38:36.0620 4664 SDRSVC - ok 08:38:36.0622 4664 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 08:38:36.0639 4664 secdrv - ok 08:38:36.0641 4664 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 08:38:36.0657 4664 seclogon - ok 08:38:36.0660 4664 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 08:38:36.0677 4664 SENS - ok 08:38:36.0679 4664 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 08:38:36.0685 4664 SensrSvc - ok 08:38:36.0687 4664 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 08:38:36.0693 4664 Serenum - ok 08:38:36.0695 4664 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 08:38:36.0702 4664 Serial - ok 08:38:36.0704 4664 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 08:38:36.0710 4664 sermouse - ok 08:38:36.0714 4664 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 08:38:36.0732 4664 SessionEnv - ok 08:38:36.0734 4664 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 08:38:36.0741 4664 sffdisk - ok 08:38:36.0743 4664 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 08:38:36.0750 4664 sffp_mmc - ok 08:38:36.0751 4664 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 08:38:36.0759 4664 sffp_sd - ok 08:38:36.0760 4664 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 08:38:36.0766 4664 sfloppy - ok 08:38:36.0770 4664 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 08:38:36.0790 4664 SharedAccess - ok 08:38:36.0794 4664 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 08:38:36.0813 4664 ShellHWDetection - ok 08:38:36.0815 4664 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 08:38:36.0820 4664 SiSRaid2 - ok 08:38:36.0822 4664 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 08:38:36.0827 4664 SiSRaid4 - ok 08:38:36.0829 4664 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 08:38:36.0847 4664 Smb - ok 08:38:36.0851 4664 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 08:38:36.0857 4664 SNMPTRAP - ok 08:38:36.0859 4664 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 08:38:36.0863 4664 spldr - ok 08:38:36.0868 4664 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe 08:38:36.0888 4664 Spooler - ok 08:38:36.0910 4664 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 08:38:36.0954 4664 sppsvc - ok 08:38:36.0956 4664 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 08:38:36.0974 4664 sppuinotify - ok 08:38:36.0979 4664 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 08:38:36.0987 4664 srv - ok 08:38:36.0992 4664 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 08:38:36.0999 4664 srv2 - ok 08:38:37.0002 4664 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 08:38:37.0008 4664 srvnet - ok 08:38:37.0011 4664 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 08:38:37.0030 4664 SSDPSRV - ok 08:38:37.0032 4664 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 08:38:37.0050 4664 SstpSvc - ok 08:38:37.0054 4664 [ 81F177C1954453AF407604160BD149CB ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 08:38:37.0061 4664 Stereo Service - ok 08:38:37.0063 4664 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 08:38:37.0068 4664 stexstor - ok 08:38:37.0073 4664 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 08:38:37.0085 4664 stisvc - ok 08:38:37.0087 4664 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 08:38:37.0091 4664 swenum - ok 08:38:37.0098 4664 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 08:38:37.0106 4664 SwitchBoard ( UnsignedFile****lti.Generic ) - warning 08:38:37.0106 4664 SwitchBoard - detected UnsignedFile****lti.Generic (1) 08:38:37.0111 4664 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 08:38:37.0133 4664 swprv - ok 08:38:37.0144 4664 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 08:38:37.0167 4664 SysMain - ok 08:38:37.0169 4664 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 08:38:37.0179 4664 TabletInputService - ok 08:38:37.0182 4664 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 08:38:37.0202 4664 TapiSrv - ok 08:38:37.0204 4664 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 08:38:37.0222 4664 TBS - ok 08:38:37.0235 4664 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 08:38:37.0258 4664 Tcpip - ok 08:38:37.0271 4664 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 08:38:37.0289 4664 TCPIP6 - ok 08:38:37.0292 4664 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 08:38:37.0309 4664 tcpipreg - ok 08:38:37.0311 4664 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 08:38:37.0317 4664 TDPIPE - ok 08:38:37.0318 4664 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 08:38:37.0324 4664 TDTCP - ok 08:38:37.0326 4664 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 08:38:37.0343 4664 tdx - ok 08:38:37.0345 4664 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 08:38:37.0350 4664 TermDD - ok 08:38:37.0356 4664 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 08:38:37.0378 4664 TermService - ok 08:38:37.0380 4664 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 08:38:37.0389 4664 Themes - ok 08:38:37.0391 4664 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 08:38:37.0407 4664 THREADORDER - ok 08:38:37.0410 4664 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 08:38:37.0428 4664 TrkWks - ok 08:38:37.0431 4664 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 08:38:37.0448 4664 TrustedInstaller - ok 08:38:37.0451 4664 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 08:38:37.0467 4664 tssecsrv - ok 08:38:37.0469 4664 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 08:38:37.0474 4664 TsUsbFlt - ok 08:38:37.0476 4664 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 08:38:37.0481 4664 TsUsbGD - ok 08:38:37.0483 4664 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 08:38:37.0500 4664 tunnel - ok 08:38:37.0502 4664 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 08:38:37.0507 4664 uagp35 - ok 08:38:37.0511 4664 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 08:38:37.0529 4664 udfs - ok 08:38:37.0533 4664 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 08:38:37.0539 4664 UI0Detect - ok 08:38:37.0541 4664 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 08:38:37.0546 4664 uliagpkx - ok 08:38:37.0548 4664 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 08:38:37.0553 4664 umbus - ok 08:38:37.0555 4664 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 08:38:37.0561 4664 UmPass - ok 08:38:37.0565 4664 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 08:38:37.0585 4664 upnphost - ok 08:38:37.0587 4664 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 08:38:37.0593 4664 USBAAPL64 - ok 08:38:37.0595 4664 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 08:38:37.0603 4664 usbaudio - ok 08:38:37.0606 4664 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 08:38:37.0612 4664 usbccgp - ok 08:38:37.0614 4664 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 08:38:37.0621 4664 usbcir - ok 08:38:37.0623 4664 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 08:38:37.0630 4664 usbehci - ok 08:38:37.0633 4664 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 08:38:37.0642 4664 usbhub - ok 08:38:37.0644 4664 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys 08:38:37.0649 4664 usbohci - ok 08:38:37.0651 4664 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys 08:38:37.0659 4664 usbprint - ok 08:38:37.0661 4664 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 08:38:37.0668 4664 USBSTOR - ok 08:38:37.0669 4664 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 08:38:37.0676 4664 usbuhci - ok 08:38:37.0679 4664 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 08:38:37.0687 4664 usbvideo - ok 08:38:37.0689 4664 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 08:38:37.0706 4664 UxSms - ok 08:38:37.0708 4664 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 08:38:37.0713 4664 VaultSvc - ok 08:38:37.0714 4664 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 08:38:37.0719 4664 vdrvroot - ok 08:38:37.0723 4664 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 08:38:37.0744 4664 vds - ok 08:38:37.0746 4664 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 08:38:37.0753 4664 vga - ok 08:38:37.0754 4664 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 08:38:37.0771 4664 VgaSave - ok 08:38:37.0774 4664 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 08:38:37.0781 4664 vhdmp - ok 08:38:37.0782 4664 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 08:38:37.0787 4664 viaide - ok 08:38:37.0789 4664 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 08:38:37.0794 4664 volmgr - ok 08:38:37.0798 4664 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 08:38:37.0806 4664 volmgrx - ok 08:38:37.0809 4664 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys 08:38:37.0817 4664 volsnap - ok 08:38:37.0820 4664 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 08:38:37.0826 4664 vsmraid - ok 08:38:37.0836 4664 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 08:38:37.0865 4664 VSS - ok 08:38:37.0867 4664 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 08:38:37.0874 4664 vwifibus - ok 08:38:37.0876 4664 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 08:38:37.0884 4664 vwififlt - ok 08:38:37.0888 4664 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 08:38:37.0907 4664 W32Time - ok 08:38:37.0910 4664 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 08:38:37.0916 4664 WacomPen - ok 08:38:37.0918 4664 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 08:38:37.0935 4664 WANARP - ok 08:38:37.0936 4664 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 08:38:37.0952 4664 Wanarpv6 - ok 08:38:37.0962 4664 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 08:38:37.0979 4664 WatAdminSvc - ok 08:38:37.0990 4664 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 08:38:38.0008 4664 wbengine - ok 08:38:38.0011 4664 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 08:38:38.0021 4664 WbioSrvc - ok 08:38:38.0025 4664 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 08:38:38.0037 4664 wcncsvc - ok 08:38:38.0039 4664 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 08:38:38.0045 4664 WcsPlugInService - ok 08:38:38.0047 4664 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 08:38:38.0051 4664 Wd - ok 08:38:38.0057 4664 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 08:38:38.0068 4664 Wdf01000 - ok 08:38:38.0070 4664 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 08:38:38.0080 4664 WdiServiceHost - ok 08:38:38.0081 4664 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 08:38:38.0090 4664 WdiSystemHost - ok 08:38:38.0093 4664 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 08:38:38.0104 4664 WebClient - ok 08:38:38.0107 4664 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 08:38:38.0126 4664 Wecsvc - ok 08:38:38.0129 4664 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 08:38:38.0147 4664 wercplsupport - ok 08:38:38.0149 4664 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 08:38:38.0167 4664 WerSvc - ok 08:38:38.0169 4664 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 08:38:38.0186 4664 WfpLwf - ok 08:38:38.0187 4664 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 08:38:38.0193 4664 WIMMount - ok 08:38:38.0194 4664 WinDefend - ok 08:38:38.0197 4664 WinHttpAutoProxySvc - ok 08:38:38.0204 4664 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 08:38:38.0223 4664 Winmgmt - ok 08:38:38.0236 4664 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 08:38:38.0269 4664 WinRM - ok 08:38:38.0273 4664 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 08:38:38.0280 4664 WinUsb - ok 08:38:38.0287 4664 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 08:38:38.0303 4664 Wlansvc - ok 08:38:38.0305 4664 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 08:38:38.0310 4664 WmiAcpi - ok 08:38:38.0314 4664 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 08:38:38.0322 4664 wmiApSrv - ok 08:38:38.0324 4664 WMPNetworkSvc - ok 08:38:38.0326 4664 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 08:38:38.0331 4664 WPCSvc - ok 08:38:38.0333 4664 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 08:38:38.0340 4664 WPDBusEnum - ok 08:38:38.0342 4664 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 08:38:38.0358 4664 ws2ifsl - ok 08:38:38.0361 4664 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 08:38:38.0370 4664 wscsvc - ok 08:38:38.0371 4664 WSearch - ok 08:38:38.0378 4664 [ D0697918519A4CF059C2C7E3B9E93A53 ] WSWNA3100 C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe 08:38:38.0383 4664 WSWNA3100 - ok 08:38:38.0398 4664 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 08:38:38.0426 4664 wuauserv - ok 08:38:38.0429 4664 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 08:38:38.0446 4664 WudfPf - ok 08:38:38.0449 4664 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 08:38:38.0467 4664 WUDFRd - ok 08:38:38.0469 4664 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 08:38:38.0486 4664 wudfsvc - ok 08:38:38.0490 4664 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 08:38:38.0500 4664 WwanSvc - ok 08:38:38.0505 4664 ================ Scan global =============================== 08:38:38.0507 4664 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 08:38:38.0510 4664 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 08:38:38.0515 4664 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 08:38:38.0517 4664 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 08:38:38.0521 4664 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 08:38:38.0524 4664 [Global] - ok 08:38:38.0524 4664 ================ Scan MBR ================================== 08:38:38.0525 4664 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 08:38:38.0594 4664 \Device\Harddisk0\DR0 - ok 08:38:38.0595 4664 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1 08:38:38.0642 4664 \Device\Harddisk1\DR1 - ok 08:38:38.0645 4664 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk2\DR2 08:38:39.0156 4664 \Device\Harddisk2\DR2 - ok 08:38:39.0157 4664 ================ Scan VBR ================================== 08:38:39.0159 4664 [ B5F0B0355D079AD976159A9EAA3E941D ] \Device\Harddisk0\DR0\Partition1 08:38:39.0161 4664 \Device\Harddisk0\DR0\Partition1 - ok 08:38:39.0163 4664 [ 02B3486EDADE5D78A3AFD10B11515130 ] \Device\Harddisk0\DR0\Partition2 08:38:39.0165 4664 \Device\Harddisk0\DR0\Partition2 - ok 08:38:39.0167 4664 [ BEFB19F7C40ECFACE7E04E395731700D ] \Device\Harddisk1\DR1\Partition1 08:38:39.0168 4664 \Device\Harddisk1\DR1\Partition1 - ok 08:38:39.0170 4664 [ D803C52431F481BEF0BF0E8BA6F5C23C ] \Device\Harddisk2\DR2\Partition1 08:38:39.0171 4664 \Device\Harddisk2\DR2\Partition1 - ok 08:38:39.0171 4664 ============================================================ 08:38:39.0171 4664 Scan finished 08:38:39.0171 4664 ============================================================ 08:38:39.0177 4540 Detected object count: 1 08:38:39.0177 4540 Actual detected object count: 1 08:38:52.0415 4540 SwitchBoard ( UnsignedFile****lti.Generic ) - skipped by user 08:38:52.0415 4540 SwitchBoard ( UnsignedFile****lti.Generic ) - User select action: Skip
Cheers
05-27-2013
, 02:59 AM
Totally fine
As far as I can see, your computer is CLEAN.
Time to uninstall used tools.
Click here for some final recommendations that may help you to stay clean.
As far as I can see, your computer is CLEAN.
Time to uninstall used tools.
- Double click OTL.exe to run it again and click the CleanUp button.
- If we used any other tools and they still remain on your desktop, please delete them manually.
Click here for some final recommendations that may help you to stay clean.
05-28-2013
, 02:15 AM
05-28-2013
, 02:28 AM
Also congratulations on getting married 