Lapys
-
Posts
12 -
Joined
-
Last visited
-
MalwareBytes Won't Run in Safe Mode (DDS Report Included)
Lapys replied to Lapys's topic in Resolved Malware Removal Logs
Okay! Here is the log: ComboFix 12-08-28.03 - Kristen 08/28/2012 14:44:58.3.2 - x64 MINIMAL Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3886.3099 [GMT -4:00] Running from: c:\users\Kristen\Desktop\sega.com.exe AV: Microsoft Security Essentials *Enabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Enabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-28 ))))))))))))))))))))))))))))))) . . 2012-08-28 19:16 . 2012-08-28 19:16 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DE361D27-BF17-48FB-9787-64F6AB56D406}\offreg.dll 2012-08-28 19:13 . 2012-08-28 19:13 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-23 14:11 . 2012-08-23 14:11 -------- d-----w- C:\found.001 2012-08-17 21:50 . 2012-08-17 21:50 -------- d-----w- C:\found.000 2012-08-16 18:31 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DE361D27-BF17-48FB-9787-64F6AB56D406}\mpengine.dll 2012-08-14 17:19 . 2012-08-23 13:37 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-11 17:19 . 2012-08-11 17:19 36168 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-08-10 19:12 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-08-08 05:59 . 2012-08-08 05:59 22800 ----a-w- c:\windows\system32\drivers\Smb_driver.sys 2012-08-08 05:57 . 2012-08-08 05:57 317440 ----a-w- c:\windows\system32\drivers\IntcDAud.sys 2012-08-08 05:57 . 2012-08-08 05:57 14848 ----a-w- c:\windows\system32\IntcDAuC.dll 2012-08-08 05:55 . 2012-08-08 05:55 18832 ----a-w- c:\windows\system32\drivers\pmkbdfltr.sys 2012-08-08 04:57 . 2012-08-08 04:57 -------- d-----w- c:\users\Kristen\AppData\Roaming\Uniblue 2012-08-08 04:57 . 2012-08-08 04:57 -------- d-----w- c:\program files (x86)\Uniblue . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-15 03:38 . 2011-02-14 05:49 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-07-03 17:46 . 2011-02-14 02:33 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-12 03:08 . 2012-07-19 00:26 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-06-09 05:43 . 2012-07-18 16:22 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 06:06 . 2012-07-18 16:22 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-18 16:22 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-18 16:22 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-18 16:22 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-18 16:22 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-18 16:22 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-06-02 22:19 . 2012-06-22 01:00 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-22 01:00 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-22 01:00 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-22 01:00 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-22 01:00 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-22 01:00 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-22 01:00 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19 . 2012-06-22 00:59 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:15 . 2012-06-22 00:59 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 12:49 . 2012-07-18 17:14 17807360 ----a-w- c:\windows\system32\mshtml.dll 2012-06-02 12:17 . 2012-07-18 17:14 10924032 ----a-w- c:\windows\system32\ieframe.dll 2012-06-02 12:12 . 2012-07-18 17:14 2311680 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 12:05 . 2012-07-18 17:14 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-06-02 12:05 . 2012-07-18 17:14 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 12:04 . 2012-07-18 17:14 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 12:04 . 2012-07-18 17:14 237056 ----a-w- c:\windows\system32\url.dll 2012-06-02 12:03 . 2012-07-18 17:14 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-06-02 12:01 . 2012-07-18 17:14 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 12:00 . 2012-07-18 17:14 818688 ----a-w- c:\windows\system32\jscript.dll 2012-06-02 11:59 . 2012-07-18 17:14 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-06-02 11:57 . 2012-07-18 17:14 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-06-02 11:57 . 2012-07-18 17:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-02 11:54 . 2012-07-18 17:14 248320 ----a-w- c:\windows\system32\ieui.dll 2012-06-02 08:33 . 2012-07-18 17:14 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-06-02 08:25 . 2012-07-18 17:14 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-06-02 08:25 . 2012-07-18 17:14 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-06-02 08:20 . 2012-07-18 17:14 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-06-02 08:16 . 2012-07-18 17:14 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-06-02 05:50 . 2012-07-18 16:22 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-18 16:22 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:48 . 2012-07-18 16:22 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:45 . 2012-07-18 16:22 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-18 16:22 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-18 16:22 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-18 16:22 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-18 16:22 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-18 16:22 96768 ----a-w- c:\windows\SysWow64\sspicli.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BE861541-7376-4545-967B-20DA8431C8CE}] c:\programdata\TheBflix\bhoclass.dll [bU] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-08-09 1176064] "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2010-02-05 2408448] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNTQyNTU0NjQ3LVhPMTArMTItTElDKzItU1AxKzEtU1VQKzMtRkwxMCsxLVNQMVMyKzEtU1AxUzMrMS1ERFQrNTY1MTItREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFUKzEtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCTisx∏=90&ver=10.0.1416" [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 136176] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-02 51600] R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-12-05 87888] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 136176] R3 MGHwCtrl;MGHwCtrl;c:\program files\msi\msi Software Install\MGHwCtrl.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-17 1255736] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336] S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-05-10 158976] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-08-08 317440] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] . . Contents of the 'Scheduled Tasks' folder . 2012-08-28 c:\windows\Tasks\GIMP Update Checker.job - c:\program files (x86)\GIMP\GIMPUpdateChecker.exe [2011-06-02 21:38] . 2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 02:57] . 2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 02:57] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-08 11465832] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2012-08-08 1833576] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1847439074-2509161730-2765944069-1000\Software\SecuROM\License information*] "datasecu"=hex:ae,b5,c5,71,f3,95,f8,58,5c,ac,31,ab,1f,85,e0,4b,9b,35,71,de,b2, 35,24,96,0a,f9,ab,ff,72,28,c8,e3,83,07,c9,cf,ab,e4,fb,aa,63,82,36,4d,a5,ad,\ "rkeysecu"=hex:8f,ab,8b,41,54,e8,74,ea,67,c4,e2,d8,37,c0,e7,1f . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac . ************************************************************************** . Completion time: 2012-08-28 16:45:27 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-28 20:45 ComboFix2.txt 2012-08-18 02:09 . Pre-Run: 45,952,413,696 bytes free Post-Run: 45,877,018,624 bytes free . - - End Of File - - A5C43241BAFF88755658FCDD901AA0B7 -
MalwareBytes Won't Run in Safe Mode (DDS Report Included)
Lapys replied to Lapys's topic in Resolved Malware Removal Logs
Security Check: Results of screen317's Security Check version 0.99.46 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Microsoft Security Essentials WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.60.1.1000 Java 6 Update 29 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Google Chrome 21.0.1180.77 Google Chrome 21.0.1180.79 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` -
MalwareBytes Won't Run in Safe Mode (DDS Report Included)
Lapys replied to Lapys's topic in Resolved Malware Removal Logs
ADW: # AdwCleaner v1.801 - Logfile created 08/23/2012 at 10:21:06 # Updated 14/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Kristen - KRISTEN-MSI # Boot Mode : Safe mode with networking # Running from : C:\Users\Kristen\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\Kristen\AppData\Local\Babylon Folder Found : C:\Users\Kristen\AppData\Local\Conduit Folder Found : C:\Users\Kristen\AppData\LocalLow\Conduit Folder Found : C:\Users\Kristen\AppData\LocalLow\facemoods.com Folder Found : C:\Users\Kristen\AppData\Roaming\Babylon Folder Found : C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\8xvl8tuw.default\Conduit Folder Found : C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\8xvl8tuw.default\ConduitEngine Folder Found : C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\8xvl8tuw.default\CT2956077 Folder Found : C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\8xvl8tuw.default\FCTB Folder Found : C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\8xvl8tuw.default\extensions\{30aa252e-b1df-4aa2-9c5e-194c67a7c623} Folder Found : C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\8xvl8tuw.default\extensions\engine@conduit.com Folder Found : C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\8xvl8tuw.default\extensions\staged Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\InstallMate Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility Folder Found : C:\ProgramData\Premium File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml File Found : C:\user.js ***** [Registry] ***** [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2418376 Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\Babylon Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\dnUpdate Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Found : HKLM\SOFTWARE\Freeze.com Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility [x64] Key Found : HKCU\Software\Conduit [x64] Key Found : HKCU\Software\Softonic [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL [x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine [x64] Key Found : HKLM\SOFTWARE\Classes\dnUpdate [x64] Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser [x64] Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 [x64] Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController [x64] Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 [x64] Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} [x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} [x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} [x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} [x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=111385&babsrc=HP_ss&mntrId=c6dc987d000000000000485d60618af9 -\\ Mozilla Firefox v [unable to get version] Profile name : default File : C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\8xvl8tuw.default\prefs.js Found : user_pref("CT2418376..clientLogIsEnabled", true); Found : user_pref("CT2418376..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2418376..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2418376.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2418376.CTID", "CT2418376"); Found : user_pref("CT2418376.CurrentServerDate", "29-3-2011"); Found : user_pref("CT2418376.DialogsAlignMode", "LTR"); Found : user_pref("CT2418376.DialogsGetterLastCheckTime", "Tue Mar 29 2011 02:48:20 GMT-0400 (Eastern Daylig[...] Found : user_pref("CT2418376.DownloadReferralCookieData", ""); Found : user_pref("CT2418376.ExternalComponentPollDate5694225620172914022", "Sun Mar 27 2011 14:21:36 GMT-04[...] Found : user_pref("CT2418376.FirstServerDate", "7-3-2011"); Found : user_pref("CT2418376.FirstTime", true); Found : user_pref("CT2418376.FirstTimeFF3", true); Found : user_pref("CT2418376.FirstTimeSettingsDone", true); Found : user_pref("CT2418376.FixPageNotFoundErrors", true); Found : user_pref("CT2418376.GroupingServerCheckInterval", 1440); Found : user_pref("CT2418376.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2418376.Initialize", true); Found : user_pref("CT2418376.InitializeCommonPrefs", true); Found : user_pref("CT2418376.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT2418376.InstallationType", "UnknownIntegration"); Found : user_pref("CT2418376.InstalledDate", "Sun Mar 06 2011 18:00:39 GMT-0500 (Eastern Standard Time)"); Found : user_pref("CT2418376.IsGrouping", false); Found : user_pref("CT2418376.IsMulticommunity", false); Found : user_pref("CT2418376.IsOpenThankYouPage", false); Found : user_pref("CT2418376.IsOpenUninstallPage", true); Found : user_pref("CT2418376.LanguagePackLastCheckTime", "Tue Mar 29 2011 02:48:19 GMT-0400 (Eastern Dayligh[...] Found : user_pref("CT2418376.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2418376.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2418376.LastLogin_2.7.2.0", "Tue Mar 29 2011 00:48:55 GMT-0400 (Eastern Daylight Time)"[...] Found : user_pref("CT2418376.LastLogin_3.3.3.2", "Tue Mar 29 2011 02:48:17 GMT-0400 (Eastern Daylight Time)"[...] Found : user_pref("CT2418376.LatestVersion", "2.7.2.0"); Found : user_pref("CT2418376.Locale", "en"); Found : user_pref("CT2418376.LoginCache", 4); Found : user_pref("CT2418376.MCDetectTooltipHeight", "83"); Found : user_pref("CT2418376.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2418376.MCDetectTooltipWidth", "295"); Found : user_pref("CT2418376.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Found : user_pref("CT2418376.SearchFromAddressBarIsInit", true); Found : user_pref("CT2418376.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT241[...] Found : user_pref("CT2418376.SearchInNewTabEnabled", true); Found : user_pref("CT2418376.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2418376.SearchInNewTabLastCheckTime", "Tue Mar 29 2011 00:48:55 GMT-0400 (Eastern Dayli[...] Found : user_pref("CT2418376.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2418376.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Found : user_pref("CT2418376.ServiceMapLastCheckTime", "Tue Mar 29 2011 02:48:16 GMT-0400 (Eastern Daylight [...] Found : user_pref("CT2418376.SettingsCheckIntervalMin", 120); Found : user_pref("CT2418376.SettingsLastCheckTime", "Tue Mar 29 2011 00:48:55 GMT-0400 (Eastern Daylight Ti[...] Found : user_pref("CT2418376.SettingsLastUpdate", "1299600573"); Found : user_pref("CT2418376.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2418376.ThirdPartyComponentsLastCheck", "Tue Mar 29 2011 00:48:55 GMT-0400 (Eastern Day[...] Found : user_pref("CT2418376.ThirdPartyComponentsLastUpdate", "1246790578"); Found : user_pref("CT2418376.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2418376"); Found : user_pref("CT2418376.UserID", "UN91213649790182398"); Found : user_pref("CT2418376.ValidationData_Toolbar", 1); Found : user_pref("CT2418376.alertChannelId", "812740"); Found : user_pref("CT2418376.clientLogIsEnabled", true); Found : user_pref("CT2418376.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Found : user_pref("CT2418376.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...] Found : user_pref("CT2418376.globalFirstTimeInfoLastCheckTime", "Tue Mar 29 2011 02:48:16 GMT-0400 (Eastern [...] Found : user_pref("CT2418376.isAppTrackingManagerOn", true); Found : user_pref("CT2418376.myStuffEnabled", true); Found : user_pref("CT2418376.myStuffPublihserMinWidth", 400); Found : user_pref("CT2418376.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2418376.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2418376.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2418376.toolbarAppMetaDataLastCheckTime", "Tue Mar 29 2011 02:48:16 GMT-0400 (Eastern D[...] Found : user_pref("CT2418376.toolbarContextMenuLastCheckTime", "Tue Mar 29 2011 02:48:16 GMT-0400 (Eastern D[...] Found : user_pref("CT2418376.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Found : user_pref("CT2956077..clientLogIsEnabled", true); Found : user_pref("CT2956077..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2956077..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2956077.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2956077.AppTrackingLastCheckTime", "Tue Mar 29 2011 02:48:27 GMT-0400 (Eastern Daylight[...] Found : user_pref("CT2956077.CT2956077", "CT2956077"); Found : user_pref("CT2956077.CurrentServerDate", "29-3-2011"); Found : user_pref("CT2956077.DialogsAlignMode", "LTR"); Found : user_pref("CT2956077.DialogsGetterLastCheckTime", "Tue Mar 29 2011 02:48:21 GMT-0400 (Eastern Daylig[...] Found : user_pref("CT2956077.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...] Found : user_pref("CT2956077.FirstServerDate", "29-3-2011"); Found : user_pref("CT2956077.FirstTime", true); Found : user_pref("CT2956077.FirstTimeFF3", true); Found : user_pref("CT2956077.FixPageNotFoundErrors", false); Found : user_pref("CT2956077.GroupingServerCheckInterval", 1440); Found : user_pref("CT2956077.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2956077.HasUserGlobalKeys", true); Found : user_pref("CT2956077.Initialize", true); Found : user_pref("CT2956077.InitializeCommonPrefs", true); Found : user_pref("CT2956077.InstallationAndCookieDataSentCount", 1); Found : user_pref("CT2956077.InstalledDate", "Tue Mar 29 2011 02:48:21 GMT-0400 (Eastern Daylight Time)"); Found : user_pref("CT2956077.InvalidateCache", false); Found : user_pref("CT2956077.IsGrouping", false); Found : user_pref("CT2956077.IsMulticommunity", false); Found : user_pref("CT2956077.IsOpenThankYouPage", true); Found : user_pref("CT2956077.IsOpenUninstallPage", true); Found : user_pref("CT2956077.LanguagePackLastCheckTime", "Tue Mar 29 2011 02:48:19 GMT-0400 (Eastern Dayligh[...] Found : user_pref("CT2956077.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2956077.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2956077.LastLogin_3.3.3.2", "Tue Mar 29 2011 02:48:17 GMT-0400 (Eastern Daylight Time)"[...] Found : user_pref("CT2956077.LatestVersion", "3.2.5.2"); Found : user_pref("CT2956077.Locale", "en"); Found : user_pref("CT2956077.MCDetectTooltipHeight", "83"); Found : user_pref("CT2956077.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2956077.MCDetectTooltipWidth", "295"); Found : user_pref("CT2956077.RadioIsPodcast", false); Found : user_pref("CT2956077.RadioLastCheckTime", "Tue Mar 29 2011 02:48:18 GMT-0400 (Eastern Daylight Time)[...] Found : user_pref("CT2956077.RadioLastUpdateIPServer", "3"); Found : user_pref("CT2956077.RadioLastUpdateServer", "3"); Found : user_pref("CT2956077.RadioMediaID", "9962"); Found : user_pref("CT2956077.RadioMediaType", "Media Player"); Found : user_pref("CT2956077.RadioMenuSelectedID", "EBRadioMenu_CT29560779962"); Found : user_pref("CT2956077.RadioStationName", "California%20Rock"); Found : user_pref("CT2956077.RadioStationURL", "hxxp://feedlive.net/california.asx"); Found : user_pref("CT2956077.SavedHomepage", "hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP"); Found : user_pref("CT2956077.SearchFromAddressBarIsInit", true); Found : user_pref("CT2956077.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT295[...] Found : user_pref("CT2956077.SearchInNewTabEnabled", true); Found : user_pref("CT2956077.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2956077.SearchInNewTabLastCheckTime", "Tue Mar 29 2011 02:48:18 GMT-0400 (Eastern Dayli[...] Found : user_pref("CT2956077.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2956077.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Found : user_pref("CT2956077.ServiceMapLastCheckTime", "Tue Mar 29 2011 02:48:15 GMT-0400 (Eastern Daylight [...] Found : user_pref("CT2956077.SettingsLastCheckTime", "Tue Mar 29 2011 02:48:16 GMT-0400 (Eastern Daylight Ti[...] Found : user_pref("CT2956077.SettingsLastUpdate", "1301092289"); Found : user_pref("CT2956077.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2956077.ThirdPartyComponentsLastCheck", "Tue Mar 29 2011 02:48:15 GMT-0400 (Eastern Day[...] Found : user_pref("CT2956077.ThirdPartyComponentsLastUpdate", "1246786978"); Found : user_pref("CT2956077.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2956077"); Found : user_pref("CT2956077.UserID", "UN06217710726421377"); Found : user_pref("CT2956077.WeatherNetwork", ""); Found : user_pref("CT2956077.WeatherPollDate", "Tue Mar 29 2011 02:48:17 GMT-0400 (Eastern Daylight Time)"); Found : user_pref("CT2956077.WeatherUnit", "F"); Found : user_pref("CT2956077.alertChannelId", "1347936"); Found : user_pref("CT2956077.approveUntrustedApps", true); Found : user_pref("CT2956077.backendstorage._fb_dailyactivity", "31333031333831323938353136"); Found : user_pref("CT2956077.backendstorage._fb_lifetimesent", "54525545"); Found : user_pref("CT2956077.backendstorage.facebook_ctid_connect_send", "73656E646564"); Found : user_pref("CT2956077.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...] Found : user_pref("CT2956077.globalFirstTimeInfoLastCheckTime", "Tue Mar 29 2011 02:48:16 GMT-0400 (Eastern [...] Found : user_pref("CT2956077.isAppTrackingManagerOn", true); Found : user_pref("CT2956077.myStuffEnabled", true); Found : user_pref("CT2956077.myStuffPublihserMinWidth", 400); Found : user_pref("CT2956077.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2956077.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2956077.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2956077.testingCtid", ""); Found : user_pref("CT2956077.toolbarAppMetaDataLastCheckTime", "Tue Mar 29 2011 02:48:16 GMT-0400 (Eastern D[...] Found : user_pref("CT2956077.toolbarContextMenuLastCheckTime", "Tue Mar 29 2011 02:48:17 GMT-0400 (Eastern D[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1347936/1343597/US", "\"0\"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2418376", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2956077", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=2.7.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2956077",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2956077/CT2956077[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...] Found : user_pref("CommunityToolbar.EngineOwner", "CT2956077"); Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{30aa252e-b1df-4aa2-9c5e-194c67a7c623}"); Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "gamewrangler_v2"); Found : user_pref("CommunityToolbar.IsEngineShown", true); Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://www.mochigames.com/conduit/app/?utm_source=co[...] Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2956077"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{30aa252e-b1df-4aa2-9c5e-194c67a7c623}"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "gamewrangler_v2"); Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.bing.com/search?pc=ZUGO&form=[...] Found : user_pref("CommunityToolbar.ToolbarsList", "CT2418376,ConduitEngine,CT2956077"); Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2418376,CT2956077"); Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Mar 29 2011 02:48:17 GMT-04[...] Found : user_pref("CommunityToolbar.alert.alertEnabled", true); Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Apr 13 2011 22:27:23 GMT-0400 (Easte[...] Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.alert.locale", "en"); Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Apr 13 2011 22:27:10 GMT-0400 (Eastern D[...] Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291048634"); Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.alert.showTrayIcon", false); Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.alert.userId", "742bb392-1288-4699-95cb-4b4ed573f1f2"); Found : user_pref("CommunityToolbar.globalUserId", "66d31b25-79e1-46d1-801a-1ebd41133792"); Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2956077"); Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Fri Apr 08 2011 15:19:30 GMT-0400 (Eastern Dayl[...] Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Wed Apr 13 2011 21:19:07 GMT-0400 (Eastern Da[...] Found : user_pref("ConduitEngine.FirstServerDate", "03/29/2011 09"); Found : user_pref("ConduitEngine.FirstTime", true); Found : user_pref("ConduitEngine.FirstTimeFF3", true); Found : user_pref("ConduitEngine.HasUserGlobalKeys", true); Found : user_pref("ConduitEngine.HideEngineAfterRestart", true); Found : user_pref("ConduitEngine.Initialize", true); Found : user_pref("ConduitEngine.InitializeCommonPrefs", true); Found : user_pref("ConduitEngine.InstalledDate", "Tue Mar 29 2011 02:48:19 GMT-0400 (Eastern Daylight Time)"[...] Found : user_pref("ConduitEngine.IsMulticommunity", false); Found : user_pref("ConduitEngine.IsOpenThankYouPage", false); Found : user_pref("ConduitEngine.IsOpenUninstallPage", true); Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Apr 13 2011 22:27:11 GMT-0400 (Eastern Day[...] Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Thu Apr 14 2011 16:43:09 GMT-0400 (Eastern Daylight Ti[...] Found : user_pref("ConduitEngine.PublisherContainerWidth", 0); Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Thu Apr 14 2011 16:43:10 GMT-0400 (Eastern Dayligh[...] Found : user_pref("ConduitEngine.UserID", "UN15873396995055304"); Found : user_pref("ConduitEngine.engineLocale", "en-US"); Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Apr 13 2011 22:27:12 GMT-0400 (Easte[...] Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Thu Apr 14 2011 16:43:09 GMT-0400 (East[...] Found : user_pref("ConduitEngine.initDone", true); Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true); Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Found : user_pref("browser.search.defaultengine", "Ask.com"); Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Found : user_pref("browser.search.defaultthis.engineName", "gamewrangler_v2 Customized Web Search"); Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2956077&Sea[...] Found : user_pref("browser.search.order.1", "Search the web (Babylon)"); Found : user_pref("browser.search.selectedEngine", "Search the web (Babylon)"); Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=111385&babsrc=HP_ss&mntrId=c[...] Found : user_pref("extensions.3499ur3ur4hfsudfs.scode", "\n(function(){var bdomains={\"search.babylon.com\":[...] Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Found : user_pref("extensions.BabylonToolbar_i.babExt", ""); Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111385"); Found : user_pref("extensions.BabylonToolbar_i.hardId", "c6dc987d000000000000485d60618af9"); Found : user_pref("extensions.BabylonToolbar_i.id", "c6dc987d000000000000485d60618af9"); Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15411"); Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Found : user_pref("extensions.BabylonToolbar_i.newTab", true); Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=111385&babsrc=N[...] Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.170:30:59"); Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Found : user_pref("extensions.facemoods.aflt", "_#guppy1"); Found : user_pref("extensions.facemoods.firstRun", false); Found : user_pref("extensions.facemoods.lastActv", "14"); Found : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.FirstLaunchShown", true); Found : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.LastDate", 14); Found : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.session", "F96D49C259F47355B34590FC35331C0D098C[...] Found : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.tb_lang", "en"); Found : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.user_id", "27472811"); Found : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.vars.disablecuidinject", "1"); Found : user_pref("freecauseebcfd043312f448d96f425ba0f1ea646.vars.lastcheck", "Wed%20Mar%2014%202012%2000%3A[...] Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=111385&babsrc=KW_ss&mntrId=c6dc987d000000[...] Found : user_pref("keyword.URL","hxxp://slirsredirect.search.aol.com/redirector/sredir?invocationType=bu10ai[...] -\\ Google Chrome v21.0.1180.79 File : C:\Users\Kristen\AppData\Local\Google\Chrome\User Data\Default\Preferences Found : "description": "The fastest way to search the web.", ************************* AdwCleaner[R1].txt - [32079 octets] - [23/08/2012 10:21:06] ########## EOF - C:\AdwCleaner[R1].txt - [32208 octets] ########## -
MalwareBytes Won't Run in Safe Mode (DDS Report Included)
Lapys replied to Lapys's topic in Resolved Malware Removal Logs
Okay. For some reason Combofix can't seem to generate a log file. I've run it probably four different times, trying in both safe and normal modes, and after the restart (again, tried booting to normal and also safe modes), it gets hung up on generating the log file. Looking at the processes, there was nothing heavy in use. I think the heaviest was Windows Explorer. Also, the laptop can't seem to connect wirelessly to the network I have running, so I haven't yet run the ESET scan. Here are all the other scans and files you have asked for. It was the best I could come up with considering ComboFix wouldn't generate a log despite running. Here are the posts in this order: TDSS, ADW, Security Check. First, TDSS: 09:19:32.0934 1824 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03 09:19:32.0950 1824 ============================================================ 09:19:32.0950 1824 Current date / time: 2012/08/23 09:19:32.0950 09:19:32.0950 1824 SystemInfo: 09:19:32.0950 1824 09:19:32.0950 1824 OS Version: 6.1.7601 ServicePack: 1.0 09:19:32.0950 1824 Product type: Workstation 09:19:32.0950 1824 ComputerName: KRISTEN-MSI 09:19:32.0950 1824 UserName: Kristen 09:19:32.0950 1824 Windows directory: C:\windows 09:19:32.0950 1824 System windows directory: C:\windows 09:19:32.0950 1824 Running under WOW64 09:19:32.0950 1824 Processor architecture: Intel x64 09:19:32.0950 1824 Number of processors: 2 09:19:32.0950 1824 Page size: 0x1000 09:19:32.0950 1824 Boot type: Safe boot 09:19:32.0950 1824 ============================================================ 09:19:33.0621 1824 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 09:19:33.0636 1824 Drive \Device\Harddisk1\DR1 - Size: 0x3BA300000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 09:19:33.0636 1824 ============================================================ 09:19:33.0636 1824 \Device\Harddisk0\DR0: 09:19:33.0636 1824 MBR partitions: 09:19:33.0636 1824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x15997000 09:19:33.0636 1824 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x171C9800, BlocksNum 0xE264800 09:19:33.0636 1824 \Device\Harddisk1\DR1: 09:19:33.0636 1824 MBR partitions: 09:19:33.0636 1824 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1DD17E0 09:19:33.0636 1824 ============================================================ 09:19:33.0667 1824 C: <-> \Device\Harddisk0\DR0\Partition1 09:19:33.0683 1824 D: <-> \Device\Harddisk0\DR0\Partition2 09:19:33.0683 1824 ============================================================ 09:19:33.0683 1824 Initialize success 09:19:33.0683 1824 ============================================================ 09:19:36.0085 1856 ============================================================ 09:19:36.0085 1856 Scan started 09:19:36.0085 1856 Mode: Manual; 09:19:36.0085 1856 ============================================================ 09:19:36.0226 1856 ================ Scan system memory ======================== 09:19:36.0226 1856 System memory - ok 09:19:36.0226 1856 ================ Scan services ============================= 09:19:36.0444 1856 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys 09:19:36.0444 1856 1394ohci - ok 09:19:36.0538 1856 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 09:19:36.0538 1856 ACDaemon - ok 09:19:36.0585 1856 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys 09:19:36.0600 1856 ACPI - ok 09:19:36.0631 1856 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys 09:19:36.0631 1856 AcpiPmi - ok 09:19:36.0725 1856 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe 09:19:36.0725 1856 Adobe LM Service - ok 09:19:36.0787 1856 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys 09:19:36.0787 1856 adp94xx - ok 09:19:36.0850 1856 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys 09:19:36.0850 1856 adpahci - ok 09:19:36.0881 1856 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys 09:19:36.0881 1856 adpu320 - ok 09:19:36.0928 1856 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll 09:19:36.0928 1856 AeLookupSvc - ok 09:19:36.0990 1856 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys 09:19:36.0990 1856 AFD - ok 09:19:37.0021 1856 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys 09:19:37.0021 1856 agp440 - ok 09:19:37.0053 1856 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe 09:19:37.0068 1856 ALG - ok 09:19:37.0115 1856 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys 09:19:37.0115 1856 aliide - ok 09:19:37.0131 1856 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys 09:19:37.0131 1856 amdide - ok 09:19:37.0177 1856 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys 09:19:37.0177 1856 AmdK8 - ok 09:19:37.0193 1856 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys 09:19:37.0193 1856 AmdPPM - ok 09:19:37.0240 1856 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys 09:19:37.0240 1856 amdsata - ok 09:19:37.0255 1856 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys 09:19:37.0255 1856 amdsbs - ok 09:19:37.0287 1856 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys 09:19:37.0287 1856 amdxata - ok 09:19:37.0318 1856 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys 09:19:37.0318 1856 AppID - ok 09:19:37.0349 1856 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll 09:19:37.0365 1856 AppIDSvc - ok 09:19:37.0411 1856 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll 09:19:37.0411 1856 Appinfo - ok 09:19:37.0489 1856 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 09:19:37.0505 1856 Apple Mobile Device - ok 09:19:37.0567 1856 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys 09:19:37.0567 1856 arc - ok 09:19:37.0583 1856 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys 09:19:37.0583 1856 arcsas - ok 09:19:37.0630 1856 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys 09:19:37.0630 1856 ArcSoftKsUFilter - ok 09:19:37.0677 1856 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys 09:19:37.0677 1856 AsyncMac - ok 09:19:37.0708 1856 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys 09:19:37.0708 1856 atapi - ok 09:19:37.0817 1856 [ 481CC0E01A941BA4DD0D949C1D47B417 ] athr C:\windows\system32\DRIVERS\athrx.sys 09:19:37.0911 1856 athr - ok 09:19:37.0989 1856 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll 09:19:38.0004 1856 AudioEndpointBuilder - ok 09:19:38.0020 1856 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll 09:19:38.0020 1856 AudioSrv - ok 09:19:38.0067 1856 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll 09:19:38.0067 1856 AxInstSV - ok 09:19:38.0129 1856 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys 09:19:38.0129 1856 b06bdrv - ok 09:19:38.0176 1856 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys 09:19:38.0191 1856 b57nd60a - ok 09:19:38.0238 1856 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll 09:19:38.0238 1856 BDESVC - ok 09:19:38.0254 1856 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys 09:19:38.0254 1856 Beep - ok 09:19:38.0316 1856 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll 09:19:38.0332 1856 BFE - ok 09:19:38.0394 1856 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll 09:19:38.0410 1856 BITS - ok 09:19:38.0441 1856 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys 09:19:38.0441 1856 blbdrive - ok 09:19:38.0519 1856 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 09:19:38.0535 1856 Bonjour Service - ok 09:19:38.0566 1856 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys 09:19:38.0566 1856 bowser - ok 09:19:38.0597 1856 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys 09:19:38.0597 1856 BrFiltLo - ok 09:19:38.0613 1856 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys 09:19:38.0613 1856 BrFiltUp - ok 09:19:38.0659 1856 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys 09:19:38.0659 1856 BridgeMP - ok 09:19:38.0691 1856 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\windows\System32\browser.dll 09:19:38.0691 1856 Browser - ok 09:19:38.0722 1856 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys 09:19:38.0722 1856 Brserid - ok 09:19:38.0737 1856 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys 09:19:38.0753 1856 BrSerWdm - ok 09:19:38.0769 1856 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys 09:19:38.0769 1856 BrUsbMdm - ok 09:19:38.0769 1856 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys 09:19:38.0769 1856 BrUsbSer - ok 09:19:38.0784 1856 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys 09:19:38.0784 1856 BTHMODEM - ok 09:19:38.0831 1856 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll 09:19:38.0831 1856 bthserv - ok 09:19:38.0862 1856 catchme - ok 09:19:38.0925 1856 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys 09:19:38.0940 1856 cdfs - ok 09:19:39.0018 1856 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys 09:19:39.0018 1856 cdrom - ok 09:19:39.0049 1856 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll 09:19:39.0049 1856 CertPropSvc - ok 09:19:39.0081 1856 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys 09:19:39.0081 1856 circlass - ok 09:19:39.0096 1856 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys 09:19:39.0112 1856 CLFS - ok 09:19:39.0190 1856 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 09:19:39.0221 1856 clr_optimization_v2.0.50727_32 - ok 09:19:39.0252 1856 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 09:19:39.0252 1856 clr_optimization_v2.0.50727_64 - ok 09:19:39.0330 1856 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 09:19:39.0361 1856 clr_optimization_v4.0.30319_32 - ok 09:19:39.0393 1856 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 09:19:39.0424 1856 clr_optimization_v4.0.30319_64 - ok 09:19:39.0471 1856 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys 09:19:39.0471 1856 CmBatt - ok 09:19:39.0486 1856 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys 09:19:39.0486 1856 cmdide - ok 09:19:39.0533 1856 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys 09:19:39.0533 1856 CNG - ok 09:19:39.0564 1856 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys 09:19:39.0564 1856 Compbatt - ok 09:19:39.0595 1856 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys 09:19:39.0595 1856 CompositeBus - ok 09:19:39.0611 1856 COMSysApp - ok 09:19:39.0627 1856 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys 09:19:39.0642 1856 crcdisk - ok 09:19:39.0689 1856 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll 09:19:39.0705 1856 CryptSvc - ok 09:19:39.0736 1856 [ 76E02DB615A03801D698199A2BC4A06A ] dc3d C:\windows\system32\DRIVERS\dc3d.sys 09:19:39.0736 1856 dc3d - ok 09:19:39.0783 1856 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll 09:19:39.0783 1856 DcomLaunch - ok 09:19:39.0829 1856 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll 09:19:39.0829 1856 defragsvc - ok 09:19:39.0876 1856 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys 09:19:39.0892 1856 DfsC - ok 09:19:39.0939 1856 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll 09:19:39.0939 1856 Dhcp - ok 09:19:40.0001 1856 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys 09:19:40.0001 1856 discache - ok 09:19:40.0017 1856 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys 09:19:40.0017 1856 Disk - ok 09:19:40.0063 1856 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll 09:19:40.0063 1856 Dnscache - ok 09:19:40.0110 1856 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll 09:19:40.0110 1856 dot3svc - ok 09:19:40.0141 1856 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll 09:19:40.0141 1856 DPS - ok 09:19:40.0188 1856 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys 09:19:40.0188 1856 drmkaud - ok 09:19:40.0235 1856 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys 09:19:40.0251 1856 DXGKrnl - ok 09:19:40.0297 1856 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll 09:19:40.0297 1856 EapHost - ok 09:19:40.0375 1856 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys 09:19:40.0469 1856 ebdrv - ok 09:19:40.0531 1856 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe 09:19:40.0531 1856 EFS - ok 09:19:40.0609 1856 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe 09:19:40.0625 1856 ehRecvr - ok 09:19:40.0656 1856 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe 09:19:40.0656 1856 ehSched - ok 09:19:40.0672 1856 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys 09:19:40.0687 1856 elxstor - ok 09:19:40.0703 1856 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys 09:19:40.0703 1856 ErrDev - ok 09:19:40.0765 1856 [ 89D11159B361DD1EAC5DD4E9895C04A4 ] EUCR C:\windows\system32\DRIVERS\EUCR6SK.SYS 09:19:40.0765 1856 EUCR - ok 09:19:40.0812 1856 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll 09:19:40.0812 1856 EventSystem - ok 09:19:40.0828 1856 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys 09:19:40.0843 1856 exfat - ok 09:19:40.0859 1856 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys 09:19:40.0859 1856 fastfat - ok 09:19:40.0906 1856 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe 09:19:40.0937 1856 Fax - ok 09:19:40.0968 1856 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys 09:19:40.0968 1856 fdc - ok 09:19:40.0984 1856 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll 09:19:40.0984 1856 fdPHost - ok 09:19:40.0999 1856 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll 09:19:40.0999 1856 FDResPub - ok 09:19:41.0015 1856 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys 09:19:41.0015 1856 FileInfo - ok 09:19:41.0031 1856 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys 09:19:41.0031 1856 Filetrace - ok 09:19:41.0062 1856 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys 09:19:41.0062 1856 flpydisk - ok 09:19:41.0093 1856 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys 09:19:41.0109 1856 FltMgr - ok 09:19:41.0171 1856 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll 09:19:41.0202 1856 FontCache - ok 09:19:41.0265 1856 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 09:19:41.0265 1856 FontCache3.0.0.0 - ok 09:19:41.0280 1856 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys 09:19:41.0280 1856 FsDepends - ok 09:19:41.0311 1856 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys 09:19:41.0311 1856 Fs_Rec - ok 09:19:41.0374 1856 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys 09:19:41.0374 1856 fvevol - ok 09:19:41.0389 1856 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys 09:19:41.0389 1856 gagp30kx - ok 09:19:41.0436 1856 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys 09:19:41.0436 1856 GEARAspiWDM - ok 09:19:41.0514 1856 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll 09:19:41.0530 1856 gpsvc - ok 09:19:41.0623 1856 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 09:19:41.0623 1856 gupdate - ok 09:19:41.0670 1856 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 09:19:41.0670 1856 gupdatem - ok 09:19:41.0701 1856 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys 09:19:41.0701 1856 hcw85cir - ok 09:19:41.0748 1856 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys 09:19:41.0748 1856 HdAudAddService - ok 09:19:41.0764 1856 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys 09:19:41.0764 1856 HDAudBus - ok 09:19:41.0811 1856 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys 09:19:41.0811 1856 HECIx64 - ok 09:19:41.0826 1856 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys 09:19:41.0826 1856 HidBatt - ok 09:19:41.0842 1856 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys 09:19:41.0842 1856 HidBth - ok 09:19:41.0857 1856 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys 09:19:41.0857 1856 HidIr - ok 09:19:41.0873 1856 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll 09:19:41.0873 1856 hidserv - ok 09:19:41.0920 1856 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys 09:19:41.0935 1856 HidUsb - ok 09:19:41.0951 1856 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll 09:19:41.0967 1856 hkmsvc - ok 09:19:41.0998 1856 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll 09:19:41.0998 1856 HomeGroupListener - ok 09:19:42.0045 1856 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll 09:19:42.0045 1856 HomeGroupProvider - ok 09:19:42.0060 1856 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys 09:19:42.0060 1856 HpSAMD - ok 09:19:42.0154 1856 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys 09:19:42.0154 1856 HTTP - ok 09:19:42.0185 1856 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys 09:19:42.0185 1856 hwpolicy - ok 09:19:42.0232 1856 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys 09:19:42.0232 1856 i8042prt - ok 09:19:42.0294 1856 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\windows\system32\DRIVERS\iaStor.sys 09:19:42.0294 1856 iaStor - ok 09:19:42.0372 1856 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 09:19:42.0372 1856 IAStorDataMgrSvc - ok 09:19:42.0403 1856 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys 09:19:42.0403 1856 iaStorV - ok 09:19:42.0481 1856 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 09:19:42.0481 1856 IDriverT - ok 09:19:42.0559 1856 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 09:19:42.0606 1856 idsvc - ok 09:19:42.0903 1856 [ F4F91789C7C7A159CE8215C1F69F2A85 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys 09:19:43.0168 1856 igfx - ok 09:19:43.0215 1856 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys 09:19:43.0215 1856 iirsp - ok 09:19:43.0261 1856 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll 09:19:43.0277 1856 IKEEXT - ok 09:19:43.0293 1856 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys 09:19:43.0293 1856 Impcd - ok 09:19:43.0417 1856 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys 09:19:43.0480 1856 IntcAzAudAddService - ok 09:19:43.0527 1856 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys 09:19:43.0527 1856 IntcDAud - ok 09:19:43.0542 1856 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys 09:19:43.0542 1856 intelide - ok 09:19:43.0573 1856 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys 09:19:43.0573 1856 intelppm - ok 09:19:43.0605 1856 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll 09:19:43.0605 1856 IPBusEnum - ok 09:19:43.0651 1856 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys 09:19:43.0651 1856 IpFilterDriver - ok 09:19:43.0698 1856 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll 09:19:43.0698 1856 iphlpsvc - ok 09:19:43.0729 1856 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys 09:19:43.0729 1856 IPMIDRV - ok 09:19:43.0761 1856 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys 09:19:43.0761 1856 IPNAT - ok 09:19:43.0823 1856 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 09:19:43.0839 1856 iPod Service - ok 09:19:43.0870 1856 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys 09:19:43.0870 1856 IRENUM - ok 09:19:43.0901 1856 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys 09:19:43.0901 1856 isapnp - ok 09:19:43.0901 1856 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys 09:19:43.0917 1856 iScsiPrt - ok 09:19:43.0963 1856 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys 09:19:43.0963 1856 kbdclass - ok 09:19:44.0010 1856 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys 09:19:44.0010 1856 kbdhid - ok 09:19:44.0026 1856 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe 09:19:44.0026 1856 KeyIso - ok 09:19:44.0073 1856 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys 09:19:44.0073 1856 KSecDD - ok 09:19:44.0088 1856 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys 09:19:44.0088 1856 KSecPkg - ok 09:19:44.0119 1856 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys 09:19:44.0119 1856 ksthunk - ok 09:19:44.0182 1856 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll 09:19:44.0182 1856 KtmRm - ok 09:19:44.0229 1856 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll 09:19:44.0244 1856 LanmanServer - ok 09:19:44.0275 1856 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll 09:19:44.0275 1856 LanmanWorkstation - ok 09:19:44.0307 1856 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys 09:19:44.0322 1856 lltdio - ok 09:19:44.0369 1856 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll 09:19:44.0385 1856 lltdsvc - ok 09:19:44.0431 1856 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll 09:19:44.0431 1856 lmhosts - ok 09:19:44.0478 1856 [ 7485FBCEF9136F530953575E2977859D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 09:19:44.0478 1856 LMS - ok 09:19:44.0525 1856 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys 09:19:44.0525 1856 LSI_FC - ok 09:19:44.0541 1856 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys 09:19:44.0541 1856 LSI_SAS - ok 09:19:44.0572 1856 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys 09:19:44.0572 1856 LSI_SAS2 - ok 09:19:44.0603 1856 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys 09:19:44.0603 1856 LSI_SCSI - ok 09:19:44.0619 1856 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys 09:19:44.0619 1856 luafv - ok 09:19:44.0681 1856 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\windows\system32\drivers\mbam.sys 09:19:44.0681 1856 MBAMProtector - ok 09:19:44.0775 1856 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 09:19:44.0790 1856 MBAMService - ok 09:19:44.0821 1856 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll 09:19:44.0821 1856 Mcx2Svc - ok 09:19:44.0853 1856 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys 09:19:44.0853 1856 megasas - ok 09:19:44.0899 1856 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys 09:19:44.0899 1856 MegaSR - ok 09:19:44.0946 1856 MGHwCtrl - ok 09:19:45.0009 1856 [ 71C6748EE8DE938532057EF10B4B7E44 ] Micro Star SCM C:\Program Files (x86)\System Control Manager\MSIService.exe 09:19:45.0009 1856 Micro Star SCM - ok 09:19:45.0071 1856 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 09:19:45.0071 1856 Microsoft Office Groove Audit Service - ok 09:19:45.0118 1856 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll 09:19:45.0118 1856 MMCSS - ok 09:19:45.0133 1856 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys 09:19:45.0133 1856 Modem - ok 09:19:45.0180 1856 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys 09:19:45.0180 1856 monitor - ok 09:19:45.0196 1856 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\drivers\mouclass.sys 09:19:45.0196 1856 mouclass - ok 09:19:45.0227 1856 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys 09:19:45.0227 1856 mouhid - ok 09:19:45.0258 1856 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys 09:19:45.0258 1856 mountmgr - ok 09:19:45.0383 1856 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys 09:19:45.0383 1856 MpFilter - ok 09:19:45.0492 1856 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys 09:19:45.0492 1856 mpio - ok 09:19:45.0523 1856 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys 09:19:45.0523 1856 mpsdrv - ok 09:19:45.0601 1856 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll 09:19:45.0617 1856 MpsSvc - ok 09:19:45.0664 1856 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys 09:19:45.0679 1856 MRxDAV - ok 09:19:45.0773 1856 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys 09:19:45.0773 1856 mrxsmb - ok 09:19:45.0820 1856 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys 09:19:45.0820 1856 mrxsmb10 - ok 09:19:45.0835 1856 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys 09:19:45.0851 1856 mrxsmb20 - ok 09:19:45.0913 1856 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys 09:19:45.0913 1856 msahci - ok 09:19:45.0960 1856 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys 09:19:45.0960 1856 msdsm - ok 09:19:46.0007 1856 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe 09:19:46.0007 1856 MSDTC - ok 09:19:46.0054 1856 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys 09:19:46.0054 1856 Msfs - ok 09:19:46.0085 1856 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys 09:19:46.0085 1856 mshidkmdf - ok 09:19:46.0132 1856 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys 09:19:46.0132 1856 msisadrv - ok 09:19:46.0163 1856 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll 09:19:46.0163 1856 MSiSCSI - ok 09:19:46.0163 1856 msiserver - ok 09:19:46.0194 1856 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys 09:19:46.0194 1856 MSKSSRV - ok 09:19:46.0366 1856 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe 09:19:46.0366 1856 MsMpSvc - ok 09:19:46.0397 1856 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys 09:19:46.0397 1856 MSPCLOCK - ok 09:19:46.0397 1856 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys 09:19:46.0397 1856 MSPQM - ok 09:19:46.0459 1856 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys 09:19:46.0459 1856 MsRPC - ok 09:19:46.0537 1856 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys 09:19:46.0537 1856 mssmbios - ok 09:19:46.0584 1856 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys 09:19:46.0584 1856 MSTEE - ok 09:19:46.0662 1856 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys 09:19:46.0662 1856 MTConfig - ok 09:19:46.0709 1856 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys 09:19:46.0709 1856 Mup - ok 09:19:46.0771 1856 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll 09:19:46.0771 1856 napagent - ok 09:19:46.0818 1856 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys 09:19:46.0818 1856 NativeWifiP - ok 09:19:46.0927 1856 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\windows\system32\drivers\ndis.sys 09:19:46.0943 1856 NDIS - ok 09:19:46.0974 1856 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys 09:19:46.0974 1856 NdisCap - ok 09:19:47.0005 1856 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys 09:19:47.0005 1856 NdisTapi - ok 09:19:47.0068 1856 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys 09:19:47.0068 1856 Ndisuio - ok 09:19:47.0115 1856 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys 09:19:47.0115 1856 NdisWan - ok 09:19:47.0161 1856 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys 09:19:47.0161 1856 NDProxy - ok 09:19:47.0177 1856 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys 09:19:47.0177 1856 NetBIOS - ok 09:19:47.0208 1856 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys 09:19:47.0208 1856 NetBT - ok 09:19:47.0224 1856 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe 09:19:47.0224 1856 Netlogon - ok 09:19:47.0271 1856 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll 09:19:47.0286 1856 Netman - ok 09:19:47.0302 1856 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll 09:19:47.0317 1856 netprofm - ok 09:19:47.0364 1856 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 09:19:47.0364 1856 NetTcpPortSharing - ok 09:19:47.0395 1856 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys 09:19:47.0395 1856 nfrd960 - ok 09:19:47.0442 1856 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys 09:19:47.0442 1856 NisDrv - ok 09:19:47.0505 1856 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe 09:19:47.0505 1856 NisSrv - ok 09:19:47.0567 1856 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll 09:19:47.0567 1856 NlaSvc - ok 09:19:47.0567 1856 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys 09:19:47.0567 1856 Npfs - ok 09:19:47.0598 1856 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll 09:19:47.0598 1856 nsi - ok 09:19:47.0645 1856 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys 09:19:47.0645 1856 nsiproxy - ok 09:19:47.0707 1856 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys 09:19:47.0754 1856 Ntfs - ok 09:19:47.0770 1856 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys 09:19:47.0770 1856 Null - ok 09:19:47.0785 1856 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys 09:19:47.0801 1856 nvraid - ok 09:19:47.0848 1856 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys 09:19:47.0848 1856 nvstor - ok 09:19:47.0879 1856 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys 09:19:47.0879 1856 nv_agp - ok 09:19:47.0941 1856 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 09:19:47.0957 1856 odserv - ok 09:19:47.0988 1856 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys 09:19:47.0988 1856 ohci1394 - ok 09:19:48.0019 1856 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 09:19:48.0019 1856 ose - ok 09:19:48.0066 1856 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll 09:19:48.0066 1856 p2pimsvc - ok 09:19:48.0097 1856 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll 09:19:48.0097 1856 p2psvc - ok 09:19:48.0129 1856 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys 09:19:48.0129 1856 Parport - ok 09:19:48.0160 1856 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys 09:19:48.0160 1856 partmgr - ok 09:19:48.0191 1856 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll 09:19:48.0191 1856 PcaSvc - ok 09:19:48.0207 1856 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys 09:19:48.0207 1856 pci - ok 09:19:48.0222 1856 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys 09:19:48.0222 1856 pciide - ok 09:19:48.0238 1856 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys 09:19:48.0238 1856 pcmcia - ok 09:19:48.0253 1856 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys 09:19:48.0253 1856 pcw - ok 09:19:48.0285 1856 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys 09:19:48.0300 1856 PEAUTH - ok 09:19:48.0394 1856 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe 09:19:48.0441 1856 PerfHost - ok 09:19:48.0503 1856 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll 09:19:48.0534 1856 pla - ok 09:19:48.0612 1856 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll 09:19:48.0612 1856 PlugPlay - ok 09:19:48.0675 1856 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll 09:19:48.0675 1856 PNRPAutoReg - ok 09:19:48.0706 1856 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll 09:19:48.0706 1856 PNRPsvc - ok 09:19:48.0753 1856 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll 09:19:48.0753 1856 PolicyAgent - ok 09:19:48.0784 1856 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll 09:19:48.0784 1856 Power - ok 09:19:48.0846 1856 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys 09:19:48.0846 1856 PptpMiniport - ok 09:19:48.0877 1856 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys 09:19:48.0877 1856 Processor - ok 09:19:48.0924 1856 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll 09:19:48.0940 1856 ProfSvc - ok 09:19:48.0940 1856 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe 09:19:48.0940 1856 ProtectedStorage - ok 09:19:48.0971 1856 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys 09:19:48.0987 1856 Psched - ok 09:19:49.0033 1856 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys 09:19:49.0065 1856 ql2300 - ok 09:19:49.0080 1856 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys 09:19:49.0096 1856 ql40xx - ok 09:19:49.0111 1856 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll 09:19:49.0111 1856 QWAVE - ok 09:19:49.0143 1856 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys 09:19:49.0143 1856 QWAVEdrv - ok 09:19:49.0158 1856 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys 09:19:49.0158 1856 RasAcd - ok 09:19:49.0205 1856 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys 09:19:49.0205 1856 RasAgileVpn - ok 09:19:49.0221 1856 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll 09:19:49.0236 1856 RasAuto - ok 09:19:49.0252 1856 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys 09:19:49.0252 1856 Rasl2tp - ok 09:19:49.0314 1856 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll 09:19:49.0330 1856 RasMan - ok 09:19:49.0345 1856 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys 09:19:49.0345 1856 RasPppoe - ok 09:19:49.0361 1856 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys 09:19:49.0361 1856 RasSstp - ok 09:19:49.0408 1856 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys 09:19:49.0408 1856 rdbss - ok 09:19:49.0423 1856 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys 09:19:49.0423 1856 rdpbus - ok 09:19:49.0439 1856 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys 09:19:49.0439 1856 RDPCDD - ok 09:19:49.0455 1856 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys 09:19:49.0455 1856 RDPENCDD - ok 09:19:49.0470 1856 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys 09:19:49.0470 1856 RDPREFMP - ok 09:19:49.0501 1856 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys 09:19:49.0501 1856 RDPWD - ok 09:19:49.0533 1856 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys 09:19:49.0533 1856 rdyboost - ok 09:19:49.0564 1856 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll 09:19:49.0564 1856 RemoteAccess - ok 09:19:49.0611 1856 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll 09:19:49.0626 1856 RemoteRegistry - ok 09:19:49.0673 1856 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll 09:19:49.0673 1856 RpcEptMapper - ok 09:19:49.0704 1856 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe 09:19:49.0704 1856 RpcLocator - ok 09:19:49.0751 1856 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll 09:19:49.0751 1856 RpcSs - ok 09:19:49.0798 1856 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys 09:19:49.0798 1856 rspndr - ok 09:19:49.0845 1856 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys 09:19:49.0845 1856 RTL8167 - ok 09:19:49.0860 1856 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe 09:19:49.0860 1856 SamSs - ok 09:19:49.0891 1856 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys 09:19:49.0891 1856 sbp2port - ok 09:19:49.0938 1856 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll 09:19:49.0938 1856 SCardSvr - ok 09:19:49.0969 1856 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys 09:19:49.0969 1856 scfilter - ok 09:19:50.0032 1856 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll 09:19:50.0063 1856 Schedule - ok 09:19:50.0094 1856 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll 09:19:50.0094 1856 SCPolicySvc - ok 09:19:50.0125 1856 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\windows\system32\drivers\sdbus.sys 09:19:50.0125 1856 sdbus - ok 09:19:50.0157 1856 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll 09:19:50.0172 1856 SDRSVC - ok 09:19:50.0250 1856 [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 09:19:50.0250 1856 SeaPort - ok 09:19:50.0297 1856 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys 09:19:50.0297 1856 secdrv - ok 09:19:50.0344 1856 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll 09:19:50.0344 1856 seclogon - ok 09:19:50.0375 1856 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll 09:19:50.0375 1856 SENS - ok 09:19:50.0406 1856 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll 09:19:50.0406 1856 SensrSvc - ok 09:19:50.0437 1856 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys 09:19:50.0437 1856 Serenum - ok 09:19:50.0484 1856 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys 09:19:50.0500 1856 Serial - ok 09:19:50.0515 1856 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys 09:19:50.0515 1856 sermouse - ok 09:19:50.0578 1856 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll 09:19:50.0578 1856 SessionEnv - ok 09:19:50.0609 1856 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys 09:19:50.0609 1856 sffdisk - ok 09:19:50.0625 1856 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys 09:19:50.0625 1856 sffp_mmc - ok 09:19:50.0625 1856 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys 09:19:50.0625 1856 sffp_sd - ok 09:19:50.0671 1856 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys 09:19:50.0671 1856 sfloppy - ok 09:19:50.0703 1856 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll 09:19:50.0718 1856 SharedAccess - ok 09:19:50.0749 1856 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll 09:19:50.0765 1856 ShellHWDetection - ok 09:19:50.0781 1856 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys 09:19:50.0781 1856 SiSRaid2 - ok 09:19:50.0796 1856 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys 09:19:50.0796 1856 SiSRaid4 - ok 09:19:50.0812 1856 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys 09:19:50.0812 1856 Smb - ok 09:19:50.0859 1856 [ 7AE8BCA90539ECBDE87AC45BA1436BE3 ] smserial C:\windows\system32\DRIVERS\SmSerl64.sys 09:19:50.0890 1856 smserial - ok 09:19:50.0921 1856 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe 09:19:50.0937 1856 SNMPTRAP - ok 09:19:50.0937 1856 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys 09:19:50.0937 1856 spldr - ok 09:19:50.0983 1856 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\windows\System32\spoolsv.exe 09:19:50.0983 1856 Spooler - ok 09:19:51.0093 1856 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe 09:19:51.0186 1856 sppsvc - ok 09:19:51.0202 1856 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll 09:19:51.0202 1856 sppuinotify - ok 09:19:51.0249 1856 [ A6CFF1AF7664627A296B6A0A96CF876E ] sptd C:\windows\System32\Drivers\sptd.sys 09:19:51.0249 1856 sptd - ok 09:19:51.0295 1856 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys 09:19:51.0295 1856 srv - ok 09:19:51.0327 1856 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys 09:19:51.0327 1856 srv2 - ok 09:19:51.0342 1856 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys 09:19:51.0342 1856 srvnet - ok 09:19:51.0373 1856 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll 09:19:51.0373 1856 SSDPSRV - ok 09:19:51.0389 1856 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll 09:19:51.0389 1856 SstpSvc - ok 09:19:51.0420 1856 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys 09:19:51.0420 1856 stexstor - ok 09:19:51.0483 1856 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll 09:19:51.0498 1856 stisvc - ok 09:19:51.0514 1856 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys 09:19:51.0514 1856 swenum - ok 09:19:51.0545 1856 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll 09:19:51.0561 1856 swprv - ok 09:19:51.0592 1856 [ E5D73228176C9F69072D1F91CED83484 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys 09:19:51.0592 1856 SynTP - ok 09:19:51.0670 1856 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll 09:19:51.0717 1856 SysMain - ok 09:19:51.0748 1856 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll 09:19:51.0748 1856 TabletInputService - ok 09:19:55.0133 1856 [ 3A05225B4172D0FA20107BD503A84681 ] TapiSrv C:\windows\System32\tapisrv.dll 09:36:35.0656 1856 Suspicious file (NoAccess): C:\windows\System32\tapisrv.dll. md5: 3A05225B4172D0FA20107BD503A84681 09:36:35.0703 1856 TapiSrv ( LockedFile.Multi.Generic ) - warning 09:36:35.0703 1856 TapiSrv - detected LockedFile.Multi.Generic (1) 09:36:35.0797 1856 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll 09:36:35.0797 1856 TBS - ok 09:36:35.0906 1856 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\windows\system32\drivers\tcpip.sys 09:36:35.0953 1856 Tcpip - ok 09:36:36.0015 1856 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys 09:36:36.0015 1856 TCPIP6 - ok 09:36:36.0124 1856 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys 09:36:36.0124 1856 tcpipreg - ok 09:36:36.0156 1856 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys 09:36:36.0171 1856 TDPIPE - ok 09:36:36.0202 1856 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys 09:36:36.0202 1856 TDTCP - ok 09:36:36.0249 1856 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys 09:36:36.0249 1856 tdx - ok 09:36:36.0436 1856 [ 3E85BDD019E3DB66D9471DAD7FD6A887 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe 09:36:36.0514 1856 TeamViewer7 - ok 09:36:36.0577 1856 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys 09:36:36.0577 1856 TermDD - ok 09:36:36.0639 1856 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll 09:36:36.0655 1856 TermService - ok 09:36:36.0686 1856 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll 09:36:36.0686 1856 Themes - ok 09:36:36.0733 1856 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll 09:36:36.0733 1856 THREADORDER - ok 09:36:36.0764 1856 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll 09:36:36.0764 1856 TrkWks - ok 09:36:36.0858 1856 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe 09:36:36.0858 1856 TrustedInstaller - ok 09:36:36.0904 1856 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys 09:36:36.0904 1856 tssecsrv - ok 09:36:36.0951 1856 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys 09:36:36.0951 1856 TsUsbFlt - ok 09:36:37.0029 1856 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys 09:36:37.0029 1856 tunnel - ok 09:36:37.0060 1856 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys 09:36:37.0060 1856 uagp35 - ok 09:36:37.0092 1856 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys 09:36:37.0092 1856 udfs - ok 09:36:37.0248 1856 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe 09:36:37.0248 1856 UI0Detect - ok 09:36:37.0263 1856 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys 09:36:37.0279 1856 uliagpkx - ok 09:36:37.0326 1856 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys 09:36:37.0326 1856 umbus - ok 09:36:37.0341 1856 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys 09:36:37.0341 1856 UmPass - ok 09:36:37.0450 1856 [ 765F2DD351BA064F657751D8D75E58C0 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 09:36:37.0528 1856 UNS - ok 09:36:37.0653 1856 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll 09:36:37.0669 1856 upnphost - ok 09:36:37.0716 1856 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys 09:36:37.0716 1856 USBAAPL64 - ok 09:36:37.0747 1856 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys 09:36:37.0747 1856 usbccgp - ok 09:36:37.0809 1856 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys 09:36:37.0825 1856 usbcir - ok 09:36:37.0825 1856 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys 09:36:37.0840 1856 usbehci - ok 09:36:37.0856 1856 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys 09:36:37.0856 1856 usbhub - ok 09:36:37.0872 1856 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys 09:36:37.0872 1856 usbohci - ok 09:36:37.0934 1856 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys 09:36:37.0934 1856 usbprint - ok 09:36:38.0012 1856 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys 09:36:38.0028 1856 usbscan - ok 09:36:38.0028 1856 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS 09:36:38.0043 1856 USBSTOR - ok 09:36:38.0059 1856 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys 09:36:38.0059 1856 usbuhci - ok 09:36:38.0106 1856 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys 09:36:38.0106 1856 usbvideo - ok 09:36:38.0137 1856 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll 09:36:38.0137 1856 UxSms - ok 09:36:38.0152 1856 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe 09:36:38.0152 1856 VaultSvc - ok 09:36:38.0168 1856 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys 09:36:38.0168 1856 vdrvroot - ok 09:36:38.0230 1856 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe 09:36:38.0246 1856 vds - ok 09:36:38.0277 1856 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys 09:36:38.0277 1856 vga - ok 09:36:38.0277 1856 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys 09:36:38.0293 1856 VgaSave - ok 09:36:38.0324 1856 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys 09:36:38.0340 1856 vhdmp - ok 09:36:38.0386 1856 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys 09:36:38.0386 1856 viaide - ok 09:36:38.0402 1856 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys 09:36:38.0402 1856 volmgr - ok 09:36:38.0511 1856 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys 09:36:38.0511 1856 volmgrx - ok 09:36:38.0527 1856 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys 09:36:38.0527 1856 volsnap - ok 09:36:38.0574 1856 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys 09:36:38.0574 1856 vsmraid - ok 09:36:38.0698 1856 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe 09:36:38.0730 1856 VSS - ok 09:36:38.0761 1856 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys 09:36:38.0761 1856 vwifibus - ok 09:36:38.0776 1856 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys 09:36:38.0776 1856 vwififlt - ok 09:36:38.0808 1856 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll 09:36:38.0823 1856 W32Time - ok 09:36:38.0839 1856 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys 09:36:38.0839 1856 WacomPen - ok 09:36:38.0901 1856 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys 09:36:38.0901 1856 WANARP - ok 09:36:38.0917 1856 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys 09:36:38.0917 1856 Wanarpv6 - ok 09:36:38.0995 1856 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe 09:36:39.0026 1856 WatAdminSvc - ok 09:36:39.0073 1856 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe 09:36:39.0120 1856 wbengine - ok 09:36:39.0135 1856 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll 09:36:39.0151 1856 WbioSrvc - ok 09:36:39.0182 1856 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll 09:36:39.0182 1856 wcncsvc - ok 09:36:39.0213 1856 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll 09:36:39.0213 1856 WcsPlugInService - ok 09:36:39.0260 1856 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys 09:36:39.0260 1856 Wd - ok 09:36:39.0291 1856 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys 09:36:39.0307 1856 Wdf01000 - ok 09:36:39.0322 1856 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll 09:36:39.0338 1856 WdiServiceHost - ok 09:36:39.0354 1856 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll 09:36:39.0354 1856 WdiSystemHost - ok 09:36:39.0385 1856 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll 09:36:39.0385 1856 WebClient - ok 09:36:39.0416 1856 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll 09:36:39.0432 1856 Wecsvc - ok 09:36:39.0447 1856 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll 09:36:39.0447 1856 wercplsupport - ok 09:36:39.0478 1856 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll 09:36:39.0478 1856 WerSvc - ok 09:36:39.0525 1856 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys 09:36:39.0525 1856 WfpLwf - ok 09:36:39.0556 1856 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys 09:36:39.0556 1856 WIMMount - ok 09:36:39.0603 1856 WinDefend - ok 09:36:39.0634 1856 WinHttpAutoProxySvc - ok 09:36:39.0759 1856 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll 09:36:39.0759 1856 Winmgmt - ok 09:36:39.0884 1856 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll 09:36:39.0946 1856 WinRM - ok 09:36:40.0024 1856 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys 09:36:40.0024 1856 WinUsb - ok 09:36:40.0087 1856 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll 09:36:40.0118 1856 Wlansvc - ok 09:36:40.0290 1856 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 09:36:40.0352 1856 wlidsvc - ok 09:36:40.0383 1856 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys 09:36:40.0383 1856 WmiAcpi - ok 09:36:40.0414 1856 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe 09:36:40.0414 1856 wmiApSrv - ok 09:36:40.0477 1856 WMPNetworkSvc - ok 09:36:40.0508 1856 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll 09:36:40.0508 1856 WPCSvc - ok 09:36:40.0555 1856 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll 09:36:40.0570 1856 WPDBusEnum - ok 09:36:40.0586 1856 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys 09:36:40.0586 1856 ws2ifsl - ok 09:36:40.0617 1856 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll 09:36:40.0617 1856 wscsvc - ok 09:36:40.0617 1856 WSearch - ok 09:36:40.0711 1856 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll 09:36:40.0789 1856 wuauserv - ok 09:36:40.0820 1856 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys 09:36:40.0820 1856 WudfPf - ok 09:36:40.0851 1856 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys 09:36:40.0867 1856 WUDFRd - ok 09:36:40.0929 1856 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll 09:36:40.0929 1856 wudfsvc - ok 09:36:40.0976 1856 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll 09:36:40.0976 1856 WwanSvc - ok 09:36:41.0007 1856 ================ Scan global =============================== 09:36:41.0023 1856 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll 09:36:41.0054 1856 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll 09:36:41.0070 1856 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll 09:36:41.0101 1856 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll 09:36:41.0132 1856 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe 09:36:41.0132 1856 [Global] - ok 09:36:41.0132 1856 ================ Scan MBR ================================== 09:36:41.0148 1856 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 09:36:41.0491 1856 \Device\Harddisk0\DR0 - ok 09:36:41.0491 1856 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1 09:36:41.0491 1856 \Device\Harddisk1\DR1 - ok 09:36:41.0491 1856 ================ Scan VBR ================================== 09:36:41.0569 1856 [ 75D188B3DABA70EE81504F1FBB8FA2AF ] \Device\Harddisk0\DR0\Partition1 09:36:41.0569 1856 \Device\Harddisk0\DR0\Partition1 - ok 09:36:41.0943 1856 [ C5BCE75A797337CF53BD256D9E81836F ] \Device\Harddisk0\DR0\Partition2 09:36:41.0943 1856 \Device\Harddisk0\DR0\Partition2 - ok 09:36:41.0943 1856 [ 05070DF59B3356AAA3F03C1239081D69 ] \Device\Harddisk1\DR1\Partition1 09:36:41.0943 1856 \Device\Harddisk1\DR1\Partition1 - ok 09:36:41.0943 1856 ============================================================ 09:36:41.0943 1856 Scan finished 09:36:41.0943 1856 ============================================================ 09:36:42.0006 1848 Detected object count: 1 09:36:42.0006 1848 Actual detected object count: 1 09:48:59.0357 1848 C:\windows\System32\tapisrv.dll - copied to quarantine 09:48:59.0357 1848 TapiSrv ( LockedFile.Multi.Generic ) - User select action: Quarantine -
MalwareBytes Won't Run in Safe Mode (DDS Report Included)
Lapys replied to Lapys's topic in Resolved Malware Removal Logs
I think I am going to have to run them in safe mode because the computer locks up pretty bad in normal mode. Is that going to present a problem? -
MalwareBytes Won't Run in Safe Mode (DDS Report Included)
Lapys replied to Lapys's topic in Resolved Malware Removal Logs
About to run all the scans. Just booted up the laptop again and it is slow once more. I don't quite understand why that seems to have come out of the blue, as it was fine yesterday. -
MalwareBytes Won't Run in Safe Mode (DDS Report Included)
Lapys replied to Lapys's topic in Resolved Malware Removal Logs
I've run a full scan of MalwareBytes and don't even see any malware on the machine, and it is not exhibiting any of the slowing down symptoms from before, so I'm going to assume it's clean. The only thing it is doing now that I am not comfortable with, is that if I tell it to shut down, it will sit on the shut down screen for many, many minutes, seemingly doing nothing. It never did this before. Any ideas on what may have caused this? -
MalwareBytes Won't Run in Safe Mode (DDS Report Included)
Lapys replied to Lapys's topic in Resolved Malware Removal Logs
And here is the new DDS log: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Kristen at 6:21:40 on 2012-08-18 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3886.2532 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\System Control Manager\MSIService.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\SearchIndexer.exe C:\windows\system32\taskeng.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe C:\Windows\System32\StikyNot.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\system32\wuauclt.exe C:\Windows\system32\WUDFHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?affID=111385&babsrc=HP_ss&mntrId=c6dc987d000000000000485d60618af9 uInternet Settings,ProxyOverride = <local> uURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll BHO: TheBflix Class: {be861541-7376-4545-967b-20da8431c8ce} - C:\ProgramData\TheBflix\bhoclass.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll uRun: [installIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTQyNTU0NjQ3LVhPMTArMTItTElDKzItU1AxKzEtU1VQKzMtRkwxMCsxLVNQMVMyKzEtU1AxUzMrMS1ERFQrNTY1MTItREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFUKzEtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCTisx"&"prod=90"&"ver=10.0.1416 mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{B148C7B5-F58E-4739-85E3-5E688154A2C5} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{B148C7B5-F58E-4739-85E3-5E688154A2C5}\2375942554030313 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{B148C7B5-F58E-4739-85E3-5E688154A2C5}\34865627475737 : DhcpNameServer = 216.130.152.4 216.130.156.12 192.168.0.1 TCP: Interfaces\{B148C7B5-F58E-4739-85E3-5E688154A2C5}\355726771697 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{D1365E23-B7BC-4BEC-8374-139068AF032F} : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll BHO-X64: AOL Messaging Toolbar Loader - No File BHO-X64: TheBflix Class: {BE861541-7376-4545-967B-20DA8431C8CE} - C:\ProgramData\TheBflix\bhoclass.dll BHO-X64: TheBflix - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB-X64: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTQyNTU0NjQ3LVhPMTArMTItTElDKzItU1AxKzEtU1VQKzMtRkwxMCsxLVNQMVMyKzEtU1AxUzMrMS1ERFQrNTY1MTItREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFUKzEtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCTisx"&"prod=90"&"ver=10.0.1416 SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\System Control Manager\MSIService.exe [2010-7-1 160768] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-1 3027840] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-1 2320920] R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?] R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-22 136176] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-1 13336] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-8 655944] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?] S3 EUCR;EUCR;C:\windows\system32\DRIVERS\EUCR6SK.SYS --> C:\windows\system32\DRIVERS\EUCR6SK.SYS [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-22 136176] S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-08-18 04:52:01 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DE361D27-BF17-48FB-9787-64F6AB56D406}\offreg.dll 2012-08-18 00:02:26 98816 ----a-w- C:\windows\sed.exe 2012-08-18 00:02:26 518144 ----a-w- C:\windows\SWREG.exe 2012-08-18 00:02:26 256000 ----a-w- C:\windows\PEV.exe 2012-08-18 00:02:26 208896 ----a-w- C:\windows\MBR.exe 2012-08-18 00:02:22 -------- d-----w- C:\ComboFix 2012-08-17 21:50:45 -------- d-----w- C:\found.000 2012-08-16 18:31:13 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DE361D27-BF17-48FB-9787-64F6AB56D406}\mpengine.dll 2012-08-14 17:19:11 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-11 17:19:42 36168 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys 2012-08-10 19:12:30 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-08-08 05:59:40 22800 ----a-w- C:\windows\System32\drivers\Smb_driver.sys 2012-08-08 05:57:24 317440 ----a-w- C:\windows\System32\drivers\IntcDAud.sys 2012-08-08 05:57:24 14848 ----a-w- C:\windows\System32\IntcDAuC.dll 2012-08-08 05:55:44 18832 ----a-w- C:\windows\System32\drivers\pmkbdfltr.sys 2012-08-08 04:57:22 -------- d-----w- C:\Users\Kristen\AppData\Roaming\Uniblue 2012-08-08 04:57:22 -------- d-----w- C:\Program Files (x86)\Uniblue . ==================== Find3M ==================== . 2012-07-03 17:46:44 24904 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-06-12 03:08:36 3148800 ----a-w- C:\windows\System32\win32k.sys 2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll 2012-06-02 19:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll 2012-06-02 19:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe 2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll . ============= FINISH: 6:21:59.28 =============== -
MalwareBytes Won't Run in Safe Mode (DDS Report Included)
Lapys replied to Lapys's topic in Resolved Malware Removal Logs
Two posts incoming. First, the ComboFix log, and then the new DDS log. Here is the ComboFix log: ComboFix 12-08-17.03 - Kristen 08/17/2012 20:03:27.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3886.2610 [GMT -4:00] Running from: F:\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\kikin c:\program files (x86)\Search Toolbar c:\program files (x86)\Search Toolbar\SearchToolbar.dll c:\programdata\TheBflix c:\programdata\TheBflix\background.html c:\programdata\TheBflix\bccldkoinakjmmgebambiaggjobhikfg.crx c:\programdata\TheBflix\bhoclass.dll c:\programdata\TheBflix\content.js c:\programdata\TheBflix\settings.ini . . ((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 ))))))))))))))))))))))))))))))) . . 2012-08-18 00:16 . 2012-08-18 00:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-17 21:50 . 2012-08-17 21:50 -------- d-----w- C:\found.000 2012-08-16 18:31 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DE361D27-BF17-48FB-9787-64F6AB56D406}\mpengine.dll 2012-08-14 17:19 . 2012-08-14 17:19 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-11 17:19 . 2012-08-11 17:19 36168 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-08-10 19:12 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-08-08 05:59 . 2012-08-08 05:59 22800 ----a-w- c:\windows\system32\drivers\Smb_driver.sys 2012-08-08 05:57 . 2012-08-08 05:57 317440 ----a-w- c:\windows\system32\drivers\IntcDAud.sys 2012-08-08 05:57 . 2012-08-08 05:57 14848 ----a-w- c:\windows\system32\IntcDAuC.dll 2012-08-08 05:55 . 2012-08-08 05:55 18832 ----a-w- c:\windows\system32\drivers\pmkbdfltr.sys 2012-08-08 04:57 . 2012-08-08 04:57 -------- d-----w- c:\users\Kristen\AppData\Roaming\Uniblue 2012-08-08 04:57 . 2012-08-08 04:57 -------- d-----w- c:\program files (x86)\Uniblue 2012-07-19 00:26 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-15 03:38 . 2011-02-14 05:49 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-07-03 17:46 . 2011-02-14 02:33 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-09 05:43 . 2012-07-18 16:22 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 06:06 . 2012-07-18 16:22 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-18 16:22 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-18 16:22 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-18 16:22 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-18 16:22 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-18 16:22 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-06-02 22:19 . 2012-06-22 01:00 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-22 01:00 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-22 01:00 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-22 01:00 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-22 01:00 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-22 01:00 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-22 01:00 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19 . 2012-06-22 00:59 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:15 . 2012-06-22 00:59 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 12:49 . 2012-07-18 17:14 17807360 ----a-w- c:\windows\system32\mshtml.dll 2012-06-02 12:17 . 2012-07-18 17:14 10924032 ----a-w- c:\windows\system32\ieframe.dll 2012-06-02 12:12 . 2012-07-18 17:14 2311680 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 12:05 . 2012-07-18 17:14 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-06-02 12:05 . 2012-07-18 17:14 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 12:04 . 2012-07-18 17:14 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 12:04 . 2012-07-18 17:14 237056 ----a-w- c:\windows\system32\url.dll 2012-06-02 12:03 . 2012-07-18 17:14 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-06-02 12:01 . 2012-07-18 17:14 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 12:00 . 2012-07-18 17:14 818688 ----a-w- c:\windows\system32\jscript.dll 2012-06-02 11:59 . 2012-07-18 17:14 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-06-02 11:57 . 2012-07-18 17:14 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-06-02 11:57 . 2012-07-18 17:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-02 11:54 . 2012-07-18 17:14 248320 ----a-w- c:\windows\system32\ieui.dll 2012-06-02 08:33 . 2012-07-18 17:14 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-06-02 08:25 . 2012-07-18 17:14 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-06-02 08:25 . 2012-07-18 17:14 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-06-02 08:20 . 2012-07-18 17:14 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-06-02 08:16 . 2012-07-18 17:14 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-06-02 05:50 . 2012-07-18 16:22 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-18 16:22 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:48 . 2012-07-18 16:22 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:45 . 2012-07-18 16:22 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-18 16:22 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-18 16:22 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-18 16:22 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-18 16:22 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-18 16:22 96768 ----a-w- c:\windows\SysWow64\sspicli.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys [7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\drivers\atapi.sys [7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys . [7] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_804cc08a4e8a4516\asyncmac.sys [7] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\system32\drivers\asyncmac.sys . [7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdclass.sys [7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7601.17514] .. c:\windows\system32\drivers\kbdclass.sys [7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdclass.sys . [7] 2010-11-20 . 79B47FD40D9A817E932F9D26FAC0A81C . 951680 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys [7] 2010-11-20 . 79B47FD40D9A817E932F9D26FAC0A81C . 951680 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ndis.sys . [7] 2011-03-11 . A2F74975097F52A00745F9637451FDD8 . 1659776 . . [6.1.7601.17577] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys [7] 2011-03-11 . 87B104128D4D3BA3C13098BAEBF38082 . 1659776 . . [6.1.7601.21680] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys [7] 2011-03-11 . A2F74975097F52A00745F9637451FDD8 . 1659776 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ntfs.sys . [7] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-null_31bf3856ad364e35_6.1.7600.16385_none_055adf2434ae116e\null.sys [7] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\system32\drivers\null.sys . [7] 2012-03-30 . ACB82BDA8F46C84F465C1AFA517DC4B9 . 1918320 . . [6.1.7600.16385] .. c:\windows\system32\drivers\tcpip.sys . [7] 2010-11-20 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys [7] 2010-11-20 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\system32\drivers\tdx.sys . [7] 2010-11-20 . 8EF0D5C41EC907751B8429162B1239ED . 136192 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17514_none_d70f2c28b49dffae\browser.dll [7] 2010-11-20 . 8EF0D5C41EC907751B8429162B1239ED . 136192 . . [6.1.7600.16385] .. c:\windows\system32\browser.dll . [7] 2012-06-04 . 79C908CAA6F43021EB05F4C733A927D1 . 31232 . . [6.1.7601.22010] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe [7] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe [7] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe [7] 2011-11-17 . 0A10B74FBB437FF9A23F1D5DE4446A83 . 31232 . . [6.1.7601.21861] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe [7] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe [7] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\system32\lsass.exe . [7] 2009-07-14 . 847D3AE376C0817161A14A82C8922A9E . 360448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll [7] 2009-07-14 . 847D3AE376C0817161A14A82C8922A9E . 360448 . . [6.1.7600.16385] .. c:\windows\system32\netman.dll . [7] 2010-11-20 . 1EA7969E3271CBC59E1730697DC74682 . 849920 . . [7.5.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll [7] 2010-11-20 . 1EA7969E3271CBC59E1730697DC74682 . 849920 . . [7.5.7600.16385] .. c:\windows\system32\qmgr.dll . [7] 2010-11-20 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll [7] 2010-11-20 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll . [7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\system32\services.exe . [7] 2010-11-20 . B96C17B5DC1424D56EEA3A99E97428CD . 559104 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe [7] 2010-11-20 . B96C17B5DC1424D56EEA3A99E97428CD . 559104 . . [6.1.7600.16385] .. c:\windows\system32\spoolsv.exe . [7] 2010-11-20 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [7] 2010-11-20 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe . [7] 2012-06-02 . C1C03EA437EDDA8A7D4D8786E5AE6751 . 57880 . . [7.6.7600.256] .. c:\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.256_none_d5f513f25190f276\wuauclt.exe [7] 2010-11-20 . 7FBFAA84FE176D9AE932ABC585AB68D5 . 51200 . . [7.5.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuauclt.exe [7] 2012-06-02 . C1C03EA437EDDA8A7D4D8786E5AE6751 . 57880 . . [7.6.7600.256] .. c:\windows\system32\wuauclt.exe . [7] 2010-11-20 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_97c2246fee970dbb\comctl32.dll [7] 2010-11-20 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll [7] 2010-11-20 . 7FA8FDC2C2A27817FD0F624E78D3B50C . 2030080 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll [7] 2010-11-20 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\system32\comctl32.dll . [7] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_88a5cc7effe2dfca\comres.dll [7] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\system32\comres.dll . [7] 2012-04-24 . 4F5414602E2544A4554D95517948B705 . 184320 . . [6.1.7601.17827] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll [7] 2012-04-24 . B7337E9C9E5936355BB700AA33E0936E . 186880 . . [6.1.7601.21979] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll [7] 2010-11-20 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll [7] 2012-04-24 . 4F5414602E2544A4554D95517948B705 . 184320 . . [6.1.7600.16385] .. c:\windows\system32\cryptsvc.dll . [7] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll [7] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\system32\es.dll . [7] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_b84b0fbd941c03a9\imm32.dll [7] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\system32\imm32.dll . [7] 2010-11-20 . 2F8B1E3EE3545D3B5A8D56FA1AE07B65 . 800256 . . [1.0626.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_0b207e7d6f1bea6f\usp10.dll [7] 2010-11-20 . 2F8B1E3EE3545D3B5A8D56FA1AE07B65 . 800256 . . [1.0626.7601.17514] .. c:\windows\system32\usp10.dll . [7] 2011-07-16 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7601.17651] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_f1b5ac086d0e33d5\kernel32.dll [7] 2011-07-16 . 27AC02D8EE4C02E7648C41CB880151DA . 1163264 . . [6.1.7601.21772] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_f22aa945863b24d8\kernel32.dll [7] 2011-05-14 . 0E1B2E16235AA7F89F064EE75DFC905E . 1162752 . . [6.1.7601.17617] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_f1e6ed746ce85c1b\kernel32.dll [7] 2011-05-14 . 6743E8705A96FCBF71279B5AE2CCFDBC . 1163264 . . [6.1.7601.21728] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_f266ba9d860d312d\kernel32.dll [7] 2010-11-20 . 7A6326D96D53048FDEC542DF23D875A0 . 1161216 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll [7] 2011-07-16 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7600.16385] .. c:\windows\system32\kernel32.dll . [7] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_945a23c3bf051859\linkinfo.dll [7] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\system32\linkinfo.dll . [7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_07f91de77125e78d\lpk.dll [7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17537_none_07e67eed71336b74\lpk.dll [7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_07c20e01714f59eb\lpk.dll [7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21636_none_086f1b6e8a51f1e7\lpk.dll [7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_084cab168a6c130c\lpk.dll [7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\system32\lpk.dll . [7] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_0c2b375bae4a8d38\hnetcfg.dll [7] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\system32\hnetcfg.dll . [7] 2012-06-02 . 89C4B3BF66D3C2F3D83F9DEDF1B218D6 . 17807360 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16447_none_87d1b2c1f4d80db3\mshtml.dll [7] 2012-06-02 . 0C26F50D6C347CE294C84347E6FAEAA8 . 17807360 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20553_none_884c7e790e016412\mshtml.dll [7] 2012-05-18 . DE469470D93DEB4A1A81EDE72B848198 . 17807360 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16446_none_87d0b277f4d8f45c\mshtml.dll [7] 2012-05-18 . BE1E4779329040ED334651CD877C416D . 17807360 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20551_none_884a7de50e033164\mshtml.dll [7] 2012-02-28 . D785A16A6F03F76CB862F28C9F8C9672 . 17790976 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16443_none_87cdb199f4dba857\mshtml.dll [7] 2012-02-28 . 97BB8C752A400556A4FF2E1AAFA0A138 . 17790976 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20548_none_885c4fd70df4c6d4\mshtml.dll [7] 2011-12-14 . E61288581AD9E647ABEFB1489B250B5C . 17790464 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16441_none_87cbb105f4dd75a9\mshtml.dll [7] 2011-12-14 . 153963F44A26A7840ACDF52C2CD1B9DC . 17790464 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20546_none_885a4f430df69426\mshtml.dll [7] 2011-11-04 . 5770C4BA825C42D6EFD9486029747108 . 17786368 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20544_none_88584eaf0df86178\mshtml.dll [7] 2011-11-04 . E7BD23BEC69CF23436EEDE9B18DE186D . 17786368 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16440_none_87cab0bbf4de5c52\mshtml.dll [7] 2011-09-15 . B721EFCC393D76390A319A8A30B1B654 . 17782272 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16434_none_87d981cff4d2a5bd\mshtml.dll [7] 2011-09-01 . 02B4E6CCCA443568764281391635F5A4 . 17781760 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16437_none_87dc82adf4cff1c2\mshtml.dll [7] 2011-09-01 . 0254785C0A7715E478FE89540A992CB5 . 17781760 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20537_none_88661f790ded918c\mshtml.dll [7] 2011-05-28 . 6AD9DD5EEF68114AE3956236A61EBC08 . 9001984 . . [8.00.7601.17622] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17622_none_8c1690a8afd4e444\mshtml.dll [7] 2011-05-28 . 1452199CC181AA4FFC2AB8AF0BA7A99E . 9001984 . . [8.00.7601.21735] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21735_none_8c985e65c8f7ec04\mshtml.dll [7] 2011-01-07 . 688872E9CAFCC2758E7FE92A0622B4F9 . 8995328 . . [8.00.7601.17537] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17537_none_8c10c048afd881c1\mshtml.dll [7] 2011-01-07 . D0AFD5813136F0EAC80A048740553840 . 8995328 . . [8.00.7601.21636] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21636_none_8c995cc9c8f70834\mshtml.dll [7] 2010-11-20 . 1C8B787BAA52DEAD1A6FEC1502D652F0 . 8988160 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_8c235f42afcafdda\mshtml.dll [7] 2012-06-02 . 89C4B3BF66D3C2F3D83F9DEDF1B218D6 . 17807360 . . [9.00.8112.16421] .. c:\windows\system32\mshtml.dll . [7] 2011-12-16 . C391FC68282A000CDF953F8B6B55D2EF . 634880 . . [7.0.7601.17744] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_2f5acf97b59df60f\msvcrt.dll [7] 2011-12-16 . F9A4C695C86CC32048FE2C987A0BD387 . 634880 . . [7.0.7601.21878] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_2fc7fdc6ced04f08\msvcrt.dll [7] 2009-07-14 . 7319BB10FA1F86E49E3DCF4136F6C957 . 634880 . . [7.0.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_2d4a27c7b8972454\msvcrt.dll [7] 2011-12-16 . C391FC68282A000CDF953F8B6B55D2EF . 634880 . . [7.0.7601.17744] .. c:\windows\system32\msvcrt.dll . [7] 2010-11-20 . 1D5185A4C7E6695431AE4B55C3D7D333 . 326144 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll [7] 2010-11-20 . 1D5185A4C7E6695431AE4B55C3D7D333 . 326144 . . [6.1.7600.16385] .. c:\windows\system32\mswsock.dll . [7] 2010-11-20 . AA339DD8BB128EF66660DFBBB59043D3 . 695808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [7] 2010-11-20 . AA339DD8BB128EF66660DFBBB59043D3 . 695808 . . [6.1.7600.16385] .. c:\windows\system32\netlogon.dll . [7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_ff0e900816896618\powrprof.dll [7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\system32\powrprof.dll . [7] 2010-11-20 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll [7] 2010-11-20 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7600.16385] .. c:\windows\system32\scecli.dll . [7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_032ab4f375e2ac1f\sfc.dll [7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\system32\sfc.dll . [7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe [7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\system32\svchost.exe . . [7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll [7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll . [7] 2010-11-20 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe [7] 2010-11-20 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7600.16385] .. c:\windows\system32\userinit.exe . [7] 2012-06-02 . 5A45FA344F4AD99D903F4B20E43B89EC . 1392128 . . [9.00.8112.16447] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16447_none_767793a37481a47d\wininet.dll [7] 2012-06-02 . 571E809181EBF0A04FEFAA9BC9961F5B . 1392128 . . [9.00.8112.20553] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20553_none_76f25f5a8daafadc\wininet.dll [7] 2012-05-18 . 870ECFEBD41C7B8F9C6777748368D51F . 1392128 . . [9.00.8112.16446] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16446_none_7676935974828b26\wininet.dll [7] 2012-05-18 . BDC16D105BF011D4B1C3F09CF7A64314 . 1392128 . . [9.00.8112.20551] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20551_none_76f05ec68dacc82e\wininet.dll [7] 2012-02-28 . 228443FF3A1FB0B974D278F7C6403FAD . 1390080 . . [9.00.8112.16443] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16443_none_7673927b74853f21\wininet.dll [7] 2012-02-28 . B70CDC073F70E6D082A62AB5880D6B07 . 1390080 . . [9.00.8112.20548] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20548_none_770230b88d9e5d9e\wininet.dll [7] 2011-12-14 . B1AC85B6ADC005CF3F9EB4E28DFDCCE6 . 1390080 . . [9.00.8112.16441] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16441_none_767191e774870c73\wininet.dll [7] 2011-12-14 . C2FA4DBD6BB91D1AFD7D155120654AB9 . 1390080 . . [9.00.8112.20546] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20546_none_770030248da02af0\wininet.dll [7] 2011-11-04 . 244D45F786E33C169A93F70BA63BABF8 . 1390080 . . [9.00.8112.20544] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20544_none_76fe2f908da1f842\wininet.dll [7] 2011-11-04 . 69151E566295E5A977FE71FFAFD3B3F8 . 1390080 . . [9.00.8112.16440] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16440_none_7670919d7487f31c\wininet.dll [7] 2011-09-15 . 0732B49B250E306F7A6591029AF9885B . 1389056 . . [9.00.8112.16434] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16434_none_767f62b1747c3c87\wininet.dll [7] 2011-09-01 . 271E8FB1354AA205A214F280A6766E30 . 1389056 . . [9.00.8112.16437] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16437_none_7682638f7479888c\wininet.dll [7] 2011-09-01 . 1B2D2D8E611DE70CEB13F104D39814BA . 1389056 . . [9.00.8112.20537] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20537_none_770c005a8d972856\wininet.dll [7] 2011-04-22 . 2DCA688631F71722B0B5E57F526BB2EB . 1188864 . . [8.00.7601.17601] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17601_none_7ad111182f6f29d5\wininet.dll [7] 2011-04-22 . BC661E59AE2BC840C6D8165F170DE7DE . 1189376 . . [8.00.7601.21710] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21710_none_7b4eddad4895cc39\wininet.dll [7] 2010-11-20 . F6C5302E1F4813D552F41A0AC82455E5 . 1188864 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll [7] 2012-06-02 . 5A45FA344F4AD99D903F4B20E43B89EC . 1392128 . . [9.00.8112.16421] .. c:\windows\system32\wininet.dll . [7] 2010-11-20 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll [7] 2010-11-20 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7600.16385] .. c:\windows\system32\ws2_32.dll . [7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\ws2help.dll [7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\system32\ws2help.dll . [7] 2010-11-20 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_0a43accb08f0eac5\ole32.dll [7] 2010-11-20 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7600.16385] .. c:\windows\system32\ole32.dll . [7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll [7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\system32\cngaudit.dll . [7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\system32\wininit.exe . [7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe [7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\system32\ctfmon.exe . [7] 2010-11-20 . AAF932B4011D14052955D4B212A4DA8D . 370688 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_2b566299338d2123\shsvcs.dll [7] 2010-11-20 . AAF932B4011D14052955D4B212A4DA8D . 370688 . . [6.1.7600.16385] .. c:\windows\system32\shsvcs.dll . [7] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.1.7600.16385_none_e55af7609d2857a8\regsvc.dll [7] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\system32\regsvc.dll . [7] 2010-11-20 . 262F6592C3299C005FD6BEC90FC4463A . 1110016 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7601.17514_none_8d272400ada202f9\schedsvc.dll [7] 2010-11-20 . 262F6592C3299C005FD6BEC90FC4463A . 1110016 . . [6.1.7600.16385] .. c:\windows\system32\schedsvc.dll . [7] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-upnpssdp_31bf3856ad364e35_6.1.7600.16385_none_dbbe6492eae9505c\ssdpsrv.dll [7] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\system32\ssdpsrv.dll . [7] 2010-11-20 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll [7] 2010-11-20 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll . [7] 2012-05-04 . 2819BB6417B85D38169A4F151463A815 . 5559664 . . [6.1.7601.17835] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_ca41cd33cad1e557\ntoskrnl.exe [7] 2012-05-04 . 6A692DB27A943B463E97B749DD34F3DA . 5561200 . . [6.1.7601.21987] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_ca975af6e4164384\ntoskrnl.exe [7] 2012-03-31 . 03B5C6DBA5A770CEEFD1615E380C6BC3 . 5559664 . . [6.1.7601.17803] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_ca603c63cabb5ed6\ntoskrnl.exe [7] 2012-03-31 . 708A4C721CEE6B3845B5A54477D873CF . 5561200 . . [6.1.7601.21955] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_cab5ca26e3ffbd03\ntoskrnl.exe [7] 2012-03-06 . BAA66E360105F79B5948A2FDAF3AA8FE . 5559152 . . [6.1.7601.17790] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_c9fbea53cb071123\ntoskrnl.exe [7] 2012-03-06 . FCAB208AC0F7263A84EB627B1517E5AC . 5561200 . . [6.1.7601.21936] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_cacc6a48e3ee9e78\ntoskrnl.exe [7] 2011-11-19 . 1AFFF8D5352AECEF2ECD47FFA02D7F7D . 5559152 . . [6.1.7601.17727] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_ca4e9bcdcac7feed\ntoskrnl.exe [7] 2011-11-19 . 70A2D18E0B2A1ADBAE90008684E030AC . 5561200 . . [6.1.7601.21863] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_caa8f7c0e409a91f\ntoskrnl.exe [7] 2011-06-23 . 577841951E8BAD6EA8288106693CD39F . 5561216 . . [6.1.7601.17640] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_ca31f809cade8847\ntoskrnl.exe [7] 2011-06-23 . CE6AF5EC2DB1567B6297ADCB56B39B5D . 5561728 . . [6.1.7601.21755] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_cab5c65ae3ffc2b5\ntoskrnl.exe [7] 2011-04-09 . D60D9BCEAE5870A67E6C167F4681877B . 5562240 . . [6.1.7601.17592] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_c9fde71bcb054983\ntoskrnl.exe [7] 2011-04-09 . 99C2715F138E7ED2F489AB796DD3B53C . 5562240 . . [6.1.7601.21701] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_cae7d4cee3dad1a4\ntoskrnl.exe [7] 2010-11-20 . C6CEC3E6CC9842B73501C70AA64C00FE . 5563776 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9\ntoskrnl.exe [7] 2012-05-04 . 2819BB6417B85D38169A4F151463A815 . 5559664 . . [6.1.7601.17835] .. c:\windows\system32\ntoskrnl.exe . [7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_4627a1cbadebced2\ksuser.dll [7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\system32\ksuser.dll . [7] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\SysWOW64\comctl32.dll [7] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_3ba388ec36399c85\comctl32.dll [7] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll [7] 2010-11-20 . 352B3DC62A0D259A82A052238425C872 . 1680896 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll . [7] 2012-04-24 . 06E771AA596B8761107AB57E99F128D7 . 140288 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cryptsvc.dll [7] 2012-04-24 . 06E771AA596B8761107AB57E99F128D7 . 140288 . . [6.1.7601.17827] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll [7] 2012-04-24 . 21993009E0CCB9B4FA195F14D3408626 . 142336 . . [6.1.7601.21979] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll [7] 2010-11-20 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll . [7] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] .. c:\windows\SysWOW64\es.dll [7] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] .. c:\windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll . [7] 2010-11-20 . A6F09E5669D9A19035F6D942CAA15882 . 119808 . . [6.1.7601.17514] .. c:\windows\SysWOW64\imm32.dll [7] 2010-11-20 . A6F09E5669D9A19035F6D942CAA15882 . 119808 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7601.17514_none_c4d0cdd7c56b493e\imm32.dll . [7] 2011-07-16 . D3CB12854171DF61D117D7C2BF22C675 . 1114112 . . [6.1.7601.21772] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3\kernel32.dll [7] 2011-07-16 . 99C3F8E9CC59D95666EB8D8A8B4C2BEB . 1114112 . . [6.1.7600.16385] .. c:\windows\SysWOW64\kernel32.dll [7] 2011-07-16 . 99C3F8E9CC59D95666EB8D8A8B4C2BEB . 1114112 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_fc0a565aa16ef5d0\kernel32.dll [7] 2011-05-14 . CC5CBC069944E7EA70D8674478A70A37 . 837632 . . [6.1.7601.21728] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_fcbb64efba6df328\kernel32.dll [7] 2011-05-14 . 166116134C58DC36400DE59ACD64FB39 . 837632 . . [6.1.7601.17617] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_fc3b97c6a1491e16\kernel32.dll [7] 2010-11-20 . E80758CF485DB142FCA1EE03A34EAD05 . 837632 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll . [7] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] .. c:\windows\SysWOW64\linkinfo.dll [7] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_9eaece15f365da54\linkinfo.dll . [7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\SysWOW64\lpk.dll [7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_124dc839a586a988\lpk.dll [7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17537_none_123b293fa5942d6f\lpk.dll [7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_1216b853a5b01be6\lpk.dll [7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21636_none_12c3c5c0beb2b3e2\lpk.dll [7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_12a15568beccd507\lpk.dll . [7] 2012-06-02 . 6820A9E91AFF7CB3A510360D8CCD9BDD . 12314624 . . [9.00.8112.16421] .. c:\windows\SysWOW64\mshtml.dll [7] 2012-06-02 . 6820A9E91AFF7CB3A510360D8CCD9BDD . 12314624 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16447_none_92265d142938cfae\mshtml.dll [7] 2012-06-02 . 1ABF770552EA9D4FE90F654468FAF4CE . 12314624 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20553_none_92a128cb4262260d\mshtml.dll [7] 2012-05-17 . 9FB58F71104107D44540AF1195F7A14D . 12314624 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16446_none_92255cca2939b657\mshtml.dll [7] 2012-05-17 . 761D9111F5A2619CB5060661D36FBFFF . 12314624 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20551_none_929f28374263f35f\mshtml.dll [7] 2012-02-28 . F82BF2CB075B49E9FAB5FF213C45C020 . 12281856 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16443_none_92225bec293c6a52\mshtml.dll [7] 2012-02-28 . B9E083B14B1994F1255983F2DF31C7DF . 12281856 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20548_none_92b0fa29425588cf\mshtml.dll [7] 2011-12-14 . 497C9C3DB953A60EC4F43A097E15F75E . 12282368 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16441_none_92205b58293e37a4\mshtml.dll [7] 2011-12-14 . A29CFD4B9F6F2BBE06C8D64B6D07F1D4 . 12282368 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20546_none_92aef99542575621\mshtml.dll [7] 2011-11-03 . A21B983E40578D0E6CFA9864AC4E1219 . 12279808 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20544_none_92acf90142592373\mshtml.dll [7] 2011-11-03 . 66C0AEE61D1C5C35BF1B4642A153B114 . 12279808 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16440_none_921f5b0e293f1e4d\mshtml.dll [7] 2011-09-15 . E6D5C7E4AAC0C682169AA5021386EFF3 . 12273664 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16434_none_922e2c22293367b8\mshtml.dll [7] 2011-09-01 . 04E0CD31A63DFC0D73725A3D1768FB5A . 12275200 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16437_none_92312d002930b3bd\mshtml.dll [7] 2011-09-01 . 8C93AED0A332209434B62162D03C38C9 . 12275200 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20537_none_92bac9cb424e5387\mshtml.dll [7] 2011-05-28 . 0C32D9FF0FC163239C4B052FE6EFA8E7 . 5984768 . . [8.00.7601.21735] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21735_none_96ed08b7fd58adff\mshtml.dll [7] 2011-05-28 . F5B7C30075207A165FF2EED1FF89AB8D . 5984768 . . [8.00.7601.17622] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17622_none_966b3afae435a63f\mshtml.dll [7] 2011-01-07 . 1C6045D48179D15A843486D12BEC0EAF . 5980672 . . [8.00.7601.17537] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17537_none_96656a9ae43943bc\mshtml.dll [7] 2011-01-07 . 1011333570E1CECAE8FAC34C8D9461BC . 5980672 . . [8.00.7601.21636] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21636_none_96ee071bfd57ca2f\mshtml.dll [7] 2010-11-20 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_96780994e42bbfd5\mshtml.dll . [7] 2011-12-16 . 2F740C4B458331357E825E94AFB0953A . 690688 . . [7.0.7601.21878] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_d3a962431672ddd2\msvcrt.dll [7] 2011-12-16 . 9DC80A8AAAAAC397BDAB3C67165A824E . 690688 . . [7.0.7601.17744] .. c:\windows\SysWOW64\msvcrt.dll [7] 2011-12-16 . 9DC80A8AAAAAC397BDAB3C67165A824E . 690688 . . [7.0.7601.17744] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_d33c3413fd4084d9\msvcrt.dll [7] 2009-07-14 . E46D48A7FE961401F1CBF85531CDF05D . 690688 . . [7.0.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_d12b8c440039b31e\msvcrt.dll . [7] 2010-11-20 . 8999B8631C7FD9F7F9EC3CAFD953BA24 . 232448 . . [6.1.7600.16385] .. c:\windows\SysWOW64\mswsock.dll [7] 2010-11-20 . 8999B8631C7FD9F7F9EC3CAFD953BA24 . 232448 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll . [7] 2010-11-20 . C1809B9907ADEDAF16F50C894100883B . 563712 . . [6.1.7600.16385] .. c:\windows\SysWOW64\netlogon.dll [7] 2010-11-20 . C1809B9907ADEDAF16F50C894100883B . 563712 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll . [7] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] .. c:\windows\SysWOW64\powrprof.dll [7] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_a2eff4845e2bf4e2\powrprof.dll . [7] 2010-11-20 . 8124944EC89D6A1815E4E53F5B96AAF4 . 175616 . . [6.1.7600.16385] .. c:\windows\SysWOW64\scecli.dll [7] 2010-11-20 . 8124944EC89D6A1815E4E53F5B96AAF4 . 175616 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll . [7] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] .. c:\windows\SysWOW64\sfc.dll [7] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_a70c196fbd853ae9\sfc.dll . [7] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] .. c:\windows\SysWOW64\svchost.exe [7] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe . . [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll . [7] 2010-11-20 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7600.16385] .. c:\windows\SysWOW64\userinit.exe [7] 2010-11-20 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe . [7] 2012-06-02 . 8E87270C4704CF2951E1E7820D6C8A2B . 1129472 . . [9.00.8112.16421] .. c:\windows\SysWOW64\wininet.dll [7] 2012-06-02 . 8E87270C4704CF2951E1E7820D6C8A2B . 1129472 . . [9.00.8112.16447] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16447_none_1a58f81fbc243347\wininet.dll [7] 2012-06-02 . E430161A632F9A8FE512DE0CA5685559 . 1129472 . . [9.00.8112.20553] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20553_none_1ad3c3d6d54d89a6\wininet.dll [7] 2012-05-17 . 1C191A4F0960F21B5D58C8A65BAF5427 . 1129472 . . [9.00.8112.16446] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16446_none_1a57f7d5bc2519f0\wininet.dll [7] 2012-05-17 . 43BAC67996D8765A5F1B3A4EA6231E21 . 1129472 . . [9.00.8112.20551] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20551_none_1ad1c342d54f56f8\wininet.dll [7] 2012-02-28 . 44465367256D1C72B58F5ABAA19E7016 . 1127424 . . [9.00.8112.16443] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16443_none_1a54f6f7bc27cdeb\wininet.dll [7] 2012-02-28 . 11A34DCA08EB2A586246F2D6C2A81D58 . 1127424 . . [9.00.8112.20548] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20548_none_1ae39534d540ec68\wininet.dll [7] 2011-12-14 . 1D94FA7C81D2FFE494AF094619BA706F . 1127424 . . [9.00.8112.16441] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16441_none_1a52f663bc299b3d\wininet.dll [7] 2011-12-14 . 022A78194E2C7106F5AF9F2BC6AC8774 . 1127424 . . [9.00.8112.20546] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20546_none_1ae194a0d542b9ba\wininet.dll [7] 2011-11-03 . 32569DF2F9BEF05DD7D56E30590EDFD9 . 1127424 . . [9.00.8112.20544] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20544_none_1adf940cd544870c\wininet.dll [7] 2011-11-03 . 02F98B5C0E397AD06124D84428CF8F1A . 1127424 . . [9.00.8112.16440] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16440_none_1a51f619bc2a81e6\wininet.dll [7] 2011-09-15 . 2C7332C222D1FE1FC57D622699A8C001 . 1126912 . . [9.00.8112.16434] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16434_none_1a60c72dbc1ecb51\wininet.dll [7] 2011-09-01 . D3788D91530CFA005BD516189A4C676E . 1126912 . . [9.00.8112.16437] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16437_none_1a63c80bbc1c1756\wininet.dll [7] 2011-09-01 . C0FCEE8D760C70DB6EF858BB2262288E . 1126912 . . [9.00.8112.20537] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20537_none_1aed64d6d539b720\wininet.dll [7] 2011-04-22 . 7A11DB452989040AD8570A3DCE2E9DE2 . 981504 . . [8.00.7601.21710] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21710_none_1f30422990385b03\wininet.dll [7] 2011-04-22 . 2CA020EACDC6DDB2BEA89FEA02C90945 . 981504 . . [8.00.7601.17601] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17601_none_1eb275947711b89f\wininet.dll [7] 2010-11-20 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll . [7] 2010-11-20 . 7FF15A4F092CD4A96055BA69F903E3E9 . 206848 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ws2_32.dll [7] 2010-11-20 . 7FF15A4F092CD4A96055BA69F903E3E9 . 206848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll . [7] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ws2help.dll [7] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\ws2help.dll . [7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\explorer.exe [7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe . [7] 2009-07-14 . 2E2C937846A0B8789E5E91739284D17A . 427008 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [7] 2009-07-14 . 2E2C937846A0B8789E5E91739284D17A . 398336 . . [6.1.7600.16385] .. c:\windows\regedit.exe . [7] 2010-11-20 . 928CF7268086631F54C3D8E17238C6DD . 1414144 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ole32.dll [7] 2010-11-20 . 928CF7268086631F54C3D8E17238C6DD . 1414144 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_ae2511475093798f\ole32.dll . [7] 2010-11-20 . 804AAAFEBB3AD5F49334DD906BCB1DE5 . 626176 . . [1.0626.7601.17514] .. c:\windows\SysWOW64\usp10.dll [7] 2010-11-20 . 804AAAFEBB3AD5F49334DD906BCB1DE5 . 626176 . . [1.0626.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_af01e2f9b6be7939\usp10.dll . [7] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ksuser.dll [7] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_ea090647f58e5d9c\ksuser.dll . [7] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ctfmon.exe [7] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe . [7] 2010-11-20 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7600.16385] .. c:\windows\SysWOW64\shsvcs.dll [7] 2010-11-20 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_35ab0ceb67ede31e\shsvcs.dll . [7] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cngaudit.dll [7] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll . [7] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\SysWOW64\wininit.exe [7] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe . [7] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ias.dll [7] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7601.17514_none_fb08448fa0c85c23\ias.dll . [7] 2010-11-20 12:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6140] .. c:\windows\SysWOW64\mfc40u.dll [7] 2010-11-20 12:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6151] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\mfc40u.dll . [7] 2012-05-04 . 4A56DB06360F59130CAED69FA7526F0A . 3968368 . . [6.1.7601.17835] .. c:\windows\SysWOW64\ntkrnlpa.exe [7] 2012-05-04 . 4A56DB06360F59130CAED69FA7526F0A . 3968368 . . [6.1.7601.17835] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_6e2331b012747421\ntkrnlpa.exe [7] 2012-05-04 . AFF886D9D718D3747E5031816C0DA7D2 . 3971952 . . [6.1.7601.21987] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_6e78bf732bb8d24e\ntkrnlpa.exe [7] 2012-03-31 . 8F6D5704D7522AAB8B4B82C0D35D9184 . 3968368 . . [6.1.7601.17803] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntkrnlpa.exe [7] 2012-03-31 . 93358348D0B79812CAAA83A1377E4449 . 3971952 . . [6.1.7601.21955] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntkrnlpa.exe [7] 2012-03-06 . 43711ABF8AE553A7B5FFFF61E60C419D . 3968368 . . [6.1.7601.17790] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntkrnlpa.exe [7] 2012-03-06 . 07B026E7A2C873D09F0073141EE2099E . 3972464 . . [6.1.7601.21936] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntkrnlpa.exe [7] 2011-11-19 . 31C59B0CA08B1203E35D2BA19319279E . 3968368 . . [6.1.7601.17727] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntkrnlpa.exe [7] 2011-11-19 . 2EDA0DCCF5F00CDB91A9ECBE45CB0B3D . 3971440 . . [6.1.7601.21863] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntkrnlpa.exe [7] 2011-06-23 . 3624D782F8B061B6FBA3A35E2FE53CFD . 3967872 . . [6.1.7601.21755] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntkrnlpa.exe [7] 2011-06-23 . A4A8EF2ACE5FA5863AA0B04C9BBFECA7 . 3967872 . . [6.1.7601.17640] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntkrnlpa.exe [7] 2011-04-09 . 102A6182087B18C795664BCD22EB52E9 . 3967872 . . [6.1.7601.17592] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntkrnlpa.exe [7] 2011-04-09 . 9CF7F5D025183FA10E130445BC071B70 . 3967872 . . [6.1.7601.21701] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntkrnlpa.exe [7] 2010-11-20 . 144BD78C6103C8616DE047B3532142DB . 3966848 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntkrnlpa.exe . [7] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\SysWOW64\upnphost.dll [7] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_2831d06e8295c671\upnphost.dll . [7] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] .. c:\windows\SysWOW64\dsound.dll [7] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_5872147ba3367471\dsound.dll . [7] 2010-11-20 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514] .. c:\windows\SysWOW64\d3d9.dll [7] 2010-11-20 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_c454d690bf084f04\d3d9.dll . [7] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ddraw.dll [7] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_04dbf9102154d42e\ddraw.dll . [7] 2010-11-20 12:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] .. c:\windows\SysWOW64\olepro32.dll [7] 2010-11-20 12:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7601.17514_none_3c1b247e5ff65f89\olepro32.dll . [7] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] .. c:\windows\SysWOW64\perfctrs.dll [7] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_97bcd9bcab2b9b3a\perfctrs.dll . [7] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] .. c:\windows\SysWOW64\version.dll [7] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\version.dll . [7] 2012-06-02 . 34B01BBD8F00B6B9C9248DC4F1E3CD01 . 748664 . . [9.00.8112.16447] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_1799a6d1b4d51c66\iexplore.exe [7] 2012-06-02 . BE967C74B89577B78FB57C061E12B04C . 748664 . . [9.00.8112.20553] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_18147288cdfe72c5\iexplore.exe [7] 2012-05-17 . 0129BB16161C2FD9A6B19111AB047198 . 748664 . . [9.00.8112.16446] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_1798a687b4d6030f\iexplore.exe [7] 2012-05-17 . 268982F1FD671A077C6A2AF41E351436 . 748664 . . [9.00.8112.20551] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_181271f4ce004017\iexplore.exe [7] 2011-09-15 . 904E13BA41AF2E353A32CF351CA53639 . 748336 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe [7] 2010-11-20 . C613E69C3B191BB02C7A191741A1D024 . 673040 . . [8.00.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe . [7] 2012-05-04 . A37A39568C8EC9A17D1B7471445B81A8 . 3916656 . . [6.1.7601.21987] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_6e78bf732bb8d24e\ntoskrnl.exe [7] 2012-05-04 . 53483A0B2DE3617E832F1DBAF9620F39 . 3913072 . . [6.1.7601.17835] .. c:\windows\SysWOW64\ntoskrnl.exe [7] 2012-05-04 . 53483A0B2DE3617E832F1DBAF9620F39 . 3913072 . . [6.1.7601.17835] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_6e2331b012747421\ntoskrnl.exe [7] 2012-03-31 . 28F44480E411C3DDF04B63F6560E6EF4 . 3913072 . . [6.1.7601.17803] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntoskrnl.exe [7] 2012-03-31 . 2E02A17E8965AD671E4987E503AD38B1 . 3916656 . . [6.1.7601.21955] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntoskrnl.exe [7] 2012-03-06 . 53B4BDEA12A032EEC71E60B6BFF42F37 . 3913072 . . [6.1.7601.17790] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntoskrnl.exe [7] 2012-03-06 . 57B7DE30C4E65AD19CA13AC3065EE60B . 3916656 . . [6.1.7601.21936] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntoskrnl.exe [7] 2011-11-19 . F0F0E99A65F598A1A7720F5111C4DA8F . 3913584 . . [6.1.7601.17727] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntoskrnl.exe [7] 2011-11-19 . 00B12EA93ED392FBD09F07B63E926647 . 3916656 . . [6.1.7601.21863] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntoskrnl.exe [7] 2011-06-23 . 90EFDB506F6140EEA9DEE398D9449D86 . 3912576 . . [6.1.7601.21755] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntoskrnl.exe [7] 2011-06-23 . FB58ABD5E1F75A2CF713C9DFF0EC0804 . 3912576 . . [6.1.7601.17640] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntoskrnl.exe [7] 2011-04-09 . 5D21C487F79F8245E799071589E035BF . 3912576 . . [6.1.7601.17592] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntoskrnl.exe [7] 2011-04-09 . D385343510B75545EC5DB3A64C2D2492 . 3912576 . . [6.1.7601.21701] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntoskrnl.exe [7] 2010-11-20 . 2088D9994332583EDB3C561DE31EA5AD . 3911040 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe . [7] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] .. c:\windows\SysWOW64\midimap.dll [7] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_8cd41e2771e37717\midimap.dll . [7] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] .. c:\windows\SysWOW64\rasadhlp.dll [7] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_76239aafb364e805\rasadhlp.dll . [7] 2009-07-14 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7600.16385] .. c:\windows\SysWOW64\WSHTCPIP.DLL [7] 2009-07-14 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_cb895be592db1acb\WSHTCPIP.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-08-09 1176064] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2010-02-05 2408448] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNTQyNTU0NjQ3LVhPMTArMTItTElDKzItU1AxKzEtU1VQKzMtRkwxMCsxLVNQMVMyKzEtU1AxUzMrMS1ERFQrNTY1MTItREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFUKzEtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCTisx∏=90&ver=10.0.1416" [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 136176] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-02 51600] R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-12-05 87888] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 136176] R3 MGHwCtrl;MGHwCtrl;c:\program files\msi\msi Software Install\MGHwCtrl.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-17 1255736] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-05-10 158976] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-08-08 317440] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-08-18 c:\windows\Tasks\GIMP Update Checker.job - c:\program files (x86)\GIMP\GIMPUpdateChecker.exe [2011-06-02 21:38] . 2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 02:57] . 2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-23 02:57] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-08 11465832] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2012-08-08 1833576] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://search.babylon.com/?affID=111385&babsrc=HP_ss&mntrId=c6dc987d000000000000485d60618af9 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file) BHO-{BE861541-7376-4545-967B-20DA8431C8CE} - c:\programdata\TheBflix\bhoclass.dll Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Google Chrome - c:\program files (x86)\Google\Chrome\Application\20.0.1132.57\Installer\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1847439074-2509161730-2765944069-1000\Software\SecuROM\License information*] "datasecu"=hex:ae,b5,c5,71,f3,95,f8,58,5c,ac,31,ab,1f,85,e0,4b,9b,35,71,de,b2, 35,24,96,0a,f9,ab,ff,72,28,c8,e3,83,07,c9,cf,ab,e4,fb,aa,63,82,36,4d,a5,ad,\ "rkeysecu"=hex:8f,ab,8b,41,54,e8,74,ea,67,c4,e2,d8,37,c0,e7,1f . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe c:\program files (x86)\TeamViewer\Version7\tv_w32.exe c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac . ************************************************************************** . Completion time: 2012-08-17 22:09:40 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-18 02:09 . Pre-Run: 46,180,532,224 bytes free Post-Run: 45,998,645,248 bytes free . - - End Of File - - 945601FF7CE4D0BEA9042EF0FD220B0F -
MalwareBytes Won't Run in Safe Mode (DDS Report Included)
Lapys replied to Lapys's topic in Resolved Malware Removal Logs
Unfortunately, more than one scan of TDSSKiller was run, but here is the most recent one. Here is the TDSSKiller report: 15:00:28.0086 1864 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05 15:00:28.0102 1864 ============================================================ 15:00:28.0102 1864 Current date / time: 2012/08/16 15:00:28.0102 15:00:28.0102 1864 SystemInfo: 15:00:28.0102 1864 15:00:28.0102 1864 OS Version: 6.1.7601 ServicePack: 1.0 15:00:28.0102 1864 Product type: Workstation 15:00:28.0102 1864 ComputerName: KRISTEN-MSI 15:00:28.0102 1864 UserName: Kristen 15:00:28.0102 1864 Windows directory: C:\windows 15:00:28.0102 1864 System windows directory: C:\windows 15:00:28.0102 1864 Running under WOW64 15:00:28.0102 1864 Processor architecture: Intel x64 15:00:28.0102 1864 Number of processors: 2 15:00:28.0102 1864 Page size: 0x1000 15:00:28.0102 1864 Boot type: Safe boot with network 15:00:28.0102 1864 ============================================================ 15:00:28.0757 1864 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:00:28.0757 1864 ============================================================ 15:00:28.0757 1864 \Device\Harddisk0\DR0: 15:00:28.0757 1864 MBR partitions: 15:00:28.0757 1864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x15997000 15:00:28.0757 1864 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x171C9800, BlocksNum 0xE264800 15:00:28.0757 1864 ============================================================ 15:00:28.0788 1864 C: <-> \Device\Harddisk0\DR0\Partition1 15:00:28.0820 1864 D: <-> \Device\Harddisk0\DR0\Partition2 15:00:28.0820 1864 ============================================================ 15:00:28.0820 1864 Initialize success 15:00:28.0820 1864 ============================================================ 15:00:30.0489 1904 ============================================================ 15:00:30.0489 1904 Scan started 15:00:30.0489 1904 Mode: Manual; 15:00:30.0489 1904 ============================================================ 15:00:30.0598 1904 ================ Scan services ============================= 15:00:30.0770 1904 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys 15:00:30.0770 1904 1394ohci - ok 15:00:30.0848 1904 [ adc420616c501b45d26c0fd3ef1e54e4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 15:00:30.0863 1904 ACDaemon - ok 15:00:30.0926 1904 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\windows\system32\drivers\ACPI.sys 15:00:30.0926 1904 ACPI - ok 15:00:30.0988 1904 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys 15:00:30.0988 1904 AcpiPmi - ok 15:00:31.0066 1904 [ 8b46d5a1d3ef08232c04d0eafb871fb2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe 15:00:31.0082 1904 Adobe LM Service - ok 15:00:31.0144 1904 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys 15:00:31.0160 1904 adp94xx - ok 15:00:31.0191 1904 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys 15:00:31.0191 1904 adpahci - ok 15:00:31.0222 1904 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys 15:00:31.0222 1904 adpu320 - ok 15:00:31.0253 1904 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll 15:00:31.0269 1904 AeLookupSvc - ok 15:00:31.0331 1904 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\windows\system32\drivers\afd.sys 15:00:31.0331 1904 AFD - ok 15:00:31.0378 1904 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\windows\system32\drivers\agp440.sys 15:00:31.0394 1904 agp440 - ok 15:00:31.0425 1904 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\windows\System32\alg.exe 15:00:31.0425 1904 ALG - ok 15:00:31.0472 1904 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\windows\system32\drivers\aliide.sys 15:00:31.0487 1904 aliide - ok 15:00:31.0487 1904 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\windows\system32\drivers\amdide.sys 15:00:31.0487 1904 amdide - ok 15:00:31.0534 1904 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys 15:00:31.0534 1904 AmdK8 - ok 15:00:31.0550 1904 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys 15:00:31.0550 1904 AmdPPM - ok 15:00:31.0612 1904 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\windows\system32\drivers\amdsata.sys 15:00:31.0612 1904 amdsata - ok 15:00:31.0643 1904 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys 15:00:31.0643 1904 amdsbs - ok 15:00:31.0675 1904 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\windows\system32\drivers\amdxata.sys 15:00:31.0675 1904 amdxata - ok 15:00:31.0706 1904 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\windows\system32\drivers\appid.sys 15:00:31.0706 1904 AppID - ok 15:00:31.0768 1904 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\windows\System32\appidsvc.dll 15:00:31.0768 1904 AppIDSvc - ok 15:00:31.0815 1904 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\windows\System32\appinfo.dll 15:00:31.0815 1904 Appinfo - ok 15:00:31.0893 1904 [ 3debbecf665dcdde3a95d9b902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 15:00:31.0893 1904 Apple Mobile Device - ok 15:00:31.0940 1904 [ c484f8ceb1717c540242531db7845c4e ] arc C:\windows\system32\DRIVERS\arc.sys 15:00:31.0940 1904 arc - ok 15:00:31.0971 1904 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\windows\system32\DRIVERS\arcsas.sys 15:00:31.0971 1904 arcsas - ok 15:00:32.0002 1904 [ c130bc4a51b1382b2be8e44579ec4c0a ] ArcSoftKsUFilter C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys 15:00:32.0018 1904 ArcSoftKsUFilter - ok 15:00:32.0049 1904 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys 15:00:32.0049 1904 AsyncMac - ok 15:00:32.0080 1904 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\windows\system32\drivers\atapi.sys 15:00:32.0080 1904 atapi - ok 15:00:32.0205 1904 [ 481cc0e01a941ba4dd0d949c1d47b417 ] athr C:\windows\system32\DRIVERS\athrx.sys 15:00:32.0283 1904 athr - ok 15:00:32.0345 1904 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll 15:00:32.0361 1904 AudioEndpointBuilder - ok 15:00:32.0377 1904 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\windows\System32\Audiosrv.dll 15:00:32.0377 1904 AudioSrv - ok 15:00:32.0439 1904 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\windows\System32\AxInstSV.dll 15:00:32.0439 1904 AxInstSV - ok 15:00:32.0501 1904 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys 15:00:32.0501 1904 b06bdrv - ok 15:00:32.0564 1904 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys 15:00:32.0564 1904 b57nd60a - ok 15:00:32.0626 1904 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\windows\System32\bdesvc.dll 15:00:32.0626 1904 BDESVC - ok 15:00:32.0642 1904 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\windows\system32\drivers\Beep.sys 15:00:32.0642 1904 Beep - ok 15:00:32.0704 1904 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\windows\System32\bfe.dll 15:00:32.0720 1904 BFE - ok 15:00:32.0782 1904 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\windows\System32\qmgr.dll 15:00:32.0798 1904 BITS - ok 15:00:32.0845 1904 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys 15:00:32.0845 1904 blbdrive - ok 15:00:32.0954 1904 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 15:00:32.0954 1904 Bonjour Service - ok 15:00:32.0985 1904 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\windows\system32\DRIVERS\bowser.sys 15:00:32.0985 1904 bowser - ok 15:00:33.0016 1904 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys 15:00:33.0016 1904 BrFiltLo - ok 15:00:33.0032 1904 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys 15:00:33.0032 1904 BrFiltUp - ok 15:00:33.0079 1904 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\windows\System32\browser.dll 15:00:33.0079 1904 Browser - ok 15:00:33.0125 1904 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\windows\System32\Drivers\Brserid.sys 15:00:33.0125 1904 Brserid - ok 15:00:33.0172 1904 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys 15:00:33.0172 1904 BrSerWdm - ok 15:00:33.0172 1904 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys 15:00:33.0172 1904 BrUsbMdm - ok 15:00:33.0172 1904 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys 15:00:33.0172 1904 BrUsbSer - ok 15:00:33.0188 1904 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys 15:00:33.0188 1904 BTHMODEM - ok 15:00:33.0235 1904 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\windows\system32\bthserv.dll 15:00:33.0235 1904 bthserv - ok 15:00:33.0281 1904 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\windows\system32\DRIVERS\cdfs.sys 15:00:33.0281 1904 cdfs - ok 15:00:33.0344 1904 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys 15:00:33.0344 1904 cdrom - ok 15:00:33.0391 1904 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\windows\System32\certprop.dll 15:00:33.0391 1904 CertPropSvc - ok 15:00:33.0422 1904 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\windows\system32\DRIVERS\circlass.sys 15:00:33.0422 1904 circlass - ok 15:00:33.0453 1904 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\windows\system32\CLFS.sys 15:00:33.0453 1904 CLFS - ok 15:00:33.0531 1904 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:00:33.0547 1904 clr_optimization_v2.0.50727_32 - ok 15:00:33.0578 1904 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 15:00:33.0593 1904 clr_optimization_v2.0.50727_64 - ok 15:00:33.0671 1904 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:00:33.0703 1904 clr_optimization_v4.0.30319_32 - ok 15:00:33.0734 1904 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 15:00:33.0765 1904 clr_optimization_v4.0.30319_64 - ok 15:00:33.0796 1904 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys 15:00:33.0796 1904 CmBatt - ok 15:00:33.0812 1904 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\windows\system32\drivers\cmdide.sys 15:00:33.0812 1904 cmdide - ok 15:00:33.0874 1904 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\windows\system32\Drivers\cng.sys 15:00:33.0874 1904 CNG - ok 15:00:33.0890 1904 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys 15:00:33.0890 1904 Compbatt - ok 15:00:33.0937 1904 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys 15:00:33.0937 1904 CompositeBus - ok 15:00:33.0968 1904 COMSysApp - ok 15:00:33.0983 1904 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys 15:00:33.0983 1904 crcdisk - ok 15:00:34.0030 1904 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\windows\system32\cryptsvc.dll 15:00:34.0046 1904 CryptSvc - ok 15:00:34.0077 1904 [ 76e02db615a03801d698199a2bc4a06a ] dc3d C:\windows\system32\DRIVERS\dc3d.sys 15:00:34.0077 1904 dc3d - ok 15:00:34.0124 1904 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\windows\system32\rpcss.dll 15:00:34.0124 1904 DcomLaunch - ok 15:00:34.0155 1904 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\windows\System32\defragsvc.dll 15:00:34.0171 1904 defragsvc - ok 15:00:34.0233 1904 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\windows\system32\Drivers\dfsc.sys 15:00:34.0233 1904 DfsC - ok 15:00:34.0280 1904 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\windows\system32\dhcpcore.dll 15:00:34.0280 1904 Dhcp - ok 15:00:34.0342 1904 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\windows\system32\drivers\discache.sys 15:00:34.0342 1904 discache - ok 15:00:34.0373 1904 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\windows\system32\DRIVERS\disk.sys 15:00:34.0373 1904 Disk - ok 15:00:34.0420 1904 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\windows\System32\dnsrslvr.dll 15:00:34.0420 1904 Dnscache - ok 15:00:34.0467 1904 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\windows\System32\dot3svc.dll 15:00:34.0467 1904 dot3svc - ok 15:00:34.0545 1904 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\windows\system32\dps.dll 15:00:34.0545 1904 DPS - ok 15:00:34.0576 1904 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys 15:00:34.0576 1904 drmkaud - ok 15:00:34.0623 1904 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys 15:00:34.0639 1904 DXGKrnl - ok 15:00:34.0701 1904 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\windows\System32\eapsvc.dll 15:00:34.0701 1904 EapHost - ok 15:00:34.0810 1904 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\windows\system32\DRIVERS\evbda.sys 15:00:34.0888 1904 ebdrv - ok 15:00:34.0935 1904 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\windows\System32\lsass.exe 15:00:34.0935 1904 EFS - ok 15:00:34.0982 1904 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\windows\ehome\ehRecvr.exe 15:00:34.0997 1904 ehRecvr - ok 15:00:35.0044 1904 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\windows\ehome\ehsched.exe 15:00:35.0060 1904 ehSched - ok 15:00:35.0107 1904 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys 15:00:35.0122 1904 elxstor - ok 15:00:35.0153 1904 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\windows\system32\drivers\errdev.sys 15:00:35.0153 1904 ErrDev - ok 15:00:35.0231 1904 [ 89d11159b361dd1eac5dd4e9895c04a4 ] EUCR C:\windows\system32\DRIVERS\EUCR6SK.SYS 15:00:35.0231 1904 EUCR - ok 15:00:35.0278 1904 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\windows\system32\es.dll 15:00:35.0294 1904 EventSystem - ok 15:00:35.0341 1904 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\windows\system32\drivers\exfat.sys 15:00:35.0341 1904 exfat - ok 15:00:35.0356 1904 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\windows\system32\drivers\fastfat.sys 15:00:35.0356 1904 fastfat - ok 15:00:35.0419 1904 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\windows\system32\fxssvc.exe 15:00:35.0434 1904 Fax - ok 15:00:35.0450 1904 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\windows\system32\DRIVERS\fdc.sys 15:00:35.0450 1904 fdc - ok 15:00:35.0481 1904 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\windows\system32\fdPHost.dll 15:00:35.0481 1904 fdPHost - ok 15:00:35.0481 1904 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\windows\system32\fdrespub.dll 15:00:35.0481 1904 FDResPub - ok 15:00:35.0543 1904 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys 15:00:35.0543 1904 FileInfo - ok 15:00:35.0559 1904 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\windows\system32\drivers\filetrace.sys 15:00:35.0559 1904 Filetrace - ok 15:00:35.0575 1904 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys 15:00:35.0575 1904 flpydisk - ok 15:00:35.0637 1904 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys 15:00:35.0637 1904 FltMgr - ok 15:00:35.0684 1904 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\windows\system32\FntCache.dll 15:00:35.0715 1904 FontCache - ok 15:00:35.0762 1904 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 15:00:35.0762 1904 FontCache3.0.0.0 - ok 15:00:35.0777 1904 [ d43703496149971890703b4b1b723eac ] FsDepends C:\windows\system32\drivers\FsDepends.sys 15:00:35.0793 1904 FsDepends - ok 15:00:35.0809 1904 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys 15:00:35.0809 1904 Fs_Rec - ok 15:00:35.0855 1904 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\windows\system32\DRIVERS\fvevol.sys 15:00:35.0855 1904 fvevol - ok 15:00:35.0871 1904 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys 15:00:35.0887 1904 gagp30kx - ok 15:00:35.0918 1904 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys 15:00:35.0918 1904 GEARAspiWDM - ok 15:00:35.0980 1904 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\windows\System32\gpsvc.dll 15:00:35.0996 1904 gpsvc - ok 15:00:36.0105 1904 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:00:36.0105 1904 gupdate - ok 15:00:36.0152 1904 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:00:36.0152 1904 gupdatem - ok 15:00:36.0183 1904 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys 15:00:36.0199 1904 hcw85cir - ok 15:00:36.0230 1904 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys 15:00:36.0230 1904 HdAudAddService - ok 15:00:36.0261 1904 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys 15:00:36.0261 1904 HDAudBus - ok 15:00:36.0323 1904 [ b6ac71aaa2b10848f57fc49d55a651af ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys 15:00:36.0323 1904 HECIx64 - ok 15:00:36.0339 1904 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys 15:00:36.0339 1904 HidBatt - ok 15:00:36.0339 1904 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys 15:00:36.0355 1904 HidBth - ok 15:00:36.0355 1904 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys 15:00:36.0355 1904 HidIr - ok 15:00:36.0370 1904 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\windows\system32\hidserv.dll 15:00:36.0386 1904 hidserv - ok 15:00:36.0417 1904 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys 15:00:36.0433 1904 HidUsb - ok 15:00:36.0448 1904 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\windows\system32\kmsvc.dll 15:00:36.0464 1904 hkmsvc - ok 15:00:36.0511 1904 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\windows\system32\ListSvc.dll 15:00:36.0511 1904 HomeGroupListener - ok 15:00:36.0542 1904 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\windows\system32\provsvc.dll 15:00:36.0542 1904 HomeGroupProvider - ok 15:00:36.0557 1904 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys 15:00:36.0557 1904 HpSAMD - ok 15:00:36.0620 1904 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\windows\system32\drivers\HTTP.sys 15:00:36.0620 1904 HTTP - ok 15:00:36.0651 1904 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys 15:00:36.0651 1904 hwpolicy - ok 15:00:36.0713 1904 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys 15:00:36.0713 1904 i8042prt - ok 15:00:36.0791 1904 [ abbf174cb394f5c437410a788b7e404a ] iaStor C:\windows\system32\DRIVERS\iaStor.sys 15:00:36.0791 1904 iaStor - ok 15:00:36.0885 1904 [ 31a0e93cdf29007d6c6fffb632f375ed ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 15:00:36.0885 1904 IAStorDataMgrSvc - ok 15:00:36.0932 1904 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys 15:00:36.0932 1904 iaStorV - ok 15:00:37.0010 1904 [ 6f95324909b502e2651442c1548ab12f ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 15:00:37.0010 1904 IDriverT - ok 15:00:37.0088 1904 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 15:00:37.0119 1904 idsvc - ok 15:00:37.0415 1904 [ f4f91789c7c7a159ce8215c1f69f2a85 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys 15:00:37.0696 1904 igfx - ok 15:00:37.0743 1904 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys 15:00:37.0743 1904 iirsp - ok 15:00:37.0790 1904 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\windows\System32\ikeext.dll 15:00:37.0805 1904 IKEEXT - ok 15:00:37.0821 1904 [ dd587a55390ed2295bce6d36ad567da9 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys 15:00:37.0837 1904 Impcd - ok 15:00:37.0930 1904 [ 3c4b4ee54febb09f7e9f58776de96dca ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys 15:00:37.0977 1904 IntcAzAudAddService - ok 15:00:38.0024 1904 [ fc727061c0f47c8059e88e05d5c8e381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys 15:00:38.0024 1904 IntcDAud - ok 15:00:38.0055 1904 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\windows\system32\drivers\intelide.sys 15:00:38.0055 1904 intelide - ok 15:00:38.0086 1904 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys 15:00:38.0086 1904 intelppm - ok 15:00:38.0133 1904 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\windows\system32\ipbusenum.dll 15:00:38.0133 1904 IPBusEnum - ok 15:00:38.0180 1904 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys 15:00:38.0180 1904 IpFilterDriver - ok 15:00:38.0211 1904 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll 15:00:38.0227 1904 iphlpsvc - ok 15:00:38.0242 1904 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys 15:00:38.0242 1904 IPMIDRV - ok 15:00:38.0273 1904 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\windows\system32\drivers\ipnat.sys 15:00:38.0273 1904 IPNAT - ok 15:00:38.0351 1904 [ ee4c2a137c7088911a8919effc9812e7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 15:00:38.0414 1904 iPod Service - ok 15:00:38.0429 1904 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\windows\system32\drivers\irenum.sys 15:00:38.0429 1904 IRENUM - ok 15:00:38.0476 1904 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\windows\system32\drivers\isapnp.sys 15:00:38.0476 1904 isapnp - ok 15:00:38.0507 1904 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys 15:00:38.0507 1904 iScsiPrt - ok 15:00:38.0554 1904 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys 15:00:38.0554 1904 kbdclass - ok 15:00:38.0601 1904 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys 15:00:38.0601 1904 kbdhid - ok 15:00:38.0632 1904 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\windows\system32\lsass.exe 15:00:38.0632 1904 KeyIso - ok 15:00:38.0663 1904 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys 15:00:38.0663 1904 KSecDD - ok 15:00:38.0663 1904 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys 15:00:38.0679 1904 KSecPkg - ok 15:00:38.0695 1904 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys 15:00:38.0710 1904 ksthunk - ok 15:00:38.0726 1904 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\windows\system32\msdtckrm.dll 15:00:38.0726 1904 KtmRm - ok 15:00:38.0788 1904 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\windows\system32\srvsvc.dll 15:00:38.0788 1904 LanmanServer - ok 15:00:38.0835 1904 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\windows\System32\wkssvc.dll 15:00:38.0835 1904 LanmanWorkstation - ok 15:00:38.0866 1904 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys 15:00:38.0866 1904 lltdio - ok 15:00:38.0897 1904 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\windows\System32\lltdsvc.dll 15:00:38.0913 1904 lltdsvc - ok 15:00:38.0944 1904 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\windows\System32\lmhsvc.dll 15:00:38.0944 1904 lmhosts - ok 15:00:39.0007 1904 [ 7485fbcef9136f530953575e2977859d ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 15:00:39.0007 1904 LMS - ok 15:00:39.0038 1904 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys 15:00:39.0038 1904 LSI_FC - ok 15:00:39.0085 1904 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys 15:00:39.0085 1904 LSI_SAS - ok 15:00:39.0116 1904 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys 15:00:39.0116 1904 LSI_SAS2 - ok 15:00:39.0147 1904 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys 15:00:39.0147 1904 LSI_SCSI - ok 15:00:39.0178 1904 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\windows\system32\drivers\luafv.sys 15:00:39.0178 1904 luafv - ok 15:00:39.0225 1904 [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector C:\windows\system32\drivers\mbam.sys 15:00:39.0225 1904 MBAMProtector - ok 15:00:39.0334 1904 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 15:00:39.0350 1904 MBAMService - ok 15:00:39.0397 1904 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll 15:00:39.0397 1904 Mcx2Svc - ok 15:00:39.0428 1904 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\windows\system32\DRIVERS\megasas.sys 15:00:39.0443 1904 megasas - ok 15:00:39.0475 1904 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys 15:00:39.0475 1904 MegaSR - ok 15:00:39.0521 1904 MGHwCtrl - ok 15:00:39.0584 1904 [ 71c6748ee8de938532057ef10b4b7e44 ] Micro Star SCM C:\Program Files (x86)\System Control Manager\MSIService.exe 15:00:39.0584 1904 Micro Star SCM - ok 15:00:39.0662 1904 [ 123271bd5237ab991dc5c21fdf8835eb ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 15:00:39.0662 1904 Microsoft Office Groove Audit Service - ok 15:00:39.0693 1904 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\windows\system32\mmcss.dll 15:00:39.0693 1904 MMCSS - ok 15:00:39.0709 1904 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\windows\system32\drivers\modem.sys 15:00:39.0709 1904 Modem - ok 15:00:39.0755 1904 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\windows\system32\DRIVERS\monitor.sys 15:00:39.0755 1904 monitor - ok 15:00:39.0787 1904 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\windows\system32\drivers\mouclass.sys 15:00:39.0787 1904 mouclass - ok 15:00:39.0802 1904 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys 15:00:39.0818 1904 mouhid - ok 15:00:39.0849 1904 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\windows\system32\drivers\mountmgr.sys 15:00:39.0849 1904 mountmgr - ok 15:00:39.0896 1904 [ 94c66ededcdb6a126880472f9a704d8e ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys 15:00:39.0911 1904 MpFilter - ok 15:00:39.0943 1904 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\windows\system32\drivers\mpio.sys 15:00:39.0943 1904 mpio - ok 15:00:39.0958 1904 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys 15:00:39.0958 1904 mpsdrv - ok 15:00:40.0005 1904 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\windows\system32\mpssvc.dll 15:00:40.0036 1904 MpsSvc - ok 15:00:40.0083 1904 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys 15:00:40.0083 1904 MRxDAV - ok 15:00:40.0114 1904 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys 15:00:40.0114 1904 mrxsmb - ok 15:00:40.0161 1904 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys 15:00:40.0161 1904 mrxsmb10 - ok 15:00:40.0177 1904 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys 15:00:40.0177 1904 mrxsmb20 - ok 15:00:40.0223 1904 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\windows\system32\drivers\msahci.sys 15:00:40.0223 1904 msahci - ok 15:00:40.0239 1904 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\windows\system32\drivers\msdsm.sys 15:00:40.0239 1904 msdsm - ok 15:00:40.0270 1904 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\windows\System32\msdtc.exe 15:00:40.0286 1904 MSDTC - ok 15:00:40.0317 1904 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\windows\system32\drivers\Msfs.sys 15:00:40.0317 1904 Msfs - ok 15:00:40.0348 1904 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys 15:00:40.0364 1904 mshidkmdf - ok 15:00:40.0395 1904 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\windows\system32\drivers\msisadrv.sys 15:00:40.0395 1904 msisadrv - ok 15:00:40.0411 1904 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\windows\system32\iscsiexe.dll 15:00:40.0426 1904 MSiSCSI - ok 15:00:40.0442 1904 msiserver - ok 15:00:40.0457 1904 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys 15:00:40.0457 1904 MSKSSRV - ok 15:00:40.0567 1904 [ 59faaf2c83c8169ea20f9e335e418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe 15:00:40.0567 1904 MsMpSvc - ok 15:00:40.0582 1904 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys 15:00:40.0582 1904 MSPCLOCK - ok 15:00:40.0582 1904 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys 15:00:40.0582 1904 MSPQM - ok 15:00:40.0629 1904 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\windows\system32\drivers\MsRPC.sys 15:00:40.0629 1904 MsRPC - ok 15:00:40.0660 1904 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys 15:00:40.0660 1904 mssmbios - ok 15:00:40.0676 1904 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys 15:00:40.0676 1904 MSTEE - ok 15:00:40.0691 1904 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys 15:00:40.0691 1904 MTConfig - ok 15:00:40.0723 1904 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\windows\system32\Drivers\mup.sys 15:00:40.0723 1904 Mup - ok 15:00:40.0769 1904 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\windows\system32\qagentRT.dll 15:00:40.0785 1904 napagent - ok 15:00:40.0832 1904 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys 15:00:40.0832 1904 NativeWifiP - ok 15:00:40.0894 1904 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\windows\system32\drivers\ndis.sys 15:00:40.0910 1904 NDIS - ok 15:00:40.0941 1904 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys 15:00:40.0941 1904 NdisCap - ok 15:00:40.0972 1904 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys 15:00:40.0972 1904 NdisTapi - ok 15:00:41.0019 1904 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys 15:00:41.0019 1904 Ndisuio - ok 15:00:41.0050 1904 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys 15:00:41.0050 1904 NdisWan - ok 15:00:41.0097 1904 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys 15:00:41.0097 1904 NDProxy - ok 15:00:41.0113 1904 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys 15:00:41.0113 1904 NetBIOS - ok 15:00:41.0159 1904 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys 15:00:41.0175 1904 NetBT - ok 15:00:41.0175 1904 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\windows\system32\lsass.exe 15:00:41.0175 1904 Netlogon - ok 15:00:41.0206 1904 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\windows\System32\netman.dll 15:00:41.0206 1904 Netman - ok 15:00:41.0237 1904 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\windows\System32\netprofm.dll 15:00:41.0237 1904 netprofm - ok 15:00:41.0284 1904 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:00:41.0284 1904 NetTcpPortSharing - ok 15:00:41.0315 1904 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys 15:00:41.0315 1904 nfrd960 - ok 15:00:41.0362 1904 [ 91b4e0273d2f6c24ef845f2b41311289 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys 15:00:41.0362 1904 NisDrv - ok 15:00:41.0425 1904 [ 10a43829a9e606af3eef25a1c1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe 15:00:41.0425 1904 NisSrv - ok 15:00:41.0471 1904 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\windows\System32\nlasvc.dll 15:00:41.0471 1904 NlaSvc - ok 15:00:41.0503 1904 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\windows\system32\drivers\Npfs.sys 15:00:41.0503 1904 Npfs - ok 15:00:41.0534 1904 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\windows\system32\nsisvc.dll 15:00:41.0534 1904 nsi - ok 15:00:41.0565 1904 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys 15:00:41.0565 1904 nsiproxy - ok 15:00:41.0627 1904 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys 15:00:41.0674 1904 Ntfs - ok 15:00:41.0690 1904 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\windows\system32\drivers\Null.sys 15:00:41.0690 1904 Null - ok 15:00:41.0705 1904 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\windows\system32\drivers\nvraid.sys 15:00:41.0721 1904 nvraid - ok 15:00:41.0768 1904 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\windows\system32\drivers\nvstor.sys 15:00:41.0768 1904 nvstor - ok 15:00:41.0799 1904 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys 15:00:41.0799 1904 nv_agp - ok 15:00:41.0861 1904 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 15:00:41.0877 1904 odserv - ok 15:00:41.0908 1904 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys 15:00:41.0908 1904 ohci1394 - ok 15:00:41.0955 1904 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:00:41.0955 1904 ose - ok 15:00:42.0002 1904 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\windows\system32\pnrpsvc.dll 15:00:42.0002 1904 p2pimsvc - ok 15:00:42.0017 1904 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\windows\system32\p2psvc.dll 15:00:42.0033 1904 p2psvc - ok 15:00:42.0064 1904 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\windows\system32\DRIVERS\parport.sys 15:00:42.0080 1904 Parport - ok 15:00:42.0111 1904 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\windows\system32\drivers\partmgr.sys 15:00:42.0111 1904 partmgr - ok 15:00:42.0142 1904 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll 15:00:42.0142 1904 PcaSvc - ok 15:00:42.0158 1904 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\windows\system32\drivers\pci.sys 15:00:42.0158 1904 pci - ok 15:00:42.0173 1904 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\windows\system32\drivers\pciide.sys 15:00:42.0173 1904 pciide - ok 15:00:42.0205 1904 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys 15:00:42.0205 1904 pcmcia - ok 15:00:42.0205 1904 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\windows\system32\drivers\pcw.sys 15:00:42.0220 1904 pcw - ok 15:00:42.0236 1904 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\windows\system32\drivers\peauth.sys 15:00:42.0251 1904 PEAUTH - ok 15:00:42.0345 1904 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\windows\SysWow64\perfhost.exe 15:00:42.0345 1904 PerfHost - ok 15:00:42.0407 1904 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\windows\system32\pla.dll 15:00:42.0439 1904 pla - ok 15:00:42.0485 1904 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll 15:00:42.0485 1904 PlugPlay - ok 15:00:42.0517 1904 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll 15:00:42.0532 1904 PNRPAutoReg - ok 15:00:42.0563 1904 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\windows\system32\pnrpsvc.dll 15:00:42.0563 1904 PNRPsvc - ok 15:00:42.0595 1904 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll 15:00:42.0626 1904 PolicyAgent - ok 15:00:42.0657 1904 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\windows\system32\umpo.dll 15:00:42.0657 1904 Power - ok 15:00:42.0688 1904 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys 15:00:42.0688 1904 PptpMiniport - ok 15:00:42.0735 1904 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\windows\system32\DRIVERS\processr.sys 15:00:42.0735 1904 Processor - ok 15:00:42.0766 1904 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\windows\system32\profsvc.dll 15:00:42.0766 1904 ProfSvc - ok 15:00:42.0766 1904 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\windows\system32\lsass.exe 15:00:42.0766 1904 ProtectedStorage - ok 15:00:42.0813 1904 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\windows\system32\DRIVERS\pacer.sys 15:00:42.0829 1904 Psched - ok 15:00:42.0891 1904 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys 15:00:42.0922 1904 ql2300 - ok 15:00:42.0953 1904 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys 15:00:42.0953 1904 ql40xx - ok 15:00:42.0969 1904 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\windows\system32\qwave.dll 15:00:42.0985 1904 QWAVE - ok 15:00:42.0985 1904 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys 15:00:43.0000 1904 QWAVEdrv - ok 15:00:43.0000 1904 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys 15:00:43.0000 1904 RasAcd - ok 15:00:43.0063 1904 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys 15:00:43.0063 1904 RasAgileVpn - ok 15:00:43.0078 1904 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\windows\System32\rasauto.dll 15:00:43.0078 1904 RasAuto - ok 15:00:43.0125 1904 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys 15:00:43.0125 1904 Rasl2tp - ok 15:00:43.0203 1904 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\windows\System32\rasmans.dll 15:00:43.0203 1904 RasMan - ok 15:00:43.0234 1904 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys 15:00:43.0234 1904 RasPppoe - ok 15:00:43.0250 1904 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys 15:00:43.0250 1904 RasSstp - ok 15:00:43.0297 1904 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\windows\system32\DRIVERS\rdbss.sys 15:00:43.0297 1904 rdbss - ok 15:00:43.0312 1904 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys 15:00:43.0312 1904 rdpbus - ok 15:00:43.0328 1904 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys 15:00:43.0328 1904 RDPCDD - ok 15:00:43.0343 1904 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys 15:00:43.0343 1904 RDPENCDD - ok 15:00:43.0359 1904 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys 15:00:43.0359 1904 RDPREFMP - ok 15:00:43.0406 1904 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\windows\system32\drivers\RDPWD.sys 15:00:43.0406 1904 RDPWD - ok 15:00:43.0437 1904 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys 15:00:43.0453 1904 rdyboost - ok 15:00:43.0468 1904 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\windows\System32\mprdim.dll 15:00:43.0484 1904 RemoteAccess - ok 15:00:43.0515 1904 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\windows\system32\regsvc.dll 15:00:43.0515 1904 RemoteRegistry - ok 15:00:43.0531 1904 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\windows\System32\RpcEpMap.dll 15:00:43.0531 1904 RpcEptMapper - ok 15:00:43.0562 1904 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\windows\system32\locator.exe 15:00:43.0562 1904 RpcLocator - ok 15:00:43.0624 1904 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\windows\system32\rpcss.dll 15:00:43.0624 1904 RpcSs - ok 15:00:43.0655 1904 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\windows\system32\DRIVERS\rspndr.sys 15:00:43.0655 1904 rspndr - ok 15:00:43.0687 1904 [ ee082e06a82ff630351d1e0ebbd3d8d0 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys 15:00:43.0687 1904 RTL8167 - ok 15:00:43.0702 1904 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\windows\system32\lsass.exe 15:00:43.0702 1904 SamSs - ok 15:00:43.0733 1904 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\windows\system32\drivers\sbp2port.sys 15:00:43.0733 1904 sbp2port - ok 15:00:43.0780 1904 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\windows\System32\SCardSvr.dll 15:00:43.0780 1904 SCardSvr - ok 15:00:43.0811 1904 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\windows\system32\DRIVERS\scfilter.sys 15:00:43.0811 1904 scfilter - ok 15:00:43.0858 1904 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\windows\system32\schedsvc.dll 15:00:43.0889 1904 Schedule - ok 15:00:43.0936 1904 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\windows\System32\certprop.dll 15:00:43.0936 1904 SCPolicySvc - ok 15:00:43.0967 1904 [ 111e0ebc0ad79cb0fa014b907b231cf0 ] sdbus C:\windows\system32\drivers\sdbus.sys 15:00:43.0967 1904 sdbus - ok 15:00:44.0014 1904 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\windows\System32\SDRSVC.dll 15:00:44.0014 1904 SDRSVC - ok 15:00:44.0123 1904 [ 4a5809a1d796e2675ac0332bf7b0cb11 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 15:00:44.0123 1904 SeaPort - ok 15:00:44.0155 1904 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys 15:00:44.0155 1904 secdrv - ok 15:00:44.0170 1904 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\windows\system32\seclogon.dll 15:00:44.0170 1904 seclogon - ok 15:00:44.0201 1904 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\windows\System32\sens.dll 15:00:44.0201 1904 SENS - ok 15:00:44.0233 1904 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\windows\system32\sensrsvc.dll 15:00:44.0233 1904 SensrSvc - ok 15:00:44.0248 1904 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\windows\system32\DRIVERS\serenum.sys 15:00:44.0264 1904 Serenum - ok 15:00:44.0311 1904 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\windows\system32\DRIVERS\serial.sys 15:00:44.0311 1904 Serial - ok 15:00:44.0342 1904 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys 15:00:44.0342 1904 sermouse - ok 15:00:44.0373 1904 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\windows\system32\sessenv.dll 15:00:44.0389 1904 SessionEnv - ok 15:00:44.0404 1904 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\windows\system32\drivers\sffdisk.sys 15:00:44.0404 1904 sffdisk - ok 15:00:44.0420 1904 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys 15:00:44.0420 1904 sffp_mmc - ok 15:00:44.0435 1904 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys 15:00:44.0435 1904 sffp_sd - ok 15:00:44.0435 1904 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys 15:00:44.0435 1904 sfloppy - ok 15:00:44.0467 1904 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\windows\System32\ipnathlp.dll 15:00:44.0482 1904 SharedAccess - ok 15:00:44.0529 1904 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\windows\System32\shsvcs.dll 15:00:44.0529 1904 ShellHWDetection - ok 15:00:44.0545 1904 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys 15:00:44.0545 1904 SiSRaid2 - ok 15:00:44.0591 1904 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys 15:00:44.0607 1904 SiSRaid4 - ok 15:00:44.0638 1904 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\windows\system32\DRIVERS\smb.sys 15:00:44.0638 1904 Smb - ok 15:00:44.0685 1904 [ 7ae8bca90539ecbde87ac45ba1436be3 ] smserial C:\windows\system32\DRIVERS\SmSerl64.sys 15:00:44.0716 1904 smserial - ok 15:00:44.0763 1904 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\windows\System32\snmptrap.exe 15:00:44.0763 1904 SNMPTRAP - ok 15:00:44.0779 1904 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\windows\system32\drivers\spldr.sys 15:00:44.0779 1904 spldr - ok 15:00:44.0825 1904 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\windows\System32\spoolsv.exe 15:00:44.0825 1904 Spooler - ok 15:00:44.0935 1904 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\windows\system32\sppsvc.exe 15:00:45.0013 1904 sppsvc - ok 15:00:45.0028 1904 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\windows\system32\sppuinotify.dll 15:00:45.0028 1904 sppuinotify - ok 15:00:45.0091 1904 [ a6cff1af7664627a296b6a0a96cf876e ] sptd C:\windows\System32\Drivers\sptd.sys 15:00:45.0106 1904 sptd - ok 15:00:45.0153 1904 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\windows\system32\DRIVERS\srv.sys 15:00:45.0153 1904 srv - ok 15:00:45.0169 1904 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys 15:00:45.0184 1904 srv2 - ok 15:00:45.0200 1904 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys 15:00:45.0200 1904 srvnet - ok 15:00:45.0215 1904 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll 15:00:45.0231 1904 SSDPSRV - ok 15:00:45.0231 1904 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\windows\system32\sstpsvc.dll 15:00:45.0231 1904 SstpSvc - ok 15:00:45.0278 1904 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\windows\system32\DRIVERS\stexstor.sys 15:00:45.0278 1904 stexstor - ok 15:00:45.0325 1904 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\windows\System32\wiaservc.dll 15:00:45.0340 1904 stisvc - ok 15:00:45.0356 1904 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\windows\system32\drivers\swenum.sys 15:00:45.0356 1904 swenum - ok 15:00:45.0387 1904 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\windows\System32\swprv.dll 15:00:45.0403 1904 swprv - ok 15:00:45.0449 1904 [ e5d73228176c9f69072d1f91ced83484 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys 15:00:45.0449 1904 SynTP - ok 15:00:45.0512 1904 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\windows\system32\sysmain.dll 15:00:45.0559 1904 SysMain - ok 15:00:45.0590 1904 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\windows\System32\TabSvc.dll 15:00:45.0590 1904 TabletInputService - ok 15:00:48.0835 1904 [ 3a05225b4172d0fa20107bd503a84681 ] TapiSrv C:\windows\System32\tapisrv.dll 15:12:30.0134 1904 Suspicious file (NoAccess): C:\windows\System32\tapisrv.dll. md5: 3a05225b4172d0fa20107bd503a84681 15:13:56.0636 1904 TapiSrv ( LockedFile.Multi.Generic ) - warning 15:13:56.0636 1904 TapiSrv - detected LockedFile.Multi.Generic (1) 15:13:56.0792 1904 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\windows\System32\tbssvc.dll 15:13:56.0792 1904 TBS - ok 15:13:56.0932 1904 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\windows\system32\drivers\tcpip.sys 15:13:56.0979 1904 Tcpip - ok 15:13:57.0057 1904 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys 15:13:57.0073 1904 TCPIP6 - ok 15:13:57.0166 1904 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys 15:13:57.0166 1904 tcpipreg - ok 15:13:57.0198 1904 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\windows\system32\drivers\tdpipe.sys 15:13:57.0198 1904 TDPIPE - ok 15:13:57.0229 1904 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys 15:13:57.0229 1904 TDTCP - ok 15:13:57.0276 1904 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\windows\system32\DRIVERS\tdx.sys 15:13:57.0276 1904 tdx - ok 15:13:57.0494 1904 [ 3e85bdd019e3db66d9471dad7fd6a887 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe 15:13:57.0572 1904 TeamViewer7 - ok 15:13:57.0603 1904 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\windows\system32\drivers\termdd.sys 15:13:57.0603 1904 TermDD - ok 15:13:57.0666 1904 [ 2e648163254233755035b46dd7b89123 ] TermService C:\windows\System32\termsrv.dll 15:13:57.0681 1904 TermService - ok 15:13:57.0728 1904 [ f0344071948d1a1fa732231785a0664c ] Themes C:\windows\system32\themeservice.dll 15:13:57.0744 1904 Themes - ok 15:13:57.0744 1904 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\windows\system32\mmcss.dll 15:13:57.0744 1904 THREADORDER - ok 15:13:57.0790 1904 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\windows\System32\trkwks.dll 15:13:57.0790 1904 TrkWks - ok 15:13:57.0853 1904 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe 15:13:57.0853 1904 TrustedInstaller - ok 15:13:57.0946 1904 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys 15:13:57.0946 1904 tssecsrv - ok 15:13:58.0118 1904 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys 15:13:58.0118 1904 TsUsbFlt - ok 15:13:58.0196 1904 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys 15:13:58.0196 1904 tunnel - ok 15:13:58.0243 1904 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys 15:13:58.0243 1904 uagp35 - ok 15:13:58.0305 1904 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\windows\system32\DRIVERS\udfs.sys 15:13:58.0305 1904 udfs - ok 15:13:58.0336 1904 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\windows\system32\UI0Detect.exe 15:13:58.0336 1904 UI0Detect - ok 15:13:58.0368 1904 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys 15:13:58.0368 1904 uliagpkx - ok 15:13:58.0399 1904 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\windows\system32\drivers\umbus.sys 15:13:58.0399 1904 umbus - ok 15:13:58.0399 1904 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\windows\system32\DRIVERS\umpass.sys 15:13:58.0414 1904 UmPass - ok 15:13:58.0570 1904 [ 765f2dd351ba064f657751d8d75e58c0 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 15:13:58.0648 1904 UNS - ok 15:13:58.0711 1904 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\windows\System32\upnphost.dll 15:13:58.0711 1904 upnphost - ok 15:13:58.0773 1904 [ aa33fc47ed58c34e6e9261e4f850b7eb ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys 15:13:58.0773 1904 USBAAPL64 - ok 15:13:58.0851 1904 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys 15:13:58.0851 1904 usbccgp - ok 15:13:58.0914 1904 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\windows\system32\drivers\usbcir.sys 15:13:58.0914 1904 usbcir - ok 15:13:58.0945 1904 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\windows\system32\drivers\usbehci.sys 15:13:58.0945 1904 usbehci - ok 15:13:58.0976 1904 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys 15:13:58.0976 1904 usbhub - ok 15:13:58.0992 1904 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\windows\system32\drivers\usbohci.sys 15:13:58.0992 1904 usbohci - ok 15:13:59.0038 1904 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\windows\system32\DRIVERS\usbprint.sys 15:13:59.0038 1904 usbprint - ok 15:13:59.0101 1904 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys 15:13:59.0101 1904 usbscan - ok 15:13:59.0132 1904 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS 15:13:59.0132 1904 USBSTOR - ok 15:13:59.0163 1904 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\windows\system32\drivers\usbuhci.sys 15:13:59.0163 1904 usbuhci - ok 15:13:59.0194 1904 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys 15:13:59.0210 1904 usbvideo - ok 15:13:59.0257 1904 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\windows\System32\uxsms.dll 15:13:59.0257 1904 UxSms - ok 15:13:59.0257 1904 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\windows\system32\lsass.exe 15:13:59.0257 1904 VaultSvc - ok 15:13:59.0272 1904 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys 15:13:59.0272 1904 vdrvroot - ok 15:13:59.0319 1904 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\windows\System32\vds.exe 15:13:59.0335 1904 vds - ok 15:13:59.0397 1904 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\windows\system32\DRIVERS\vgapnp.sys 15:13:59.0397 1904 vga - ok 15:13:59.0413 1904 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\windows\System32\drivers\vga.sys 15:13:59.0413 1904 VgaSave - ok 15:13:59.0428 1904 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\windows\system32\drivers\vhdmp.sys 15:13:59.0444 1904 vhdmp - ok 15:13:59.0475 1904 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\windows\system32\drivers\viaide.sys 15:13:59.0491 1904 viaide - ok 15:13:59.0506 1904 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\windows\system32\drivers\volmgr.sys 15:13:59.0506 1904 volmgr - ok 15:13:59.0553 1904 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\windows\system32\drivers\volmgrx.sys 15:13:59.0553 1904 volmgrx - ok 15:13:59.0600 1904 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\windows\system32\drivers\volsnap.sys 15:13:59.0600 1904 volsnap - ok 15:13:59.0616 1904 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys 15:13:59.0616 1904 vsmraid - ok 15:13:59.0678 1904 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\windows\system32\vssvc.exe 15:13:59.0725 1904 VSS - ok 15:13:59.0740 1904 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys 15:13:59.0756 1904 vwifibus - ok 15:13:59.0772 1904 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys 15:13:59.0772 1904 vwififlt - ok 15:13:59.0803 1904 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\windows\system32\w32time.dll 15:13:59.0818 1904 W32Time - ok 15:13:59.0834 1904 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys 15:13:59.0834 1904 WacomPen - ok 15:13:59.0865 1904 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\windows\system32\DRIVERS\wanarp.sys 15:13:59.0865 1904 WANARP - ok 15:13:59.0881 1904 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys 15:13:59.0881 1904 Wanarpv6 - ok 15:13:59.0943 1904 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe 15:13:59.0990 1904 WatAdminSvc - ok 15:14:00.0052 1904 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\windows\system32\wbengine.exe 15:14:00.0099 1904 wbengine - ok 15:14:00.0146 1904 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll 15:14:00.0146 1904 WbioSrvc - ok 15:14:00.0193 1904 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\windows\System32\wcncsvc.dll 15:14:00.0193 1904 wcncsvc - ok 15:14:00.0224 1904 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll 15:14:00.0224 1904 WcsPlugInService - ok 15:14:00.0271 1904 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\windows\system32\DRIVERS\wd.sys 15:14:00.0271 1904 Wd - ok 15:14:00.0302 1904 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys 15:14:00.0318 1904 Wdf01000 - ok 15:14:00.0349 1904 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\windows\system32\wdi.dll 15:14:00.0364 1904 WdiServiceHost - ok 15:14:00.0380 1904 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\windows\system32\wdi.dll 15:14:00.0380 1904 WdiSystemHost - ok 15:14:00.0411 1904 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\windows\System32\webclnt.dll 15:14:00.0427 1904 WebClient - ok 15:14:00.0442 1904 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\windows\system32\wecsvc.dll 15:14:00.0458 1904 Wecsvc - ok 15:14:00.0474 1904 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\windows\System32\wercplsupport.dll 15:14:00.0474 1904 wercplsupport - ok 15:14:00.0505 1904 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\windows\System32\WerSvc.dll 15:14:00.0505 1904 WerSvc - ok 15:14:00.0536 1904 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys 15:14:00.0536 1904 WfpLwf - ok 15:14:00.0552 1904 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\windows\system32\drivers\wimmount.sys 15:14:00.0552 1904 WIMMount - ok 15:14:00.0567 1904 WinHttpAutoProxySvc - ok 15:14:00.0645 1904 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll 15:14:00.0645 1904 Winmgmt - ok 15:14:00.0708 1904 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\windows\system32\WsmSvc.dll 15:14:00.0786 1904 WinRM - ok 15:14:00.0864 1904 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys 15:14:00.0864 1904 WinUsb - ok 15:14:00.0910 1904 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\windows\System32\wlansvc.dll 15:14:00.0942 1904 Wlansvc - ok 15:14:01.0066 1904 [ 98f138897ef4246381d197cb81846d62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 15:14:01.0129 1904 wlidsvc - ok 15:14:01.0160 1904 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys 15:14:01.0160 1904 WmiAcpi - ok 15:14:01.0191 1904 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe 15:14:01.0191 1904 wmiApSrv - ok 15:14:01.0207 1904 WMPNetworkSvc - ok 15:14:01.0254 1904 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\windows\System32\wpcsvc.dll 15:14:01.0269 1904 WPCSvc - ok 15:14:01.0300 1904 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\windows\system32\wpdbusenum.dll 15:14:01.0300 1904 WPDBusEnum - ok 15:14:01.0332 1904 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys 15:14:01.0332 1904 ws2ifsl - ok 15:14:01.0347 1904 WSearch - ok 15:14:01.0425 1904 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\windows\system32\wuaueng.dll 15:14:01.0488 1904 wuauserv - ok 15:14:01.0503 1904 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\windows\system32\drivers\WudfPf.sys 15:14:01.0503 1904 WudfPf - ok 15:14:01.0550 1904 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys 15:14:01.0550 1904 WUDFRd - ok 15:14:01.0581 1904 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll 15:14:01.0581 1904 wudfsvc - ok 15:14:01.0612 1904 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\windows\System32\wwansvc.dll 15:14:01.0628 1904 WwanSvc - ok 15:14:01.0644 1904 ================ Scan global =============================== 15:14:01.0690 1904 (ba0cd8c393e8c9f83354106093832c7b) C:\windows\system32\basesrv.dll 15:14:01.0722 1904 (eb6a48cc998e1090e44e8e7f1009a640) C:\windows\system32\winsrv.dll 15:14:01.0737 1904 (eb6a48cc998e1090e44e8e7f1009a640) C:\windows\system32\winsrv.dll 15:14:01.0768 1904 (d6160f9d869ba3af0b787f971db56368) C:\windows\system32\sxssrv.dll 15:14:01.0800 1904 (24acb7e5be595468e3b9aa488b9b4fcb) C:\windows\system32\services.exe 15:14:01.0800 1904 [Global] - ok 15:14:01.0800 1904 ================ Scan MBR ================================== 15:14:01.0815 1904 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 15:14:02.0112 1904 \Device\Harddisk0\DR0 - ok 15:14:02.0112 1904 ================ Scan VBR ================================== 15:14:02.0127 1904 Boot (0x1200) (75d188b3daba70ee81504f1fbb8fa2af) \Device\Harddisk0\DR0\Partition1 15:14:02.0127 1904 \Device\Harddisk0\DR0\Partition1 - ok 15:14:02.0377 1904 Boot (0x1200) (c5bce75a797337cf53bd256d9e81836f) \Device\Harddisk0\DR0\Partition2 15:14:02.0377 1904 \Device\Harddisk0\DR0\Partition2 - ok 15:14:02.0377 1904 ============================================================ 15:14:02.0377 1904 Scan finished 15:14:02.0377 1904 ============================================================ 15:14:02.0392 1896 Detected object count: 1 15:14:02.0392 1896 Actual detected object count: 1 15:15:02.0156 1896 TapiSrv ( LockedFile.Multi.Generic ) - skipped by user 15:15:02.0156 1896 TapiSrv ( LockedFile.Multi.Generic ) - User select action: Skip 15:15:13.0341 1860 Deinitialize success -
MalwareBytes Won't Run in Safe Mode (DDS Report Included)
Lapys replied to Lapys's topic in Resolved Malware Removal Logs
My friend finally got back to me, and she had run the TDSS utility and it found 2 rootkits, which it supposedly quarantined. Unfortunately, she forgot to send me the report. A day and a half to two days later, I get a text saying she can't do anything on the computer anymore, including getting to facebook or her e-mail so that she can send me the report. She can't really browse the internet at all, or even watch videos on her harddrive. I'm hoping to get my hands on the machine personally so I can work on it without any restraints, but does this sound like anything in particular to anyone? Frankly, it just sounds like standard rootkit--hide a while and then disable your system, depending on its purpose, but I'm trying to cover all my options here while also doing some damage control. Hopefully I'll have the TDSS report soon and a new DDS after the ComboFix, but any help in advance of that would be greatly appreciated. -
I am helping a friend with her laptop, and she has been unable to run MalwareBytes, both in normal mode and safe mode. The scan will run for around 11 seconds before stopping altogether. MalwareBytes is up to date. I've tried running RKill first (I also have the RKill log if necessary), I've tried running MalwareBytes in Chameleon mode, and I've tried going through her processes to see if there are any malicious or otherwise unidentified processes running (I looked in Safe mode and Normal), but no luck. I'm only thinking it is a virus at this point because MalwareBytes won't run, and it has always been able to run--even a full scan as opposed to a quick scan--in the past. Her computer has gotten slow and she has recently had some driver problems where the screen will go black, then come back, and say a driver failed and then recovered. However, because she is prone to viruses and has had some other slow-down issues, I wanted to check if the logs were clean first. The driver problem has supposedly been fixed by another friend, and while I had some hands-on time with the machine, I didn't notice any display driver problems, and the screen never went black. When I ran RKill, it returned clean results except for removing an Explorer policy and resetting a couple of registry associations. Anyway, here are the logs, and thanks for any help you guys can give me. If it turns out not to be a malware or virus issue, I'll happily post on over in the PC Help forum. I was just very concerned that something is preventing MalwareBytes from running in the first place, and is not particularly slowing down the rest of the machine. The DDS.txt: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Kristen at 14:13:02 on 2012-08-11 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3886.2833 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\windows\system32\taskeng.exe C:\windows\system32\taskeng.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\System Control Manager\MSIService.exe C:\Program Files (x86)\GIMP\GIMPUpdateChecker.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe C:\Windows\System32\StikyNot.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files (x86)\Uniblue\Powersuite\powersuite_monitor.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe C:\Windows\system32\WUDFHost.exe C:\windows\system32\wbem\unsecapp.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\sysWOW64\wbem\wmiprvse.exe C:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?affID=111385&babsrc=HP_ss&mntrId=c6dc987d000000000000485d60618af9 uDefault_Page_URL = hxxp://msi.msn.com uInternet Settings,ProxyOverride = <local> mSearchAssistant = hxxp://start.facemoods.com/?a=guppy1&s={searchTerms}&f=4 uURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll uURLSearchHooks: H - No File mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll BHO: TheBflix Class: {be861541-7376-4545-967b-20da8431c8ce} - C:\ProgramData\TheBflix\bhoclass.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll uRun: [installIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder mRun: [Powersuite Monitor] "C:\Program Files (x86)\Uniblue\Powersuite\powersuite_monitor.exe" mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTQyNTU0NjQ3LVhPMTArMTItTElDKzItU1AxKzEtU1VQKzMtRkwxMCsxLVNQMVMyKzEtU1AxUzMrMS1ERFQrNTY1MTItREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFUKzEtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCTisx"&"prod=90"&"ver=10.0.1416 uPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{B148C7B5-F58E-4739-85E3-5E688154A2C5} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{B148C7B5-F58E-4739-85E3-5E688154A2C5}\2375942554030313 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{B148C7B5-F58E-4739-85E3-5E688154A2C5}\34865627475737 : DhcpNameServer = 216.130.152.4 216.130.156.12 192.168.0.1 TCP: Interfaces\{B148C7B5-F58E-4739-85E3-5E688154A2C5}\355726771697 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{D1365E23-B7BC-4BEC-8374-139068AF032F} : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO-X64: Search Helper - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll BHO-X64: AOL Messaging Toolbar Loader - No File BHO-X64: TheBflix Class: {BE861541-7376-4545-967B-20DA8431C8CE} - C:\ProgramData\TheBflix\bhoclass.dll BHO-X64: TheBflix - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB-X64: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder mRun-x64: [Powersuite Monitor] "C:\Program Files (x86)\Uniblue\Powersuite\powersuite_monitor.exe" mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTQyNTU0NjQ3LVhPMTArMTItTElDKzItU1AxKzEtU1VQKzMtRkwxMCsxLVNQMVMyKzEtU1AxUzMrMS1ERFQrNTY1MTItREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFUKzEtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCTisx"&"prod=90"&"ver=10.0.1416 SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\System Control Manager\MSIService.exe [2010-7-1 160768] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-1 3027840] R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?] R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?] R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\Program Files (x86)\msi\Live Update 5\msibios64_100507.sys [2012-8-8 33592] R3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\msi\Live Update 5\NTIOLib_X64.sys [2012-8-8 14136] R3 pmkbdfltr;PenMount Keyboard Device Filter Driver;C:\windows\system32\DRIVERS\pmkbdfltr.sys --> C:\windows\system32\DRIVERS\pmkbdfltr.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?] R3 SmbDrv;SmbDrv;C:\windows\system32\DRIVERS\Smb_driver.sys --> C:\windows\system32\DRIVERS\Smb_driver.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-22 136176] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-1 13336] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-8 655944] S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-1 2320920] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?] S3 EUCR;EUCR;C:\windows\system32\DRIVERS\EUCR6SK.SYS --> C:\windows\system32\DRIVERS\EUCR6SK.SYS [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-22 136176] S3 mbamchameleon;mbamchameleon;\??\C:\windows\system32\drivers\mbamchameleon.sys --> C:\windows\system32\drivers\mbamchameleon.sys [?] S3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-08-11 17:19:42 36168 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys 2012-08-10 19:12:30 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{361032DB-ECA4-4168-BEE5-3E09CDF853A8}\mpengine.dll 2012-08-09 04:33:14 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-08-08 05:59:40 22800 ----a-w- C:\windows\System32\drivers\Smb_driver.sys 2012-08-08 05:57:24 317440 ----a-w- C:\windows\System32\drivers\IntcDAud.sys 2012-08-08 05:57:24 14848 ----a-w- C:\windows\System32\IntcDAuC.dll 2012-08-08 05:55:44 18832 ----a-w- C:\windows\System32\drivers\pmkbdfltr.sys 2012-08-08 04:57:22 -------- d-----w- C:\Users\Kristen\AppData\Roaming\Uniblue 2012-08-08 04:57:22 -------- d-----w- C:\Program Files (x86)\Uniblue 2012-07-19 00:26:09 3148800 ----a-w- C:\windows\System32\win32k.sys 2012-07-18 16:22:16 2004480 ----a-w- C:\windows\System32\msxml6.dll 2012-07-18 16:16:41 -------- d-----w- C:\Program Files (x86)\GUMF64F.tmp . ==================== Find3M ==================== . 2012-07-03 17:46:44 24904 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll 2012-06-02 19:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll 2012-06-02 19:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe 2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll . ============= FINISH: 14:14:32.63 =============== The Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 1/15/2011 10:18:57 AM System Uptime: 8/11/2012 2:09:58 PM (0 hours ago) . Motherboard: Micro-Star International | | A6200 Processor: Intel® Core i3 CPU M 370 @ 2.40GHz | CPU 1 | 2399/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 173 GiB total, 42.872 GiB free. D: is FIXED (FAT32) - 113 GiB total, 113.165 GiB free. E: is CDROM (UDF) F: is CDROM (CDFS) G: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP374: 8/5/2012 9:06:03 PM - Scheduled Checkpoint RP375: 8/7/2012 11:31:55 AM - Windows Update RP376: 8/8/2012 12:56:40 AM - Uniblue Powersuite installation RP377: 8/8/2012 1:17:53 AM - Powersuite - 8/8/2012 1:17:53 AM RP378: 8/10/2012 3:11:47 PM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) µTorrent Acrobat.com Adobe AIR Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Reader 9.1 Adobe Stock Photos 1.0 AIM 7 AOL Messaging Toolbar Apple Application Support Apple Software Update ArcSoft Magic-i Visual Effects 2 ArcSoft Print Creations ArcSoft Print Creations - Album Page ArcSoft Print Creations - Brochures & Flyers ArcSoft Print Creations - Funhouse ArcSoft Print Creations - Funhouse II ArcSoft Print Creations - Greeting Card ArcSoft Print Creations - Photo Book ArcSoft Print Creations - Photo Calendar ArcSoft Print Creations - Photo Prints ArcSoft Print Creations - Poster Creator ArcSoft Print Creations - Scrapbook ArcSoft Print Creations - Slimline Card ArcSoft WebCam Companion 3 BurnRecovery Compatibility Pack for the 2007 Office system Download Updater (AOL LLC) Fable - The Lost Chapters GIMP Google Chrome Google Update Helper IBM ViaVoice Command and Control Runtime 5.3 InstallIQ Updater Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® Rapid Storage Technology Java Auto Updater Java 6 Update 29 Junk Mail filter update Live Update 5 LNZ Pro Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft Choice Guard Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works Microsoft WSE 3.0 Runtime msi Software Install MSVCRT Origin Pando Media Booster Pet Workshop Petz 3 Petz 4 Petz 5 PetzA 2.2.5 Realtek 8136 8168 8169 Ethernet Driver Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Skype Click to Call Skype™ 5.5 System Control Manager TeamViewer 7 TextPad 5 The Sims™ 3 Tinker 1.9.1 Uniblue Powersuite Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Visual Studio 2008 x64 Redistributables VLC VLC media player 1.1.5 WBFS Manager 3.0 WBFS to ISO Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer WinRAR archiver . ==== Event Viewer Messages From Past Week ======== . 8/9/2012 7:59:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect. 8/9/2012 7:59:40 PM, Error: Service Control Manager [7000] - The Intel® Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 8/9/2012 7:59:10 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting. 8/5/2012 9:47:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1090.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 8/5/2012 6:34:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1090.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 8/5/2012 3:27:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1090.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 8/4/2012 1:01:41 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1090.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 8/11/2012 2:10:09 PM, Error: volmgr [46] - Crash dump initialization failed! 8/11/2012 2:04:30 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period. 8/11/2012 1:56:09 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 8/11/2012 1:51:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 8/11/2012 1:51:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 8/11/2012 1:50:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 8/11/2012 1:50:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 8/11/2012 1:50:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 8/11/2012 1:50:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 8/11/2012 1:50:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vwififlt Wanarpv6 WfpLwf 8/11/2012 1:50:14 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/11/2012 1:50:14 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/11/2012 1:50:14 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 8/11/2012 1:50:14 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/11/2012 1:50:14 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/11/2012 1:50:14 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 8/11/2012 1:50:14 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/11/2012 1:50:14 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/11/2012 1:50:14 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/11/2012 1:49:52 PM, Error: sptd [4] - Driver detected an internal error in its data structures for . 8/11/2012 1:17:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr sptd Wanarpv6 . ==== End Of File ===========================