Author Topic: [Resolved K] Redirect to 64.15.72.104 (Read 2457 times)

tek531 · « **on:** April 04, 2012, 10:52:17 AM »

Hello, experiencing random redirects but always to 64.15.72.104.
Have ran scans; TrendMicro, Ad-Adaware, Malwarebytes and Combofix. No luck so far.

Here are my DDS logs:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/8/2010 2:05:14 PM
System Uptime: 4/4/2012 10:45:45 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0D501F
Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz | Microprocessor | 2101/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 240.978 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C309a series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C309a series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart C309a series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart C309a series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
==== System Restore Points ===================
.
RP145: 3/1/2012 10:07:11 AM - Removed HSTouch.
RP146: 3/1/2012 10:23:59 AM - Removed HSTouch.
RP147: 3/1/2012 10:38:37 AM - Installed HSTouch.
RP148: 3/6/2012 5:10:31 PM - Installed Avery Wizard 4.0.
RP149: 3/6/2012 5:35:34 PM - Windows Update
RP150: 3/20/2012 5:33:15 PM - Windows Update
RP151: 3/29/2012 8:17:32 PM - Scheduled Checkpoint
RP152: 4/3/2012 11:33:06 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
1AVCenter version 2.2.7.21
ACDSee 8
ACER ICONIA 3G DRIVER INSTALL
Ad-Aware
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader X (10.1.2)
Adobe Stock Photos 1.0
Advanced Audio FX Engine
Advanced Video FX Engine
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
Ashampoo Burning Studio 10.0.7
Ashampoo ClipFinder HD 2.10
Ashampoo Internet Accelerator 3.20
Ashampoo Magical Security 2.02
Ashampoo Snap 4.1.0
Ashampoo US Toolbar
Audacity 1.3.13 (Unicode)
Avery Wizard 4.0
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Brother BRAdmin Light 1.18.0001
BufferChm
C309a
Conduit Engine
Cool Timer 3.7
Copernic Desktop Search - Home
CoPilot
Custom UI Editor for Microsoft Office
Dell Driver Download Manager
Dell Webcam Center
Dell Webcam Manager
Destinations
DeviceDiscovery
DirectXInstallService
DocProc
Epson Event Manager
EPSON Scan
EpsonNet Print
EpsonNet Setup
ESET Online Scanner v3
Everything 1.2.1.371
Fax
Fences
FFmpeg for Audacity on Windows
FFmpeg v0.6.2 for Audacity
File Shredder 2.0
Free YouTube Downloader 3.5.124
Fund Manager
GoldWave v5.55
Google Calendar Sync
GPBaseService2
HGTV Home & Interior Painter
HGTV Home Design & Remodeling Suite
HL-2270DW
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
HPSSupply
HSTouch
ImgBurn
iolo technologies' DriveScrubber 3
iSEEK AnswerWorks English Runtime
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java(TM) 6 Update 22
LAME v3.98.3 for Audacity
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Livescribe Connect
Livescribe Desktop
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
MediaMonkey 4.0
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft MSN MoneyCentral Stock Quotes Add-In for Excel
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Streets & Trips 2009
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Notation Musician 2.6.3 (Trial Version)
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Olympus Digital Wave Player
PrimoPDF -- brought to you by Nitro PDF Software
PS_AIO_05_C309_Software_Min
Quicken 2010
QuickTime
Retirement Planner 2010
RICOH R5C83x/84x Media Driver Ver.3.53.02
Roxio Activation Module
Roxio CinePlayer Decoder Pack
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Premier 10
Roxio Creator Tools
Roxio Express Labeler
Roxio Update Manager
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
SigmaTel Audio
Skype™ 5.5
SmartWebPrinting
SolutionCenter
Status
StockMarketEye
TeamViewer 7
Toolbox
TrayApp
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Video Server E
Virtual Account Numbers
VLC media player 1.1.5
Watchtower Library 2010 - English
WebReg
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/4/2012 12:08:29 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
4/4/2012 12:07:13 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/4/2012 12:03:18 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/4/2012 10:46:10 AM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified.
4/3/2012 11:32:22 PM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
4/3/2012 11:32:22 PM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
4/3/2012 10:16:03 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by TEKERBY at 12:35:33 on 2012-04-04
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2670 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\iolo\common\lib\ioloServiceManager.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe
C:\Program Files (x86)\Ashampoo\Ashampoo Snap 4\ashsnap.exe
C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\OEM02Mon.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Virtual Account Numbers\CitiVAN.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\OBroker.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
uURLSearchHooks: Ashampoo US Toolbar: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Program Files (x86)\Ashampoo_US\prxtbAsha.dll
mURLSearchHooks: Ashampoo US Toolbar: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Program Files (x86)\Ashampoo_US\prxtbAsha.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Ashampoo US Toolbar: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Program Files (x86)\Ashampoo_US\prxtbAsha.dll
BHO: Virtual Account Numbers Helper: {17424104-1444-4810-85d7-b4da413c5a9a} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Virtual Account Numbers: {7a21a046-b886-4a62-9d69-ef2059b0a27b} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
TB: Ashampoo US Toolbar: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Program Files (x86)\Ashampoo_US\prxtbAsha.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [AshSnap] C:\Program Files (x86)\Ashampoo\Ashampoo Snap 4\ashsnap.exe
uRun: [Copernic Desktop Search - Home] "C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray
uRun: [Notation] RUNDLL32.EXE C:\Users\TEKERBY\AppData\Local\Notation\qwgpalrs.dll,SuspendStateDlg
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe -update activex
mRun: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Citi Virtual Account Numbers] C:\PROGRA~2\VIRTUA~1\CitiVAN.exe /lang=en_RG /dontopenmycards
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DELL Webcam Manager] "C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" /s
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
StartupFolder: C:\Users\TEKERBY\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\TEKERBY\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DEVICE~2.LNK - C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: intuit.com\ttlc
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7B133798-FAA8-4A7E-950D-BEB35D3363AF} - hxxp://maples.homedns.org:1024/img/LinksysViewer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{622F6847-8744-47CA-931A-51E8C4027A97} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{622F6847-8744-47CA-931A-51E8C4027A97}\3434D2055726C69636 : DhcpNameServer = 10.88.22.105 10.88.28.75
TCP: Interfaces\{622F6847-8744-47CA-931A-51E8C4027A97}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Ashampoo US Toolbar: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Program Files (x86)\Ashampoo_US\prxtbAsha.dll
BHO-X64: Ashampoo US - No File
BHO-X64: Virtual Account Numbers Helper: {17424104-1444-4810-85D7-B4DA413C5A9A} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll
BHO-X64: Virtual Account Numbers Helper - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Virtual Account Numbers: {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
TB-X64: Ashampoo US Toolbar: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - C:\Program Files (x86)\Ashampoo_US\prxtbAsha.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Citi Virtual Account Numbers] C:\PROGRA~2\VIRTUA~1\CitiVAN.exe /lang=en_RG /dontopenmycards
mRun-x64: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [DELL Webcam Manager] "C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" /s
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?]
R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [2011-7-12 86016]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2010-11-11 711352]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2010-11-11 711352]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-3 2152152]
R2 PenCommService;Livescribe Pulse Smartpen Service;C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [2011-10-27 470528]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-3-19 2666880]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-3-7 245760]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-10-3 17152]
R3 tmeevw;tmeevw;C:\Windows\system32\DRIVERS\tmeevw.sys --> C:\Windows\system32\DRIVERS\tmeevw.sys [?]
R3 tmnciesc;tmnciesc;C:\Windows\system32\DRIVERS\tmnciesc.sys --> C:\Windows\system32\DRIVERS\tmnciesc.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-3-6 275912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-5-14 166384]
S2 SessionLauncher;SessionLauncher;C:\Users\TEKERBY\AppData\Local\Temp\DX9\SessionLauncher.exe --> C:\Users\TEKERBY\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 PulseUsb;Livescribe Smartpen USB Driver;C:\Windows\system32\DRIVERS\PulseUsb.sys --> C:\Windows\system32\DRIVERS\PulseUsb.sys [?]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-5-14 1120752]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-04 14:47:19   --------   d-sh--w-   C:\$RECYCLE.BIN
2012-04-04 03:32:52   98816   ----a-w-   C:\Windows\sed.exe
2012-04-04 03:32:52   518144   ----a-w-   C:\Windows\SWREG.exe
2012-04-04 03:32:52   256000   ----a-w-   C:\Windows\PEV.exe
2012-04-04 03:32:52   208896   ----a-w-   C:\Windows\MBR.exe
2012-04-04 03:11:04   --------   d-----w-   C:\Program Files (x86)\ESET
2012-04-04 00:52:51   23152   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2012-03-31 13:26:51   --------   d-----w-   C:\Users\TEKERBY\AppData\Local\Notation
2012-03-20 21:42:15   5504880   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2012-03-20 21:42:15   3957616   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-20 21:42:14   3902320   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2012-03-20 20:29:31   826368   ----a-w-   C:\Windows\SysWow64\rdpcore.dll
2012-03-20 20:29:31   23552   ----a-w-   C:\Windows\System32\drivers\tdtcp.sys
2012-03-20 20:29:31   204800   ----a-w-   C:\Windows\System32\drivers\rdpwd.sys
2012-03-20 20:29:31   1031680   ----a-w-   C:\Windows\System32\rdpcore.dll
2012-03-06 22:12:26   53248   ----a-r-   C:\Users\TEKERBY\AppData\Roaming\Microsoft\Installer\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}\ARPPRODUCTICON.exe
2012-03-06 22:11:29   --------   d-----w-   C:\Users\TEKERBY\AppData\Roaming\Avery
2012-03-06 13:59:10   67344   ----a-w-   C:\Windows\System32\drivers\tmeevw.sys
2012-03-06 13:59:09   210704   ----a-w-   C:\Windows\System32\drivers\tmnciesc.sys
2012-03-06 13:59:08   105744   ----a-w-   C:\Windows\System32\drivers\tmtdi.sys
2012-03-06 13:59:04   91920   ----a-w-   C:\Windows\System32\drivers\tmactmon.sys
2012-03-06 13:59:04   70928   ----a-w-   C:\Windows\System32\drivers\tmevtmgr.sys
2012-03-06 13:59:04   167696   ----a-w-   C:\Windows\System32\drivers\tmcomm.sys
2012-03-06 13:56:54   --------   d-----w-   C:\Program Files\Trend Micro
2012-03-06 13:07:16   --------   d-----w-   C:\Users\TEKERBY\AppData\Local\Trend Micro
.
==================== Find3M ====================
.
2012-03-06 13:57:30   56   ----a-w-   C:\Windows\System32\SupportTool.exe.bat
2012-02-26 14:18:22   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-10 06:18:10   1541120   ----a-w-   C:\Windows\System32\DWrite.dll
2012-02-10 06:17:55   1837568   ----a-w-   C:\Windows\System32\d3d10warp.dll
2012-02-10 06:17:54   902656   ----a-w-   C:\Windows\System32\d2d1.dll
2012-02-10 06:17:54   320512   ----a-w-   C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:17:54   197120   ----a-w-   C:\Windows\System32\d3d10_1.dll
2012-02-10 05:41:38   1074176   ----a-w-   C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:41:20   218624   ----a-w-   C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41:20   161792   ----a-w-   C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:41:20   1170944   ----a-w-   C:\Windows\SysWow64\d3d10warp.dll
2012-02-10 05:41:19   739840   ----a-w-   C:\Windows\SysWow64\d2d1.dll
2012-02-03 04:16:03   3143168   ----a-w-   C:\Windows\System32\win32k.sys
2012-01-25 06:27:11   76288   ----a-w-   C:\Windows\System32\rdpwsx.dll
2012-01-25 06:27:11   149504   ----a-w-   C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:20:59   9216   ----a-w-   C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 12:36:10.21 ===============

kevinf80 · « **Reply #1 on:** April 04, 2012, 11:14:41 AM »

Hello tek531 and welcome to SpywareHammer,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.

Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin. Go Here and follow the instructions specific for your operating system.
If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
If you are using Cracked or Illegal software your thread will be locked and all help will cease.

You cannot run with two active Antivirus programs. Either uninstall Ad-Aware or turn off its AV component:

You can turn off the anti-virus component as follows:

Open Ad-Aware
Click on switch to advanced mode
Click on Settings
Click on the Ad-watch live! tab and under Detection layers ensure Antivirus engine is UNchecked
Click OK and close Ad-Aware

Please proceed as follows :-

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Post the log from TDSSKiller, also the log from Combofix, it should be here C:\Combofix.txt

Kevin

tek531 · « **Reply #2 on:** April 04, 2012, 11:27:06 AM »

Hi Kevin, thanks,...will do

tek531 · « **Reply #3 on:** April 04, 2012, 11:36:46 AM »

13:32:06.0147 5068   TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
13:32:06.0457 5068   ============================================================
13:32:06.0457 5068   Current date / time: 2012/04/04 13:32:06.0457
13:32:06.0457 5068   SystemInfo:
13:32:06.0457 5068
13:32:06.0457 5068   OS Version: 6.1.7600 ServicePack: 0.0
13:32:06.0457 5068   Product type: Workstation
13:32:06.0457 5068   ComputerName: TEKERBY-PC
13:32:06.0457 5068   UserName: TEKERBY
13:32:06.0457 5068   Windows directory: C:\Windows
13:32:06.0457 5068   System windows directory: C:\Windows
13:32:06.0457 5068   Running under WOW64
13:32:06.0457 5068   Processor architecture: Intel x64
13:32:06.0457 5068   Number of processors: 2
13:32:06.0457 5068   Page size: 0x1000
13:32:06.0457 5068   Boot type: Normal boot
13:32:06.0457 5068   ============================================================
13:32:07.0947 5068   Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:32:07.0957 5068   \Device\Harddisk0\DR0:
13:32:07.0957 5068   MBR used
13:32:07.0957 5068   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:32:07.0957 5068   \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
13:32:07.0977 5068   Initialize success
13:32:07.0977 5068   ============================================================
13:32:24.0829 5708   ============================================================
13:32:24.0829 5708   Scan started
13:32:24.0829 5708   Mode: Manual; SigCheck; TDLFS;
13:32:24.0829 5708   ============================================================
13:32:25.0689 5708   1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
13:32:25.0791 5708   1394ohci - ok
13:32:25.0841 5708   ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:32:25.0871 5708   ACPI - ok
13:32:25.0901 5708   AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:32:25.0931 5708   AcpiPmi - ok
13:32:26.0011 5708   Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
13:32:26.0051 5708   Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
13:32:26.0051 5708   Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
13:32:26.0151 5708   AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:32:26.0161 5708   AdobeARMservice - ok
13:32:26.0271 5708   adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:32:26.0331 5708   adp94xx - ok
13:32:26.0381 5708   adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:32:26.0411 5708   adpahci - ok
13:32:26.0441 5708   adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:32:26.0471 5708   adpu320 - ok
13:32:26.0491 5708   AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:32:26.0541 5708   AeLookupSvc - ok
13:32:26.0631 5708   AESTFilters (05f4262fdbdfaeca7ef9b3f0807508fc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe
13:32:26.0671 5708   AESTFilters - ok
13:32:26.0721 5708   AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
13:32:26.0841 5708   AFD - ok
13:32:26.0881 5708   agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:32:26.0901 5708   agp440 - ok
13:32:26.0951 5708   ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:32:26.0971 5708   ALG - ok
13:32:27.0021 5708   aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:32:27.0061 5708   aliide - ok
13:32:27.0081 5708   amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:32:27.0101 5708   amdide - ok
13:32:27.0131 5708   AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:32:27.0161 5708   AmdK8 - ok
13:32:27.0171 5708   AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:32:27.0201 5708   AmdPPM - ok
13:32:27.0241 5708   amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
13:32:27.0271 5708   amdsata - ok
13:32:27.0291 5708   amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:32:27.0321 5708   amdsbs - ok
13:32:27.0341 5708   amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
13:32:27.0371 5708   amdxata - ok
13:32:27.0531 5708   Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
13:32:27.0591 5708   Amsp - ok
13:32:27.0701 5708   AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:32:27.0741 5708   AppID - ok
13:32:27.0781 5708   AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:32:27.0821 5708   AppIDSvc - ok
13:32:27.0861 5708   Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
13:32:27.0891 5708   Appinfo - ok
13:32:27.0981 5708   Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:32:28.0011 5708   Apple Mobile Device - ok
13:32:28.0111 5708   AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
13:32:28.0141 5708   AppMgmt - ok
13:32:28.0201 5708   arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:32:28.0251 5708   arc - ok
13:32:28.0271 5708   arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:32:28.0301 5708   arcsas - ok
13:32:28.0341 5708   AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:32:28.0391 5708   AsyncMac - ok
13:32:28.0411 5708   atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
13:32:28.0421 5708   atapi - ok
13:32:28.0471 5708   AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
13:32:28.0531 5708   AudioEndpointBuilder - ok
13:32:28.0541 5708   AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
13:32:28.0601 5708   AudioSrv - ok
13:32:28.0631 5708   AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
13:32:28.0681 5708   AxInstSV - ok
13:32:28.0731 5708   b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:32:28.0771 5708   b06bdrv - ok
13:32:28.0801 5708   b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:32:28.0841 5708   b57nd60a - ok
13:32:28.0911 5708   BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
13:32:28.0961 5708   BCM43XX - ok
13:32:29.0031 5708   BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:32:29.0061 5708   BDESVC - ok
13:32:29.0111 5708   Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:32:29.0181 5708   Beep - ok
13:32:29.0241 5708   BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
13:32:29.0331 5708   BFE - ok
13:32:29.0371 5708   BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
13:32:29.0451 5708   BITS - ok
13:32:29.0491 5708   blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:32:29.0521 5708   blbdrive - ok
13:32:29.0631 5708   Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
13:32:29.0651 5708   Bonjour Service - ok
13:32:29.0691 5708   bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
13:32:29.0731 5708   bowser - ok
13:32:29.0761 5708   BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:32:29.0781 5708   BrFiltLo - ok
13:32:29.0791 5708   BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:32:29.0821 5708   BrFiltUp - ok
13:32:29.0851 5708   BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:32:29.0911 5708   BridgeMP - ok
13:32:29.0951 5708   Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
13:32:29.0991 5708   Browser - ok
13:32:30.0021 5708   Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:32:30.0051 5708   Brserid - ok
13:32:30.0061 5708   BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:32:30.0091 5708   BrSerWdm - ok
13:32:30.0101 5708   BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:32:30.0131 5708   BrUsbMdm - ok
13:32:30.0141 5708   BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:32:30.0171 5708   BrUsbSer - ok
13:32:30.0241 5708   BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files (x86)\Browny02\BrYNSvc.exe
13:32:30.0261 5708   BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
13:32:30.0261 5708   BrYNSvc - detected UnsignedFile.Multi.Generic (1)
13:32:30.0271 5708   BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:32:30.0311 5708   BTHMODEM - ok
13:32:30.0341 5708   bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:32:30.0391 5708   bthserv - ok
13:32:30.0431 5708   catchme - ok
13:32:30.0481 5708   cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:32:30.0561 5708   cdfs - ok
13:32:30.0611 5708   cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
13:32:30.0641 5708   cdrom - ok
13:32:30.0671 5708   CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
13:32:30.0711 5708   CertPropSvc - ok
13:32:30.0751 5708   circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:32:30.0781 5708   circlass - ok
13:32:30.0811 5708   CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:32:30.0831 5708   CLFS - ok
13:32:30.0881 5708   clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:32:30.0911 5708   clr_optimization_v2.0.50727_32 - ok
13:32:30.0951 5708   clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:32:30.0981 5708   clr_optimization_v2.0.50727_64 - ok
13:32:31.0081 5708   clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:32:31.0131 5708   clr_optimization_v4.0.30319_32 - ok
13:32:31.0161 5708   clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:32:31.0181 5708   clr_optimization_v4.0.30319_64 - ok
13:32:31.0251 5708   CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:32:31.0291 5708   CmBatt - ok
13:32:31.0321 5708   cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
13:32:31.0341 5708   cmdide - ok
13:32:31.0391 5708   CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
13:32:31.0431 5708   CNG - ok
13:32:31.0461 5708   Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:32:31.0491 5708   Compbatt - ok
13:32:31.0511 5708   CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:32:31.0541 5708   CompositeBus - ok
13:32:31.0561 5708   COMSysApp - ok
13:32:31.0581 5708   crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:32:31.0601 5708   crcdisk - ok
13:32:31.0641 5708   CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
13:32:31.0691 5708   CryptSvc - ok
13:32:31.0733 5708   CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
13:32:31.0783 5708   CSC - ok
13:32:31.0803 5708   CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
13:32:31.0843 5708   CscService - ok
13:32:31.0875 5708   DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
13:32:31.0935 5708   DcomLaunch - ok
13:32:31.0977 5708   defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:32:32.0037 5708   defragsvc - ok
13:32:32.0109 5708   DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
13:32:32.0149 5708   DfsC - ok
13:32:32.0189 5708   Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
13:32:32.0229 5708   Dhcp - ok
13:32:32.0269 5708   discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:32:32.0329 5708   discache - ok
13:32:32.0361 5708   Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:32:32.0391 5708   Disk - ok
13:32:32.0441 5708   Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
13:32:32.0473 5708   Dnscache - ok
13:32:32.0515 5708   dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
13:32:32.0590 5708   dot3svc - ok
13:32:32.0613 5708   DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
13:32:32.0670 5708   DPS - ok
13:32:32.0719 5708   drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:32:32.0768 5708   drmkaud - ok
13:32:32.0831 5708   DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
13:32:32.0891 5708   DXGKrnl - ok
13:32:32.0943 5708   EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:32:33.0003 5708   EapHost - ok
13:32:33.0105 5708   ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:32:33.0473 5708   ebdrv - ok
13:32:33.0537 5708   EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
13:32:33.0557 5708   EFS - ok
13:32:33.0617 5708   ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
13:32:33.0687 5708   ehRecvr - ok
13:32:33.0707 5708   ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:32:33.0737 5708   ehSched - ok
13:32:33.0787 5708   ElRawDisk (d38a883309e04b9fbffe1aca60ea3bbf) C:\Windows\system32\drivers\ElRawDsk.sys
13:32:33.0817 5708   ElRawDisk - ok
13:32:33.0867 5708   elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:32:33.0937 5708   elxstor - ok
13:32:34.0057 5708   EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
13:32:34.0077 5708   EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
13:32:34.0077 5708   EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
13:32:34.0097 5708   ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
13:32:34.0127 5708   ErrDev - ok
13:32:34.0167 5708   EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:32:34.0227 5708   EventSystem - ok
13:32:34.0247 5708   exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:32:34.0307 5708   exfat - ok
13:32:34.0327 5708   fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:32:34.0387 5708   fastfat - ok
13:32:34.0427 5708   Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
13:32:34.0487 5708   Fax - ok
13:32:34.0497 5708   fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:32:34.0517 5708   fdc - ok
13:32:34.0537 5708   fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:32:34.0587 5708   fdPHost - ok
13:32:34.0607 5708   FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:32:34.0657 5708   FDResPub - ok
13:32:34.0677 5708   FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:32:34.0697 5708   FileInfo - ok
13:32:34.0717 5708   Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:32:34.0777 5708   Filetrace - ok
13:32:34.0787 5708   flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:32:34.0807 5708   flpydisk - ok
13:32:34.0857 5708   FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
13:32:34.0887 5708   FltMgr - ok
13:32:34.0947 5708   FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
13:32:35.0017 5708   FontCache - ok
13:32:35.0107 5708   FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:32:35.0137 5708   FontCache3.0.0.0 - ok
13:32:35.0177 5708   FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:32:35.0227 5708   FsDepends - ok
13:32:35.0237 5708   Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:32:35.0267 5708   Fs_Rec - ok
13:32:35.0337 5708   fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:32:35.0387 5708   fvevol - ok
13:32:35.0407 5708   gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:32:35.0437 5708   gagp30kx - ok
13:32:35.0487 5708   GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:32:35.0527 5708   GEARAspiWDM - ok
13:32:35.0567 5708   gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
13:32:35.0617 5708   gpsvc - ok
13:32:35.0647 5708   hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:32:35.0667 5708   hcw85cir - ok
13:32:35.0707 5708   HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
13:32:35.0757 5708   HdAudAddService - ok
13:32:35.0777 5708   HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:32:35.0807 5708   HDAudBus - ok
13:32:35.0817 5708   HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:32:35.0847 5708   HidBatt - ok
13:32:35.0857 5708   HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:32:35.0887 5708   HidBth - ok
13:32:35.0917 5708   HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:32:35.0947 5708   HidIr - ok
13:32:35.0977 5708   hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:32:36.0027 5708   hidserv - ok
13:32:36.0077 5708   HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
13:32:36.0107 5708   HidUsb - ok
13:32:36.0127 5708   hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
13:32:36.0177 5708   hkmsvc - ok
13:32:36.0197 5708   HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
13:32:36.0237 5708   HomeGroupListener - ok
13:32:36.0277 5708   HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
13:32:36.0307 5708   HomeGroupProvider - ok
13:32:36.0457 5708   hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
13:32:36.0477 5708   hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
13:32:36.0477 5708   hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
13:32:36.0497 5708   hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
13:32:36.0507 5708   hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
13:32:36.0507 5708   hpqddsvc - detected UnsignedFile.Multi.Generic (1)
13:32:36.0617 5708   HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:32:36.0657 5708   HpSAMD - ok
13:32:36.0827 5708   HPSLPSVC (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
13:32:36.0877 5708   HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
13:32:36.0877 5708   HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
13:32:36.0997 5708   HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
13:32:37.0097 5708   HTTP - ok
13:32:37.0127 5708   hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
13:32:37.0157 5708   hwpolicy - ok
13:32:37.0197 5708   i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:32:37.0247 5708   i8042prt - ok
13:32:37.0297 5708   iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
13:32:37.0357 5708   iaStorV - ok
13:32:37.0467 5708   idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:32:37.0527 5708   idsvc - ok
13:32:37.0597 5708   iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:32:37.0627 5708   iirsp - ok
13:32:37.0707 5708   IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
13:32:37.0814 5708   IKEEXT - ok
13:32:37.0829 5708   intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
13:32:37.0849 5708   intelide - ok
13:32:37.0889 5708   intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:32:37.0939 5708   intelppm - ok
13:32:38.0059 5708   IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
13:32:38.0079 5708   IntuitUpdateService - ok
13:32:38.0169 5708   IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
13:32:38.0189 5708   IntuitUpdateServiceV4 - ok
13:32:38.0269 5708   ioloFileInfoList (ca62d66d4e60e31dd89c0370b3bdaad8) C:\Program Files (x86)\iolo\common\lib\ioloServiceManager.exe
13:32:38.0319 5708   ioloFileInfoList - ok
13:32:38.0349 5708   ioloSystemService (ca62d66d4e60e31dd89c0370b3bdaad8) C:\Program Files (x86)\iolo\common\lib\ioloServiceManager.exe
13:32:38.0379 5708   ioloSystemService - ok
13:32:38.0459 5708   IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:32:38.0519 5708   IPBusEnum - ok
13:32:38.0569 5708   IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:32:38.0619 5708   IpFilterDriver - ok
13:32:38.0649 5708   iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
13:32:38.0739 5708   iphlpsvc - ok
13:32:38.0749 5708   IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:32:38.0800 5708   IPMIDRV - ok
13:32:38.0811 5708   IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:32:38.0861 5708   IPNAT - ok
13:32:38.0941 5708   iPod Service (e94503089df8976f5c4c9d5168e9765f) C:\Program Files\iPod\bin\iPodService.exe
13:32:38.0981 5708   iPod Service - ok
13:32:39.0051 5708   IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:32:39.0091 5708   IRENUM - ok
13:32:39.0181 5708   isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
13:32:39.0231 5708   isapnp - ok
13:32:39.0271 5708   iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
13:32:39.0301 5708   iScsiPrt - ok
13:32:39.0331 5708   kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:32:39.0361 5708   kbdclass - ok
13:32:39.0401 5708   kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
13:32:39.0431 5708   kbdhid - ok
13:32:39.0451 5708   KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:32:39.0471 5708   KeyIso - ok
13:32:39.0501 5708   KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
13:32:39.0521 5708   KSecDD - ok
13:32:39.0541 5708   KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
13:32:39.0571 5708   KSecPkg - ok
13:32:39.0591 5708   ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:32:39.0641 5708   ksthunk - ok
13:32:39.0691 5708   KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:32:39.0751 5708   KtmRm - ok
13:32:39.0811 5708   LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
13:32:39.0851 5708   LanmanServer - ok
13:32:39.0891 5708   LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
13:32:39.0971 5708   LanmanWorkstation - ok
13:32:40.0111 5708   Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
13:32:40.0171 5708   Lavasoft Ad-Aware Service - ok
13:32:40.0241 5708   Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
13:32:40.0281 5708   Lavasoft Kernexplorer - ok
13:32:40.0401 5708   Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
13:32:40.0441 5708   Lbd - ok
13:32:40.0541 5708   lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:32:40.0621 5708   lltdio - ok
13:32:40.0671 5708   lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:32:40.0761 5708   lltdsvc - ok
13:32:40.0781 5708   lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:32:40.0831 5708   lmhosts - ok
13:32:40.0871 5708   LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:32:40.0891 5708   LSI_FC - ok
13:32:40.0911 5708   LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:32:40.0931 5708   LSI_SAS - ok
13:32:40.0971 5708   LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:32:40.0991 5708   LSI_SAS2 - ok
13:32:41.0011 5708   LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:32:41.0041 5708   LSI_SCSI - ok
13:32:41.0071 5708   luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:32:41.0131 5708   luafv - ok
13:32:41.0161 5708   Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
13:32:41.0191 5708   Mcx2Svc - ok
13:32:41.0211 5708   megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:32:41.0231 5708   megasas - ok
13:32:41.0261 5708   MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:32:41.0291 5708   MegaSR - ok
13:32:41.0331 5708   MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:32:41.0401 5708   MMCSS - ok
13:32:41.0421 5708   Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:32:41.0471 5708   Modem - ok
13:32:41.0511 5708   monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:32:41.0551 5708   monitor - ok
13:32:41.0591 5708   mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:32:41.0611 5708   mouclass - ok
13:32:41.0641 5708   mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:32:41.0671 5708   mouhid - ok
13:32:41.0691 5708   mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
13:32:41.0711 5708   mountmgr - ok
13:32:41.0741 5708   mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
13:32:41.0771 5708   mpio - ok
13:32:41.0791 5708   mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:32:41.0851 5708   mpsdrv - ok
13:32:41.0911 5708   MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
13:32:42.0003 5708   MpsSvc - ok
13:32:42.0023 5708   MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
13:32:42.0063 5708   MRxDAV - ok
13:32:42.0093 5708   mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:32:42.0133 5708   mrxsmb - ok
13:32:42.0173 5708   mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:32:42.0243 5708   mrxsmb10 - ok
13:32:42.0263 5708   mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:32:42.0293 5708   mrxsmb20 - ok
13:32:42.0303 5708   msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
13:32:42.0333 5708   msahci - ok
13:32:42.0353 5708   msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
13:32:42.0383 5708   msdsm - ok
13:32:42.0413 5708   MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:32:42.0453 5708   MSDTC - ok
13:32:42.0473 5708   Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:32:42.0523 5708   Msfs - ok
13:32:42.0533 5708   mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:32:42.0583 5708   mshidkmdf - ok
13:32:42.0603 5708   msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
13:32:42.0633 5708   msisadrv - ok
13:32:42.0673 5708   MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:32:42.0743 5708   MSiSCSI - ok
13:32:42.0753 5708   msiserver - ok
13:32:42.0793 5708   MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:32:42.0843 5708   MSKSSRV - ok
13:32:42.0873 5708   MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:32:42.0923 5708   MSPCLOCK - ok
13:32:42.0933 5708   MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:32:42.0983 5708   MSPQM - ok
13:32:43.0013 5708   MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
13:32:43.0053 5708   MsRPC - ok
13:32:43.0083 5708   mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:32:43.0103 5708   mssmbios - ok
13:32:43.0123 5708   MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:32:43.0173 5708   MSTEE - ok
13:32:43.0193 5708   MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:32:43.0233 5708   MTConfig - ok
13:32:43.0243 5708   Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:32:43.0273 5708   Mup - ok
13:32:43.0313 5708   napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
13:32:43.0393 5708   napagent - ok
13:32:43.0433 5708   NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:32:43.0493 5708   NativeWifiP - ok
13:32:43.0533 5708   NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
13:32:43.0573 5708   NDIS - ok
13:32:43.0593 5708   NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:32:43.0643 5708   NdisCap - ok
13:32:43.0673 5708   NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:32:43.0723 5708   NdisTapi - ok
13:32:43.0743 5708   Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
13:32:43.0793 5708   Ndisuio - ok
13:32:43.0813 5708   NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:32:43.0873 5708   NdisWan - ok
13:32:43.0893 5708   NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
13:32:43.0943 5708   NDProxy - ok
13:32:44.0013 5708   Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
13:32:44.0043 5708   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:32:44.0043 5708   Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:32:44.0073 5708   NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:32:44.0133 5708   NetBIOS - ok
13:32:44.0153 5708   NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
13:32:44.0213 5708   NetBT - ok
13:32:44.0243 5708   Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:32:44.0263 5708   Netlogon - ok
13:32:44.0293 5708   Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:32:44.0353 5708   Netman - ok
13:32:44.0453 5708   NetMsmqActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:32:44.0503 5708   NetMsmqActivator - ok
13:32:44.0513 5708   NetPipeActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:32:44.0533 5708   NetPipeActivator - ok
13:32:44.0573 5708   netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:32:44.0643 5708   netprofm - ok
13:32:44.0663 5708   NetTcpActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:32:44.0673 5708   NetTcpActivator - ok
13:32:44.0683 5708   NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:32:44.0693 5708   NetTcpPortSharing - ok
13:32:44.0753 5708   nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:32:44.0793 5708   nfrd960 - ok

tek531 · « **Reply #4 on:** April 04, 2012, 11:37:35 AM »

second half

13:32:44.0833 5708   NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
13:32:44.0893 5708   NlaSvc - ok
13:32:44.0903 5708   Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:32:44.0963 5708   Npfs - ok
13:32:44.0973 5708   nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:32:45.0023 5708   nsi - ok
13:32:45.0033 5708   nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:32:45.0093 5708   nsiproxy - ok
13:32:45.0173 5708   Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
13:32:45.0293 5708   Ntfs - ok
13:32:45.0303 5708   Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:32:45.0353 5708   Null - ok
13:32:45.0693 5708   nvlddmkm (bbe872a814b00798c2d568d46c42a71b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:32:46.0333 5708   nvlddmkm - ok
13:32:46.0473 5708   nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
13:32:46.0513 5708   nvraid - ok
13:32:46.0583 5708   nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
13:32:46.0633 5708   nvstor - ok
13:32:46.0713 5708   NVSvc (0393e59488c67f704336f3ff06e2b7bd) C:\Windows\system32\nvvsvc.exe
13:32:46.0763 5708   NVSvc - ok
13:32:46.0813 5708   nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
13:32:46.0833 5708   nv_agp - ok
13:32:46.0953 5708   odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:32:47.0023 5708   odserv - ok
13:32:47.0123 5708   OEM02Dev (44a9473d72983dd484b4f1bf0d946571) C:\Windows\system32\DRIVERS\OEM02Dev.sys
13:32:47.0163 5708   OEM02Dev - ok
13:32:47.0233 5708   OEM02Vfx (766f689564bc30e5a91f8621ce65ad68) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
13:32:47.0273 5708   OEM02Vfx - ok
13:32:47.0313 5708   ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
13:32:47.0343 5708   ohci1394 - ok
13:32:47.0473 5708   ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:32:47.0523 5708   ose - ok
13:32:47.0625 5708   p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:32:47.0715 5708   p2pimsvc - ok
13:32:47.0755 5708   p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:32:47.0815 5708   p2psvc - ok
13:32:47.0855 5708   Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:32:47.0885 5708   Parport - ok
13:32:47.0915 5708   partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
13:32:47.0935 5708   partmgr - ok
13:32:47.0955 5708   PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:32:47.0995 5708   PcaSvc - ok
13:32:48.0015 5708   pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
13:32:48.0045 5708   pci - ok
13:32:48.0065 5708   pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
13:32:48.0085 5708   pciide - ok
13:32:48.0115 5708   pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:32:48.0145 5708   pcmcia - ok
13:32:48.0175 5708   pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:32:48.0195 5708   pcw - ok
13:32:48.0225 5708   PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:32:48.0305 5708   PEAUTH - ok
13:32:48.0365 5708   PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
13:32:48.0435 5708   PeerDistSvc - ok
13:32:48.0555 5708   PenCommService (edffbc067c9321d2076b3d6f33e0d4c6) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
13:32:48.0585 5708   PenCommService ( UnsignedFile.Multi.Generic ) - warning
13:32:48.0585 5708   PenCommService - detected UnsignedFile.Multi.Generic (1)
13:32:48.0665 5708   PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:32:48.0725 5708   PerfHost - ok
13:32:48.0835 5708   pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
13:32:48.0945 5708   pla - ok
13:32:49.0035 5708   PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
13:32:49.0095 5708   PlugPlay - ok
13:32:49.0195 5708   Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
13:32:49.0215 5708   Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:32:49.0215 5708   Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:32:49.0255 5708   PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:32:49.0295 5708   PNRPAutoReg - ok
13:32:49.0315 5708   PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:32:49.0335 5708   PNRPsvc - ok
13:32:49.0375 5708   PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
13:32:49.0545 5708   PolicyAgent - ok
13:32:49.0575 5708   Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:32:49.0635 5708   Power - ok
13:32:49.0685 5708   PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
13:32:49.0765 5708   PptpMiniport - ok
13:32:49.0785 5708   Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:32:49.0815 5708   Processor - ok
13:32:49.0865 5708   ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
13:32:49.0915 5708   ProfSvc - ok
13:32:49.0955 5708   ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:32:49.0975 5708   ProtectedStorage - ok
13:32:50.0015 5708   Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
13:32:50.0065 5708   Psched - ok
13:32:50.0115 5708   PulseUsb (edc3cc1d029601c8da3ff8bcfb08881f) C:\Windows\system32\DRIVERS\PulseUsb.sys
13:32:50.0145 5708   PulseUsb - ok
13:32:50.0205 5708   PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
13:32:50.0245 5708   PxHlpa64 - ok
13:32:50.0295 5708   ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:32:50.0385 5708   ql2300 - ok
13:32:50.0395 5708   ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:32:50.0425 5708   ql40xx - ok
13:32:50.0465 5708   QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:32:50.0505 5708   QWAVE - ok
13:32:50.0525 5708   QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:32:50.0565 5708   QWAVEdrv - ok
13:32:50.0585 5708   RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:32:50.0635 5708   RasAcd - ok
13:32:50.0675 5708   RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:32:50.0725 5708   RasAgileVpn - ok
13:32:50.0745 5708   RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:32:50.0795 5708   RasAuto - ok
13:32:50.0815 5708   Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:32:50.0875 5708   Rasl2tp - ok
13:32:50.0895 5708   RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
13:32:50.0955 5708   RasMan - ok
13:32:50.0995 5708   RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:32:51.0065 5708   RasPppoe - ok
13:32:51.0085 5708   RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:32:51.0135 5708   RasSstp - ok
13:32:51.0165 5708   rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
13:32:51.0225 5708   rdbss - ok
13:32:51.0245 5708   rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:32:51.0275 5708   rdpbus - ok
13:32:51.0295 5708   RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:32:51.0345 5708   RDPCDD - ok
13:32:51.0375 5708   RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
13:32:51.0415 5708   RDPDR - ok
13:32:51.0445 5708   RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:32:51.0495 5708   RDPENCDD - ok
13:32:51.0505 5708   RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:32:51.0555 5708   RDPREFMP - ok
13:32:51.0605 5708   RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
13:32:51.0635 5708   RDPWD - ok
13:32:51.0665 5708   rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
13:32:51.0695 5708   rdyboost - ok
13:32:51.0735 5708   RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:32:51.0785 5708   RemoteAccess - ok
13:32:51.0815 5708   RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:32:51.0875 5708   RemoteRegistry - ok
13:32:51.0915 5708   rimmptsk (e31960692cbb3a8bcdf300bc1d889e1f) C:\Windows\system32\DRIVERS\rimmpx64.sys
13:32:51.0975 5708   rimmptsk - ok
13:32:52.0005 5708   rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
13:32:52.0065 5708   rimsptsk - ok
13:32:52.0085 5708   rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
13:32:52.0135 5708   rismxdp - ok
13:32:52.0295 5708   RoxLiveShare10 (fded778daf09235e4580f1b9046946b6) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
13:32:52.0355 5708   RoxLiveShare10 - ok
13:32:52.0435 5708   RoxMediaDB10 (e054a2caf0e2a55c9aac0bf1ccc558a5) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
13:32:52.0535 5708   RoxMediaDB10 - ok
13:32:52.0565 5708   RoxWatch10 (c75fda9ab3314e555123673e08f9d86d) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
13:32:52.0595 5708   RoxWatch10 - ok
13:32:52.0705 5708   RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:32:52.0775 5708   RpcEptMapper - ok
13:32:52.0805 5708   RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:32:52.0835 5708   RpcLocator - ok
13:32:52.0855 5708   RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
13:32:52.0905 5708   RpcSs - ok
13:32:52.0965 5708   rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:32:53.0025 5708   rspndr - ok
13:32:53.0065 5708   s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
13:32:53.0085 5708   s3cap - ok
13:32:53.0125 5708   SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:32:53.0145 5708   SamSs - ok
13:32:53.0165 5708   sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
13:32:53.0195 5708   sbp2port - ok
13:32:53.0235 5708   SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:32:53.0295 5708   SCardSvr - ok
13:32:53.0315 5708   scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
13:32:53.0365 5708   scfilter - ok
13:32:53.0435 5708   Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
13:32:53.0515 5708   Schedule - ok
13:32:53.0545 5708   SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
13:32:53.0585 5708   SCPolicySvc - ok
13:32:53.0655 5708   sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
13:32:53.0695 5708   sdbus - ok
13:32:53.0715 5708   SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
13:32:53.0755 5708   SDRSVC - ok
13:32:53.0865 5708   SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
13:32:53.0905 5708   SeaPort - ok
13:32:54.0015 5708   secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:32:54.0085 5708   secdrv - ok
13:32:54.0115 5708   seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
13:32:54.0165 5708   seclogon - ok
13:32:54.0185 5708   SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:32:54.0235 5708   SENS - ok
13:32:54.0255 5708   SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:32:54.0285 5708   SensrSvc - ok
13:32:54.0305 5708   Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:32:54.0335 5708   Serenum - ok
13:32:54.0365 5708   Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:32:54.0395 5708   Serial - ok
13:32:54.0405 5708   sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:32:54.0435 5708   sermouse - ok
13:32:54.0465 5708   SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
13:32:54.0515 5708   SessionEnv - ok
13:32:54.0605 5708   SessionLauncher - ok
13:32:54.0655 5708   sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
13:32:54.0705 5708   sffdisk - ok
13:32:54.0725 5708   sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:32:54.0755 5708   sffp_mmc - ok
13:32:54.0775 5708   sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:32:54.0805 5708   sffp_sd - ok
13:32:54.0815 5708   sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:32:54.0845 5708   sfloppy - ok
13:32:54.0895 5708   SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:32:54.0995 5708   SharedAccess - ok
13:32:55.0025 5708   ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
13:32:55.0065 5708   ShellHWDetection - ok
13:32:55.0115 5708   SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:32:55.0155 5708   SiSRaid2 - ok
13:32:55.0175 5708   SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:32:55.0205 5708   SiSRaid4 - ok
13:32:55.0245 5708   Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:32:55.0295 5708   Smb - ok
13:32:55.0345 5708   SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:32:55.0395 5708   SNMPTRAP - ok
13:32:55.0415 5708   spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:32:55.0435 5708   spldr - ok
13:32:55.0485 5708   Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
13:32:55.0515 5708   Spooler - ok
13:32:55.0675 5708   sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
13:32:55.0755 5708   sppsvc - ok
13:32:55.0785 5708   sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:32:55.0835 5708   sppuinotify - ok
13:32:55.0915 5708   srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
13:32:55.0985 5708   srv - ok
13:32:56.0015 5708   srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
13:32:56.0055 5708   srv2 - ok
13:32:56.0095 5708   srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
13:32:56.0125 5708   srvnet - ok
13:32:56.0165 5708   SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:32:56.0215 5708   SSDPSRV - ok
13:32:56.0245 5708   SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:32:56.0305 5708   SstpSvc - ok
13:32:56.0515 5708   Stereo Service (8d01686ae82b466f4cd074f31f2942ca) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:32:56.0545 5708   Stereo Service - ok
13:32:56.0615 5708   stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:32:56.0635 5708   stexstor - ok
13:32:56.0685 5708   STHDA (e964db5400cfd56fc99cd2ab1b21213f) C:\Windows\system32\drivers\stwrt64.sys
13:32:56.0725 5708   STHDA - ok
13:32:56.0755 5708   StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
13:32:56.0785 5708   StillCam - ok
13:32:56.0825 5708   stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
13:32:56.0885 5708   stisvc - ok
13:32:56.0965 5708   stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
13:32:56.0995 5708   stllssvr - ok
13:32:57.0065 5708   storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
13:32:57.0115 5708   storflt - ok
13:32:57.0148 5708   storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
13:32:57.0167 5708   storvsc - ok
13:32:57.0197 5708   swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:32:57.0237 5708   swenum - ok
13:32:57.0277 5708   swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:32:57.0367 5708   swprv - ok
13:32:57.0437 5708   SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
13:32:57.0517 5708   SysMain - ok
13:32:57.0527 5708   TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
13:32:57.0567 5708   TabletInputService - ok
13:32:57.0587 5708   TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
13:32:57.0657 5708   TapiSrv - ok
13:32:57.0677 5708   TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:32:57.0727 5708   TBS - ok
13:32:57.0827 5708   Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
13:32:57.0927 5708   Tcpip - ok
13:32:58.0007 5708   TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
13:32:58.0057 5708   TCPIP6 - ok
13:32:58.0097 5708   tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
13:32:58.0157 5708   tcpipreg - ok
13:32:58.0177 5708   TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:32:58.0197 5708   TDPIPE - ok
13:32:58.0237 5708   TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
13:32:58.0267 5708   TDTCP - ok
13:32:58.0297 5708   tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
13:32:58.0357 5708   tdx - ok
13:32:58.0537 5708   TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
13:32:58.0597 5708   TeamViewer7 - ok
13:32:58.0627 5708   TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
13:32:58.0647 5708   TermDD - ok
13:32:58.0687 5708   TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
13:32:58.0817 5708   TermService - ok
13:32:58.0837 5708   Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:32:58.0867 5708   Themes - ok
13:32:58.0897 5708   THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:32:58.0947 5708   THREADORDER - ok
13:32:59.0027 5708   tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys
13:32:59.0057 5708   tmactmon - ok
13:32:59.0107 5708   tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys
13:32:59.0137 5708   tmcomm - ok
13:32:59.0170 5708   tmeevw (1161f882b3cfa8076870a09924e0adc2) C:\Windows\system32\DRIVERS\tmeevw.sys
13:32:59.0189 5708   tmeevw - ok
13:32:59.0229 5708   tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys
13:32:59.0259 5708   tmevtmgr - ok
13:32:59.0289 5708   tmnciesc (f0ae672ee91e7f1ef24644621b57ca7f) C:\Windows\system32\DRIVERS\tmnciesc.sys
13:32:59.0309 5708   tmnciesc - ok
13:32:59.0359 5708   tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys
13:32:59.0389 5708   tmtdi - ok
13:32:59.0429 5708   TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:32:59.0499 5708   TrkWks - ok
13:32:59.0529 5708   TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
13:32:59.0559 5708   TrustedInstaller - ok
13:32:59.0599 5708   tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:32:59.0649 5708   tssecsrv - ok
13:32:59.0689 5708   tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
13:32:59.0739 5708   tunnel - ok
13:32:59.0769 5708   uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:32:59.0789 5708   uagp35 - ok
13:32:59.0819 5708   udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
13:32:59.0879 5708   udfs - ok
13:32:59.0909 5708   UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:32:59.0939 5708   UI0Detect - ok
13:32:59.0979 5708   uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:32:59.0999 5708   uliagpkx - ok
13:33:00.0039 5708   umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
13:33:00.0069 5708   umbus - ok
13:33:00.0079 5708   UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:33:00.0099 5708   UmPass - ok
13:33:00.0149 5708   UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
13:33:00.0179 5708   UmRdpService - ok
13:33:00.0209 5708   upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:33:00.0269 5708   upnphost - ok
13:33:00.0309 5708   usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
13:33:00.0339 5708   usbccgp - ok
13:33:00.0369 5708   usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
13:33:00.0409 5708   usbcir - ok
13:33:00.0449 5708   usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
13:33:00.0499 5708   usbehci - ok
13:33:00.0539 5708   usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
13:33:00.0609 5708   usbhub - ok
13:33:00.0639 5708   usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
13:33:00.0669 5708   usbohci - ok
13:33:00.0679 5708   usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:33:00.0709 5708   usbprint - ok
13:33:00.0749 5708   USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:33:00.0779 5708   USBSTOR - ok
13:33:00.0799 5708   usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:33:00.0829 5708   usbuhci - ok
13:33:00.0879 5708   usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
13:33:00.0909 5708   usbvideo - ok
13:33:00.0939 5708   UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:33:00.0999 5708   UxSms - ok
13:33:01.0029 5708   VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:33:01.0049 5708   VaultSvc - ok
13:33:01.0089 5708   vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:33:01.0119 5708   vdrvroot - ok
13:33:01.0149 5708   vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
13:33:01.0359 5708   vds - ok
13:33:01.0409 5708   vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:33:01.0469 5708   vga - ok
13:33:01.0489 5708   VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:33:01.0539 5708   VgaSave - ok
13:33:01.0559 5708   vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
13:33:01.0589 5708   vhdmp - ok
13:33:01.0619 5708   viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
13:33:01.0639 5708   viaide - ok
13:33:01.0679 5708   vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
13:33:01.0719 5708   vmbus - ok
13:33:01.0739 5708   VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
13:33:01.0759 5708   VMBusHID - ok
13:33:01.0819 5708   VNUSB (3f63fa4a5d8a7c1b1a87e342569fba53) C:\Windows\system32\Drivers\VNUSB.sys
13:33:01.0869 5708   VNUSB - ok
13:33:01.0899 5708   volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
13:33:01.0919 5708   volmgr - ok
13:33:01.0949 5708   volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
13:33:01.0989 5708   volmgrx - ok
13:33:02.0019 5708   volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
13:33:02.0059 5708   volsnap - ok
13:33:02.0099 5708   vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:33:02.0159 5708   vsmraid - ok
13:33:02.0231 5708   VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
13:33:02.0291 5708   VSS - ok
13:33:02.0311 5708   vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:33:02.0341 5708   vwifibus - ok
13:33:02.0361 5708   vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:33:02.0401 5708   vwififlt - ok
13:33:02.0431 5708   W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:33:02.0491 5708   W32Time - ok
13:33:02.0521 5708   WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:33:02.0551 5708   WacomPen - ok
13:33:02.0591 5708   WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:02.0651 5708   WANARP - ok
13:33:02.0661 5708   Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:02.0711 5708   Wanarpv6 - ok
13:33:02.0801 5708   WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:33:02.0881 5708   WatAdminSvc - ok
13:33:02.0951 5708   wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
13:33:03.0063 5708   wbengine - ok
13:33:03.0103 5708   WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:33:03.0133 5708   WbioSrvc - ok
13:33:03.0183 5708   wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
13:33:03.0233 5708   wcncsvc - ok
13:33:03.0243 5708   WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:33:03.0273 5708   WcsPlugInService - ok
13:33:03.0313 5708   Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:33:03.0353 5708   Wd - ok
13:33:03.0392 5708   Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:33:03.0435 5708   Wdf01000 - ok
13:33:03.0465 5708   WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:33:03.0495 5708   WdiServiceHost - ok
13:33:03.0505 5708   WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:33:03.0525 5708   WdiSystemHost - ok
13:33:03.0575 5708   WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
13:33:03.0605 5708   WebClient - ok
13:33:03.0635 5708   Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:33:03.0695 5708   Wecsvc - ok
13:33:03.0705 5708   wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:33:03.0765 5708   wercplsupport - ok
13:33:03.0785 5708   WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:33:03.0835 5708   WerSvc - ok
13:33:03.0895 5708   WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:33:03.0945 5708   WfpLwf - ok
13:33:03.0965 5708   WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:33:03.0995 5708   WIMMount - ok
13:33:04.0015 5708   WinDefend - ok
13:33:04.0015 5708   WinHttpAutoProxySvc - ok
13:33:04.0105 5708   Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:33:04.0175 5708   Winmgmt - ok
13:33:04.0265 5708   WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
13:33:04.0385 5708   WinRM - ok
13:33:04.0485 5708   WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
13:33:04.0525 5708   WinUsb - ok
13:33:04.0575 5708   Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:33:04.0615 5708   Wlansvc - ok
13:33:04.0765 5708   wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:33:04.0825 5708   wlidsvc - ok
13:33:04.0855 5708   WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:33:04.0885 5708   WmiAcpi - ok
13:33:04.0935 5708   wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:33:04.0965 5708   wmiApSrv - ok
13:33:04.0995 5708   WMPNetworkSvc - ok
13:33:05.0035 5708   WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:33:05.0095 5708   WPCSvc - ok
13:33:05.0115 5708   WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
13:33:05.0145 5708   WPDBusEnum - ok
13:33:05.0195 5708   ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:33:05.0245 5708   ws2ifsl - ok
13:33:05.0295 5708   wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
13:33:05.0315 5708   wscsvc - ok
13:33:05.0325 5708   WSearch - ok
13:33:05.0425 5708   wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
13:33:05.0545 5708   wuauserv - ok
13:33:05.0645 5708   WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
13:33:05.0727 5708   WudfPf - ok
13:33:05.0747 5708   WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:33:05.0797 5708   WUDFRd - ok
13:33:05.0817 5708   wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
13:33:05.0867 5708   wudfsvc - ok
13:33:05.0897 5708   WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:33:05.0937 5708   WwanSvc - ok
13:33:05.0977 5708   yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
13:33:06.0017 5708   yukonw7 - ok
13:33:06.0027 5708   MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:33:06.0197 5708   \Device\Harddisk0\DR0 - ok
13:33:06.0207 5708   Boot (0x1200) (5d9bb7a5746a77bc2393143030c96166) \Device\Harddisk0\DR0\Partition0
13:33:06.0207 5708   \Device\Harddisk0\DR0\Partition0 - ok
13:33:06.0257 5708   Boot (0x1200) (d455dfd2782fd185d6f2f701de5bb5aa) \Device\Harddisk0\DR0\Partition1
13:33:06.0257 5708   \Device\Harddisk0\DR0\Partition1 - ok
13:33:06.0257 5708   ============================================================
13:33:06.0257 5708   Scan finished
13:33:06.0257 5708   ============================================================
13:33:06.0287 4564   Detected object count: 9
13:33:06.0287 4564   Actual detected object count: 9
13:33:20.0517 4564   Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:33:20.0517 4564   Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:33:20.0517 4564   BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:33:20.0517 4564   BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:33:20.0517 4564   EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
13:33:20.0517 4564   EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:33:20.0517 4564   hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
13:33:20.0517 4564   hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:33:20.0527 4564   hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:33:20.0527 4564   hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:33:20.0527 4564   HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
13:33:20.0527 4564   HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:33:20.0527 4564   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:33:20.0527 4564   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:33:20.0527 4564   PenCommService ( UnsignedFile.Multi.Generic ) - skipped by user
13:33:20.0527 4564   PenCommService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:33:20.0537 4564   Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:33:20.0537 4564   Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

tek531 · « **Reply #5 on:** April 04, 2012, 11:46:47 AM »

Kevin, according to TrendMicro this problem began on 3-31-2012....may be useful info

kevinf80 · « **Reply #6 on:** April 04, 2012, 01:22:45 PM »

Do you recognize this service? Netelligent Hosting Services the IP address you quoted belongs to it...

Regarding the date this all started 2012-03-31, the only reference to that date in the DDS log is C:\Users\TEKERBY\AppData\Local\Notation Does that mean anything to you?

Please visit Virustotal

Click the Browse... button
Navigate to the file C:\Windows\System32\SupportTool.exe.bat or just copy/paste it in.
Click the Scan it tab
If you get a message saying File has already been analyzed: click Reanalyze file now
Copy and paste the results back here please.

Let me see those results from VT, also do you have the log from Combofix?

Kevin

tek531 · « **Reply #7 on:** April 04, 2012, 02:12:05 PM »

No, neither one has any significance to me.... Would like the log.txt from TDSSKILLER? I failed to send it to you

tek531 · « **Reply #8 on:** April 04, 2012, 02:15:01 PM »

Kevin, where do I look for the combofix log..?

tek531 · « **Reply #9 on:** April 04, 2012, 02:16:15 PM »

COMBOfix LOG

ComboFix 12-04-03.02 - TEKERBY 04/03/2012 23:35:41.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2597 [GMT -4:00]
Running from: c:\users\TEKERBY\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Amazon.ico
c:\programdata\MercadoLivre.ico
c:\programdata\QuickStores.ico
c:\users\TEKERBY\AppData\Local\TempDIR
c:\windows\SysWow64\ccrpTmr6.dll
c:\windows\SysWow64\Cust.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-04 04:06 . 2012-04-04 04:06   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-04-04 03:11 . 2012-04-04 03:11   --------   d-----w-   c:\program files (x86)\ESET
2012-04-04 00:52 . 2011-12-10 19:24   23152   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-03-31 13:26 . 2012-03-31 13:26   --------   d-----w-   c:\users\TEKERBY\AppData\Local\Notation
2012-03-20 21:42 . 2011-11-19 18:30   5504880   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-03-20 21:42 . 2011-11-19 14:25   3957616   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2012-03-20 21:42 . 2011-11-19 14:25   3902320   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2012-03-20 20:29 . 2012-02-15 06:27   1031680   ----a-w-   c:\windows\system32\rdpcore.dll
2012-03-20 20:29 . 2012-02-15 05:44   826368   ----a-w-   c:\windows\SysWow64\rdpcore.dll
2012-03-20 20:29 . 2012-02-15 04:47   204800   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-03-20 20:29 . 2012-02-15 04:46   23552   ----a-w-   c:\windows\system32\drivers\tdtcp.sys
2012-03-06 22:12 . 2012-03-06 22:12   53248   ----a-r-   c:\users\TEKERBY\AppData\Roaming\Microsoft\Installer\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}\ARPPRODUCTICON.exe
2012-03-06 22:11 . 2012-03-06 22:13   --------   d-----w-   c:\users\TEKERBY\AppData\Roaming\Avery
2012-03-06 13:59 . 2012-03-06 13:52   67344   ----a-w-   c:\windows\system32\drivers\tmeevw.sys
2012-03-06 13:59 . 2012-03-06 13:52   210704   ----a-w-   c:\windows\system32\drivers\tmnciesc.sys
2012-03-06 13:59 . 2012-03-06 13:52   105744   ----a-w-   c:\windows\system32\drivers\tmtdi.sys
2012-03-06 13:59 . 2012-03-06 13:52   91920   ----a-w-   c:\windows\system32\drivers\tmactmon.sys
2012-03-06 13:59 . 2012-03-06 13:52   70928   ----a-w-   c:\windows\system32\drivers\tmevtmgr.sys
2012-03-06 13:59 . 2012-03-06 13:52   167696   ----a-w-   c:\windows\system32\drivers\tmcomm.sys
2012-03-06 13:56 . 2012-03-06 13:57   --------   d-----w-   c:\program files\Trend Micro
2012-03-06 13:07 . 2012-03-06 13:07   --------   d-----w-   c:\users\TEKERBY\AppData\Local\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 13:57 . 2012-03-02 16:11   56   ----a-w-   c:\windows\system32\SupportTool.exe.bat
2012-02-26 14:18 . 2011-10-25 13:23   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{124d001a-bdcb-472f-aa59-bbe7e4bc3204}"= "c:\program files (x86)\Ashampoo_US\prxtbAsha.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}]
2011-01-17 20:54   175912   ----a-w-   c:\program files (x86)\Ashampoo_US\prxtbAsha.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 20:54   175912   ----a-w-   c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{124d001a-bdcb-472f-aa59-bbe7e4bc3204}"= "c:\program files (x86)\Ashampoo_US\prxtbAsha.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AshSnap"="c:\program files (x86)\Ashampoo\Ashampoo Snap 4\ashsnap.exe" [2011-12-12 1531272]
"Copernic Desktop Search - Home"="c:\program files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe" [2011-11-22 1648600]
"Notation"="c:\users\TEKERBY\AppData\Local\Notation\qwgpalrs.dll" [2012-03-31 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"Citi Virtual Account Numbers"="c:\progra~2\VIRTUA~1\CitiVAN.exe" [2009-07-10 372736]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-05-14 244208]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DELL Webcam Manager"="c:\program files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
.
c:\users\TEKERBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files (x86)\Olympus\DeviceDetector\DevDtct2.exe [2011-7-13 118784]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-05-14 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-05-14 166384]
R2 SessionLauncher;SessionLauncher;c:\users\TEKERBY\AppData\Local\Temp\DX9\SessionLauncher.exe

R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-05-14 1120752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys

S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [2007-09-20 86016]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files (x86)\iolo\common\lib\ioloServiceManager.exe [2010-07-06 711352]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\common\lib\ioloServiceManager.exe [2010-07-06 711352]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
S2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [2011-10-27 470528]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-10-03 17152]
S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys

S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys

.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-10-16 302184]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {7B133798-FAA8-4A7E-950D-BEB35D3363AF} - hxxp://maples.homedns.org:1024/img/LinksysViewer.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SigmatelSysTrayApp - c:\program files (x86)\SigmaTel\C-Major Audio\WDM\sttray64.exe
AddRemove-{0CD8A170-E470-11DB-3D6C-00D529464AE1} - c:\program files (x86)\Notation\Uninst_Notation Musician 2.6.3
AddRemove-uPro Update 4.0 - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
c:\program files (x86)\Virtual Account Numbers\CitiVAN.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\windows\SysWOW64\OBroker.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files (x86)\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Completion time: 2012-04-04 00:41:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-04 04:41
.
Pre-Run: 257,300,037,632 bytes free
Post-Run: 258,932,445,184 bytes free
.
- - End Of File - - 9B07412511D3367EF54A4432D66410BF

tek531 · « **Reply #10 on:** April 04, 2012, 02:38:44 PM »

Kevin, The file supporttool.exe.bat will not show up using Virustotal... Windows file browser shows it, show hidden files and folders are turned on...but Virustotal cant see it...if I cut and paste it still does not work..

tek531 · « **Reply #11 on:** April 04, 2012, 02:42:15 PM »

TDSSKILLER Log.txt first half
13:32:06.0147 5068   TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
13:32:06.0457 5068   ============================================================
13:32:06.0457 5068   Current date / time: 2012/04/04 13:32:06.0457
13:32:06.0457 5068   SystemInfo:
13:32:06.0457 5068
13:32:06.0457 5068   OS Version: 6.1.7600 ServicePack: 0.0
13:32:06.0457 5068   Product type: Workstation
13:32:06.0457 5068   ComputerName: TEKERBY-PC
13:32:06.0457 5068   UserName: TEKERBY
13:32:06.0457 5068   Windows directory: C:\Windows
13:32:06.0457 5068   System windows directory: C:\Windows
13:32:06.0457 5068   Running under WOW64
13:32:06.0457 5068   Processor architecture: Intel x64
13:32:06.0457 5068   Number of processors: 2
13:32:06.0457 5068   Page size: 0x1000
13:32:06.0457 5068   Boot type: Normal boot
13:32:06.0457 5068   ============================================================
13:32:07.0947 5068   Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:32:07.0957 5068   \Device\Harddisk0\DR0:
13:32:07.0957 5068   MBR used
13:32:07.0957 5068   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:32:07.0957 5068   \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
13:32:07.0977 5068   Initialize success
13:32:07.0977 5068   ============================================================
13:32:24.0829 5708   ============================================================
13:32:24.0829 5708   Scan started
13:32:24.0829 5708   Mode: Manual; SigCheck; TDLFS;
13:32:24.0829 5708   ============================================================
13:32:25.0689 5708   1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
13:32:25.0791 5708   1394ohci - ok
13:32:25.0841 5708   ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:32:25.0871 5708   ACPI - ok
13:32:25.0901 5708   AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:32:25.0931 5708   AcpiPmi - ok
13:32:26.0011 5708   Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
13:32:26.0051 5708   Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
13:32:26.0051 5708   Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
13:32:26.0151 5708   AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:32:26.0161 5708   AdobeARMservice - ok
13:32:26.0271 5708   adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:32:26.0331 5708   adp94xx - ok
13:32:26.0381 5708   adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:32:26.0411 5708   adpahci - ok
13:32:26.0441 5708   adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:32:26.0471 5708   adpu320 - ok
13:32:26.0491 5708   AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:32:26.0541 5708   AeLookupSvc - ok
13:32:26.0631 5708   AESTFilters (05f4262fdbdfaeca7ef9b3f0807508fc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe
13:32:26.0671 5708   AESTFilters - ok
13:32:26.0721 5708   AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
13:32:26.0841 5708   AFD - ok
13:32:26.0881 5708   agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:32:26.0901 5708   agp440 - ok
13:32:26.0951 5708   ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:32:26.0971 5708   ALG - ok
13:32:27.0021 5708   aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:32:27.0061 5708   aliide - ok
13:32:27.0081 5708   amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:32:27.0101 5708   amdide - ok
13:32:27.0131 5708   AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:32:27.0161 5708   AmdK8 - ok
13:32:27.0171 5708   AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:32:27.0201 5708   AmdPPM - ok
13:32:27.0241 5708   amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
13:32:27.0271 5708   amdsata - ok
13:32:27.0291 5708   amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:32:27.0321 5708   amdsbs - ok
13:32:27.0341 5708   amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
13:32:27.0371 5708   amdxata - ok
13:32:27.0531 5708   Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
13:32:27.0591 5708   Amsp - ok
13:32:27.0701 5708   AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:32:27.0741 5708   AppID - ok
13:32:27.0781 5708   AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:32:27.0821 5708   AppIDSvc - ok
13:32:27.0861 5708   Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
13:32:27.0891 5708   Appinfo - ok
13:32:27.0981 5708   Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:32:28.0011 5708   Apple Mobile Device - ok
13:32:28.0111 5708   AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
13:32:28.0141 5708   AppMgmt - ok
13:32:28.0201 5708   arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:32:28.0251 5708   arc - ok
13:32:28.0271 5708   arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:32:28.0301 5708   arcsas - ok
13:32:28.0341 5708   AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:32:28.0391 5708   AsyncMac - ok
13:32:28.0411 5708   atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
13:32:28.0421 5708   atapi - ok
13:32:28.0471 5708   AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
13:32:28.0531 5708   AudioEndpointBuilder - ok
13:32:28.0541 5708   AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
13:32:28.0601 5708   AudioSrv - ok
13:32:28.0631 5708   AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
13:32:28.0681 5708   AxInstSV - ok
13:32:28.0731 5708   b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:32:28.0771 5708   b06bdrv - ok
13:32:28.0801 5708   b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:32:28.0841 5708   b57nd60a - ok
13:32:28.0911 5708   BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
13:32:28.0961 5708   BCM43XX - ok
13:32:29.0031 5708   BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:32:29.0061 5708   BDESVC - ok
13:32:29.0111 5708   Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:32:29.0181 5708   Beep - ok
13:32:29.0241 5708   BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
13:32:29.0331 5708   BFE - ok
13:32:29.0371 5708   BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
13:32:29.0451 5708   BITS - ok
13:32:29.0491 5708   blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:32:29.0521 5708   blbdrive - ok
13:32:29.0631 5708   Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
13:32:29.0651 5708   Bonjour Service - ok
13:32:29.0691 5708   bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
13:32:29.0731 5708   bowser - ok
13:32:29.0761 5708   BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:32:29.0781 5708   BrFiltLo - ok
13:32:29.0791 5708   BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:32:29.0821 5708   BrFiltUp - ok
13:32:29.0851 5708   BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:32:29.0911 5708   BridgeMP - ok
13:32:29.0951 5708   Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
13:32:29.0991 5708   Browser - ok
13:32:30.0021 5708   Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:32:30.0051 5708   Brserid - ok
13:32:30.0061 5708   BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:32:30.0091 5708   BrSerWdm - ok
13:32:30.0101 5708   BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:32:30.0131 5708   BrUsbMdm - ok
13:32:30.0141 5708   BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:32:30.0171 5708   BrUsbSer - ok
13:32:30.0241 5708   BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files (x86)\Browny02\BrYNSvc.exe
13:32:30.0261 5708   BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
13:32:30.0261 5708   BrYNSvc - detected UnsignedFile.Multi.Generic (1)
13:32:30.0271 5708   BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:32:30.0311 5708   BTHMODEM - ok
13:32:30.0341 5708   bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:32:30.0391 5708   bthserv - ok
13:32:30.0431 5708   catchme - ok
13:32:30.0481 5708   cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:32:30.0561 5708   cdfs - ok
13:32:30.0611 5708   cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
13:32:30.0641 5708   cdrom - ok
13:32:30.0671 5708   CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
13:32:30.0711 5708   CertPropSvc - ok
13:32:30.0751 5708   circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:32:30.0781 5708   circlass - ok
13:32:30.0811 5708   CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:32:30.0831 5708   CLFS - ok
13:32:30.0881 5708   clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:32:30.0911 5708   clr_optimization_v2.0.50727_32 - ok
13:32:30.0951 5708   clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:32:30.0981 5708   clr_optimization_v2.0.50727_64 - ok
13:32:31.0081 5708   clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:32:31.0131 5708   clr_optimization_v4.0.30319_32 - ok
13:32:31.0161 5708   clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:32:31.0181 5708   clr_optimization_v4.0.30319_64 - ok
13:32:31.0251 5708   CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:32:31.0291 5708   CmBatt - ok
13:32:31.0321 5708   cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
13:32:31.0341 5708   cmdide - ok
13:32:31.0391 5708   CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
13:32:31.0431 5708   CNG - ok
13:32:31.0461 5708   Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:32:31.0491 5708   Compbatt - ok
13:32:31.0511 5708   CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:32:31.0541 5708   CompositeBus - ok
13:32:31.0561 5708   COMSysApp - ok
13:32:31.0581 5708   crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:32:31.0601 5708   crcdisk - ok
13:32:31.0641 5708   CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
13:32:31.0691 5708   CryptSvc - ok
13:32:31.0733 5708   CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
13:32:31.0783 5708   CSC - ok
13:32:31.0803 5708   CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
13:32:31.0843 5708   CscService - ok
13:32:31.0875 5708   DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
13:32:31.0935 5708   DcomLaunch - ok
13:32:31.0977 5708   defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:32:32.0037 5708   defragsvc - ok
13:32:32.0109 5708   DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
13:32:32.0149 5708   DfsC - ok
13:32:32.0189 5708   Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
13:32:32.0229 5708   Dhcp - ok
13:32:32.0269 5708   discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:32:32.0329 5708   discache - ok
13:32:32.0361 5708   Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:32:32.0391 5708   Disk - ok
13:32:32.0441 5708   Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
13:32:32.0473 5708   Dnscache - ok
13:32:32.0515 5708   dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
13:32:32.0590 5708   dot3svc - ok
13:32:32.0613 5708   DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
13:32:32.0670 5708   DPS - ok
13:32:32.0719 5708   drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:32:32.0768 5708   drmkaud - ok
13:32:32.0831 5708   DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
13:32:32.0891 5708   DXGKrnl - ok
13:32:32.0943 5708   EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:32:33.0003 5708   EapHost - ok
13:32:33.0105 5708   ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:32:33.0473 5708   ebdrv - ok
13:32:33.0537 5708   EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
13:32:33.0557 5708   EFS - ok
13:32:33.0617 5708   ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
13:32:33.0687 5708   ehRecvr - ok
13:32:33.0707 5708   ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:32:33.0737 5708   ehSched - ok
13:32:33.0787 5708   ElRawDisk (d38a883309e04b9fbffe1aca60ea3bbf) C:\Windows\system32\drivers\ElRawDsk.sys
13:32:33.0817 5708   ElRawDisk - ok
13:32:33.0867 5708   elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:32:33.0937 5708   elxstor - ok
13:32:34.0057 5708   EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
13:32:34.0077 5708   EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
13:32:34.0077 5708   EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
13:32:34.0097 5708   ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
13:32:34.0127 5708   ErrDev - ok
13:32:34.0167 5708   EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:32:34.0227 5708   EventSystem - ok
13:32:34.0247 5708   exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:32:34.0307 5708   exfat - ok
13:32:34.0327 5708   fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:32:34.0387 5708   fastfat - ok
13:32:34.0427 5708   Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
13:32:34.0487 5708   Fax - ok
13:32:34.0497 5708   fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:32:34.0517 5708   fdc - ok
13:32:34.0537 5708   fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:32:34.0587 5708   fdPHost - ok
13:32:34.0607 5708   FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:32:34.0657 5708   FDResPub - ok
13:32:34.0677 5708   FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:32:34.0697 5708   FileInfo - ok
13:32:34.0717 5708   Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:32:34.0777 5708   Filetrace - ok
13:32:34.0787 5708   flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:32:34.0807 5708   flpydisk - ok
13:32:34.0857 5708   FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
13:32:34.0887 5708   FltMgr - ok
13:32:34.0947 5708   FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
13:32:35.0017 5708   FontCache - ok
13:32:35.0107 5708   FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:32:35.0137 5708   FontCache3.0.0.0 - ok
13:32:35.0177 5708   FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:32:35.0227 5708   FsDepends - ok
13:32:35.0237 5708   Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:32:35.0267 5708   Fs_Rec - ok
13:32:35.0337 5708   fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:32:35.0387 5708   fvevol - ok
13:32:35.0407 5708   gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:32:35.0437 5708   gagp30kx - ok
13:32:35.0487 5708   GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:32:35.0527 5708   GEARAspiWDM - ok
13:32:35.0567 5708   gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
13:32:35.0617 5708   gpsvc - ok
13:32:35.0647 5708   hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:32:35.0667 5708   hcw85cir - ok
13:32:35.0707 5708   HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
13:32:35.0757 5708   HdAudAddService - ok
13:32:35.0777 5708   HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:32:35.0807 5708   HDAudBus - ok
13:32:35.0817 5708   HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:32:35.0847 5708   HidBatt - ok
13:32:35.0857 5708   HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:32:35.0887 5708   HidBth - ok
13:32:35.0917 5708   HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:32:35.0947 5708   HidIr - ok
13:32:35.0977 5708   hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:32:36.0027 5708   hidserv - ok
13:32:36.0077 5708   HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
13:32:36.0107 5708   HidUsb - ok
13:32:36.0127 5708   hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
13:32:36.0177 5708   hkmsvc - ok
13:32:36.0197 5708   HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
13:32:36.0237 5708   HomeGroupListener - ok
13:32:36.0277 5708   HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
13:32:36.0307 5708   HomeGroupProvider - ok
13:32:36.0457 5708   hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
13:32:36.0477 5708   hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
13:32:36.0477 5708   hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
13:32:36.0497 5708   hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
13:32:36.0507 5708   hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
13:32:36.0507 5708   hpqddsvc - detected UnsignedFile.Multi.Generic (1)
13:32:36.0617 5708   HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:32:36.0657 5708   HpSAMD - ok
13:32:36.0827 5708   HPSLPSVC (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
13:32:36.0877 5708   HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
13:32:36.0877 5708   HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
13:32:36.0997 5708   HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
13:32:37.0097 5708   HTTP - ok
13:32:37.0127 5708   hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
13:32:37.0157 5708   hwpolicy - ok
13:32:37.0197 5708   i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:32:37.0247 5708   i8042prt - ok
13:32:37.0297 5708   iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
13:32:37.0357 5708   iaStorV - ok
13:32:37.0467 5708   idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:32:37.0527 5708   idsvc - ok
13:32:37.0597 5708   iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:32:37.0627 5708   iirsp - ok
13:32:37.0707 5708   IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
13:32:37.0814 5708   IKEEXT - ok
13:32:37.0829 5708   intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
13:32:37.0849 5708   intelide - ok
13:32:37.0889 5708   intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:32:37.0939 5708   intelppm - ok
13:32:38.0059 5708   IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
13:32:38.0079 5708   IntuitUpdateService - ok
13:32:38.0169 5708   IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
13:32:38.0189 5708   IntuitUpdateServiceV4 - ok
13:32:38.0269 5708   ioloFileInfoList (ca62d66d4e60e31dd89c0370b3bdaad8) C:\Program Files (x86)\iolo\common\lib\ioloServiceManager.exe
13:32:38.0319 5708   ioloFileInfoList - ok
13:32:38.0349 5708   ioloSystemService (ca62d66d4e60e31dd89c0370b3bdaad8) C:\Program Files (x86)\iolo\common\lib\ioloServiceManager.exe
13:32:38.0379 5708   ioloSystemService - ok
13:32:38.0459 5708   IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:32:38.0519 5708   IPBusEnum - ok
13:32:38.0569 5708   IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:32:38.0619 5708   IpFilterDriver - ok
13:32:38.0649 5708   iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
13:32:38.0739 5708   iphlpsvc - ok
13:32:38.0749 5708   IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:32:38.0800 5708   IPMIDRV - ok
13:32:38.0811 5708   IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:32:38.0861 5708   IPNAT - ok
13:32:38.0941 5708   iPod Service (e94503089df8976f5c4c9d5168e9765f) C:\Program Files\iPod\bin\iPodService.exe
13:32:38.0981 5708   iPod Service - ok
13:32:39.0051 5708   IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:32:39.0091 5708   IRENUM - ok
13:32:39.0181 5708   isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
13:32:39.0231 5708   isapnp - ok
13:32:39.0271 5708   iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
13:32:39.0301 5708   iScsiPrt - ok
13:32:39.0331 5708   kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:32:39.0361 5708   kbdclass - ok
13:32:39.0401 5708   kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
13:32:39.0431 5708   kbdhid - ok
13:32:39.0451 5708   KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:32:39.0471 5708   KeyIso - ok
13:32:39.0501 5708   KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
13:32:39.0521 5708   KSecDD - ok
13:32:39.0541 5708   KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
13:32:39.0571 5708   KSecPkg - ok
13:32:39.0591 5708   ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:32:39.0641 5708   ksthunk - ok
13:32:39.0691 5708   KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:32:39.0751 5708   KtmRm - ok
13:32:39.0811 5708   LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
13:32:39.0851 5708   LanmanServer - ok
13:32:39.0891 5708   LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
13:32:39.0971 5708   LanmanWorkstation - ok
13:32:40.0111 5708   Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
13:32:40.0171 5708   Lavasoft Ad-Aware Service - ok
13:32:40.0241 5708   Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
13:32:40.0281 5708   Lavasoft Kernexplorer - ok
13:32:40.0401 5708   Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
13:32:40.0441 5708   Lbd - ok
13:32:40.0541 5708   lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:32:40.0621 5708   lltdio - ok
13:32:40.0671 5708   lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:32:40.0761 5708   lltdsvc - ok
13:32:40.0781 5708   lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:32:40.0831 5708   lmhosts - ok
13:32:40.0871 5708   LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:32:40.0891 5708   LSI_FC - ok
13:32:40.0911 5708   LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:32:40.0931 5708   LSI_SAS - ok
13:32:40.0971 5708   LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:32:40.0991 5708   LSI_SAS2 - ok
13:32:41.0011 5708   LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:32:41.0041 5708   LSI_SCSI - ok
13:32:41.0071 5708   luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:32:41.0131 5708   luafv - ok
13:32:41.0161 5708   Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
13:32:41.0191 5708   Mcx2Svc - ok
13:32:41.0211 5708   megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:32:41.0231 5708   megasas - ok
13:32:41.0261 5708   MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:32:41.0291 5708   MegaSR - ok
13:32:41.0331 5708   MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:32:41.0401 5708   MMCSS - ok
13:32:41.0421 5708   Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:32:41.0471 5708   Modem - ok
13:32:41.0511 5708   monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:32:41.0551 5708   monitor - ok
13:32:41.0591 5708   mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:32:41.0611 5708   mouclass - ok
13:32:41.0641 5708   mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:32:41.0671 5708   mouhid - ok
13:32:41.0691 5708   mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
13:32:41.0711 5708   mountmgr - ok
13:32:41.0741 5708   mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
13:32:41.0771 5708   mpio - ok
13:32:41.0791 5708   mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:32:41.0851 5708   mpsdrv - ok
13:32:41.0911 5708   MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
13:32:42.0003 5708   MpsSvc - ok
13:32:42.0023 5708   MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
13:32:42.0063 5708   MRxDAV - ok
13:32:42.0093 5708   mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:32:42.0133 5708   mrxsmb - ok
13:32:42.0173 5708   mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:32:42.0243 5708   mrxsmb10 - ok
13:32:42.0263 5708   mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:32:42.0293 5708   mrxsmb20 - ok
13:32:42.0303 5708   msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
13:32:42.0333 5708   msahci - ok
13:32:42.0353 5708   msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
13:32:42.0383 5708   msdsm - ok
13:32:42.0413 5708   MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:32:42.0453 5708   MSDTC - ok
13:32:42.0473 5708   Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:32:42.0523 5708   Msfs - ok
13:32:42.0533 5708   mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:32:42.0583 5708   mshidkmdf - ok
13:32:42.0603 5708   msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
13:32:42.0633 5708   msisadrv - ok
13:32:42.0673 5708   MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:32:42.0743 5708   MSiSCSI - ok
13:32:42.0753 5708   msiserver - ok
13:32:42.0793 5708   MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:32:42.0843 5708   MSKSSRV - ok
13:32:42.0873 5708   MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:32:42.0923 5708   MSPCLOCK - ok
13:32:42.0933 5708   MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:32:42.0983 5708   MSPQM - ok
13:32:43.0013 5708   MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
13:32:43.0053 5708   MsRPC - ok
13:32:43.0083 5708   mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:32:43.0103 5708   mssmbios - ok
13:32:43.0123 5708   MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:32:43.0173 5708   MSTEE - ok
13:32:43.0193 5708   MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:32:43.0233 5708   MTConfig - ok
13:32:43.0243 5708   Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:32:43.0273 5708   Mup - ok
13:32:43.0313 5708   napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
13:32:43.0393 5708   napagent - ok
13:32:43.0433 5708   NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:32:43.0493 5708   NativeWifiP - ok
13:32:43.0533 5708   NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
13:32:43.0573 5708   NDIS - ok
13:32:43.0593 5708   NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:32:43.0643 5708   NdisCap - ok
13:32:43.0673 5708   NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:32:43.0723 5708   NdisTapi - ok
13:32:43.0743 5708   Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
13:32:43.0793 5708   Ndisuio - ok
13:32:43.0813 5708   NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:32:43.0873 5708   NdisWan - ok
13:32:43.0893 5708   NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
13:32:43.0943 5708   NDProxy - ok
13:32:44.0013 5708   Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
13:32:44.0043 5708   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:32:44.0043 5708   Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:32:44.0073 5708   NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:32:44.0133 5708   NetBIOS - ok
13:32:44.0153 5708   NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
13:32:44.0213 5708   NetBT - ok
13:32:44.0243 5708   Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:32:44.0263 5708   Netlogon - ok
13:32:44.0293 5708   Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:32:44.0353 5708   Netman - ok
13:32:44.0453 5708   NetMsmqActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:32:44.0503 5708   NetMsmqActivator - ok
13:32:44.0513 5708   NetPipeActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:32:44.0533 5708   NetPipeActivator - ok
13:32:44.0573 5708   netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:32:44.0643 5708   netprofm - ok
13:32:44.0663 5708   NetTcpActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:32:44.0673 5708   NetTcpActivator - ok
13:32:44.0683 5708   NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:32:44.0693 5708   NetTcpPortSharing - ok
13:32:44.0753 5708   nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:32:44.0793 5708   nfrd960 - ok
13:32:44.0833 5708   NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
13:32:44.0893 5708   NlaSvc - ok
13:32:44.0903 5708   Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:32:44.0963 5708   Npfs - ok
13:32:44.0973 5708   nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:32:45.0023 5708   nsi - ok
13:32:45.0033 5708   nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:32:45.0093 5708   nsiproxy - ok
13:32:45.0173 5708   Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
13:32:45.0293 5708   Ntfs - ok
13:32:45.0303 5708   Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:32:45.0353 5708   Null - ok
13:32:45.0693 5708   nvlddmkm (bbe872a814b00798c2d568d46c42a71b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:32:46.0333 5708   nvlddmkm - ok
13:32:46.0473 5708   nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

tek531 · « **Reply #12 on:** April 04, 2012, 02:45:05 PM »

second half of TDSSKILLER log.txt

13:32:46.0513 5708   nvraid - ok
13:32:46.0583 5708   nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
13:32:46.0633 5708   nvstor - ok
13:32:46.0713 5708   NVSvc (0393e59488c67f704336f3ff06e2b7bd) C:\Windows\system32\nvvsvc.exe
13:32:46.0763 5708   NVSvc - ok
13:32:46.0813 5708   nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
13:32:46.0833 5708   nv_agp - ok
13:32:46.0953 5708   odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:32:47.0023 5708   odserv - ok
13:32:47.0123 5708   OEM02Dev (44a9473d72983dd484b4f1bf0d946571) C:\Windows\system32\DRIVERS\OEM02Dev.sys
13:32:47.0163 5708   OEM02Dev - ok
13:32:47.0233 5708   OEM02Vfx (766f689564bc30e5a91f8621ce65ad68) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
13:32:47.0273 5708   OEM02Vfx - ok
13:32:47.0313 5708   ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
13:32:47.0343 5708   ohci1394 - ok
13:32:47.0473 5708   ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:32:47.0523 5708   ose - ok
13:32:47.0625 5708   p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:32:47.0715 5708   p2pimsvc - ok
13:32:47.0755 5708   p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:32:47.0815 5708   p2psvc - ok
13:32:47.0855 5708   Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:32:47.0885 5708   Parport - ok
13:32:47.0915 5708   partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
13:32:47.0935 5708   partmgr - ok
13:32:47.0955 5708   PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:32:47.0995 5708   PcaSvc - ok
13:32:48.0015 5708   pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
13:32:48.0045 5708   pci - ok
13:32:48.0065 5708   pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
13:32:48.0085 5708   pciide - ok
13:32:48.0115 5708   pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:32:48.0145 5708   pcmcia - ok
13:32:48.0175 5708   pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:32:48.0195 5708   pcw - ok
13:32:48.0225 5708   PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:32:48.0305 5708   PEAUTH - ok
13:32:48.0365 5708   PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
13:32:48.0435 5708   PeerDistSvc - ok
13:32:48.0555 5708   PenCommService (edffbc067c9321d2076b3d6f33e0d4c6) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
13:32:48.0585 5708   PenCommService ( UnsignedFile.Multi.Generic ) - warning
13:32:48.0585 5708   PenCommService - detected UnsignedFile.Multi.Generic (1)
13:32:48.0665 5708   PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:32:48.0725 5708   PerfHost - ok
13:32:48.0835 5708   pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
13:32:48.0945 5708   pla - ok
13:32:49.0035 5708   PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
13:32:49.0095 5708   PlugPlay - ok
13:32:49.0195 5708   Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
13:32:49.0215 5708   Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:32:49.0215 5708   Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:32:49.0255 5708   PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:32:49.0295 5708   PNRPAutoReg - ok
13:32:49.0315 5708   PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:32:49.0335 5708   PNRPsvc - ok
13:32:49.0375 5708   PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
13:32:49.0545 5708   PolicyAgent - ok
13:32:49.0575 5708   Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:32:49.0635 5708   Power - ok
13:32:49.0685 5708   PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
13:32:49.0765 5708   PptpMiniport - ok
13:32:49.0785 5708   Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:32:49.0815 5708   Processor - ok
13:32:49.0865 5708   ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
13:32:49.0915 5708   ProfSvc - ok
13:32:49.0955 5708   ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:32:49.0975 5708   ProtectedStorage - ok
13:32:50.0015 5708   Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
13:32:50.0065 5708   Psched - ok
13:32:50.0115 5708   PulseUsb (edc3cc1d029601c8da3ff8bcfb08881f) C:\Windows\system32\DRIVERS\PulseUsb.sys
13:32:50.0145 5708   PulseUsb - ok
13:32:50.0205 5708   PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
13:32:50.0245 5708   PxHlpa64 - ok
13:32:50.0295 5708   ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:32:50.0385 5708   ql2300 - ok
13:32:50.0395 5708   ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:32:50.0425 5708   ql40xx - ok
13:32:50.0465 5708   QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:32:50.0505 5708   QWAVE - ok
13:32:50.0525 5708   QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:32:50.0565 5708   QWAVEdrv - ok
13:32:50.0585 5708   RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:32:50.0635 5708   RasAcd - ok
13:32:50.0675 5708   RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:32:50.0725 5708   RasAgileVpn - ok
13:32:50.0745 5708   RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:32:50.0795 5708   RasAuto - ok
13:32:50.0815 5708   Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:32:50.0875 5708   Rasl2tp - ok
13:32:50.0895 5708   RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
13:32:50.0955 5708   RasMan - ok
13:32:50.0995 5708   RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:32:51.0065 5708   RasPppoe - ok
13:32:51.0085 5708   RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:32:51.0135 5708   RasSstp - ok
13:32:51.0165 5708   rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
13:32:51.0225 5708   rdbss - ok
13:32:51.0245 5708   rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:32:51.0275 5708   rdpbus - ok
13:32:51.0295 5708   RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:32:51.0345 5708   RDPCDD - ok
13:32:51.0375 5708   RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
13:32:51.0415 5708   RDPDR - ok
13:32:51.0445 5708   RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:32:51.0495 5708   RDPENCDD - ok
13:32:51.0505 5708   RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:32:51.0555 5708   RDPREFMP - ok
13:32:51.0605 5708   RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
13:32:51.0635 5708   RDPWD - ok
13:32:51.0665 5708   rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
13:32:51.0695 5708   rdyboost - ok
13:32:51.0735 5708   RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:32:51.0785 5708   RemoteAccess - ok
13:32:51.0815 5708   RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:32:51.0875 5708   RemoteRegistry - ok
13:32:51.0915 5708   rimmptsk (e31960692cbb3a8bcdf300bc1d889e1f) C:\Windows\system32\DRIVERS\rimmpx64.sys
13:32:51.0975 5708   rimmptsk - ok
13:32:52.0005 5708   rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
13:32:52.0065 5708   rimsptsk - ok
13:32:52.0085 5708   rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
13:32:52.0135 5708   rismxdp - ok
13:32:52.0295 5708   RoxLiveShare10 (fded778daf09235e4580f1b9046946b6) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
13:32:52.0355 5708   RoxLiveShare10 - ok
13:32:52.0435 5708   RoxMediaDB10 (e054a2caf0e2a55c9aac0bf1ccc558a5) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
13:32:52.0535 5708   RoxMediaDB10 - ok
13:32:52.0565 5708   RoxWatch10 (c75fda9ab3314e555123673e08f9d86d) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
13:32:52.0595 5708   RoxWatch10 - ok
13:32:52.0705 5708   RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:32:52.0775 5708   RpcEptMapper - ok
13:32:52.0805 5708   RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:32:52.0835 5708   RpcLocator - ok
13:32:52.0855 5708   RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
13:32:52.0905 5708   RpcSs - ok
13:32:52.0965 5708   rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:32:53.0025 5708   rspndr - ok
13:32:53.0065 5708   s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
13:32:53.0085 5708   s3cap - ok
13:32:53.0125 5708   SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:32:53.0145 5708   SamSs - ok
13:32:53.0165 5708   sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
13:32:53.0195 5708   sbp2port - ok
13:32:53.0235 5708   SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:32:53.0295 5708   SCardSvr - ok
13:32:53.0315 5708   scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
13:32:53.0365 5708   scfilter - ok
13:32:53.0435 5708   Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
13:32:53.0515 5708   Schedule - ok
13:32:53.0545 5708   SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
13:32:53.0585 5708   SCPolicySvc - ok
13:32:53.0655 5708   sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
13:32:53.0695 5708   sdbus - ok
13:32:53.0715 5708   SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
13:32:53.0755 5708   SDRSVC - ok
13:32:53.0865 5708   SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
13:32:53.0905 5708   SeaPort - ok
13:32:54.0015 5708   secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:32:54.0085 5708   secdrv - ok
13:32:54.0115 5708   seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
13:32:54.0165 5708   seclogon - ok
13:32:54.0185 5708   SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:32:54.0235 5708   SENS - ok
13:32:54.0255 5708   SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:32:54.0285 5708   SensrSvc - ok
13:32:54.0305 5708   Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:32:54.0335 5708   Serenum - ok
13:32:54.0365 5708   Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:32:54.0395 5708   Serial - ok
13:32:54.0405 5708   sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:32:54.0435 5708   sermouse - ok
13:32:54.0465 5708   SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
13:32:54.0515 5708   SessionEnv - ok
13:32:54.0605 5708   SessionLauncher - ok
13:32:54.0655 5708   sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
13:32:54.0705 5708   sffdisk - ok
13:32:54.0725 5708   sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:32:54.0755 5708   sffp_mmc - ok
13:32:54.0775 5708   sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:32:54.0805 5708   sffp_sd - ok
13:32:54.0815 5708   sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:32:54.0845 5708   sfloppy - ok
13:32:54.0895 5708   SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:32:54.0995 5708   SharedAccess - ok
13:32:55.0025 5708   ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
13:32:55.0065 5708   ShellHWDetection - ok
13:32:55.0115 5708   SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:32:55.0155 5708   SiSRaid2 - ok
13:32:55.0175 5708   SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:32:55.0205 5708   SiSRaid4 - ok
13:32:55.0245 5708   Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:32:55.0295 5708   Smb - ok
13:32:55.0345 5708   SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:32:55.0395 5708   SNMPTRAP - ok
13:32:55.0415 5708   spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:32:55.0435 5708   spldr - ok
13:32:55.0485 5708   Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
13:32:55.0515 5708   Spooler - ok
13:32:55.0675 5708   sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
13:32:55.0755 5708   sppsvc - ok
13:32:55.0785 5708   sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:32:55.0835 5708   sppuinotify - ok
13:32:55.0915 5708   srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
13:32:55.0985 5708   srv - ok
13:32:56.0015 5708   srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
13:32:56.0055 5708   srv2 - ok
13:32:56.0095 5708   srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
13:32:56.0125 5708   srvnet - ok
13:32:56.0165 5708   SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:32:56.0215 5708   SSDPSRV - ok
13:32:56.0245 5708   SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:32:56.0305 5708   SstpSvc - ok
13:32:56.0515 5708   Stereo Service (8d01686ae82b466f4cd074f31f2942ca) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:32:56.0545 5708   Stereo Service - ok
13:32:56.0615 5708   stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:32:56.0635 5708   stexstor - ok
13:32:56.0685 5708   STHDA (e964db5400cfd56fc99cd2ab1b21213f) C:\Windows\system32\drivers\stwrt64.sys
13:32:56.0725 5708   STHDA - ok
13:32:56.0755 5708   StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
13:32:56.0785 5708   StillCam - ok
13:32:56.0825 5708   stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
13:32:56.0885 5708   stisvc - ok
13:32:56.0965 5708   stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
13:32:56.0995 5708   stllssvr - ok
13:32:57.0065 5708   storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
13:32:57.0115 5708   storflt - ok
13:32:57.0148 5708   storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
13:32:57.0167 5708   storvsc - ok
13:32:57.0197 5708   swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:32:57.0237 5708   swenum - ok
13:32:57.0277 5708   swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:32:57.0367 5708   swprv - ok
13:32:57.0437 5708   SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
13:32:57.0517 5708   SysMain - ok
13:32:57.0527 5708   TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
13:32:57.0567 5708   TabletInputService - ok
13:32:57.0587 5708   TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
13:32:57.0657 5708   TapiSrv - ok
13:32:57.0677 5708   TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:32:57.0727 5708   TBS - ok
13:32:57.0827 5708   Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
13:32:57.0927 5708   Tcpip - ok
13:32:58.0007 5708   TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
13:32:58.0057 5708   TCPIP6 - ok
13:32:58.0097 5708   tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
13:32:58.0157 5708   tcpipreg - ok
13:32:58.0177 5708   TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:32:58.0197 5708   TDPIPE - ok
13:32:58.0237 5708   TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
13:32:58.0267 5708   TDTCP - ok
13:32:58.0297 5708   tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
13:32:58.0357 5708   tdx - ok
13:32:58.0537 5708   TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
13:32:58.0597 5708   TeamViewer7 - ok
13:32:58.0627 5708   TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
13:32:58.0647 5708   TermDD - ok
13:32:58.0687 5708   TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
13:32:58.0817 5708   TermService - ok
13:32:58.0837 5708   Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:32:58.0867 5708   Themes - ok
13:32:58.0897 5708   THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:32:58.0947 5708   THREADORDER - ok
13:32:59.0027 5708   tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys
13:32:59.0057 5708   tmactmon - ok
13:32:59.0107 5708   tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys
13:32:59.0137 5708   tmcomm - ok
13:32:59.0170 5708   tmeevw (1161f882b3cfa8076870a09924e0adc2) C:\Windows\system32\DRIVERS\tmeevw.sys
13:32:59.0189 5708   tmeevw - ok
13:32:59.0229 5708   tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys
13:32:59.0259 5708   tmevtmgr - ok
13:32:59.0289 5708   tmnciesc (f0ae672ee91e7f1ef24644621b57ca7f) C:\Windows\system32\DRIVERS\tmnciesc.sys
13:32:59.0309 5708   tmnciesc - ok
13:32:59.0359 5708   tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys
13:32:59.0389 5708   tmtdi - ok
13:32:59.0429 5708   TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:32:59.0499 5708   TrkWks - ok
13:32:59.0529 5708   TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
13:32:59.0559 5708   TrustedInstaller - ok
13:32:59.0599 5708   tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:32:59.0649 5708   tssecsrv - ok
13:32:59.0689 5708   tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
13:32:59.0739 5708   tunnel - ok
13:32:59.0769 5708   uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:32:59.0789 5708   uagp35 - ok
13:32:59.0819 5708   udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
13:32:59.0879 5708   udfs - ok
13:32:59.0909 5708   UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:32:59.0939 5708   UI0Detect - ok
13:32:59.0979 5708   uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:32:59.0999 5708   uliagpkx - ok
13:33:00.0039 5708   umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
13:33:00.0069 5708   umbus - ok
13:33:00.0079 5708   UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:33:00.0099 5708   UmPass - ok
13:33:00.0149 5708   UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
13:33:00.0179 5708   UmRdpService - ok
13:33:00.0209 5708   upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:33:00.0269 5708   upnphost - ok
13:33:00.0309 5708   usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
13:33:00.0339 5708   usbccgp - ok
13:33:00.0369 5708   usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
13:33:00.0409 5708   usbcir - ok
13:33:00.0449 5708   usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
13:33:00.0499 5708   usbehci - ok
13:33:00.0539 5708   usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
13:33:00.0609 5708   usbhub - ok
13:33:00.0639 5708   usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
13:33:00.0669 5708   usbohci - ok
13:33:00.0679 5708   usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:33:00.0709 5708   usbprint - ok
13:33:00.0749 5708   USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:33:00.0779 5708   USBSTOR - ok
13:33:00.0799 5708   usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:33:00.0829 5708   usbuhci - ok
13:33:00.0879 5708   usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
13:33:00.0909 5708   usbvideo - ok
13:33:00.0939 5708   UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:33:00.0999 5708   UxSms - ok
13:33:01.0029 5708   VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:33:01.0049 5708   VaultSvc - ok
13:33:01.0089 5708   vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:33:01.0119 5708   vdrvroot - ok
13:33:01.0149 5708   vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
13:33:01.0359 5708   vds - ok
13:33:01.0409 5708   vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:33:01.0469 5708   vga - ok
13:33:01.0489 5708   VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:33:01.0539 5708   VgaSave - ok
13:33:01.0559 5708   vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
13:33:01.0589 5708   vhdmp - ok
13:33:01.0619 5708   viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
13:33:01.0639 5708   viaide - ok
13:33:01.0679 5708   vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
13:33:01.0719 5708   vmbus - ok
13:33:01.0739 5708   VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
13:33:01.0759 5708   VMBusHID - ok
13:33:01.0819 5708   VNUSB (3f63fa4a5d8a7c1b1a87e342569fba53) C:\Windows\system32\Drivers\VNUSB.sys
13:33:01.0869 5708   VNUSB - ok
13:33:01.0899 5708   volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
13:33:01.0919 5708   volmgr - ok
13:33:01.0949 5708   volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
13:33:01.0989 5708   volmgrx - ok
13:33:02.0019 5708   volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
13:33:02.0059 5708   volsnap - ok
13:33:02.0099 5708   vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:33:02.0159 5708   vsmraid - ok
13:33:02.0231 5708   VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
13:33:02.0291 5708   VSS - ok
13:33:02.0311 5708   vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:33:02.0341 5708   vwifibus - ok
13:33:02.0361 5708   vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:33:02.0401 5708   vwififlt - ok
13:33:02.0431 5708   W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:33:02.0491 5708   W32Time - ok
13:33:02.0521 5708   WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:33:02.0551 5708   WacomPen - ok
13:33:02.0591 5708   WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:02.0651 5708   WANARP - ok
13:33:02.0661 5708   Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:02.0711 5708   Wanarpv6 - ok
13:33:02.0801 5708   WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:33:02.0881 5708   WatAdminSvc - ok
13:33:02.0951 5708   wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
13:33:03.0063 5708   wbengine - ok
13:33:03.0103 5708   WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:33:03.0133 5708   WbioSrvc - ok
13:33:03.0183 5708   wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
13:33:03.0233 5708   wcncsvc - ok
13:33:03.0243 5708   WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:33:03.0273 5708   WcsPlugInService - ok
13:33:03.0313 5708   Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:33:03.0353 5708   Wd - ok
13:33:03.0392 5708   Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:33:03.0435 5708   Wdf01000 - ok
13:33:03.0465 5708   WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:33:03.0495 5708   WdiServiceHost - ok
13:33:03.0505 5708   WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:33:03.0525 5708   WdiSystemHost - ok
13:33:03.0575 5708   WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
13:33:03.0605 5708   WebClient - ok
13:33:03.0635 5708   Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:33:03.0695 5708   Wecsvc - ok
13:33:03.0705 5708   wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:33:03.0765 5708   wercplsupport - ok
13:33:03.0785 5708   WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:33:03.0835 5708   WerSvc - ok
13:33:03.0895 5708   WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:33:03.0945 5708   WfpLwf - ok
13:33:03.0965 5708   WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:33:03.0995 5708   WIMMount - ok
13:33:04.0015 5708   WinDefend - ok
13:33:04.0015 5708   WinHttpAutoProxySvc - ok
13:33:04.0105 5708   Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:33:04.0175 5708   Winmgmt - ok
13:33:04.0265 5708   WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
13:33:04.0385 5708   WinRM - ok
13:33:04.0485 5708   WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
13:33:04.0525 5708   WinUsb - ok
13:33:04.0575 5708   Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:33:04.0615 5708   Wlansvc - ok
13:33:04.0765 5708   wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:33:04.0825 5708   wlidsvc - ok
13:33:04.0855 5708   WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:33:04.0885 5708   WmiAcpi - ok
13:33:04.0935 5708   wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:33:04.0965 5708   wmiApSrv - ok
13:33:04.0995 5708   WMPNetworkSvc - ok
13:33:05.0035 5708   WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:33:05.0095 5708   WPCSvc - ok
13:33:05.0115 5708   WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
13:33:05.0145 5708   WPDBusEnum - ok
13:33:05.0195 5708   ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:33:05.0245 5708   ws2ifsl - ok
13:33:05.0295 5708   wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
13:33:05.0315 5708   wscsvc - ok
13:33:05.0325 5708   WSearch - ok
13:33:05.0425 5708   wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
13:33:05.0545 5708   wuauserv - ok
13:33:05.0645 5708   WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
13:33:05.0727 5708   WudfPf - ok
13:33:05.0747 5708   WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:33:05.0797 5708   WUDFRd - ok
13:33:05.0817 5708   wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
13:33:05.0867 5708   wudfsvc - ok
13:33:05.0897 5708   WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:33:05.0937 5708   WwanSvc - ok
13:33:05.0977 5708   yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
13:33:06.0017 5708   yukonw7 - ok
13:33:06.0027 5708   MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:33:06.0197 5708   \Device\Harddisk0\DR0 - ok
13:33:06.0207 5708   Boot (0x1200) (5d9bb7a5746a77bc2393143030c96166) \Device\Harddisk0\DR0\Partition0
13:33:06.0207 5708   \Device\Harddisk0\DR0\Partition0 - ok
13:33:06.0257 5708   Boot (0x1200) (d455dfd2782fd185d6f2f701de5bb5aa) \Device\Harddisk0\DR0\Partition1
13:33:06.0257 5708   \Device\Harddisk0\DR0\Partition1 - ok
13:33:06.0257 5708   ============================================================
13:33:06.0257 5708   Scan finished
13:33:06.0257 5708   ============================================================
13:33:06.0287 4564   Detected object count: 9
13:33:06.0287 4564   Actual detected object count: 9
13:33:20.0517 4564   Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:33:20.0517 4564   Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:33:20.0517 4564   BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:33:20.0517 4564   BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:33:20.0517 4564   EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
13:33:20.0517 4564   EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:33:20.0517 4564   hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
13:33:20.0517 4564   hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:33:20.0527 4564   hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:33:20.0527 4564   hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:33:20.0527 4564   HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
13:33:20.0527 4564   HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:33:20.0527 4564   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:33:20.0527 4564   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:33:20.0527 4564   PenCommService ( UnsignedFile.Multi.Generic ) - skipped by user
13:33:20.0527 4564   PenCommService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:33:20.0537 4564   Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:33:20.0537 4564   Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:34:02.0129 5108   Deinitialize success

kevinf80 · « **Reply #13 on:** April 04, 2012, 02:47:35 PM »

Do you still have Combofix sitting on your Desktop, if so do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code: [Select]


KillAll::
ClearJavaCache::
Folder::
c:\program files (x86)\ConduitEngine
c:\users\TEKERBY\AppData\Local\Notation
FileLook::
c:\windows\system32\SupportTool.exe.bat
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{124d001a-bdcb-472f-aa59-bbe7e4bc3204}"=-
[-HKEY_CLASSES_ROOT\clsid\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{124d001a-bdcb-472f-aa59-bbe7e4bc3204}"=- 
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[-HKEY_CLASSES_ROOT\clsid\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}]
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Notation"=-

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Kevin

tek531 · « **Reply #14 on:** April 04, 2012, 04:20:35 PM »

combofix log

ComboFix 12-04-03.02 - TEKERBY 04/04/2012 17:34:35.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2600 [GMT -4:00]
Running from: c:\users\TEKERBY\Desktop\ComboFix.exe
Command switches used :: c:\users\TEKERBY\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ConduitEngine
c:\program files (x86)\ConduitEngine\appContextMenu.xml
c:\program files (x86)\ConduitEngine\ConduitEngine.dll
c:\program files (x86)\ConduitEngine\ConduitEngineHelper.exe
c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
c:\program files (x86)\ConduitEngine\engineContextMenu.xml
c:\program files (x86)\ConduitEngine\EngineSettings.json
c:\program files (x86)\ConduitEngine\INSTALL.LOG
c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
c:\program files (x86)\ConduitEngine\toolbar.cfg
c:\users\TEKERBY\AppData\Local\Notation
c:\users\TEKERBY\AppData\Local\Notation\qwgpalrs.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-04 21:44 . 2012-04-04 21:44   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-04-04 03:11 . 2012-04-04 03:11   --------   d-----w-   c:\program files (x86)\ESET
2012-04-04 00:52 . 2011-12-10 19:24   23152   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-03-20 21:42 . 2011-11-19 18:30   5504880   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-03-20 21:42 . 2011-11-19 14:25   3957616   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2012-03-20 21:42 . 2011-11-19 14:25   3902320   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2012-03-20 20:29 . 2012-02-15 06:27   1031680   ----a-w-   c:\windows\system32\rdpcore.dll
2012-03-20 20:29 . 2012-02-15 05:44   826368   ----a-w-   c:\windows\SysWow64\rdpcore.dll
2012-03-20 20:29 . 2012-02-15 04:47   204800   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-03-20 20:29 . 2012-02-15 04:46   23552   ----a-w-   c:\windows\system32\drivers\tdtcp.sys
2012-03-06 22:12 . 2012-03-06 22:12   53248   ----a-r-   c:\users\TEKERBY\AppData\Roaming\Microsoft\Installer\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}\ARPPRODUCTICON.exe
2012-03-06 22:11 . 2012-03-06 22:13   --------   d-----w-   c:\users\TEKERBY\AppData\Roaming\Avery
2012-03-06 13:59 . 2012-03-06 13:52   67344   ----a-w-   c:\windows\system32\drivers\tmeevw.sys
2012-03-06 13:59 . 2012-03-06 13:52   210704   ----a-w-   c:\windows\system32\drivers\tmnciesc.sys
2012-03-06 13:59 . 2012-03-06 13:52   105744   ----a-w-   c:\windows\system32\drivers\tmtdi.sys
2012-03-06 13:59 . 2012-03-06 13:52   91920   ----a-w-   c:\windows\system32\drivers\tmactmon.sys
2012-03-06 13:59 . 2012-03-06 13:52   70928   ----a-w-   c:\windows\system32\drivers\tmevtmgr.sys
2012-03-06 13:59 . 2012-03-06 13:52   167696   ----a-w-   c:\windows\system32\drivers\tmcomm.sys
2012-03-06 13:56 . 2012-03-06 13:57   --------   d-----w-   c:\program files\Trend Micro
2012-03-06 13:07 . 2012-03-06 13:07   --------   d-----w-   c:\users\TEKERBY\AppData\Local\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 13:57 . 2012-03-02 16:11   56   ----a-w-   c:\windows\system32\SupportTool.exe.bat
2012-02-26 14:18 . 2011-10-25 13:23   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\SupportTool.exe.bat ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 56
Created time: 2012-03-02 16:11
Modified time: 2012-03-06 13:57
MD5: 410451C7AE0E3CB0BD1B74C1A17C4401
SHA1: BE5632AD999EDA54C51A6516D617B529C5225916
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-04_04.09.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-04-04 14:46   16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-04 04:08   16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-04 14:46   32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-04 04:08   32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-04 04:08   32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-04 14:46   32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-08 19:42 . 2012-04-04 21:48   61620 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-04 21:48   44480 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-08 19:13 . 2012-04-04 21:48   18728 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3034884801-47229064-2838165550-1000_UserData.bin
+ 2012-04-04 21:45 . 2012-04-04 21:45   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-04 04:08 . 2012-04-04 04:08   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-04 21:45 . 2012-04-04 21:45   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-04 04:08 . 2012-04-04 04:08   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-04-04 16:44   641810 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-04 02:17   641810 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-04 02:17   113042 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-04 16:44   113042 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-04 21:45   324024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-04 04:07   324024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-13 11:58 . 2012-04-04 21:45   6467938 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3034884801-47229064-2838165550-1000-8192.dat
- 2011-05-13 11:58 . 2012-04-02 22:52   6467938 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3034884801-47229064-2838165550-1000-8192.dat
+ 2009-07-14 02:34 . 2012-04-04 04:22   10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-04-04 01:16   10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-05-12 13:23 . 2012-04-04 21:45   35096784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3034884801-47229064-2838165550-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AshSnap"="c:\program files (x86)\Ashampoo\Ashampoo Snap 4\ashsnap.exe" [2011-12-12 1531272]
"Copernic Desktop Search - Home"="c:\program files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe" [2011-11-22 1648600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"Citi Virtual Account Numbers"="c:\progra~2\VIRTUA~1\CitiVAN.exe" [2009-07-10 372736]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-05-14 244208]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DELL Webcam Manager"="c:\program files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
.
c:\users\TEKERBY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files (x86)\Olympus\DeviceDetector\DevDtct2.exe [2011-7-13 118784]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-05-14 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-05-14 166384]
R2 SessionLauncher;SessionLauncher;c:\users\TEKERBY\AppData\Local\Temp\DX9\SessionLauncher.exe

R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-05-14 1120752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys

S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [2007-09-20 86016]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files (x86)\iolo\common\lib\ioloServiceManager.exe [2010-07-06 711352]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\common\lib\ioloServiceManager.exe [2010-07-06 711352]
S2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [2011-10-27 470528]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys

S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys

.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-10-16 302184]
"SigmatelSysTrayApp"="c:\program files (x86)\SigmaTel\C-Major Audio\WDM\sttray64.exe" [BU]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {7B133798-FAA8-4A7E-950D-BEB35D3363AF} - hxxp://maples.homedns.org:1024/img/LinksysViewer.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-conduitEngine - c:\progra~2\CONDUI~1\ConduitEngineUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
c:\program files (x86)\Virtual Account Numbers\CitiVAN.exe
c:\windows\SysWOW64\OBroker.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-04-04 18:14:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-04 22:13
ComboFix2.txt 2012-04-04 04:41
.
Pre-Run: 258,715,848,704 bytes free
Post-Run: 258,506,854,400 bytes free
.
- - End Of File - - 680CCED63510FAD42BC273580373D138

News:

Author Topic: [Resolved K] Redirect to 64.15.72.104 (Read 2457 times)

tek531

[Resolved K] Redirect to 64.15.72.104

kevinf80

Re: [Resolved K] Redirect to 64.15.72.104

tek531

Re: [Resolved K] Redirect to 64.15.72.104

tek531

Re: [Resolved K] Redirect to 64.15.72.104

tek531

Re: [Resolved K] Redirect to 64.15.72.104

tek531

Re: [Resolved K] Redirect to 64.15.72.104

kevinf80

Re: [Resolved K] Redirect to 64.15.72.104

tek531

Re: [Resolved K] Redirect to 64.15.72.104

tek531

Re: [Resolved K] Redirect to 64.15.72.104

tek531

Re: [Resolved K] Redirect to 64.15.72.104

tek531

Re: [Resolved K] Redirect to 64.15.72.104

tek531

Re: [Resolved K] Redirect to 64.15.72.104

tek531

Re: [Resolved K] Redirect to 64.15.72.104

kevinf80

Re: [Resolved K] Redirect to 64.15.72.104

tek531

Re: [Resolved K] Redirect to 64.15.72.104