Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1
    Member
    Join Date
    May 2012
    Posts
    6
    Points
    0

    Default Firewall and Security Problem with Hijack this log

    Hi. I have a problem with my Firewall. I would welcome any help or suggestions. Thankyou

    -I have McAfee Antivirus Antispyware installed and turned on but it is showing up as turned off in Windows Secuirty Center even though it is turned on. However in the past it used to be recognised.
    -I have the McAfree Firewall but it won't turn on and either will the Windows Firewall.
    -When i attempt to start the Windows Firewall in Services; I get service specific code 5 and when I attmept to start the McAfee Firewall in Services; I get Error 1068.
    -System Restore is also not working.

    Attempts to solve problem:
    -I have ran full system scans on McAfee, Spybot Search and Destroy, Malware Bytes, Microsoft Safety Scanner and Avast. However they have all turned up clean.
    -I looked up Microsoft Help and found that my Base Filtering Service was missing the registry key which was then installed and the Base Filtering Service is now working.
    -Services such as "IKE and AuthIP IPsec Keying Modules", "Base Filtering Service" "IPsec Policy Agent (PolicyAgent)" were checked to be started and automatic however the "Windows Firewall" Service would not start.
    -sfc /scannow was done in command prompt and it found nothing wrong.

    I also did the Hijack scan and the log is show below:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 13:01:40, on 14/05/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Users\Gerard\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\SysWOW64\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = BBC News - Home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
    R3 - URLSearchHook: (no name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120513011723.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Gerard\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
    O4 - HKUS\S-1-5-21-3655994748-1905351683-419351754-1002\..\Run: [Google Update] "C:\Users\Gerard\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User '?')
    O4 - S-1-5-21-3655994748-1905351683-419351754-1002 Startup: Dropbox.lnk = Gerard\AppData\Roaming\Dropbox\bin\Dropbox.exe (User '?')
    O4 - S-1-5-21-3655994748-1905351683-419351754-1002 Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (User '?')
    O4 - Startup: Dropbox.lnk = Gerard\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MSAS\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
    O20 - AppInit_DLLs:
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Blue Coat Systems, Inc. - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
    O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
    O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: CNG Key Isolation (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files (x86)\WinPcap\rpcapd.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 12558 bytes

  2. #2
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    1.
    Download both the registry files

    bfe.reg

    firewall.reg

    Launch and import them to registry

    Restart your PC

    Now,open RUN and type

    regedit and click ok

    go to

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

    Right click on it-permissions

    Click on ADD and type

    Everyone and click ok

    Now Click on Everyone

    Below you have permission for users

    Select full control and click ok

    Now,open RUN and type

    services.msc and click ok

    start base filtering engine service and then windows firewall service




    2.
    Please download Farbar Service Scanner and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.



    3.
    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  3. #3
    Member
    Join Date
    May 2012
    Posts
    6
    Points
    0

    Default

    Thank you for replying. I installed both registry files. The Base Filtering Engine Service is running, however the Windows Firewall Service is still not running with specific error code 5.

    The log from the Farbar Service Scanner is below:
    Farbar Service Scanner Version: 11-05-2012
    Ran by Gerard (administrator) on 15-05-2012 at 11:58:36
    Running from "C:\Users\Gerard\AppData\Local\Temp\Temporary Internet Files\Content.IE5\9UQY5P9Y"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============
    MpsSvc Service is not running. Checking service configuration:
    The start type of MpsSvc service is OK.
    The ImagePath of MpsSvc service is OK.
    The ServiceDll of MpsSvc service is OK.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****


    The log from aswMBR is shown below:
    swMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-05-15 11:59:27
    -----------------------------
    11:59:27.099 OS Version: Windows x64 6.1.7601 Service Pack 1
    11:59:27.099 Number of processors: 2 586 0x170A
    11:59:27.099 ComputerName: FAMILY-PC UserName: Gerard
    11:59:31.685 Initialize success
    12:03:52.568 AVAST engine defs: 12051500
    12:04:07.326 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
    12:04:07.326 Disk 0 Vendor: ST3320418AS CC37 Size: 305245MB BusType: 3
    12:04:07.341 Disk 0 MBR read successfully
    12:04:07.341 Disk 0 MBR scan
    12:04:07.357 Disk 0 Windows 7 default MBR code
    12:04:07.372 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    12:04:07.372 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
    12:04:07.404 Disk 0 scanning C:\Windows\system32\drivers
    12:04:25.258 Service scanning
    12:04:45.334 Modules scanning
    12:04:45.334 Disk 0 trace - called modules:
    12:04:45.350 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
    12:04:45.365 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80027df060]
    12:04:45.865 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa800268a520]
    12:04:45.865 5 ACPI.sys[fffff88000f997a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8002679680]
    12:04:52.900 AVAST engine scan C:\Windows
    12:04:56.863 AVAST engine scan C:\Windows\system32
    12:13:43.391 AVAST engine scan C:\Windows\system32\drivers
    12:14:52.580 AVAST engine scan C:\Users\Gerard
    12:24:51.585 File: C:\Users\Gerard\AppData\Local\HPCUEAlertMgr\HPCUEAlertMgr.exe **INFECTED** Win32:Krap-AIL [Trj]
    12:43:04.398 File: C:\Users\Gerard\AppData\Local\Temp\msimg32.dll **INFECTED** Win32:ZAccess-EW [Trj]
    12:43:07.705 File: C:\Users\Gerard\AppData\Local\Temp\tempfiles.exe **INFECTED** Win32ropper-gen [Drp]
    12:44:24.036 File: C:\Users\Gerard\AppData\Local\Temp\~!#A6CC.tmp **INFECTED** Win32:Krap-AIL [Trj]
    12:45:20.133 File: C:\Users\Gerard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\16c9fc5d-29d1b73f **INFECTED** Win32ropper-gen [Drp]
    13:05:29.663 AVAST engine scan C:\ProgramData
    13:13:09.938 Scan finished successfully
    13:19:23.873 Disk 0 MBR has been saved successfully to "C:\Users\Gerard\Desktop\MBR.dat"
    13:19:23.935 The log file has been saved successfully to "C:\Users\Gerard\Desktop\aswMBR.txt"

  4. #4
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,


    It seems you are infected. We need to get your machine clean before we proceed.

    1.
    Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If TDSSKiller does not run, try renaming it.
    • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
    • Click the Start Scan button.
    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
      Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
    • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C.
    • Copy and paste the contents of that file in your next reply.


    2.
    Install Recovery Console and Run ComboFix

    This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

    Download Combofix from any of the links below, and save it to your desktop.

    Link 1
    Link 2
    • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
    • Close any open windows, including this one.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • If you did not have it installed, you will see the prompt below. Choose YES.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
    should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
    Leave your computer alone while ComboFix is running.
    ComboFix will restart your computer if malware is found; allow it to do so.


    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


    Things to include in your next reply::
    TdssKiller log
    Combofix.txt
    How is your computer doing now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  5. #5
    Member
    Join Date
    May 2012
    Posts
    6
    Points
    0

    Default

    Thanks for the reply. After both scans, the problem still remains.
    I ran TDSSKiller and no threats were found. The scan log is shown below.

    16:35:56.0994 2292 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
    16:35:57.0431 2292 ============================================================
    16:35:57.0431 2292 Current date / time: 2012/05/16 16:35:57.0431
    16:35:57.0431 2292 SystemInfo:
    16:35:57.0431 2292
    16:35:57.0431 2292 OS Version: 6.1.7601 ServicePack: 1.0
    16:35:57.0431 2292 Product type: Workstation
    16:35:57.0431 2292 ComputerName: FAMILY-PC
    16:35:57.0431 2292 UserName: Gerard
    16:35:57.0431 2292 Windows directory: C:\Windows
    16:35:57.0431 2292 System windows directory: C:\Windows
    16:35:57.0431 2292 Running under WOW64
    16:35:57.0431 2292 Processor architecture: Intel x64
    16:35:57.0431 2292 Number of processors: 2
    16:35:57.0431 2292 Page size: 0x1000
    16:35:57.0431 2292 Boot type: Normal boot
    16:35:57.0431 2292 ============================================================
    16:35:59.0693 2292 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x23DC4, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
    16:35:59.0708 2292 ============================================================
    16:35:59.0708 2292 \Device\Harddisk0\DR0:
    16:35:59.0708 2292 MBR partitions:
    16:35:59.0708 2292 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    16:35:59.0708 2292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
    16:35:59.0708 2292 ============================================================
    16:35:59.0724 2292 C: <-> \Device\Harddisk0\DR0\Partition1
    16:35:59.0724 2292 ============================================================
    16:35:59.0724 2292 Initialize success
    16:35:59.0724 2292 ============================================================
    16:36:00.0520 4572 ============================================================
    16:36:00.0520 4572 Scan started
    16:36:00.0520 4572 Mode: Manual;
    16:36:00.0520 4572 ============================================================
    16:36:01.0596 4572 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    16:36:01.0612 4572 !SASCORE - ok
    16:36:01.0721 4572 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    16:36:01.0721 4572 1394ohci - ok
    16:36:01.0768 4572 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    16:36:01.0783 4572 ACPI - ok
    16:36:01.0783 4572 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    16:36:01.0799 4572 AcpiPmi - ok
    16:36:01.0892 4572 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    16:36:01.0908 4572 AdobeARMservice - ok
    16:36:02.0064 4572 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    16:36:02.0064 4572 AdobeFlashPlayerUpdateSvc - ok
    16:36:02.0095 4572 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    16:36:02.0095 4572 adp94xx - ok
    16:36:02.0126 4572 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    16:36:02.0142 4572 adpahci - ok
    16:36:02.0158 4572 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    16:36:02.0158 4572 adpu320 - ok
    16:36:02.0189 4572 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    16:36:02.0189 4572 AeLookupSvc - ok
    16:36:02.0251 4572 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    16:36:02.0251 4572 AFD - ok
    16:36:02.0282 4572 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    16:36:02.0298 4572 agp440 - ok
    16:36:02.0314 4572 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    16:36:02.0314 4572 ALG - ok
    16:36:02.0329 4572 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    16:36:02.0329 4572 aliide - ok
    16:36:02.0329 4572 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    16:36:02.0329 4572 amdide - ok
    16:36:02.0360 4572 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    16:36:02.0360 4572 AmdK8 - ok
    16:36:02.0360 4572 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    16:36:02.0360 4572 AmdPPM - ok
    16:36:02.0407 4572 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    16:36:02.0407 4572 amdsata - ok
    16:36:02.0423 4572 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    16:36:02.0423 4572 amdsbs - ok
    16:36:02.0454 4572 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    16:36:02.0454 4572 amdxata - ok
    16:36:02.0485 4572 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    16:36:02.0485 4572 AppID - ok
    16:36:02.0516 4572 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    16:36:02.0516 4572 AppIDSvc - ok
    16:36:02.0548 4572 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    16:36:02.0548 4572 Appinfo - ok
    16:36:02.0579 4572 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    16:36:02.0594 4572 arc - ok
    16:36:02.0610 4572 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    16:36:02.0610 4572 arcsas - ok
    16:36:02.0626 4572 ASPI32 - ok
    16:36:02.0719 4572 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    16:36:02.0750 4572 aspnet_state - ok
    16:36:02.0766 4572 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    16:36:02.0782 4572 AsyncMac - ok
    16:36:02.0813 4572 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    16:36:02.0813 4572 atapi - ok
    16:36:02.0875 4572 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    16:36:02.0875 4572 AudioEndpointBuilder - ok
    16:36:02.0891 4572 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    16:36:02.0891 4572 AudioSrv - ok
    16:36:02.0922 4572 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    16:36:02.0922 4572 AxInstSV - ok
    16:36:02.0953 4572 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    16:36:02.0969 4572 b06bdrv - ok
    16:36:02.0984 4572 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    16:36:02.0984 4572 b57nd60a - ok
    16:36:03.0047 4572 bckd (795447bc205e6417fc516f2e39e5e9ab) C:\Windows\system32\drivers\bckd.sys
    16:36:03.0047 4572 bckd - ok
    16:36:03.0187 4572 bckwfs (8eaedc04e03db8d1265a29fa8d7d9872) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
    16:36:03.0203 4572 bckwfs - ok
    16:36:03.0265 4572 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    16:36:03.0265 4572 BDESVC - ok
    16:36:03.0312 4572 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    16:36:03.0312 4572 Beep - ok
    16:36:03.0374 4572 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    16:36:03.0390 4572 BFE - ok
    16:36:03.0437 4572 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
    16:36:03.0452 4572 BITS - ok
    16:36:03.0484 4572 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    16:36:03.0484 4572 blbdrive - ok
    16:36:03.0515 4572 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    16:36:03.0530 4572 bowser - ok
    16:36:03.0546 4572 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    16:36:03.0546 4572 BrFiltLo - ok
    16:36:03.0546 4572 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    16:36:03.0546 4572 BrFiltUp - ok
    16:36:03.0593 4572 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    16:36:03.0593 4572 BridgeMP - ok
    16:36:03.0624 4572 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    16:36:03.0640 4572 Browser - ok
    16:36:03.0655 4572 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    16:36:03.0655 4572 Brserid - ok
    16:36:03.0671 4572 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    16:36:03.0671 4572 BrSerWdm - ok
    16:36:03.0686 4572 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    16:36:03.0686 4572 BrUsbMdm - ok
    16:36:03.0702 4572 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    16:36:03.0702 4572 BrUsbSer - ok
    16:36:03.0718 4572 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    16:36:03.0718 4572 BTHMODEM - ok
    16:36:03.0733 4572 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    16:36:03.0749 4572 bthserv - ok
    16:36:03.0764 4572 catchme - ok
    16:36:03.0780 4572 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    16:36:03.0796 4572 cdfs - ok
    16:36:03.0827 4572 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    16:36:03.0827 4572 cdrom - ok
    16:36:03.0858 4572 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    16:36:03.0858 4572 CertPropSvc - ok
    16:36:03.0905 4572 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
    16:36:03.0905 4572 cfwids - ok
    16:36:03.0920 4572 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    16:36:03.0920 4572 circlass - ok
    16:36:03.0967 4572 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    16:36:03.0967 4572 CLFS - ok
    16:36:04.0061 4572 CLPSLS (882e3973505c441ce000133c821d0edd) C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
    16:36:04.0092 4572 CLPSLS - ok
    16:36:04.0170 4572 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    16:36:04.0170 4572 clr_optimization_v2.0.50727_32 - ok
    16:36:04.0232 4572 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    16:36:04.0248 4572 clr_optimization_v2.0.50727_64 - ok
    16:36:04.0326 4572 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    16:36:04.0435 4572 clr_optimization_v4.0.30319_32 - ok
    16:36:04.0451 4572 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    16:36:04.0482 4572 clr_optimization_v4.0.30319_64 - ok
    16:36:04.0576 4572 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    16:36:04.0576 4572 CmBatt - ok
    16:36:04.0607 4572 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    16:36:04.0607 4572 cmdide - ok
    16:36:04.0654 4572 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    16:36:04.0654 4572 CNG - ok
    16:36:04.0669 4572 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    16:36:04.0669 4572 Compbatt - ok
    16:36:04.0685 4572 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    16:36:04.0700 4572 CompositeBus - ok
    16:36:04.0700 4572 COMSysApp - ok
    16:36:04.0825 4572 CoordinatorServiceHost (20d4df9fb904cae0dacdaa86fe6466b9) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
    16:36:04.0825 4572 CoordinatorServiceHost - ok
    16:36:04.0841 4572 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    16:36:04.0841 4572 crcdisk - ok
    16:36:04.0903 4572 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
    16:36:04.0903 4572 CryptSvc - ok
    16:36:04.0966 4572 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    16:36:04.0966 4572 DcomLaunch - ok
    16:36:05.0012 4572 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    16:36:05.0012 4572 defragsvc - ok
    16:36:05.0044 4572 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    16:36:05.0044 4572 DfsC - ok
    16:36:05.0106 4572 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys
    16:36:05.0106 4572 dg_ssudbus - ok
    16:36:05.0153 4572 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    16:36:05.0168 4572 Dhcp - ok
    16:36:05.0184 4572 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    16:36:05.0184 4572 discache - ok
    16:36:05.0231 4572 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    16:36:05.0231 4572 Disk - ok
    16:36:05.0262 4572 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    16:36:05.0262 4572 Dnscache - ok
    16:36:05.0293 4572 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    16:36:05.0309 4572 dot3svc - ok
    16:36:05.0356 4572 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
    16:36:05.0356 4572 Dot4 - ok
    16:36:05.0371 4572 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    16:36:05.0387 4572 Dot4Print - ok
    16:36:05.0402 4572 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
    16:36:05.0402 4572 dot4usb - ok
    16:36:05.0449 4572 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    16:36:05.0449 4572 DPS - ok
    16:36:05.0496 4572 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    16:36:05.0496 4572 drmkaud - ok
    16:36:05.0761 4572 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    16:36:05.0761 4572 DXGKrnl - ok
    16:36:05.0886 4572 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    16:36:05.0886 4572 EapHost - ok
    16:36:06.0276 4572 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    16:36:06.0370 4572 ebdrv - ok
    16:36:06.0432 4572 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
    16:36:06.0432 4572 EFS - ok
    16:36:06.0510 4572 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    16:36:06.0510 4572 ehRecvr - ok
    16:36:06.0526 4572 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    16:36:06.0541 4572 ehSched - ok
    16:36:06.0572 4572 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    16:36:06.0588 4572 elxstor - ok
    16:36:06.0619 4572 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    16:36:06.0619 4572 ErrDev - ok
    16:36:06.0666 4572 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    16:36:06.0682 4572 EventSystem - ok
    16:36:06.0697 4572 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    16:36:06.0697 4572 exfat - ok
    16:36:06.0728 4572 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    16:36:06.0728 4572 fastfat - ok
    16:36:06.0775 4572 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    16:36:06.0791 4572 Fax - ok
    16:36:06.0806 4572 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    16:36:06.0806 4572 fdc - ok
    16:36:06.0822 4572 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    16:36:06.0822 4572 fdPHost - ok
    16:36:06.0822 4572 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    16:36:06.0822 4572 FDResPub - ok
    16:36:06.0853 4572 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    16:36:06.0853 4572 FileInfo - ok
    16:36:06.0853 4572 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    16:36:06.0853 4572 Filetrace - ok
    16:36:06.0962 4572 FLEXnet Licensing Service 64 (f1a9c61436e12a637a647870dd6d9eef) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    16:36:07.0009 4572 FLEXnet Licensing Service 64 - ok
    16:36:07.0072 4572 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    16:36:07.0072 4572 flpydisk - ok
    16:36:07.0134 4572 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    16:36:07.0134 4572 FltMgr - ok
    16:36:07.0196 4572 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    16:36:07.0243 4572 FontCache - ok
    16:36:07.0306 4572 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    16:36:07.0306 4572 FontCache3.0.0.0 - ok
    16:36:07.0321 4572 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    16:36:07.0321 4572 FsDepends - ok
    16:36:07.0337 4572 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    16:36:07.0337 4572 Fs_Rec - ok
    16:36:07.0571 4572 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    16:36:07.0586 4572 fvevol - ok
    16:36:07.0618 4572 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    16:36:07.0633 4572 gagp30kx - ok
    16:36:07.0836 4572 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    16:36:07.0836 4572 gpsvc - ok
    16:36:07.0945 4572 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    16:36:07.0945 4572 gupdate - ok
    16:36:07.0976 4572 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    16:36:07.0976 4572 gupdatem - ok
    16:36:08.0023 4572 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    16:36:08.0023 4572 hcw85cir - ok
    16:36:08.0101 4572 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    16:36:08.0101 4572 HdAudAddService - ok
    16:36:08.0132 4572 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    16:36:08.0132 4572 HDAudBus - ok
    16:36:08.0132 4572 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    16:36:08.0132 4572 HidBatt - ok
    16:36:08.0148 4572 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    16:36:08.0148 4572 HidBth - ok
    16:36:08.0164 4572 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    16:36:08.0164 4572 HidIr - ok
    16:36:08.0210 4572 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    16:36:08.0242 4572 hidserv - ok
    16:36:08.0257 4572 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    16:36:08.0257 4572 HidUsb - ok
    16:36:08.0304 4572 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    16:36:08.0304 4572 hkmsvc - ok
    16:36:08.0351 4572 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    16:36:08.0351 4572 HomeGroupListener - ok
    16:36:08.0366 4572 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    16:36:08.0382 4572 HomeGroupProvider - ok
    16:36:08.0585 4572 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    16:36:08.0600 4572 hpqcxs08 - ok
    16:36:08.0616 4572 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
    16:36:08.0616 4572 hpqddsvc - ok
    16:36:08.0647 4572 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    16:36:08.0647 4572 HpSAMD - ok
    16:36:08.0710 4572 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
    16:36:08.0725 4572 HPSLPSVC - ok
    16:36:08.0803 4572 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    16:36:08.0819 4572 HTTP - ok
    16:36:08.0866 4572 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    16:36:08.0866 4572 hwpolicy - ok
    16:36:08.0944 4572 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    16:36:08.0944 4572 i8042prt - ok
    16:36:09.0037 4572 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    16:36:09.0053 4572 iaStorV - ok
    16:36:09.0287 4572 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    16:36:09.0287 4572 IDriverT - ok
    16:36:09.0365 4572 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    16:36:09.0365 4572 idsvc - ok
    16:36:09.0614 4572 igfx (24cc43ecdeefd4c19fbbee4951b647f1) C:\Windows\system32\DRIVERS\igdkmd64.sys
    16:36:09.0724 4572 igfx - ok
    16:36:09.0817 4572 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    16:36:09.0817 4572 iirsp - ok
    16:36:09.0864 4572 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    16:36:09.0880 4572 IKEEXT - ok
    16:36:09.0911 4572 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    16:36:09.0911 4572 intelide - ok
    16:36:09.0926 4572 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    16:36:09.0926 4572 intelppm - ok
    16:36:09.0958 4572 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    16:36:09.0958 4572 IPBusEnum - ok
    16:36:10.0004 4572 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    16:36:10.0004 4572 IpFilterDriver - ok
    16:36:10.0067 4572 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    16:36:10.0082 4572 iphlpsvc - ok
    16:36:10.0114 4572 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    16:36:10.0129 4572 IPMIDRV - ok
    16:36:10.0145 4572 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    16:36:10.0145 4572 IPNAT - ok
    16:36:10.0160 4572 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    16:36:10.0160 4572 IRENUM - ok
    16:36:10.0176 4572 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    16:36:10.0176 4572 isapnp - ok
    16:36:10.0207 4572 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    16:36:10.0207 4572 iScsiPrt - ok
    16:36:10.0223 4572 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    16:36:10.0223 4572 kbdclass - ok
    16:36:10.0270 4572 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    16:36:10.0270 4572 kbdhid - ok
    16:36:10.0301 4572 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    16:36:10.0301 4572 KeyIso - ok
    16:36:10.0332 4572 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    16:36:10.0332 4572 KSecDD - ok
    16:36:10.0379 4572 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    16:36:10.0379 4572 KSecPkg - ok
    16:36:10.0394 4572 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    16:36:10.0394 4572 ksthunk - ok
    16:36:10.0441 4572 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    16:36:10.0441 4572 KtmRm - ok
    16:36:10.0488 4572 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
    16:36:10.0488 4572 LanmanServer - ok
    16:36:10.0504 4572 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    16:36:10.0504 4572 LanmanWorkstation - ok
    16:36:10.0550 4572 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    16:36:10.0550 4572 lltdio - ok
    16:36:10.0566 4572 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    16:36:10.0582 4572 lltdsvc - ok
    16:36:10.0582 4572 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    16:36:10.0582 4572 lmhosts - ok
    16:36:10.0613 4572 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    16:36:10.0613 4572 LSI_FC - ok
    16:36:10.0628 4572 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    16:36:10.0628 4572 LSI_SAS - ok
    16:36:10.0644 4572 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    16:36:10.0644 4572 LSI_SAS2 - ok
    16:36:10.0660 4572 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    16:36:10.0660 4572 LSI_SCSI - ok
    16:36:10.0675 4572 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    16:36:10.0691 4572 luafv - ok
    16:36:10.0738 4572 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
    16:36:10.0738 4572 MBAMProtector - ok
    16:36:10.0816 4572 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    16:36:10.0816 4572 MBAMService - ok
    16:36:10.0878 4572 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    16:36:10.0878 4572 McAfee SiteAdvisor Service - ok
    16:36:10.0940 4572 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    16:36:10.0940 4572 McMPFSvc - ok
    16:36:10.0956 4572 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    16:36:10.0956 4572 mcmscsvc - ok
    16:36:10.0956 4572 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    16:36:10.0956 4572 McNaiAnn - ok
    16:36:10.0987 4572 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    16:36:10.0987 4572 McNASvc - ok
    16:36:11.0065 4572 McODS (dd01bf24dd6bf70a90549f9a7bb2d1eb) C:\Program Files\McAfee\VirusScan\mcods.exe
    16:36:11.0081 4572 McODS - ok
    16:36:11.0081 4572 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    16:36:11.0081 4572 McProxy - ok
    16:36:11.0206 4572 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    16:36:11.0206 4572 McShield - ok
    16:36:11.0284 4572 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    16:36:11.0284 4572 Mcx2Svc - ok
    16:36:11.0315 4572 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    16:36:11.0315 4572 megasas - ok
    16:36:11.0330 4572 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    16:36:11.0346 4572 MegaSR - ok
    16:36:11.0408 4572 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
    16:36:11.0408 4572 mfeapfk - ok
    16:36:11.0455 4572 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
    16:36:11.0455 4572 mfeavfk - ok
    16:36:11.0471 4572 mfeavfk01 - ok
    16:36:11.0502 4572 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    16:36:11.0502 4572 mfefire - ok
    16:36:11.0533 4572 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
    16:36:11.0533 4572 mfefirek - ok
    16:36:11.0580 4572 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
    16:36:11.0580 4572 mfehidk - ok
    16:36:11.0627 4572 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
    16:36:11.0627 4572 mfenlfk - ok
    16:36:11.0642 4572 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
    16:36:11.0642 4572 mferkdet - ok
    16:36:11.0658 4572 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
    16:36:11.0674 4572 mfevtp - ok
    16:36:11.0689 4572 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
    16:36:11.0689 4572 mfewfpk - ok
    16:36:11.0720 4572 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    16:36:11.0720 4572 MMCSS - ok
    16:36:11.0767 4572 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    16:36:11.0767 4572 Modem - ok
    16:36:11.0798 4572 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    16:36:11.0798 4572 monitor - ok
    16:36:11.0845 4572 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    16:36:11.0845 4572 mouclass - ok
    16:36:11.0861 4572 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    16:36:11.0861 4572 mouhid - ok
    16:36:11.0892 4572 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    16:36:11.0892 4572 mountmgr - ok
    16:36:11.0908 4572 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    16:36:11.0923 4572 mpio - ok
    16:36:11.0939 4572 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    16:36:11.0939 4572 mpsdrv - ok
    16:36:12.0032 4572 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    16:36:12.0048 4572 MpsSvc - ok
    16:36:12.0079 4572 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    16:36:12.0079 4572 MRxDAV - ok
    16:36:12.0126 4572 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    16:36:12.0142 4572 mrxsmb - ok
    16:36:12.0173 4572 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    16:36:12.0173 4572 mrxsmb10 - ok
    16:36:12.0188 4572 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    16:36:12.0204 4572 mrxsmb20 - ok
    16:36:12.0235 4572 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    16:36:12.0235 4572 msahci - ok
    16:36:12.0266 4572 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    16:36:12.0266 4572 msdsm - ok
    16:36:12.0298 4572 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    16:36:12.0298 4572 MSDTC - ok
    16:36:12.0344 4572 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    16:36:12.0344 4572 Msfs - ok
    16:36:12.0360 4572 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    16:36:12.0360 4572 mshidkmdf - ok
    16:36:12.0376 4572 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    16:36:12.0376 4572 msisadrv - ok
    16:36:12.0407 4572 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    16:36:12.0407 4572 MSiSCSI - ok
    16:36:12.0407 4572 msiserver - ok
    16:36:12.0454 4572 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    16:36:12.0454 4572 MSKSSRV - ok
    16:36:12.0469 4572 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    16:36:12.0485 4572 MSPCLOCK - ok
    16:36:12.0500 4572 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    16:36:12.0500 4572 MSPQM - ok
    16:36:12.0547 4572 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    16:36:12.0547 4572 MsRPC - ok
    16:36:12.0594 4572 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    16:36:12.0594 4572 mssmbios - ok
    16:36:12.0610 4572 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    16:36:12.0610 4572 MSTEE - ok
    16:36:12.0625 4572 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    16:36:12.0625 4572 MTConfig - ok
    16:36:12.0656 4572 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
    16:36:12.0656 4572 MTsensor - ok
    16:36:12.0672 4572 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    16:36:12.0672 4572 Mup - ok
    16:36:12.0719 4572 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    16:36:12.0734 4572 napagent - ok
    16:36:12.0750 4572 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    16:36:12.0766 4572 NativeWifiP - ok
    16:36:12.0797 4572 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    16:36:12.0812 4572 NDIS - ok
    16:36:12.0828 4572 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    16:36:12.0828 4572 NdisCap - ok
    16:36:12.0859 4572 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    16:36:12.0859 4572 NdisTapi - ok
    16:36:12.0890 4572 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    16:36:12.0890 4572 Ndisuio - ok
    16:36:12.0922 4572 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    16:36:12.0922 4572 NdisWan - ok
    16:36:12.0953 4572 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    16:36:12.0953 4572 NDProxy - ok
    16:36:13.0062 4572 Nero BackItUp Scheduler 3 (40d7d0a208ee863bca8d89e299216f15) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
    16:36:13.0093 4572 Nero BackItUp Scheduler 3 - ok
    16:36:13.0140 4572 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
    16:36:13.0140 4572 Net Driver HPZ12 - ok
    16:36:13.0156 4572 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    16:36:13.0156 4572 NetBIOS - ok
    16:36:13.0202 4572 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    16:36:13.0202 4572 NetBT - ok
    16:36:13.0218 4572 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    16:36:13.0218 4572 Netlogon - ok
    16:36:13.0249 4572 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    16:36:13.0249 4572 Netman - ok
    16:36:13.0358 4572 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:36:13.0390 4572 NetMsmqActivator - ok
    16:36:13.0390 4572 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:36:13.0390 4572 NetPipeActivator - ok
    16:36:13.0421 4572 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    16:36:13.0421 4572 netprofm - ok
    16:36:13.0436 4572 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:36:13.0436 4572 NetTcpActivator - ok
    16:36:13.0436 4572 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:36:13.0436 4572 NetTcpPortSharing - ok
    16:36:13.0499 4572 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    16:36:13.0499 4572 nfrd960 - ok
    16:36:13.0530 4572 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    16:36:13.0530 4572 NlaSvc - ok
    16:36:13.0608 4572 NMIndexingService (eba1b4bf2e2375abdadedb649f283541) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
    16:36:13.0624 4572 NMIndexingService - ok
    16:36:13.0639 4572 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    16:36:13.0639 4572 Npfs - ok
    16:36:13.0686 4572 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    16:36:13.0686 4572 nsi - ok
    16:36:13.0702 4572 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    16:36:13.0717 4572 nsiproxy - ok
    16:36:13.0795 4572 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    16:36:13.0826 4572 Ntfs - ok
    16:36:13.0889 4572 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    16:36:13.0889 4572 Null - ok
    16:36:13.0936 4572 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    16:36:13.0936 4572 nvraid - ok
    16:36:13.0982 4572 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    16:36:13.0998 4572 nvstor - ok
    16:36:14.0029 4572 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    16:36:14.0029 4572 nv_agp - ok
    16:36:14.0045 4572 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    16:36:14.0045 4572 ohci1394 - ok
    16:36:14.0123 4572 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    16:36:14.0123 4572 ose - ok
    16:36:14.0154 4572 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    16:36:14.0154 4572 p2pimsvc - ok
    16:36:14.0185 4572 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    16:36:14.0185 4572 p2psvc - ok
    16:36:14.0201 4572 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    16:36:14.0216 4572 Parport - ok
    16:36:14.0248 4572 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    16:36:14.0248 4572 partmgr - ok
    16:36:14.0263 4572 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    16:36:14.0263 4572 PcaSvc - ok
    16:36:14.0310 4572 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    16:36:14.0310 4572 pci - ok
    16:36:14.0326 4572 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    16:36:14.0326 4572 pciide - ok
    16:36:14.0341 4572 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    16:36:14.0357 4572 pcmcia - ok
    16:36:14.0357 4572 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    16:36:14.0357 4572 pcw - ok
    16:36:14.0388 4572 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    16:36:14.0404 4572 PEAUTH - ok
    16:36:14.0466 4572 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    16:36:14.0466 4572 PerfHost - ok
    16:36:14.0544 4572 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    16:36:14.0575 4572 pla - ok
    16:36:14.0622 4572 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\SysWOW64\IoctlSvc.exe
    16:36:14.0622 4572 PLFlash DeviceIoControl Service - ok
    16:36:14.0700 4572 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    16:36:14.0716 4572 PlugPlay - ok
    16:36:14.0762 4572 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
    16:36:14.0762 4572 Pml Driver HPZ12 - ok
    16:36:14.0794 4572 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    16:36:14.0794 4572 PNRPAutoReg - ok
    16:36:14.0825 4572 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    16:36:14.0825 4572 PNRPsvc - ok
    16:36:14.0887 4572 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    16:36:14.0903 4572 PolicyAgent - ok
    16:36:14.0934 4572 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    16:36:14.0934 4572 Power - ok
    16:36:14.0981 4572 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    16:36:14.0981 4572 PptpMiniport - ok
    16:36:15.0012 4572 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    16:36:15.0012 4572 Processor - ok
    16:36:15.0043 4572 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
    16:36:15.0059 4572 ProfSvc - ok
    16:36:15.0074 4572 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    16:36:15.0074 4572 ProtectedStorage - ok
    16:36:15.0121 4572 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    16:36:15.0121 4572 Psched - ok
    16:36:15.0168 4572 PSSDK42 (cd33cb6fecf65520466f95ab89cc4af5) C:\Windows\system32\Drivers\pssdk42.sys
    16:36:15.0168 4572 PSSDK42 - ok
    16:36:15.0184 4572 PSSDKLBF (07a3500cf1c3325568d1b85683ce4517) C:\Windows\system32\Drivers\pssdklbf.sys
    16:36:15.0184 4572 PSSDKLBF - ok
    16:36:15.0230 4572 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    16:36:15.0277 4572 ql2300 - ok
    16:36:15.0340 4572 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    16:36:15.0340 4572 ql40xx - ok
    16:36:15.0371 4572 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    16:36:15.0371 4572 QWAVE - ok
    16:36:15.0371 4572 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    16:36:15.0386 4572 QWAVEdrv - ok
    16:36:15.0402 4572 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    16:36:15.0402 4572 RasAcd - ok
    16:36:15.0433 4572 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    16:36:15.0433 4572 RasAgileVpn - ok
    16:36:15.0449 4572 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    16:36:15.0464 4572 RasAuto - ok
    16:36:15.0496 4572 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    16:36:15.0496 4572 Rasl2tp - ok
    16:36:15.0542 4572 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    16:36:15.0542 4572 RasMan - ok
    16:36:15.0574 4572 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    16:36:15.0574 4572 RasPppoe - ok
    16:36:15.0574 4572 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    16:36:15.0574 4572 RasSstp - ok
    16:36:15.0620 4572 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    16:36:15.0620 4572 rdbss - ok
    16:36:15.0636 4572 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    16:36:15.0636 4572 rdpbus - ok
    16:36:15.0652 4572 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    16:36:15.0652 4572 RDPCDD - ok
    16:36:15.0667 4572 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    16:36:15.0667 4572 RDPENCDD - ok
    16:36:15.0683 4572 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    16:36:15.0698 4572 RDPREFMP - ok
    16:36:15.0730 4572 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    16:36:15.0730 4572 RDPWD - ok
    16:36:15.0761 4572 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    16:36:15.0761 4572 rdyboost - ok
    16:36:15.0792 4572 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    16:36:15.0792 4572 RemoteAccess - ok
    16:36:15.0808 4572 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    16:36:15.0808 4572 RemoteRegistry - ok
    16:36:15.0839 4572 RimUsb - ok
    16:36:15.0870 4572 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
    16:36:15.0870 4572 RimVSerPort - ok
    16:36:15.0901 4572 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
    16:36:15.0901 4572 ROOTMODEM - ok
    16:36:15.0964 4572 RoxLiveShare9 - ok
    16:36:15.0979 4572 rpcapd - ok
    16:36:16.0010 4572 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    16:36:16.0010 4572 RpcEptMapper - ok
    16:36:16.0026 4572 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    16:36:16.0026 4572 RpcLocator - ok
    16:36:16.0073 4572 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    16:36:16.0073 4572 RpcSs - ok
    16:36:16.0088 4572 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    16:36:16.0104 4572 rspndr - ok
    16:36:16.0151 4572 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
    16:36:16.0151 4572 RTL8167 - ok
    16:36:16.0166 4572 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    16:36:16.0166 4572 SamSs - ok
    16:36:16.0213 4572 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    16:36:16.0213 4572 SASDIFSV - ok
    16:36:16.0229 4572 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    16:36:16.0229 4572 SASKUTIL - ok
    16:36:16.0260 4572 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    16:36:16.0260 4572 sbp2port - ok
    16:36:16.0291 4572 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    16:36:16.0291 4572 SCardSvr - ok
    16:36:16.0322 4572 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    16:36:16.0322 4572 scfilter - ok
    16:36:16.0385 4572 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    16:36:16.0416 4572 Schedule - ok
    16:36:16.0463 4572 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    16:36:16.0463 4572 SCPolicySvc - ok
    16:36:16.0510 4572 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    16:36:16.0510 4572 SDRSVC - ok
    16:36:16.0541 4572 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    16:36:16.0541 4572 secdrv - ok
    16:36:16.0541 4572 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    16:36:16.0556 4572 seclogon - ok
    16:36:16.0588 4572 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    16:36:16.0603 4572 SENS - ok
    16:36:16.0619 4572 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    16:36:16.0619 4572 SensrSvc - ok
    16:36:16.0634 4572 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    16:36:16.0634 4572 Serenum - ok
    16:36:16.0650 4572 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    16:36:16.0650 4572 Serial - ok
    16:36:16.0681 4572 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    16:36:16.0697 4572 sermouse - ok
    16:36:16.0744 4572 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    16:36:16.0744 4572 SessionEnv - ok
    16:36:16.0790 4572 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    16:36:16.0790 4572 sffdisk - ok
    16:36:16.0806 4572 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    16:36:16.0806 4572 sffp_mmc - ok
    16:36:16.0822 4572 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    16:36:16.0822 4572 sffp_sd - ok
    16:36:16.0837 4572 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    16:36:16.0837 4572 sfloppy - ok
    16:36:16.0868 4572 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    16:36:16.0884 4572 SharedAccess - ok
    16:36:16.0931 4572 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    16:36:16.0931 4572 ShellHWDetection - ok
    16:36:16.0946 4572 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    16:36:16.0946 4572 SiSRaid2 - ok
    16:36:16.0962 4572 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    16:36:16.0962 4572 SiSRaid4 - ok
    16:36:16.0978 4572 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    16:36:16.0978 4572 Smb - ok
    16:36:17.0040 4572 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    16:36:17.0056 4572 SNMPTRAP - ok
    16:36:17.0134 4572 SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
    16:36:17.0149 4572 SolidWorks Licensing Service - ok
    16:36:17.0149 4572 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    16:36:17.0165 4572 spldr - ok
    16:36:17.0196 4572 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    16:36:17.0212 4572 Spooler - ok
    16:36:17.0336 4572 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    16:36:17.0383 4572 sppsvc - ok
    16:36:17.0461 4572 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    16:36:17.0477 4572 sppuinotify - ok
    16:36:17.0524 4572 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    16:36:17.0539 4572 srv - ok
    16:36:17.0555 4572 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    16:36:17.0570 4572 srv2 - ok
    16:36:17.0570 4572 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    16:36:17.0586 4572 srvnet - ok
    16:36:17.0648 4572 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
    16:36:17.0648 4572 ssadbus - ok
    16:36:17.0680 4572 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
    16:36:17.0695 4572 ssadmdfl - ok
    16:36:17.0711 4572 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
    16:36:17.0711 4572 ssadmdm - ok
    16:36:17.0758 4572 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
    16:36:17.0773 4572 sscdbus - ok
    16:36:17.0804 4572 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    16:36:17.0804 4572 SSDPSRV - ok
    16:36:17.0804 4572 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    16:36:17.0820 4572 SstpSvc - ok
    16:36:17.0851 4572 ssudmdm (ad42ca614e086bcadbd53fffc404ac24) C:\Windows\system32\DRIVERS\ssudmdm.sys
    16:36:17.0867 4572 ssudmdm - ok
    16:36:17.0898 4572 ssudobex (a23bc4049f6a1820bc82eab492950890) C:\Windows\system32\DRIVERS\ssudobex.sys
    16:36:17.0898 4572 ssudobex - ok
    16:36:17.0929 4572 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    16:36:17.0929 4572 stexstor - ok
    16:36:17.0992 4572 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    16:36:18.0007 4572 stisvc - ok
    16:36:18.0054 4572 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    16:36:18.0054 4572 swenum - ok
    16:36:18.0085 4572 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    16:36:18.0085 4572 swprv - ok
    16:36:18.0163 4572 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    16:36:18.0194 4572 SysMain - ok
    16:36:18.0288 4572 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    16:36:18.0288 4572 TabletInputService - ok
    16:36:18.0304 4572 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    16:36:18.0319 4572 TapiSrv - ok
    16:36:18.0335 4572 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    16:36:18.0335 4572 TBS - ok
    16:36:18.0444 4572 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    16:36:18.0475 4572 Tcpip - ok
    16:36:18.0584 4572 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    16:36:18.0600 4572 TCPIP6 - ok
    16:36:18.0662 4572 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    16:36:18.0662 4572 tcpipreg - ok
    16:36:18.0709 4572 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    16:36:18.0709 4572 TDPIPE - ok
    16:36:18.0725 4572 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    16:36:18.0725 4572 TDTCP - ok
    16:36:18.0772 4572 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    16:36:18.0772 4572 tdx - ok
    16:36:18.0818 4572 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    16:36:18.0834 4572 TermDD - ok
    16:36:18.0865 4572 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    16:36:18.0865 4572 TermService - ok
    16:36:18.0896 4572 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    16:36:18.0896 4572 Themes - ok
    16:36:18.0912 4572 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    16:36:18.0912 4572 THREADORDER - ok
    16:36:18.0943 4572 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    16:36:18.0943 4572 TrkWks - ok
    16:36:18.0990 4572 truecrypt (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys
    16:36:19.0006 4572 truecrypt - ok
    16:36:19.0068 4572 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    16:36:19.0068 4572 TrustedInstaller - ok
    16:36:19.0115 4572 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    16:36:19.0115 4572 tssecsrv - ok
    16:36:19.0162 4572 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    16:36:19.0177 4572 TsUsbFlt - ok
    16:36:19.0208 4572 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    16:36:19.0208 4572 tunnel - ok
    16:36:19.0224 4572 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    16:36:19.0224 4572 uagp35 - ok
    16:36:19.0271 4572 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    16:36:19.0271 4572 udfs - ok
    16:36:19.0302 4572 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    16:36:19.0302 4572 UI0Detect - ok
    16:36:19.0349 4572 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    16:36:19.0349 4572 uliagpkx - ok
    16:36:19.0364 4572 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    16:36:19.0364 4572 umbus - ok
    16:36:19.0364 4572 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    16:36:19.0364 4572 UmPass - ok
    16:36:19.0396 4572 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    16:36:19.0396 4572 upnphost - ok
    16:36:19.0442 4572 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    16:36:19.0442 4572 usbccgp - ok
    16:36:19.0474 4572 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    16:36:19.0489 4572 usbcir - ok
    16:36:19.0505 4572 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    16:36:19.0505 4572 usbehci - ok
    16:36:19.0552 4572 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    16:36:19.0552 4572 usbhub - ok
    16:36:19.0567 4572 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    16:36:19.0567 4572 usbohci - ok
    16:36:19.0583 4572 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    16:36:19.0583 4572 usbprint - ok
    16:36:19.0614 4572 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    16:36:19.0614 4572 usbscan - ok
    16:36:19.0645 4572 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    16:36:19.0645 4572 USBSTOR - ok
    16:36:19.0661 4572 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
    16:36:19.0661 4572 usbuhci - ok
    16:36:19.0754 4572 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    16:36:19.0754 4572 usbvideo - ok
    16:36:19.0770 4572 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    16:36:19.0770 4572 UxSms - ok
    16:36:19.0801 4572 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    16:36:19.0801 4572 VaultSvc - ok
    16:36:19.0817 4572 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    16:36:19.0817 4572 vdrvroot - ok
    16:36:19.0864 4572 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    16:36:19.0879 4572 vds - ok
    16:36:19.0895 4572 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    16:36:19.0895 4572 vga - ok
    16:36:19.0910 4572 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    16:36:19.0910 4572 VgaSave - ok
    16:36:19.0942 4572 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    16:36:19.0942 4572 vhdmp - ok
    16:36:20.0020 4572 VIAHdAudAddService (db88ca4f876c7dcaeec29bab9e31ffc1) C:\Windows\system32\drivers\viahduaa.sys
    16:36:20.0051 4572 VIAHdAudAddService - ok
    16:36:20.0066 4572 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    16:36:20.0066 4572 viaide - ok
    16:36:20.0082 4572 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    16:36:20.0082 4572 volmgr - ok
    16:36:20.0144 4572 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    16:36:20.0144 4572 volmgrx - ok
    16:36:20.0160 4572 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    16:36:20.0176 4572 volsnap - ok
    16:36:20.0191 4572 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    16:36:20.0191 4572 vsmraid - ok
    16:36:20.0269 4572 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    16:36:20.0300 4572 VSS - ok
    16:36:20.0363 4572 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    16:36:20.0363 4572 vwifibus - ok
    16:36:20.0394 4572 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    16:36:20.0410 4572 W32Time - ok
    16:36:20.0441 4572 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    16:36:20.0441 4572 WacomPen - ok
    16:36:20.0472 4572 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    16:36:20.0472 4572 WANARP - ok
    16:36:20.0472 4572 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    16:36:20.0472 4572 Wanarpv6 - ok
    16:36:20.0550 4572 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    16:36:20.0612 4572 WatAdminSvc - ok
    16:36:20.0675 4572 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    16:36:20.0706 4572 wbengine - ok
    16:36:20.0784 4572 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    16:36:20.0784 4572 WbioSrvc - ok
    16:36:20.0831 4572 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    16:36:20.0831 4572 wcncsvc - ok
    16:36:20.0846 4572 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    16:36:20.0846 4572 WcsPlugInService - ok
    16:36:20.0862 4572 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    16:36:20.0878 4572 Wd - ok
    16:36:20.0987 4572 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    16:36:21.0034 4572 Wdf01000 - ok
    16:36:21.0049 4572 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    16:36:21.0049 4572 WdiServiceHost - ok
    16:36:21.0065 4572 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    16:36:21.0065 4572 WdiSystemHost - ok
    16:36:21.0112 4572 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    16:36:21.0112 4572 WebClient - ok
    16:36:21.0143 4572 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    16:36:21.0143 4572 Wecsvc - ok
    16:36:21.0158 4572 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    16:36:21.0158 4572 wercplsupport - ok
    16:36:21.0174 4572 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    16:36:21.0174 4572 WerSvc - ok
    16:36:21.0221 4572 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    16:36:21.0221 4572 WfpLwf - ok
    16:36:21.0236 4572 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    16:36:21.0236 4572 WIMMount - ok
    16:36:21.0268 4572 WinDefend - ok
    16:36:21.0299 4572 WinHttpAutoProxySvc - ok
    16:36:21.0361 4572 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    16:36:21.0361 4572 Winmgmt - ok
    16:36:21.0455 4572 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    16:36:21.0486 4572 WinRM - ok
    16:36:21.0595 4572 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    16:36:21.0595 4572 WinUsb - ok
    16:36:21.0642 4572 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    16:36:21.0642 4572 Wlansvc - ok
    16:36:21.0782 4572 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    16:36:21.0798 4572 wlidsvc - ok
    16:36:21.0876 4572 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    16:36:21.0876 4572 WmiAcpi - ok
    16:36:21.0923 4572 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    16:36:21.0938 4572 wmiApSrv - ok
    16:36:21.0954 4572 WMPNetworkSvc - ok
    16:36:21.0985 4572 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    16:36:21.0985 4572 WPCSvc - ok
    16:36:22.0032 4572 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    16:36:22.0032 4572 WPDBusEnum - ok
    16:36:22.0048 4572 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    16:36:22.0048 4572 ws2ifsl - ok
    16:36:22.0079 4572 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
    16:36:22.0094 4572 wscsvc - ok
    16:36:22.0141 4572 WSearch - ok
    16:36:22.0422 4572 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
    16:36:22.0469 4572 wuauserv - ok
    16:36:22.0547 4572 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    16:36:22.0547 4572 WudfPf - ok
    16:36:22.0578 4572 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    16:36:22.0578 4572 WUDFRd - ok
    16:36:22.0625 4572 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    16:36:22.0625 4572 wudfsvc - ok
    16:36:22.0656 4572 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    16:36:22.0656 4572 WwanSvc - ok
    16:36:22.0672 4572 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    16:36:23.0030 4572 \Device\Harddisk0\DR0 - ok
    16:36:23.0062 4572 Boot (0x1200) (7e8d243e342dce7917dfdea2418a3ab9) \Device\Harddisk0\DR0\Partition0
    16:36:23.0062 4572 \Device\Harddisk0\DR0\Partition0 - ok
    16:36:23.0077 4572 Boot (0x1200) (1709898ee001f0b4374a3f3442972263) \Device\Harddisk0\DR0\Partition1
    16:36:23.0077 4572 \Device\Harddisk0\DR0\Partition1 - ok
    16:36:23.0077 4572 ============================================================
    16:36:23.0077 4572 Scan finished
    16:36:23.0077 4572 ============================================================
    16:36:23.0093 1692 Detected object count: 0
    16:36:23.0093 1692 Actual detected object count: 0

    I ran Combofix and this is the log
    ComboFix 12-05-16.01 - Gerard 16/05/2012 16:07:01.3.2 - x64
    Running from: c:\users\Gerard\Desktop\ComboFix.exe
    * Created a new restore point
    * Resident AV is active
    .
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-16 to 2012-05-16 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-16 15:18 . 2012-05-16 15:18 -------- d-----w- c:\users\Kids\AppData\Local\temp
    2012-05-16 15:18 . 2012-05-16 15:18 -------- d-----w- c:\users\Family\AppData\Local\temp
    2012-05-16 15:18 . 2012-05-16 15:18 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-05-15 16:45 . 2012-05-15 16:46 -------- d-----w- c:\users\Gerard\AppData\Local\ezvid
    2012-05-14 21:16 . 2012-05-14 21:16 -------- d-----w- c:\users\Gerard\AppData\Roaming\SUPERAntiSpyware.com
    2012-05-14 21:15 . 2012-05-14 21:16 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-05-14 21:15 . 2012-05-14 21:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-05-14 20:55 . 2012-05-14 20:55 -------- d-----w- c:\users\Gerard\AppData\Local\{2400CFC3-9E07-11E1-826F-B8AC6F996F26}
    2012-05-14 20:55 . 2012-05-14 20:55 -------- d-----w- c:\users\Gerard\AppData\Roaming\fifa
    2012-05-14 20:54 . 2012-05-14 20:54 -------- d-----w- c:\users\Gerard\AppData\Local\HPCUEAlertMgr
    2012-05-13 19:14 . 2012-05-13 19:14 388096 ----a-r- c:\users\Gerard\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-05-13 19:14 . 2012-05-13 19:14 -------- d-----w- c:\program files (x86)\Trend Micro
    2012-05-13 19:12 . 2012-05-13 19:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-05-13 19:12 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-13 19:04 . 2012-05-13 19:04 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender
    2012-05-13 00:17 . 2012-02-22 12:29 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2012-05-13 00:17 . 2012-05-13 00:18 -------- d-----w- c:\program files (x86)\Common Files\McAfee
    2012-05-13 00:16 . 2012-02-22 12:29 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
    2012-05-13 00:16 . 2012-02-22 12:29 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2012-05-13 00:16 . 2012-02-22 12:29 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2012-05-13 00:16 . 2012-02-22 12:29 289664 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2012-05-13 00:16 . 2012-02-22 12:29 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2012-05-13 00:16 . 2012-02-22 12:29 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2012-05-13 00:16 . 2012-05-13 00:17 -------- d-----w- c:\program files\Common Files\McAfee
    2012-05-13 00:16 . 2012-05-13 00:18 -------- d-----w- c:\program files\McAfee
    2012-05-13 00:16 . 2012-05-14 11:52 -------- d-----w- c:\program files (x86)\McAfee
    2012-05-13 00:01 . 2012-02-22 12:29 647208 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2012-05-13 00:01 . 2012-03-20 12:11 162192 ----a-w- c:\windows\system32\mfevtps.exe
    2012-05-12 20:02 . 2012-05-13 00:40 -------- d-----w- c:\program files\COMODO
    2012-05-12 20:01 . 2012-05-13 00:55 -------- d-----w- c:\program files (x86)\Comodo
    2012-05-12 19:43 . 2012-05-12 20:12 -------- d-----w- c:\programdata\CPA_VA
    2012-05-12 12:39 . 2012-05-12 12:39 -------- d-----w- c:\users\Gerard\AppData\Roaming\AVG
    2012-05-12 12:10 . 2012-05-12 12:10 16200 ----a-w- c:\windows\stinger.sys
    2012-05-12 12:09 . 2012-05-12 12:14 -------- d-----w- c:\program files (x86)\stinger
    2012-05-12 12:03 . 2012-05-12 12:03 787914 ----a-w- c:\windows\SysWow64\PerfStringBackup.TMP
    2012-05-12 11:43 . 2012-05-16 15:19 -------- d-----w- c:\windows\system32\wbem\repository
    2012-05-11 19:56 . 2012-05-12 11:34 -------- d-----w- c:\programdata\AVAST Software
    2012-05-11 19:56 . 2012-05-11 19:56 -------- d-----w- c:\program files\AVAST Software
    2012-05-10 16:23 . 2012-05-13 18:16 -------- d-----w- c:\program files (x86)\FreeTime
    2012-05-06 13:18 . 2012-05-06 13:18 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-04-25 17:39 . 2012-04-25 17:41 -------- d-----w- c:\users\Gerard\New folder
    2012-04-25 17:26 . 2012-05-12 20:20 -------- d-----w- c:\users\Gerard\Technology Coursework
    2012-04-25 17:17 . 2012-05-06 12:55 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-07 20:42 . 2011-11-30 21:53 787914 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2012-05-06 12:55 . 2011-11-29 21:05 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-03-20 19:44 . 2012-03-20 19:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-02-22 12:29 . 2012-02-22 12:29 160792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Gerard\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Gerard\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Gerard\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPCUEAlertMgr"="c:\users\Gerard\AppData\Local\HPCUEAlertMgr\HPCUEAlertMgr.exe" [2012-05-14 70112]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 2763776]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    c:\users\Catriona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
    .
    c:\users\Gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2011-12-2 1000288]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
    R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-01-19 87336]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-15 1315592]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
    R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [x]
    R3 PSSDKLBF;PSSDKLBF;c:\windows\system32\Drivers\pssdklbf.sys [x]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
    R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
    S1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [x]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [2011-06-10 2044688]
    S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 12:55]
    .
    2012-05-16 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files (x86)\Glary Utilities\initialize.exe [2010-05-06 08:07]
    .
    2012-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 23:52]
    .
    2012-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 23:52]
    .
    2012-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3655994748-1905351683-419351754-1000Core.job
    - c:\users\Family\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-29 23:23]
    .
    2012-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3655994748-1905351683-419351754-1000UA.job
    - c:\users\Family\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-29 23:23]
    .
    2012-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3655994748-1905351683-419351754-1001Core.job
    - c:\users\Catriona\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-29 23:23]
    .
    2012-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3655994748-1905351683-419351754-1001UA.job
    - c:\users\Catriona\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-29 23:23]
    .
    2012-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3655994748-1905351683-419351754-1002Core.job
    - c:\users\Gerard\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-29 23:23]
    .
    2012-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3655994748-1905351683-419351754-1002UA.job
    - c:\users\Gerard\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-29 23:23]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Gerard\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Gerard\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Gerard\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Gerard\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.bbc.co.uk/news/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office10\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
    URLSearchHooks-{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-Convert Doc_is1 - c:\program files (x86)\Softinterface
    AddRemove-Handicap - c:\program files (x86)\Good Systems Inc\Handicap\Uninst.isu
    AddRemove-DAL Scanner - c:\windows\system32\javaws.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3655994748-1905351683-419351754-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{71A9F584-CD12-10DF-BDF2-D55936774390}*]
    "mabciklebilknnhfjpbjghojfl"=hex:6b,61,68,6e,6a,70,64,64,69,65,62,64,64,67,6f,
    68,65,62,6c,64,65,70,00,77
    "naloonpldkbnjpllbedlijklefko"=hex:6b,61,68,6e,6a,70,64,64,69,65,62,64,64,67,
    6f,68,65,62,6c,64,65,70,00,77
    .
    [HKEY_USERS\S-1-5-21-3655994748-1905351683-419351754-1002\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
    "Percents"="0 "
    "Increment"=".021739"
    .
    [HKEY_USERS\S-1-5-21-3655994748-1905351683-419351754-1002_Classes\Wow6432Node\CLSID\{497c4563-be18-495e-ab5f-a69dc8556e98}]
    @Denied: (Full) (Everyone)
    "Model"=dword:0000011f
    "Therad"=dword:00000015
    .
    [HKEY_USERS\S-1-5-21-3655994748-1905351683-419351754-1002_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):c7,5f,4b,c2,ea,ac,21,5e,b9,fa,58,96,6f,d9,89,94,47,0f,09,1d,f3,
    90,7f,d8,30,8b,31,9e,89,19,65,ec,2a,d7,39,21,90,30,a4,32,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SysWOW64\IoctlSvc.exe
    c:\windows\SysWOW64\rundll32.exe
    .
    **************************************************************************
    .
    Completion time: 2012-05-16 16:31:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-05-16 15:31
    .
    Pre-Run: 179,697,786,880 bytes free
    Post-Run: 179,290,845,184 bytes free
    .
    - - End Of File - - 843CC6BD9AFF8011E93A01BC265400B9

  6. #6
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    1.
    • Download RogueKiller on the desktop
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, Click Scan
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again



    2.
    Download the yorkyt.exe disinfection tool (1,31 MB).

    Save the file to your hard disk; to the Windows Desktop, for example.
    Double click the yorkyt.exe file.
    A reboot will be requested to install a driver.
    Another reboot will be requested to complete the disinfection.
    When the disinfection is completed, accept the message that will be displayed.
    In order to ensure a full cleanup, run a scan of your PC with the antivirus installed.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  7. #7
    Member
    Join Date
    May 2012
    Posts
    6
    Points
    0

    Default

    I ran Rogue Killer and did a clean with yorkyt.exe however problem still persists
    Report from Rogue Killer is shown below

    Many thanks

    RogueKiller V7.4.4 [05/08/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: RogueKiller - Geeks to Go Forums
    Blog: tigzy-RK

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: Gerard [Admin rights]
    Mode: Scan -- Date: 05/17/2012 16:50:27

    ¤¤¤ Bad processes: 1 ¤¤¤
    [SUSP PATH] HPCUEAlertMgr.exe -- C:\Users\Gerard\AppData\Local\HPCUEAlertMgr\HPCUEAlertMgr.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries: 6 ¤¤¤
    [SUSP PATH] HKCU\[...]\Run : HPCUEAlertMgr ("C:\Users\Gerard\AppData\Local\HPCUEAlertMgr\HPCUEAlertMgr.exe" /o) -> FOUND
    [SUSP PATH] HKUS\S-1-5-21-3655994748-1905351683-419351754-1002[...]\Run : HPCUEAlertMgr ("C:\Users\Gerard\AppData\Local\HPCUEAlertMgr\HPCUEAlertMgr.exe" /o) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] 3081a97414d1962d39eac123e57f94af
    [BSP] 47c97a4a3792a6b4ed8779d0d7d59164 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt

  8. #8
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    • Re-Run RogueKiller
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, Click Delete
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again



    Please download Farbar Service Scanner and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  9. #9
    Member
    Join Date
    May 2012
    Posts
    6
    Points
    0

    Default

    I re-runed Rogue Killer and deleted. I also ran Farbar Service Scanner. Reports are below. Problem still persists. Thank you for replying.

    RogueKiller V7.4.5 [05/18/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: RogueKiller - Geeks to Go Forums
    Blog: tigzy-RK

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: Gerard [Admin rights]
    Mode: Remove -- Date: 05/18/2012 22:20:05

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 4 ¤¤¤
    [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] 3081a97414d1962d39eac123e57f94af
    [BSP] 47c97a4a3792a6b4ed8779d0d7d59164 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[4].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt


    Farbar Service Scanner Report

    Farbar Service Scanner Version: 17-05-2012
    Ran by Gerard (administrator) on 18-05-2012 at 22:22:30
    Running from "C:\Users\Gerard\AppData\Local\Temp\Temporary Internet Files\Content.IE5\7CJ1LFE2"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============
    MpsSvc Service is not running. Checking service configuration:
    The start type of MpsSvc service is OK.
    The ImagePath of MpsSvc service is OK.
    The ServiceDll of MpsSvc service is OK.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

  10. #10
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,


    Lets try these instructions again and see if your windows firewall is now working.

    Download both the registry files

    bfe.reg

    firewall.reg

    Launch and import them to registry

    Restart your PC

    Now,open RUN and type

    regedit and click ok

    go to

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

    Right click on it-permissions

    Click on ADD and type

    Everyone and click ok

    Now Click on Everyone

    Below you have permission for users

    Select full control and click ok

    Now,open RUN and type

    services.msc and click ok

    start base filtering engine service and then windows firewall service
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




Page 1 of 2 12 LastLast