Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Member
    Join Date
    Jun 2012
    Posts
    7
    Points
    0

    Default Hijack this Log recreates entries

    Deleted a few entries an analyzer recommend but they keep returning. Any of these anything to worry about?
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:16:58 PM, on 6/15/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16446)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 68.168.222.226 Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics.
    O1 - Hosts: 68.168.222.226 ad-emea.doubleclick.net.
    O1 - Hosts: 68.168.222.226 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats.
    O1 - Hosts: 108.163.215.51 Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics.
    O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
    O1 - Hosts: 108.163.215.51 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats.
    O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pu...sh/swflash.cab
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: WSWNA3100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe

    --
    End of file - 6091 bytes

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hi alxdott,

    Welcome to Help2Go!

    We apologize for the delay in responding to your request for help. Here at Help2 Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    *** I do not see an Anti Virus program running on your machine, that's somewhat suicidal with today's Malware, you can become infected quickly. If you do not have one, I'll offer this free one-----> Microsoft Security Essentials - Free Antivirus for Windows

    • Download it!
    • Install it!
    • Scan with it!


    I'd be careful using those analyzer's and would actually refrain from using them, as there not always a 100 % correct. Tell us what entries you were trying to remove? Please tell us what other symptoms you're experiencing with the computer, such as redirects from Google or anywhere else or any other problem.

    We need to see some information about what is happening in your machine. Please perform the following scan:
    • Download DDS by sUBs from one of the following links. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE

    In your next reply:
    • Post the 2 logs from the DDS scan.
    • Describe any other problems you're experiencing and what entries you were trying to remove.
    • Let us know about the Anti Virus program.


    Joe
    Last edited by zep516; 06-16-2012 at 09:51 AM.

  3. #3
    Member
    Join Date
    Jun 2012
    Posts
    7
    Points
    0

    Default

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Alex at 19:32:03 on 2012-06-18
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.10598 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit=userinit.exe,
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{08D6815A-3A3A-4FC6-817B-4E87E965A13A} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{08D6815A-3A3A-4FC6-817B-4E87E965A13A}\1437865627 : DhcpNameServer = 192.168.1.1 68.87.71.230 68.87.73.246
    TCP: Interfaces\{08D6815A-3A3A-4FC6-817B-4E87E965A13A}\C696E6B6379737 : DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{08D6815A-3A3A-4FC6-817B-4E87E965A13A}\C696E6B6379737F5750535F563039353 : DhcpNameServer = 192.168.1.1 68.87.71.230 68.87.73.246
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Hosts: 68.168.222.226 Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics.
    Hosts: 68.168.222.226 ad-emea.doubleclick.net.
    Hosts: 68.168.222.226 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats.
    Hosts: 108.163.215.51 Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics.
    Hosts: 108.163.215.51 ad-emea.doubleclick.net.
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\dvgmkpmo.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.pandora.com/#!/stations/play/227988293017805428
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Alex\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 WSWNA3100;WSWNA3100;C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2011-3-8 278528]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-6 704864]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    S4 CLKMSVC10_9EC60124;CyberLink Product - 2011/12/05 23:38:03;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-23 240112]
    S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-14 116648]
    S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-14 116648]
    S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]
    .
    =============== Created Last 30 ================
    .
    2012-06-18 13:54:16 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4346D152-B042-4B59-9056-E4F4BB46864B}\mpengine.dll
    2012-06-17 13:39:02 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-06-15 22:41:21 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-06-15 22:41:21 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-06-14 03:06:04 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-06-14 03:06:04 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-06-14 03:06:04 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 17:02:37 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C87909A-CE5F-484F-93B6-2D3C1B82FC02}\gapaengine.dll
    2012-06-09 23:49:16 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
    2012-06-07 07:11:36 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-07 07:11:36 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-04 22:21:39 -------- d-----w- C:\Users\Alex\.matplotlib
    2012-06-04 22:21:38 -------- d-----w- C:\ProgramData\FAForever
    2012-06-04 22:17:16 -------- d-----w- C:\Program Files (x86)\Forged Alliance Forever
    .
    ==================== Find3M ====================
    .
    2012-06-17 18:22:18 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-06-17 18:22:18 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-06-17 18:21:57 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-05-12 03:51:24 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-12 03:51:24 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-04-19 02:34:26 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-14 07:02:09 19392000 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2012-04-14 07:02:05 25839104 ----a-w- C:\Windows\System32\atio6axx.dll
    2012-04-14 07:02:03 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2012-04-14 07:02:01 95248 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
    2012-04-14 07:00:58 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2012-04-14 07:00:57 39936 ----a-w- C:\Windows\System32\atig6txx.dll
    2012-04-14 07:00:56 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll
    2012-04-14 07:00:53 327680 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2012-04-14 07:00:52 791040 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2012-04-14 07:00:52 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2012-04-14 07:00:51 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2012-04-14 07:00:51 512000 ----a-w- C:\Windows\System32\atiadlxx.dll
    2012-04-14 07:00:51 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2012-04-14 07:00:51 43008 ----a-w- C:\Windows\System32\atiuxp64.dll
    2012-04-14 07:00:51 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
    2012-04-14 07:00:50 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
    2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
    2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-03-21 00:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2012-03-21 00:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    .
    ============= FINISH: 19:32:12.30 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/8/2011 4:33:21 PM
    System Uptime: 6/18/2012 6:32:24 PM (1 hours ago)
    .
    Motherboard: MSI | | MSI X58 Pro-E (MS-7522)
    Processor: Intel(R) Core(TM) i7 CPU 960 @ 3.20GHz | CPU 1 | 3201/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 1863 GiB total, 1711.246 GiB free.
    D: is CDROM (UDF)
    E: is Removable
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: SBRE
    Device ID: ROOT\LEGACY_SBRE\0000
    Manufacturer:
    Name: SBRE
    PNP Device ID: ROOT\LEGACY_SBRE\0000
    Service: SBRE
    .
    ==== System Restore Points ===================
    .
    RP278: 6/15/2012 6:41:24 PM - Windows Update
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 68.168.222.226 Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics.
    Hosts: 68.168.222.226 ad-emea.doubleclick.net.
    Hosts: 68.168.222.226 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats.
    Hosts: 108.163.215.51 Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics.
    Hosts: 108.163.215.51 ad-emea.doubleclick.net.
    Hosts: 108.163.215.51 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats.
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Apple Application Support
    Apple Software Update
    Application Profiles
    Battlefield 3™
    Battlelog Web Plugins
    BTGuard 2.3
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help English
    CyberLink BD Advisor 2.0
    CyberLink Blu-ray Disc Suite
    CyberLink LabelPrint
    CyberLink LG Burning Tool
    CyberLink MediaShow
    CyberLink PowerDVD 9
    CyberLink PowerProducer
    CyberLink YouCam
    DivX Setup
    ESN Sonar
    Forged Alliance Forever
    Foxit Reader
    Google Update Helper
    HiJackThis
    HydraVision
    Impulse®
    Java Auto Updater
    Java(TM) 6 Update 26
    Junk Mail filter update
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft .NET Framework 1.1
    Microsoft Choice Guard
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Move Media Player
    Mozilla Firefox 13.0.1 (x86 en-GB)
    Mozilla Maintenance Service
    MSVCRT
    NETGEAR WNA3100 wireless USB 2.0 adapter
    Origin
    PunkBuster Services
    QuickTime
    Rainlendar2 (remove only)
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Sid Meier's Civilization V
    Spybot - Search & Destroy
    Steam
    Supreme Commander
    Supreme Commander: Forged Alliance
    System Requirements Lab
    The Psychedelic Screen Saver
    TomTom HOME 2.8.2.2264
    TomTom HOME Visual Studio Merge Modules
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    VC80CRTRedist - 8.0.50727.6195
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    .

    The only problem I noticed with my computer is web pages redirecting me to random sites. This is a new occurance so this is what led me to hijack this after doing a full scan with all my anti stuff programs. I've had MSE installed since I had my computer. Thank you for your help and quick response.
    ==== Event Viewer Messages From Past Week ========
    .
    6/18/2012 6:32:54 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
    .
    ==== End Of File ===========================

  4. #4
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hi alxdott,

    You have a host file issue. That's what's causing your redirects. I'm going to let our Expert pursue the matter. It's best you do not make any changes to the computer until our expert looks at this hosts issue for you. Please be patient as we are currently very busy.

    Thanks
    Joe
    Last edited by zep516; 06-19-2012 at 06:17 AM.

  5. #5
    Member
    Join Date
    Jun 2012
    Posts
    7
    Points
    0

    Default

    Thank you for the reply, is there any ETA on response just so I know when to check in?

    Best,
    Alex

  6. #6
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hi alxdott,

    You should be getting E-Mail notification when a reply has been made to the topic. At the top of the page under Forum actions check your settings there to see if E- Mail notification is checked. Since so much time has passed and most likely some changes on the computer may have taken place you will need to post a new log or logs as listed below:

    We need to see some information about what is happening in your machine. Please perform the following scan:
    • Download DDS by sUBs from one of the following links. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE

    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


    Please run this scans too SuperAntiSpywear and Malwarebytes, from here---->Help2Go Forums - How to Start Removing Viruses and Spyware from your Computer

  7. #7
    Member
    Join Date
    Jun 2012
    Posts
    7
    Points
    0

    Default

    Quote Originally Posted by zep516 View Post
    Hi alxdott,

    You should be getting E-Mail notification when a reply has been made to the topic. At the top of the page under Forum actions check your settings there to see if E- Mail notification is checked. Since so much time has passed and most likely some changes on the computer may have taken place you will need to post a new log or logs as listed below:

    We need to see some information about what is happening in your machine. Please perform the following scan:
    • Download DDS by sUBs from one of the following links. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE

    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


    Please run this scans too SuperAntiSpywear and Malwarebytes, from here---->Help2Go Forums - How to Start Removing Viruses and Spyware from your Computer

  8. #8
    Member
    Join Date
    Jun 2012
    Posts
    7
    Points
    0

    Default

    Ok thank you here is the log:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Alex at 10:18:03 on 2012-08-01
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.10085 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit=userinit.exe,
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{08D6815A-3A3A-4FC6-817B-4E87E965A13A} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{08D6815A-3A3A-4FC6-817B-4E87E965A13A}\1437865627 : DhcpNameServer = 192.168.1.1 68.87.71.230 68.87.73.246
    TCP: Interfaces\{08D6815A-3A3A-4FC6-817B-4E87E965A13A}\C696E6B6379737 : DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{08D6815A-3A3A-4FC6-817B-4E87E965A13A}\C696E6B6379737F5750535F563039353 : DhcpNameServer = 192.168.1.1 68.87.71.230 68.87.73.246
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Hosts: 68.168.222.226 Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics.
    Hosts: 68.168.222.226 ad-emea.doubleclick.net.
    Hosts: 68.168.222.226 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats.
    Hosts: 108.163.215.51 Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics.
    Hosts: 108.163.215.51 ad-emea.doubleclick.net.
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\dvgmkpmo.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.pandora.com/#!/stations/play/227988293017805428
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Alex\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-6-21 92632]
    R2 WSWNA3100;WSWNA3100;C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2011-3-8 278528]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 PTQHBUS;PANTECH Handset HSUSB Composite Device(MSM6290);C:\Windows\system32\DRIVERS\PTQHBUS.sys --> C:\Windows\system32\DRIVERS\PTQHBUS.sys [?]
    R3 PTQHMDM;PANTECH HSUSB Modem(MSM6290);C:\Windows\system32\DRIVERS\PTQHMDM.sys --> C:\Windows\system32\DRIVERS\PTQHMDM.sys [?]
    R3 PTQHVSP;PANTECH HSUSB Diagnostic Serial Port(MSM6290);C:\Windows\system32\DRIVERS\PTQHVSP.sys --> C:\Windows\system32\DRIVERS\PTQHVSP.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-6 704864]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    S4 CLKMSVC10_9EC60124;CyberLink Product - 2011/12/05 23:38:03;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-23 240112]
    S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-14 116648]
    S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-14 116648]
    .
    =============== Created Last 30 ================
    .
    2012-07-31 22:16:59 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
    2012-07-30 21:09:08 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A86B727C-49C4-47E7-8D35-A05E0952FF3F}\mpengine.dll
    2012-07-29 23:09:38 -------- d-----w- C:\Users\Alex\AppData\Local\Downloaded Installations
    2012-07-29 08:54:21 9133488 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-18 14:57:03 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2012-07-17 12:34:27 -------- d-----w- C:\Users\Alex\AppData\Roaming\Pantech
    2012-07-17 12:32:49 69264 ----a-w- C:\Windows\System32\drivers\PTQHBUS.sys
    2012-07-17 12:32:49 177040 ----a-w- C:\Windows\System32\drivers\PTQHVSP.sys
    2012-07-17 12:32:49 177040 ----a-w- C:\Windows\System32\drivers\PTQHMDM.sys
    2012-07-17 12:32:49 -------- d-----w- C:\Program Files\Pantech
    2012-07-11 20:18:20 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-11 20:00:04 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
    2012-07-11 19:59:59 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
    2012-07-11 19:59:59 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
    2012-07-11 19:59:59 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-07-03 18:54:54 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{65CB8A9D-E18E-410E-BE6A-855C79713E43}\gapaengine.dll
    .
    ==================== Find3M ====================
    .
    2012-06-22 18:37:36 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-06-22 18:37:36 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-06-22 18:37:15 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-12 03:51:24 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-12 03:51:24 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 11:00:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-04 09:59:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    .
    ============= FINISH: 10:18:22.60 ===============

  9. #9
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    Please run the following tools and post there logs.


    1.
    Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If TDSSKiller does not run, try renaming it.
    • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
    • Click the Start Scan button.
    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
      Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
    • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C.
    • Copy and paste the contents of that file in your next reply.



    2.
    Install Recovery Console and Run ComboFix

    This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

    Download Combofix from any of the links below, and save it to your desktop.

    Link 1
    Link 2
    • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
    • Close any open windows, including this one.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • If you did not have it installed, you will see the prompt below. Choose YES.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
    should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
    Leave your computer alone while ComboFix is running.
    ComboFix will restart your computer if malware is found; allow it to do so.


    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


    Things to include in your next reply::
    TddsKiller log
    Combofix.txt
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  10. #10
    Member
    Join Date
    Jun 2012
    Posts
    7
    Points
    0

    Default

    15:26:49.0945 18664 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    15:26:50.0210 18664 ============================================================
    15:26:50.0210 18664 Current date / time: 2012/08/02 15:26:50.0210
    15:26:50.0210 18664 SystemInfo:
    15:26:50.0210 18664
    15:26:50.0210 18664 OS Version: 6.1.7601 ServicePack: 1.0
    15:26:50.0210 18664 Product type: Workstation
    15:26:50.0210 18664 ComputerName: ALEX-PC
    15:26:50.0210 18664 UserName: Alex
    15:26:50.0210 18664 Windows directory: C:\Windows
    15:26:50.0210 18664 System windows directory: C:\Windows
    15:26:50.0210 18664 Running under WOW64
    15:26:50.0210 18664 Processor architecture: Intel x64
    15:26:50.0210 18664 Number of processors: 8
    15:26:50.0210 18664 Page size: 0x1000
    15:26:50.0210 18664 Boot type: Normal boot
    15:26:50.0210 18664 ============================================================
    15:26:51.0085 18664 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    15:26:51.0101 18664 ============================================================
    15:26:51.0101 18664 \Device\Harddisk0\DR0:
    15:26:51.0101 18664 MBR partitions:
    15:26:51.0101 18664 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    15:26:51.0101 18664 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD5800
    15:26:51.0101 18664 ============================================================
    15:26:51.0132 18664 C: <-> \Device\Harddisk0\DR0\Partition1
    15:26:51.0132 18664 ============================================================
    15:26:51.0132 18664 Initialize success
    15:26:51.0132 18664 ============================================================
    15:27:03.0960 22352 ============================================================
    15:27:03.0960 22352 Scan started
    15:27:03.0960 22352 Mode: Manual;
    15:27:03.0960 22352 ============================================================
    15:27:04.0273 22352 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    15:27:04.0289 22352 1394ohci - ok
    15:27:04.0304 22352 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    15:27:04.0320 22352 ACPI - ok
    15:27:04.0320 22352 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    15:27:04.0335 22352 AcpiPmi - ok
    15:27:04.0382 22352 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    15:27:04.0382 22352 adp94xx - ok
    15:27:04.0429 22352 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    15:27:04.0445 22352 adpahci - ok
    15:27:04.0460 22352 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    15:27:04.0460 22352 adpu320 - ok
    15:27:04.0476 22352 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    15:27:04.0476 22352 AeLookupSvc - ok
    15:27:04.0539 22352 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    15:27:04.0539 22352 AFD - ok
    15:27:04.0570 22352 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    15:27:04.0570 22352 agp440 - ok
    15:27:04.0585 22352 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    15:27:04.0585 22352 ALG - ok
    15:27:04.0617 22352 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    15:27:04.0617 22352 aliide - ok
    15:27:04.0664 22352 AMD External Events Utility (962227630779043b5c1d4cd157abb912) C:\Windows\system32\atiesrxx.exe
    15:27:04.0664 22352 AMD External Events Utility - ok
    15:27:04.0664 22352 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    15:27:04.0664 22352 amdide - ok
    15:27:04.0695 22352 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    15:27:04.0695 22352 AmdK8 - ok
    15:27:05.0210 22352 amdkmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
    15:27:05.0289 22352 amdkmdag - ok
    15:27:05.0398 22352 amdkmdap (2d9005ea0bfd25c740e53c8dd3c069e0) C:\Windows\system32\DRIVERS\atikmpag.sys
    15:27:05.0398 22352 amdkmdap - ok
    15:27:05.0429 22352 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    15:27:05.0429 22352 AmdPPM - ok
    15:27:05.0476 22352 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    15:27:05.0476 22352 amdsata - ok
    15:27:05.0476 22352 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    15:27:05.0492 22352 amdsbs - ok
    15:27:05.0492 22352 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    15:27:05.0492 22352 amdxata - ok
    15:27:05.0539 22352 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    15:27:05.0539 22352 AppID - ok
    15:27:05.0554 22352 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    15:27:05.0554 22352 AppIDSvc - ok
    15:27:05.0585 22352 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    15:27:05.0601 22352 Appinfo - ok
    15:27:05.0601 22352 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    15:27:05.0601 22352 arc - ok
    15:27:05.0617 22352 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    15:27:05.0617 22352 arcsas - ok
    15:27:05.0695 22352 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    15:27:05.0695 22352 aspnet_state - ok
    15:27:05.0726 22352 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    15:27:05.0726 22352 AsyncMac - ok
    15:27:05.0742 22352 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    15:27:05.0742 22352 atapi - ok
    15:27:05.0789 22352 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
    15:27:05.0789 22352 AtiHDAudioService - ok
    15:27:05.0851 22352 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    15:27:05.0851 22352 AudioEndpointBuilder - ok
    15:27:05.0867 22352 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    15:27:05.0867 22352 AudioSrv - ok
    15:27:05.0898 22352 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    15:27:05.0898 22352 AxInstSV - ok
    15:27:05.0945 22352 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    15:27:05.0945 22352 b06bdrv - ok
    15:27:05.0976 22352 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    15:27:05.0992 22352 b57nd60a - ok
    15:27:06.0085 22352 BCMH43XX (6fa3557ea5fa09ba705298cc6b0e9f5a) C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
    15:27:06.0085 22352 BCMH43XX - ok
    15:27:06.0101 22352 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    15:27:06.0101 22352 BDESVC - ok
    15:27:06.0132 22352 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    15:27:06.0132 22352 Beep - ok
    15:27:06.0195 22352 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    15:27:06.0210 22352 BFE - ok
    15:27:06.0273 22352 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    15:27:06.0273 22352 BITS - ok
    15:27:06.0289 22352 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    15:27:06.0289 22352 blbdrive - ok
    15:27:06.0320 22352 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    15:27:06.0320 22352 bowser - ok
    15:27:06.0335 22352 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    15:27:06.0335 22352 BrFiltLo - ok
    15:27:06.0335 22352 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    15:27:06.0335 22352 BrFiltUp - ok
    15:27:06.0382 22352 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    15:27:06.0382 22352 Browser - ok
    15:27:06.0414 22352 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    15:27:06.0429 22352 Brserid - ok
    15:27:06.0429 22352 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    15:27:06.0429 22352 BrSerWdm - ok
    15:27:06.0445 22352 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    15:27:06.0445 22352 BrUsbMdm - ok
    15:27:06.0445 22352 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    15:27:06.0445 22352 BrUsbSer - ok
    15:27:06.0460 22352 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    15:27:06.0460 22352 BTHMODEM - ok
    15:27:06.0492 22352 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    15:27:06.0492 22352 bthserv - ok
    15:27:06.0492 22352 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    15:27:06.0492 22352 cdfs - ok
    15:27:06.0570 22352 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    15:27:06.0570 22352 cdrom - ok
    15:27:06.0601 22352 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    15:27:06.0601 22352 CertPropSvc - ok
    15:27:06.0632 22352 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    15:27:06.0632 22352 circlass - ok
    15:27:06.0664 22352 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    15:27:06.0679 22352 CLFS - ok
    15:27:06.0773 22352 CLKMSVC10_9EC60124 (4642b5a3e0d2e61d08163de95fc5b949) C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
    15:27:06.0773 22352 CLKMSVC10_9EC60124 - ok
    15:27:06.0835 22352 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    15:27:06.0835 22352 clr_optimization_v2.0.50727_32 - ok
    15:27:06.0851 22352 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    15:27:06.0851 22352 clr_optimization_v2.0.50727_64 - ok
    15:27:06.0898 22352 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    15:27:06.0898 22352 clr_optimization_v4.0.30319_32 - ok
    15:27:06.0914 22352 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    15:27:06.0914 22352 clr_optimization_v4.0.30319_64 - ok
    15:27:06.0992 22352 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    15:27:06.0992 22352 CmBatt - ok
    15:27:07.0007 22352 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    15:27:07.0007 22352 cmdide - ok
    15:27:07.0085 22352 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
    15:27:07.0101 22352 CNG - ok
    15:27:07.0117 22352 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    15:27:07.0117 22352 Compbatt - ok
    15:27:07.0148 22352 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    15:27:07.0148 22352 CompositeBus - ok
    15:27:07.0148 22352 COMSysApp - ok
    15:27:07.0210 22352 cpuz135 - ok
    15:27:07.0226 22352 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    15:27:07.0226 22352 crcdisk - ok
    15:27:07.0257 22352 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
    15:27:07.0257 22352 CryptSvc - ok
    15:27:07.0367 22352 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    15:27:07.0382 22352 cvhsvc - ok
    15:27:07.0445 22352 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    15:27:07.0445 22352 DcomLaunch - ok
    15:27:07.0476 22352 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    15:27:07.0476 22352 defragsvc - ok
    15:27:07.0539 22352 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    15:27:07.0539 22352 DfsC - ok
    15:27:07.0585 22352 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    15:27:07.0585 22352 Dhcp - ok
    15:27:07.0601 22352 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    15:27:07.0601 22352 discache - ok
    15:27:07.0632 22352 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    15:27:07.0632 22352 Disk - ok
    15:27:07.0664 22352 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    15:27:07.0664 22352 Dnscache - ok
    15:27:07.0695 22352 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    15:27:07.0695 22352 dot3svc - ok
    15:27:07.0726 22352 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    15:27:07.0742 22352 DPS - ok
    15:27:07.0742 22352 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    15:27:07.0757 22352 drmkaud - ok
    15:27:07.0773 22352 dump_wmimmc - ok
    15:27:07.0835 22352 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    15:27:07.0851 22352 DXGKrnl - ok
    15:27:07.0882 22352 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    15:27:07.0882 22352 EapHost - ok
    15:27:08.0039 22352 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    15:27:08.0070 22352 ebdrv - ok
    15:27:08.0132 22352 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    15:27:08.0148 22352 EFS - ok
    15:27:08.0210 22352 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    15:27:08.0210 22352 ehRecvr - ok
    15:27:08.0242 22352 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    15:27:08.0242 22352 ehSched - ok
    15:27:08.0304 22352 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    15:27:08.0304 22352 elxstor - ok
    15:27:08.0320 22352 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    15:27:08.0335 22352 ErrDev - ok
    15:27:08.0367 22352 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    15:27:08.0382 22352 EventSystem - ok
    15:27:08.0414 22352 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    15:27:08.0414 22352 exfat - ok
    15:27:08.0429 22352 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    15:27:08.0429 22352 fastfat - ok
    15:27:08.0507 22352 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    15:27:08.0507 22352 Fax - ok
    15:27:08.0523 22352 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    15:27:08.0523 22352 fdc - ok
    15:27:08.0539 22352 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    15:27:08.0539 22352 fdPHost - ok
    15:27:08.0539 22352 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    15:27:08.0539 22352 FDResPub - ok
    15:27:08.0570 22352 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    15:27:08.0570 22352 FileInfo - ok
    15:27:08.0585 22352 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    15:27:08.0585 22352 Filetrace - ok
    15:27:08.0601 22352 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    15:27:08.0601 22352 flpydisk - ok
    15:27:08.0617 22352 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    15:27:08.0632 22352 FltMgr - ok
    15:27:08.0695 22352 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    15:27:08.0710 22352 FontCache - ok
    15:27:08.0757 22352 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    15:27:08.0757 22352 FontCache3.0.0.0 - ok
    15:27:08.0789 22352 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    15:27:08.0789 22352 FsDepends - ok
    15:27:08.0804 22352 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
    15:27:08.0804 22352 fssfltr - ok
    15:27:08.0882 22352 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    15:27:08.0898 22352 fsssvc - ok
    15:27:08.0914 22352 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    15:27:08.0914 22352 Fs_Rec - ok
    15:27:08.0960 22352 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    15:27:08.0960 22352 fvevol - ok
    15:27:08.0976 22352 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    15:27:08.0976 22352 gagp30kx - ok
    15:27:09.0054 22352 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    15:27:09.0070 22352 gpsvc - ok
    15:27:09.0164 22352 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    15:27:09.0164 22352 gupdate - ok
    15:27:09.0179 22352 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    15:27:09.0179 22352 gupdatem - ok
    15:27:09.0179 22352 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    15:27:09.0179 22352 hcw85cir - ok
    15:27:09.0226 22352 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    15:27:09.0226 22352 HdAudAddService - ok
    15:27:09.0273 22352 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    15:27:09.0273 22352 HDAudBus - ok
    15:27:09.0289 22352 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    15:27:09.0289 22352 HidBatt - ok
    15:27:09.0289 22352 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    15:27:09.0304 22352 HidBth - ok
    15:27:09.0320 22352 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    15:27:09.0320 22352 HidIr - ok
    15:27:09.0335 22352 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    15:27:09.0335 22352 hidserv - ok
    15:27:09.0351 22352 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    15:27:09.0351 22352 HidUsb - ok
    15:27:09.0382 22352 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    15:27:09.0382 22352 hkmsvc - ok
    15:27:09.0414 22352 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    15:27:09.0414 22352 HomeGroupListener - ok
    15:27:09.0445 22352 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    15:27:09.0445 22352 HomeGroupProvider - ok
    15:27:09.0476 22352 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    15:27:09.0476 22352 HpSAMD - ok
    15:27:09.0539 22352 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    15:27:09.0554 22352 HTTP - ok
    15:27:09.0570 22352 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    15:27:09.0570 22352 hwpolicy - ok
    15:27:09.0601 22352 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    15:27:09.0617 22352 i8042prt - ok
    15:27:09.0664 22352 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    15:27:09.0664 22352 iaStorV - ok
    15:27:09.0742 22352 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    15:27:09.0742 22352 IDriverT - ok
    15:27:09.0835 22352 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    15:27:09.0851 22352 idsvc - ok
    15:27:09.0929 22352 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    15:27:09.0929 22352 iirsp - ok
    15:27:09.0992 22352 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    15:27:10.0023 22352 IKEEXT - ok
    15:27:10.0164 22352 IntcAzAudAddService (13089f31aa37cde1ce3784ee01a48484) C:\Windows\system32\drivers\RTKVHD64.sys
    15:27:10.0164 22352 IntcAzAudAddService - ok
    15:27:10.0242 22352 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    15:27:10.0242 22352 intelide - ok
    15:27:10.0273 22352 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    15:27:10.0273 22352 intelppm - ok
    15:27:10.0304 22352 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    15:27:10.0304 22352 IPBusEnum - ok
    15:27:10.0320 22352 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    15:27:10.0320 22352 IpFilterDriver - ok
    15:27:10.0382 22352 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    15:27:10.0382 22352 iphlpsvc - ok
    15:27:10.0398 22352 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    15:27:10.0398 22352 IPMIDRV - ok
    15:27:10.0414 22352 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    15:27:10.0414 22352 IPNAT - ok
    15:27:10.0429 22352 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    15:27:10.0429 22352 IRENUM - ok
    15:27:10.0460 22352 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    15:27:10.0460 22352 isapnp - ok
    15:27:10.0492 22352 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    15:27:10.0492 22352 iScsiPrt - ok
    15:27:10.0507 22352 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    15:27:10.0507 22352 kbdclass - ok
    15:27:10.0523 22352 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    15:27:10.0523 22352 kbdhid - ok
    15:27:10.0554 22352 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    15:27:10.0554 22352 KeyIso - ok
    15:27:10.0570 22352 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
    15:27:10.0570 22352 KSecDD - ok
    15:27:10.0601 22352 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
    15:27:10.0601 22352 KSecPkg - ok
    15:27:10.0617 22352 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    15:27:10.0617 22352 ksthunk - ok
    15:27:10.0648 22352 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    15:27:10.0664 22352 KtmRm - ok
    15:27:10.0695 22352 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    15:27:10.0695 22352 LanmanServer - ok
    15:27:10.0726 22352 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    15:27:10.0726 22352 LanmanWorkstation - ok
    15:27:10.0789 22352 LightScribeService (17203d81a68d9162db9022a1fc601778) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    15:27:10.0851 22352 LightScribeService - ok
    15:27:10.0898 22352 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    15:27:10.0898 22352 lltdio - ok
    15:27:10.0929 22352 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    15:27:10.0945 22352 lltdsvc - ok
    15:27:10.0945 22352 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    15:27:10.0960 22352 lmhosts - ok
    15:27:10.0976 22352 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    15:27:10.0976 22352 LSI_FC - ok
    15:27:10.0992 22352 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    15:27:11.0007 22352 LSI_SAS - ok
    15:27:11.0039 22352 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    15:27:11.0039 22352 LSI_SAS2 - ok
    15:27:11.0070 22352 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    15:27:11.0070 22352 LSI_SCSI - ok
    15:27:11.0101 22352 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    15:27:11.0101 22352 luafv - ok
    15:27:11.0132 22352 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    15:27:11.0132 22352 Mcx2Svc - ok
    15:27:11.0148 22352 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    15:27:11.0148 22352 megasas - ok
    15:27:11.0164 22352 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    15:27:11.0164 22352 MegaSR - ok
    15:27:11.0179 22352 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    15:27:11.0179 22352 MMCSS - ok
    15:27:11.0210 22352 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    15:27:11.0210 22352 Modem - ok
    15:27:11.0226 22352 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    15:27:11.0226 22352 monitor - ok
    15:27:11.0273 22352 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    15:27:11.0273 22352 mouclass - ok
    15:27:11.0289 22352 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    15:27:11.0289 22352 mouhid - ok
    15:27:11.0320 22352 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    15:27:11.0320 22352 mountmgr - ok
    15:27:11.0398 22352 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    15:27:11.0398 22352 MozillaMaintenance - ok
    15:27:11.0445 22352 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
    15:27:11.0460 22352 MpFilter - ok
    15:27:11.0476 22352 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    15:27:11.0476 22352 mpio - ok
    15:27:11.0492 22352 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    15:27:11.0507 22352 mpsdrv - ok
    15:27:11.0570 22352 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    15:27:11.0570 22352 MpsSvc - ok
    15:27:11.0601 22352 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    15:27:11.0601 22352 MRxDAV - ok
    15:27:11.0632 22352 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    15:27:11.0632 22352 mrxsmb - ok
    15:27:11.0664 22352 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    15:27:11.0679 22352 mrxsmb10 - ok
    15:27:11.0695 22352 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    15:27:11.0695 22352 mrxsmb20 - ok
    15:27:11.0710 22352 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    15:27:11.0726 22352 msahci - ok
    15:27:11.0742 22352 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    15:27:11.0742 22352 msdsm - ok
    15:27:11.0757 22352 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    15:27:11.0757 22352 MSDTC - ok
    15:27:11.0773 22352 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    15:27:11.0773 22352 Msfs - ok
    15:27:11.0789 22352 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    15:27:11.0789 22352 mshidkmdf - ok
    15:27:11.0804 22352 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    15:27:11.0804 22352 msisadrv - ok
    15:27:11.0835 22352 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    15:27:11.0835 22352 MSiSCSI - ok
    15:27:11.0835 22352 msiserver - ok
    15:27:11.0867 22352 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    15:27:11.0867 22352 MSKSSRV - ok
    15:27:11.0898 22352 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
    15:27:11.0898 22352 MsMpSvc - ok
    15:27:11.0914 22352 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    15:27:11.0914 22352 MSPCLOCK - ok
    15:27:11.0929 22352 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    15:27:11.0929 22352 MSPQM - ok
    15:27:11.0976 22352 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    15:27:11.0976 22352 MsRPC - ok
    15:27:11.0992 22352 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    15:27:11.0992 22352 mssmbios - ok
    15:27:11.0992 22352 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    15:27:11.0992 22352 MSTEE - ok
    15:27:12.0007 22352 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    15:27:12.0007 22352 MTConfig - ok
    15:27:12.0023 22352 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    15:27:12.0023 22352 Mup - ok
    15:27:12.0085 22352 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    15:27:12.0085 22352 napagent - ok
    15:27:12.0132 22352 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    15:27:12.0132 22352 NativeWifiP - ok
    15:27:12.0210 22352 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    15:27:12.0210 22352 NDIS - ok
    15:27:12.0226 22352 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    15:27:12.0226 22352 NdisCap - ok
    15:27:12.0242 22352 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    15:27:12.0242 22352 NdisTapi - ok
    15:27:12.0273 22352 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    15:27:12.0273 22352 Ndisuio - ok
    15:27:12.0304 22352 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    15:27:12.0304 22352 NdisWan - ok
    15:27:12.0335 22352 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    15:27:12.0335 22352 NDProxy - ok
    15:27:12.0351 22352 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    15:27:12.0351 22352 NetBIOS - ok
    15:27:12.0398 22352 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    15:27:12.0398 22352 NetBT - ok
    15:27:12.0414 22352 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    15:27:12.0414 22352 Netlogon - ok
    15:27:12.0460 22352 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    15:27:12.0460 22352 Netman - ok
    15:27:12.0539 22352 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    15:27:12.0539 22352 NetMsmqActivator - ok
    15:27:12.0554 22352 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    15:27:12.0554 22352 NetPipeActivator - ok
    15:27:12.0585 22352 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    15:27:12.0601 22352 netprofm - ok
    15:27:12.0601 22352 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    15:27:12.0601 22352 NetTcpActivator - ok
    15:27:12.0601 22352 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    15:27:12.0601 22352 NetTcpPortSharing - ok
    15:27:12.0648 22352 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    15:27:12.0648 22352 nfrd960 - ok
    15:27:12.0695 22352 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    15:27:12.0695 22352 NisDrv - ok
    15:27:12.0773 22352 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
    15:27:12.0789 22352 NisSrv - ok
    15:27:12.0835 22352 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    15:27:12.0835 22352 NlaSvc - ok
    15:27:12.0851 22352 NPF (c31fa031335eff434b2d94278e74bcce) C:\Windows\system32\DRIVERS\npf.sys
    15:27:12.0851 22352 NPF - ok
    15:27:12.0867 22352 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    15:27:12.0867 22352 Npfs - ok
    15:27:12.0882 22352 npggsvc - ok
    15:27:12.0882 22352 NPPTNT2 - ok
    15:27:12.0898 22352 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    15:27:12.0898 22352 nsi - ok
    15:27:12.0914 22352 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    15:27:12.0914 22352 nsiproxy - ok
    15:27:13.0039 22352 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    15:27:13.0054 22352 Ntfs - ok
    15:27:13.0132 22352 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    15:27:13.0132 22352 Null - ok
    15:27:13.0601 22352 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    15:27:13.0710 22352 nvlddmkm - ok
    15:27:13.0820 22352 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    15:27:13.0820 22352 nvraid - ok
    15:27:13.0835 22352 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    15:27:13.0835 22352 nvstor - ok
    15:27:13.0867 22352 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    15:27:13.0867 22352 nv_agp - ok
    15:27:13.0882 22352 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    15:27:13.0882 22352 ohci1394 - ok
    15:27:13.0960 22352 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    15:27:13.0960 22352 ose - ok
    15:27:14.0195 22352 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    15:27:14.0242 22352 osppsvc - ok
    15:27:14.0320 22352 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    15:27:14.0320 22352 p2pimsvc - ok
    15:27:14.0351 22352 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    15:27:14.0351 22352 p2psvc - ok
    15:27:14.0398 22352 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    15:27:14.0398 22352 Parport - ok
    15:27:14.0414 22352 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    15:27:14.0414 22352 partmgr - ok
    15:27:14.0429 22352 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    15:27:14.0429 22352 PcaSvc - ok
    15:27:14.0460 22352 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    15:27:14.0460 22352 pci - ok
    15:27:14.0476 22352 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    15:27:14.0476 22352 pciide - ok
    15:27:14.0507 22352 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    15:27:14.0507 22352 pcmcia - ok
    15:27:14.0523 22352 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    15:27:14.0523 22352 pcw - ok
    15:27:14.0570 22352 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    15:27:14.0570 22352 PEAUTH - ok
    15:27:14.0632 22352 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    15:27:14.0632 22352 PerfHost - ok
    15:27:14.0726 22352 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    15:27:14.0742 22352 pla - ok
    15:27:14.0789 22352 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    15:27:14.0789 22352 PlugPlay - ok
    15:27:14.0804 22352 PnkBstrA - ok
    15:27:14.0835 22352 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    15:27:14.0835 22352 PNRPAutoReg - ok
    15:27:14.0867 22352 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    15:27:14.0867 22352 PNRPsvc - ok
    15:27:14.0898 22352 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    15:27:14.0898 22352 PolicyAgent - ok
    15:27:14.0929 22352 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    15:27:14.0929 22352 Power - ok
    15:27:14.0992 22352 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    15:27:14.0992 22352 PptpMiniport - ok
    15:27:15.0007 22352 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    15:27:15.0007 22352 Processor - ok
    15:27:15.0070 22352 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
    15:27:15.0070 22352 ProfSvc - ok
    15:27:15.0101 22352 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    15:27:15.0101 22352 ProtectedStorage - ok
    15:27:15.0148 22352 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    15:27:15.0148 22352 Psched - ok
    15:27:15.0210 22352 PTQHBUS (3587aa9e55e439274def53726563a3dc) C:\Windows\system32\DRIVERS\PTQHBUS.sys
    15:27:15.0210 22352 PTQHBUS - ok
    15:27:15.0226 22352 PTQHMDM (06d4b597397d56f4becc2f17267a37c6) C:\Windows\system32\DRIVERS\PTQHMDM.sys
    15:27:15.0226 22352 PTQHMDM - ok
    15:27:15.0257 22352 PTQHVSP (a8aced23323c5d67424bc4e644d78ba8) C:\Windows\system32\DRIVERS\PTQHVSP.sys
    15:27:15.0257 22352 PTQHVSP - ok
    15:27:15.0351 22352 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    15:27:15.0367 22352 ql2300 - ok
    15:27:15.0445 22352 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    15:27:15.0445 22352 ql40xx - ok
    15:27:15.0476 22352 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    15:27:15.0492 22352 QWAVE - ok
    15:27:15.0492 22352 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    15:27:15.0507 22352 QWAVEdrv - ok
    15:27:15.0507 22352 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    15:27:15.0507 22352 RasAcd - ok
    15:27:15.0539 22352 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    15:27:15.0539 22352 RasAgileVpn - ok
    15:27:15.0554 22352 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    15:27:15.0554 22352 RasAuto - ok
    15:27:15.0585 22352 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    15:27:15.0585 22352 Rasl2tp - ok
    15:27:15.0632 22352 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    15:27:15.0632 22352 RasMan - ok
    15:27:15.0648 22352 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    15:27:15.0648 22352 RasPppoe - ok
    15:27:15.0664 22352 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    15:27:15.0664 22352 RasSstp - ok
    15:27:15.0695 22352 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    15:27:15.0710 22352 rdbss - ok
    15:27:15.0726 22352 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    15:27:15.0726 22352 rdpbus - ok
    15:27:15.0742 22352 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    15:27:15.0742 22352 RDPCDD - ok
    15:27:15.0742 22352 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    15:27:15.0742 22352 RDPENCDD - ok
    15:27:15.0757 22352 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    15:27:15.0757 22352 RDPREFMP - ok
    15:27:15.0789 22352 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
    15:27:15.0804 22352 RDPWD - ok
    15:27:15.0835 22352 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    15:27:15.0835 22352 rdyboost - ok
    15:27:15.0867 22352 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    15:27:15.0867 22352 RemoteAccess - ok
    15:27:15.0898 22352 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    15:27:15.0898 22352 RemoteRegistry - ok
    15:27:15.0960 22352 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    15:27:16.0007 22352 RichVideo - ok
    15:27:16.0023 22352 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    15:27:16.0023 22352 RpcEptMapper - ok
    15:27:16.0039 22352 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    15:27:16.0039 22352 RpcLocator - ok
    15:27:16.0085 22352 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    15:27:16.0085 22352 RpcSs - ok
    15:27:16.0132 22352 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    15:27:16.0148 22352 rspndr - ok
    15:27:16.0195 22352 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
    15:27:16.0195 22352 RTL8167 - ok
    15:27:16.0210 22352 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    15:27:16.0210 22352 SamSs - ok
    15:27:16.0242 22352 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    15:27:16.0242 22352 sbp2port - ok
    15:27:16.0257 22352 SBRE - ok
    15:27:16.0273 22352 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    15:27:16.0273 22352 SCardSvr - ok
    15:27:16.0304 22352 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    15:27:16.0304 22352 scfilter - ok
    15:27:16.0382 22352 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    15:27:16.0398 22352 Schedule - ok
    15:27:16.0414 22352 SCMNdisP (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys
    15:27:16.0414 22352 SCMNdisP - ok
    15:27:16.0445 22352 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    15:27:16.0445 22352 SCPolicySvc - ok
    15:27:16.0476 22352 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    15:27:16.0476 22352 SDRSVC - ok
    15:27:16.0507 22352 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    15:27:16.0507 22352 secdrv - ok
    15:27:16.0507 22352 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    15:27:16.0507 22352 seclogon - ok
    15:27:16.0539 22352 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    15:27:16.0539 22352 SENS - ok
    15:27:16.0554 22352 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    15:27:16.0554 22352 SensrSvc - ok
    15:27:16.0570 22352 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    15:27:16.0570 22352 Serenum - ok
    15:27:16.0601 22352 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    15:27:16.0601 22352 Serial - ok
    15:27:16.0617 22352 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    15:27:16.0617 22352 sermouse - ok
    15:27:16.0664 22352 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    15:27:16.0664 22352 SessionEnv - ok
    15:27:16.0664 22352 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    15:27:16.0664 22352 sffdisk - ok
    15:27:16.0679 22352 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    15:27:16.0679 22352 sffp_mmc - ok
    15:27:16.0695 22352 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    15:27:16.0695 22352 sffp_sd - ok
    15:27:16.0710 22352 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    15:27:16.0710 22352 sfloppy - ok
    15:27:16.0789 22352 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
    15:27:16.0789 22352 Sftfs - ok
    15:27:16.0867 22352 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    15:27:16.0882 22352 sftlist - ok
    15:27:16.0914 22352 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
    15:27:16.0914 22352 Sftplay - ok
    15:27:16.0914 22352 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
    15:27:16.0929 22352 Sftredir - ok
    15:27:16.0929 22352 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
    15:27:16.0929 22352 Sftvol - ok
    15:27:16.0976 22352 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    15:27:16.0976 22352 sftvsa - ok
    15:27:17.0039 22352 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    15:27:17.0039 22352 SharedAccess - ok
    15:27:17.0085 22352 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    15:27:17.0101 22352 ShellHWDetection - ok
    15:27:17.0132 22352 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    15:27:17.0132 22352 SiSRaid2 - ok
    15:27:17.0148 22352 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    15:27:17.0148 22352 SiSRaid4 - ok
    15:27:17.0164 22352 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    15:27:17.0164 22352 Smb - ok
    15:27:17.0195 22352 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    15:27:17.0195 22352 SNMPTRAP - ok
    15:27:17.0195 22352 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    15:27:17.0195 22352 spldr - ok
    15:27:17.0242 22352 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    15:27:17.0257 22352 Spooler - ok
    15:27:17.0460 22352 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    15:27:17.0492 22352 sppsvc - ok
    15:27:17.0554 22352 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    15:27:17.0554 22352 sppuinotify - ok
    15:27:17.0601 22352 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    15:27:17.0601 22352 srv - ok
    15:27:17.0632 22352 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    15:27:17.0648 22352 srv2 - ok
    15:27:17.0664 22352 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    15:27:17.0664 22352 srvnet - ok
    15:27:17.0710 22352 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    15:27:17.0710 22352 SSDPSRV - ok
    15:27:17.0726 22352 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    15:27:17.0726 22352 SstpSvc - ok
    15:27:17.0757 22352 Steam Client Service - ok
    15:27:17.0789 22352 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    15:27:17.0789 22352 stexstor - ok
    15:27:17.0820 22352 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
    15:27:17.0835 22352 StillCam - ok
    15:27:17.0882 22352 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    15:27:17.0882 22352 stisvc - ok
    15:27:17.0898 22352 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    15:27:17.0898 22352 swenum - ok
    15:27:17.0945 22352 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    15:27:17.0960 22352 swprv - ok
    15:27:18.0054 22352 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    15:27:18.0070 22352 SysMain - ok
    15:27:18.0164 22352 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    15:27:18.0164 22352 TabletInputService - ok
    15:27:18.0195 22352 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    15:27:18.0195 22352 TapiSrv - ok
    15:27:18.0210 22352 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    15:27:18.0210 22352 TBS - ok
    15:27:18.0335 22352 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    15:27:18.0367 22352 Tcpip - ok
    15:27:18.0476 22352 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    15:27:18.0492 22352 TCPIP6 - ok
    15:27:18.0539 22352 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    15:27:18.0539 22352 tcpipreg - ok
    15:27:18.0554 22352 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    15:27:18.0554 22352 TDPIPE - ok
    15:27:18.0585 22352 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    15:27:18.0585 22352 TDTCP - ok
    15:27:18.0617 22352 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    15:27:18.0617 22352 tdx - ok
    15:27:18.0632 22352 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    15:27:18.0648 22352 TermDD - ok
    15:27:18.0695 22352 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    15:27:18.0695 22352 TermService - ok
    15:27:18.0710 22352 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    15:27:18.0726 22352 Themes - ok
    15:27:18.0742 22352 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    15:27:18.0742 22352 THREADORDER - ok
    15:27:18.0804 22352 TomTomHOMEService (e9ca6ed72ea9f56bd6e98c7042092a1c) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    15:27:18.0804 22352 TomTomHOMEService - ok
    15:27:18.0820 22352 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    15:27:18.0820 22352 TrkWks - ok
    15:27:18.0867 22352 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    15:27:18.0867 22352 TrustedInstaller - ok
    15:27:18.0882 22352 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    15:27:18.0882 22352 tssecsrv - ok
    15:27:18.0929 22352 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    15:27:18.0929 22352 TsUsbFlt - ok
    15:27:18.0976 22352 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    15:27:18.0976 22352 tunnel - ok
    15:27:18.0992 22352 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    15:27:19.0007 22352 uagp35 - ok
    15:27:19.0070 22352 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    15:27:19.0070 22352 udfs - ok
    15:27:19.0101 22352 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    15:27:19.0101 22352 UI0Detect - ok
    15:27:19.0148 22352 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    15:27:19.0148 22352 uliagpkx - ok
    15:27:19.0164 22352 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    15:27:19.0179 22352 umbus - ok
    15:27:19.0179 22352 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    15:27:19.0179 22352 UmPass - ok
    15:27:19.0210 22352 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    15:27:19.0226 22352 upnphost - ok
    15:27:19.0242 22352 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    15:27:19.0242 22352 usbaudio - ok
    15:27:19.0289 22352 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    15:27:19.0289 22352 usbccgp - ok
    15:27:19.0304 22352 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    15:27:19.0304 22352 usbcir - ok
    15:27:19.0335 22352 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    15:27:19.0335 22352 usbehci - ok
    15:27:19.0351 22352 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    15:27:19.0367 22352 usbhub - ok
    15:27:19.0367 22352 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    15:27:19.0367 22352 usbohci - ok
    15:27:19.0398 22352 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    15:27:19.0398 22352 usbprint - ok
    15:27:19.0429 22352 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    15:27:19.0429 22352 usbscan - ok
    15:27:19.0460 22352 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    15:27:19.0460 22352 USBSTOR - ok
    15:27:19.0476 22352 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
    15:27:19.0476 22352 usbuhci - ok
    15:27:19.0492 22352 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    15:27:19.0492 22352 UxSms - ok
    15:27:19.0507 22352 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    15:27:19.0507 22352 VaultSvc - ok
    15:27:19.0523 22352 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    15:27:19.0523 22352 vdrvroot - ok
    15:27:19.0585 22352 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    15:27:19.0585 22352 vds - ok
    15:27:19.0601 22352 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    15:27:19.0601 22352 vga - ok
    15:27:19.0601 22352 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    15:27:19.0601 22352 VgaSave - ok
    15:27:19.0632 22352 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    15:27:19.0632 22352 vhdmp - ok
    15:27:19.0648 22352 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    15:27:19.0648 22352 viaide - ok
    15:27:19.0664 22352 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    15:27:19.0664 22352 volmgr - ok
    15:27:19.0710 22352 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    15:27:19.0710 22352 volmgrx - ok
    15:27:19.0742 22352 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    15:27:19.0742 22352 volsnap - ok
    15:27:19.0773 22352 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    15:27:19.0773 22352 vsmraid - ok
    15:27:19.0882 22352 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    15:27:19.0898 22352 VSS - ok
    15:27:19.0976 22352 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    15:27:19.0976 22352 vwifibus - ok
    15:27:19.0992 22352 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    15:27:19.0992 22352 vwififlt - ok
    15:27:20.0023 22352 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    15:27:20.0023 22352 vwifimp - ok
    15:27:20.0070 22352 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    15:27:20.0085 22352 W32Time - ok
    15:27:20.0101 22352 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    15:27:20.0101 22352 WacomPen - ok
    15:27:20.0132 22352 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    15:27:20.0148 22352 WANARP - ok
    15:27:20.0148 22352 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    15:27:20.0148 22352 Wanarpv6 - ok
    15:27:20.0226 22352 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    15:27:20.0242 22352 WatAdminSvc - ok
    15:27:20.0320 22352 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    15:27:20.0351 22352 wbengine - ok
    15:27:20.0429 22352 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    15:27:20.0429 22352 WbioSrvc - ok
    15:27:20.0476 22352 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    15:27:20.0476 22352 wcncsvc - ok
    15:27:20.0492 22352 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    15:27:20.0492 22352 WcsPlugInService - ok
    15:27:20.0523 22352 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    15:27:20.0523 22352 Wd - ok
    15:27:20.0570 22352 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    15:27:20.0585 22352 Wdf01000 - ok
    15:27:20.0585 22352 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    15:27:20.0601 22352 WdiServiceHost - ok
    15:27:20.0601 22352 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    15:27:20.0601 22352 WdiSystemHost - ok
    15:27:20.0632 22352 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    15:27:20.0648 22352 WebClient - ok
    15:27:20.0679 22352 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    15:27:20.0679 22352 Wecsvc - ok
    15:27:20.0695 22352 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    15:27:20.0695 22352 wercplsupport - ok
    15:27:20.0710 22352 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    15:27:20.0710 22352 WerSvc - ok
    15:27:20.0757 22352 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    15:27:20.0757 22352 WfpLwf - ok
    15:27:20.0773 22352 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    15:27:20.0773 22352 WIMMount - ok
    15:27:20.0804 22352 WinDefend - ok
    15:27:20.0804 22352 WinHttpAutoProxySvc - ok
    15:27:20.0851 22352 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    15:27:20.0851 22352 Winmgmt - ok
    15:27:20.0976 22352 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    15:27:21.0007 22352 WinRM - ok
    15:27:21.0132 22352 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    15:27:21.0132 22352 WinUsb - ok
    15:27:21.0195 22352 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    15:27:21.0210 22352 Wlansvc - ok
    15:27:21.0367 22352 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    15:27:21.0382 22352 wlidsvc - ok
    15:27:21.0460 22352 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    15:27:21.0460 22352 WmiAcpi - ok
    15:27:21.0507 22352 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    15:27:21.0507 22352 wmiApSrv - ok
    15:27:21.0539 22352 WMPNetworkSvc - ok
    15:27:21.0554 22352 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    15:27:21.0570 22352 WPCSvc - ok
    15:27:21.0601 22352 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    15:27:21.0601 22352 WPDBusEnum - ok
    15:27:21.0617 22352 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    15:27:21.0617 22352 ws2ifsl - ok
    15:27:21.0632 22352 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
    15:27:21.0632 22352 wscsvc - ok
    15:27:21.0632 22352 WSearch - ok
    15:27:21.0679 22352 WSWNA3100 (76fbefab6677af9c498116f1aaea8bdb) C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
    15:27:21.0679 22352 WSWNA3100 - ok
    15:27:21.0835 22352 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    15:27:21.0851 22352 wuauserv - ok
    15:27:21.0960 22352 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    15:27:21.0960 22352 WudfPf - ok
    15:27:21.0976 22352 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    15:27:21.0992 22352 WUDFRd - ok
    15:27:22.0023 22352 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    15:27:22.0023 22352 wudfsvc - ok
    15:27:22.0054 22352 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    15:27:22.0054 22352 WwanSvc - ok
    15:27:22.0085 22352 X6va005 - ok
    15:27:22.0117 22352 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    15:27:22.0289 22352 \Device\Harddisk0\DR0 - ok
    15:27:22.0289 22352 Boot (0x1200) (ba68dec186e631e8fa19e8992fc93aaf) \Device\Harddisk0\DR0\Partition0
    15:27:22.0289 22352 \Device\Harddisk0\DR0\Partition0 - ok
    15:27:22.0304 22352 Boot (0x1200) (c505eb80813cb2e1e13493c5caca26c0) \Device\Harddisk0\DR0\Partition1
    15:27:22.0304 22352 \Device\Harddisk0\DR0\Partition1 - ok
    15:27:22.0304 22352 ============================================================
    15:27:22.0304 22352 Scan finished
    15:27:22.0304 22352 ============================================================
    15:27:22.0304 22332 Detected object count: 0
    15:27:22.0304 22332 Actual detected object count: 0
    15:32:41.0481 23760 Deinitialize success

    12:10:19.0692 14776 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    12:10:19.0922 14776 ============================================================
    12:10:19.0922 14776 Current date / time: 2012/08/02 12:10:19.0922
    12:10:19.0922 14776 SystemInfo:
    12:10:19.0922 14776
    12:10:19.0922 14776 OS Version: 6.1.7601 ServicePack: 1.0
    12:10:19.0922 14776 Product type: Workstation
    12:10:19.0922 14776 ComputerName: ALEX-PC
    12:10:19.0922 14776 UserName: Alex
    12:10:19.0922 14776 Windows directory: C:\Windows
    12:10:19.0922 14776 System windows directory: C:\Windows
    12:10:19.0922 14776 Running under WOW64
    12:10:19.0922 14776 Processor architecture: Intel x64
    12:10:19.0922 14776 Number of processors: 8
    12:10:19.0922 14776 Page size: 0x1000
    12:10:19.0922 14776 Boot type: Normal boot
    12:10:19.0922 14776 ============================================================
    12:10:20.0838 14776 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    12:10:20.0875 14776 Drive \Device\Harddisk2\DR2 - Size: 0x7B00000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    12:10:20.0882 14776 ============================================================
    12:10:20.0882 14776 \Device\Harddisk0\DR0:
    12:10:20.0883 14776 MBR partitions:
    12:10:20.0883 14776 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    12:10:20.0883 14776 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD5800
    12:10:20.0883 14776 \Device\Harddisk2\DR2:
    12:10:20.0888 14776 MBR partitions:
    12:10:20.0888 14776 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3D2E0
    12:10:20.0888 14776 ============================================================
    12:10:20.0909 14776 C: <-> \Device\Harddisk0\DR0\Partition1
    12:10:20.0909 14776 ============================================================
    12:10:20.0909 14776 Initialize success
    12:10:20.0910 14776 ============================================================
    12:12:09.0194 14772 Deinitialize success

    ComboFix 12-07-31.03 - Alex 08/02/2012 15:36:55.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.10747 [GMT -4:00]
    Running from: c:\users\Alex\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\CFLog
    c:\users\Alex\AppData\Local\TempDIR
    c:\users\Alex\AppData\Local\TempDIR\GFInstaller\AppName.txt
    c:\users\Alex\AppData\Local\TempDIR\GFInstaller\Channel.txt
    c:\users\Alex\AppData\Local\TempDIR\GFInstaller\DownloadURL.txt
    c:\users\Alex\AppData\Local\TempDIR\GFInstaller\GFInstaller.exe
    c:\windows\SysWow64\Packet.dll
    c:\windows\SysWow64\pthreadVC.dll
    c:\windows\SysWow64\URTTemp
    c:\windows\SysWow64\URTTemp\regtlib.exe
    c:\windows\SysWow64\wpcap.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NPF
    -------\Service_NPF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-02 19:40 . 2012-08-02 19:40 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-02 19:34 . 2012-08-02 19:34 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{235883A4-F368-4579-8ADA-4D15C79D905C}\offreg.dll
    2012-08-01 17:40 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{235883A4-F368-4579-8ADA-4D15C79D905C}\mpengine.dll
    2012-07-31 22:16 . 2012-07-31 22:16 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
    2012-07-30 21:09 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-29 23:09 . 2012-07-29 23:09 -------- d-----w- c:\users\Alex\AppData\Local\Downloaded Installations
    2012-07-18 14:57 . 2012-07-18 14:57 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2012-07-17 12:34 . 2012-07-17 12:34 -------- d-----w- c:\users\Alex\AppData\Roaming\Pantech
    2012-07-17 12:32 . 2012-07-17 12:32 -------- d-----w- c:\program files\Pantech
    2012-07-17 12:32 . 2009-12-15 06:30 69264 ----a-w- c:\windows\system32\drivers\PTQHBUS.sys
    2012-07-17 12:32 . 2009-12-15 06:30 177040 ----a-w- c:\windows\system32\drivers\PTQHVSP.sys
    2012-07-17 12:32 . 2009-12-15 06:30 177040 ----a-w- c:\windows\system32\drivers\PTQHMDM.sys
    2012-07-11 20:18 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 20:00 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-11 19:59 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
    2012-07-11 19:59 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
    2012-07-11 19:59 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-11 20:16 . 2011-03-08 18:57 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-06-22 18:37 . 2012-02-18 08:40 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-06-22 18:37 . 2011-05-29 01:20 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-06-22 18:37 . 2011-05-29 01:20 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-06-02 22:19 . 2012-06-21 15:11 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 15:11 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 15:11 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 15:11 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 15:11 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 15:11 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 15:11 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-21 15:11 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:15 . 2012-06-21 15:11 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-16 01:50 . 2012-05-16 01:50 388096 ----a-r- c:\users\Alex\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-05-12 03:51 . 2012-04-11 13:44 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-12 03:51 . 2011-06-15 18:51 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2011-08-12 2433024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-01-12 278528]
    R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
    R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 PTQHBUS;PANTECH Handset HSUSB Composite Device(MSM6290);c:\windows\system32\DRIVERS\PTQHBUS.sys [2009-12-15 69264]
    R3 PTQHMDM;PANTECH HSUSB Modem(MSM6290);c:\windows\system32\DRIVERS\PTQHMDM.sys [2009-12-15 177040]
    R3 PTQHVSP;PANTECH HSUSB Diagnostic Serial Port(MSM6290);c:\windows\system32\DRIVERS\PTQHVSP.sys [2009-12-15 177040]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-08 1255736]
    R3 X6va005;X6va005;c:\users\Alex\AppData\Local\Temp\005CF6F.tmp [x]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-14 235520]
    R4 CLKMSVC10_9EC60124;CyberLink Product - 2011/12/05 23:38;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-23 240112]
    R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-14 116648]
    R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-14 116648]
    S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-06-21 92632]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-14 10856960]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-14 327680]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-04-14 95248]
    S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2011-04-19 1254464]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\AutorunsDisabled\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-04-22 18:09 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    "combofix"="c:\combofix\CF13117.3XE" [2010-11-20 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\dvgmkpmo.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.pandora.com/#!/stations/play/227988293017805428
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\Alex\AppData\Local\Temp\005CF6F.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1665098994-1677382331-4202742518-1000\Software\SecuROM\License information*]
    @Allowed: (Read) (RestrictedCode)
    "datasecu"=hex:b8,95,6b,21,0c,fd,f8,84,16,3e,4a,8a,a7,3e,0d,5e,80,e2,c4,48,48,
    8b,18,8d,57,f5,f5,ee,6d,fa,26,7f,85,a6,60,27,d9,d6,7e,75,ba,e0,85,97,b3,24,\
    "rkeysecu"=hex:39,ca,59,d5,1a,90,0c,f1,6b,f1,33,e0,af,30,92,a8
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SysWOW64\PnkBstrA.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-02 15:44:51 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-02 19:44
    .
    Pre-Run: 1,806,364,635,136 bytes free
    Post-Run: 1,806,800,367,616 bytes free
    .
    - - End Of File - - C6C02E39EB11A54D254B9406A7F44678

    So far no more redirects I'll let you know if that changes, thanks so much!

Page 1 of 2 12 LastLast