1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I got Virused

Discussion in 'Virus & Other Malware Removal' started by genubi, Jan 28, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. genubi

    genubi Thread Starter

    Joined:
    Oct 12, 2000
    Messages:
    81
    I opened a email yesterday that looked like it was from FedEx requesting that I print a receipt to take to the post office because they missed me when they came by. So, like and idiot, I clicked on the button. My computer started to act a mess immediately. I got warnings from my Avira antivirus. I could not open web sites that offered to help remove the problems.
    I finally did get some antivirus software to run, Avira, and it removed several viruses, 6 total. But, the antivirus software kept sounding alerts. Then my daughter showed me a message that our ISP sent saying that we have a virus and I should clean it off immediately. Well, I am trying. They sent a link to a Microsoft web site with a virus removal tool. By then I had run several antivirus removal tools and removed more viruses. The two that I wrote down are JS/redirect and Lamar.QJ.4
    When I ran the Microsoft tool it did not find anything.
    But, I dont trust those tools, and have come to you guys to help scrub this machine.
    TSG info:
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
    Processor: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz, x86 Family 6 Model 15 Stepping 6
    Processor Count: 2
    RAM: 3062 Mb
    Graphics Card: Mobile Intel(R) 945GM Express Chipset Family, 224 Mb
    Hard Drives: C: Total - 114470 MB, Free - 65090 MB;
    Motherboard: Dell Inc.,
    Antivirus: Avira Desktop, Updated: Yes, On-Demand Scanner: Enabled

    Hijackthis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:42:31 PM, on 1/28/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files\PdaNet for Android\PdaNetPC.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\lotus\notes\ntmulti.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
    C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\AgentWorks\AgentOrderSystem\AHCS.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myportal.lawsonproducts.com:50100/irj/portal
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Nuance PDF Converter 7-reminder] "C:\Program Files\Nuance\PDF Converter 7\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\PDF Converter 7\Ereg\Ereg.ini"
    O4 - HKLM\..\Run: [hlsudi] rundll32.exe ",FIsHTMLFileW
    O4 - HKLM\..\Run: [wutin] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Michael\Application Data\wutin.dll",vSetTargetAPath
    O4 - HKLM\..\Run: [mdmap] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Michael\Application Data\mdmap.dll",BadArgument
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_4C076BC119E24CBAD2D8DD04CD69E50A] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
    O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with Nuance PDF Converter 7.0 - res://C:\Program Files\Nuance\PDF Converter 7\cnvres_eng.dll /100
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll/206 (file missing)
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1344518774062
    O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} (DellSystem.Scanner) - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
    O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: DB2 Management Service (DB2COPY1) (DB2MGMTSVC_DB2COPY1) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
    O23 - Service: DW WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 11091 bytes

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.11.2
    Run by Michael at 14:59:20 on 2013-01-28
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.1006 [GMT -5:00]
    .
    AV: Avira Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files\PdaNet for Android\PdaNetPC.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\lotus\notes\ntmulti.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
    C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\AgentWorks\AgentOrderSystem\AHCS.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k bthsvcs
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://myportal.lawsonproducts.com:50100/irj/portal
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.1.27.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [GoogleChromeAutoLaunch_4C076BC119E24CBAD2D8DD04CD69E50A] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [Nuance PDF Converter 7-reminder] "c:\program files\nuance\pdf converter 7\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\pdf converter 7\ereg\Ereg.ini"
    mRun: [hlsudi] rundll32.exe ",FIsHTMLFileW
    mRun: [wutin] "c:\windows\system32\rundll32.exe" "c:\documents and settings\michael\application data\wutin.dll",vSetTargetAPath
    mRun: [mdmap] "c:\windows\system32\rundll32.exe" "c:\documents and settings\michael\application data\mdmap.dll",BadArgument
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\docume~1\michael\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
    StartupFolder: c:\docume~1\michael\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Open with Nuance PDF Converter 7.0 - c:\program files\nuance\pdf converter 7\cnvres_eng.dll /100
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - c:\program files\bitcomet\tools\BitCometBHO_1.4.1.27.dll/206
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    LSP: c:\program files\avira\antivir desktop\avsda.dll
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342931355593
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344518774062
    DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    TCP: NameServer = 192.168.17.1
    TCP: Interfaces\{82635800-EA0A-49D8-B7D4-F87E3EF45626} : DHCPNameServer = 192.168.17.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.56\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-7-26 36552]
    R2 AntiVirMailService;Avira Mail Protection;c:\program files\avira\antivir desktop\avmailc.exe [2013-1-18 400160]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-12-12 85280]
    R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-12-12 109344]
    R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-12-12 565024]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-7-26 83944]
    R2 DB2MGMTSVC_DB2COPY1;DB2 Management Service (DB2COPY1);c:\program files\ibm\sqllib\bin\db2mgmtsvc.exe [2009-5-30 37664]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-27 398184]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-27 682344]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-27 21104]
    R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2012-7-26 13440]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys --> c:\windows\system32\drivers\motoandroid.sys [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2013-01-27 15:57:38 -------- d-----w- c:\documents and settings\michael\application data\Windows Search
    2013-01-27 15:44:09 -------- d-----w- c:\program files\Trend Micro
    2013-01-27 15:43:24 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2013-01-27 15:43:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-01-27 12:18:28 -------- d-----w- c:\documents and settings\michael\application data\Malwarebytes
    2013-01-27 12:18:07 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2013-01-27 12:18:05 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-27 12:18:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-01-26 19:31:40 351232 ----a-w- c:\documents and settings\michael\application data\mdmap.dll
    2013-01-26 19:31:15 595456 ----a-w- c:\documents and settings\michael\application data\wutin.dll
    2013-01-08 00:17:35 -------- d-----w- c:\windows\Performance
    2013-01-08 00:17:23 -------- d-----w- c:\documents and settings\michael\local settings\application data\Microsoft Corporation
    2013-01-08 00:14:42 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
    2013-01-03 10:18:51 780192 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-03 10:18:50 859552 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-01-01 23:10:51 -------- d-----w- c:\documents and settings\michael\local settings\application data\Cooliris
    .
    ==================== Find3M ====================
    .
    2013-01-19 01:42:19 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2013-01-19 01:42:15 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2013-01-09 04:31:16 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-09 04:31:16 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll
    2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec
    .
    ============= FINISH: 15:00:41.79 ===============
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,313
    Please download GMER from: http://www.gmer.net

    Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

    Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.

    Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

    If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are unchecked on the right-hand side:

    IAT/EAT
    Any drive letter other than the primary system drive (which is generally C).

    Click the Scan button and when the scan is finished, click Save and save the log in Notepad with the name ark.txt to your desktop.

    Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.

    Open the ark.txt file and copy and paste the contents of the log here please.
     
  3. genubi

    genubi Thread Starter

    Joined:
    Oct 12, 2000
    Messages:
    81
    Sorry, I had run it. I neglected to paste it in here.

    GMER 2.0.18454 - http://www.gmer.net
    Rootkit scan 2013-01-28 16:51:48
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9120310AS rev.DE05 111.79GB
    Running: GMER.exe; Driver: C:\DOCUME~1\Michael\LOCALS~1\Temp\awtdypow.sys


    ---- System - GMER 2.0 ----

    SSDT BA745314 ZwClose
    SSDT BA7452CE ZwCreateKey
    SSDT BA74531E ZwCreateSection
    SSDT BA7452F6 ZwCreateSymbolicLinkObject
    SSDT BA7452C4 ZwCreateThread
    SSDT BA7452D3 ZwDeleteKey
    SSDT BA7452DD ZwDeleteValueKey
    SSDT BA74530F ZwDuplicateObject
    SSDT BA7452FB ZwLoadDriver
    SSDT BA7452E2 ZwLoadKey
    SSDT BA7452B0 ZwOpenProcess
    SSDT BA7452F1 ZwOpenSection
    SSDT BA7452B5 ZwOpenThread
    SSDT BA745337 ZwQueryValueKey
    SSDT BA7452EC ZwReplaceKey
    SSDT BA745328 ZwRequestWaitReplyPort
    SSDT BA7452E7 ZwRestoreKey
    SSDT BA745323 ZwSetContextThread
    SSDT BA74532D ZwSetSecurityObject
    SSDT BA745300 ZwSetSystemInformation
    SSDT BA7452D8 ZwSetValueKey
    SSDT BA745332 ZwSystemDebugControl
    SSDT BA7452BF ZwTerminateProcess
    SSDT BA7452BA ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 2.0 ----

    ? C:\DOCUME~1\Michael\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, D8, CB, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, DB, CB, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, D8, CB, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, D9, CB, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91A1F2
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, DA, CB, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, D9, CB, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, DA, CB, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91A263
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, D8, CB, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91A391
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, D9, CB, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, DA, CB, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, DB, CB, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 017331C7
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1884] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01733776
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1884] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 017314DB
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1884] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 0173195D
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1884] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 01731128
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1884] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1884] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1884] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1884] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1884] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1884] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1884] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1884] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1884] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1884] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1884] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1884] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1884] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1884] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E75C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\WINDOWS\system32\ctfmon.exe[2488] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C431C7
    .text C:\WINDOWS\system32\ctfmon.exe[2488] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C43776
    .text C:\WINDOWS\system32\ctfmon.exe[2488] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 00C414DB
    .text C:\WINDOWS\system32\ctfmon.exe[2488] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00C4195D
    .text C:\WINDOWS\system32\ctfmon.exe[2488] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00C41128
    .text C:\WINDOWS\system32\SearchIndexer.exe[2836] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 90, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 93, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 90, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 91, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ECAA
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 92, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 91, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 92, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED1B
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 90, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EE49
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 91, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 92, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 93, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2848] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2952] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2952] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2952] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2952] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2952] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2952] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2952] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2952] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2952] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2952] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2952] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2952] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2952] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2952] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E75C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2984] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 017331C7
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2984] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01733776
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2984] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 017314DB
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2984] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 0173195D
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2984] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 01731128
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2984] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2984] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2984] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2984] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2984] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2984] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2984] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2984] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2984] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2984] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2984] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2984] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2984] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2984] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E75C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 84, D9, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 87, D9, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 84, D9, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 85, D9, 00] {TEST AL, 0x85; FLD DWORD [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91AF9E
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 86, D9, 00] {TEST AL, 0x86; FLD DWORD [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 85, D9, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 86, D9, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91B00F
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 84, D9, 00] {TEST AL, 0x84; FLD DWORD [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91B13D
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 85, D9, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 86, D9, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 87, D9, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3012] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3088] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3088] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3088] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3088] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3088] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3088] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3088] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3088] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3088] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 017331C7
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01733776
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 017314DB
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 0173195D
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 01731128
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E75C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 032F31C7
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3920] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 032F3776
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3920] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 032F14DB
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3920] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 032F195D
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3920] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 032F1128
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3920] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3920] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3920] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3920] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3920] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3920] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3920] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3920] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3920] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, E4, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, E7, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, E4, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, E5, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ECFE
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, E6, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, E5, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, E6, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED6F
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, E4, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EE9D
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, E5, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, E6, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, E7, 16, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[5280] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 027231C7
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5884] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02723776
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5884] kernel32.dll!CreateFileW 7C810CD9 5 Bytes JMP 027214DB
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5884] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 0272195D
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5884] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 02721128
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5884] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5884] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5884] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5884] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5884] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5884] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5884] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5884] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5884] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5884] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5884] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5884] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5884] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5884] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E75C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 8C, A0, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 8F, A0, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 8C, A0, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 8D, A0, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9176A6
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 8E, A0, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 8D, A0, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 8E, A0, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B917717
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 8C, A0, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B917845
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 8D, A0, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 8E, A0, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 8F, A0, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[6624] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

    ---- Registry - GMER 2.0 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641a2e441
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001641a2e441 (not active ControlSet)
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart C4700 [email protected] 103167421

    ---- Disk sectors - GMER 2.0 ----

    Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 234436548
    Disk \Device\Harddisk0\DR0 PE file @ sector 234436570

    ---- EOF - GMER 2.0 ----
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,313
    Please go here and download the TDSSKiller.exe to your desktop.
    • Double-click to TDSSKiller.exe on your desktop to run it.
    • Click on Start Scan
    • As we don't want to fix anything yet, if any malicious objects are detected, do NOT select Cure but select Skip instead.
    It will produce a log once it finishes in the root drive which should look like this example:

    C:\TDSSKiller.<version_date_time>log.txt

    Please copy and paste the contents of that log in your next reply.
     
  5. genubi

    genubi Thread Starter

    Joined:
    Oct 12, 2000
    Messages:
    81
    05:23:02.0109 2532 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    05:23:02.0968 2532 ============================================================
    05:23:02.0968 2532 Current date / time: 2013/01/29 05:23:02.0968
    05:23:02.0968 2532 SystemInfo:
    05:23:02.0968 2532
    05:23:02.0968 2532 OS Version: 5.1.2600 ServicePack: 3.0
    05:23:02.0968 2532 Product type: Workstation
    05:23:02.0968 2532 ComputerName: ZUBENAL
    05:23:02.0968 2532 UserName: Michael
    05:23:02.0968 2532 Windows directory: C:\WINDOWS
    05:23:02.0968 2532 System windows directory: C:\WINDOWS
    05:23:02.0968 2532 Processor architecture: Intel x86
    05:23:02.0968 2532 Number of processors: 2
    05:23:02.0968 2532 Page size: 0x1000
    05:23:02.0968 2532 Boot type: Normal boot
    05:23:02.0968 2532 ============================================================
    05:23:05.0875 2532 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    05:23:05.0890 2532 ============================================================
    05:23:05.0890 2532 \Device\Harddisk0\DR0:
    05:23:05.0890 2532 MBR partitions:
    05:23:05.0890 2532 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
    05:23:05.0890 2532 ============================================================
    05:23:05.0937 2532 C: <-> \Device\Harddisk0\DR0\Partition1
    05:23:05.0937 2532 ============================================================
    05:23:05.0937 2532 Initialize success
    05:23:05.0937 2532 ============================================================
    05:23:11.0312 5220 ============================================================
    05:23:11.0312 5220 Scan started
    05:23:11.0312 5220 Mode: Manual;
    05:23:11.0312 5220 ============================================================
    05:23:13.0906 5220 ================ Scan system memory ========================
    05:23:13.0906 5220 System memory - ok
    05:23:13.0906 5220 ================ Scan services =============================
    05:23:14.0015 5220 Abiosdsk - ok
    05:23:14.0015 5220 abp480n5 - ok
    05:23:14.0093 5220 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    05:23:14.0093 5220 ACPI - ok
    05:23:14.0156 5220 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    05:23:14.0156 5220 ACPIEC - ok
    05:23:14.0250 5220 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    05:23:14.0250 5220 AdobeFlashPlayerUpdateSvc - ok
    05:23:14.0265 5220 adpu160m - ok
    05:23:14.0296 5220 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    05:23:14.0312 5220 aec - ok
    05:23:14.0375 5220 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    05:23:14.0390 5220 AFD - ok
    05:23:14.0390 5220 Aha154x - ok
    05:23:14.0390 5220 aic78u2 - ok
    05:23:14.0390 5220 aic78xx - ok
    05:23:14.0453 5220 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    05:23:14.0468 5220 Alerter - ok
    05:23:14.0515 5220 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    05:23:14.0515 5220 ALG - ok
    05:23:14.0515 5220 AliIde - ok
    05:23:14.0515 5220 amsint - ok
    05:23:14.0796 5220 [ 05EBF798D6A8AB74B4923E49B5681741 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
    05:23:14.0812 5220 AntiVirMailService - ok
    05:23:14.0890 5220 [ EC974E0B4C5290E695F4D99A3571864B ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
    05:23:14.0890 5220 AntiVirSchedulerService - ok
    05:23:14.0906 5220 [ 0CA64AC331DA61CCE0FD2C8FBA129F30 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    05:23:14.0906 5220 AntiVirService - ok
    05:23:14.0953 5220 [ 18BF884CB5B2F3B36EB82A1A2D00E934 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    05:23:14.0953 5220 AntiVirWebService - ok
    05:23:15.0031 5220 [ 090880E9BF20F928BC341F96D27C019E ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    05:23:15.0031 5220 ApfiltrService - ok
    05:23:15.0093 5220 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    05:23:15.0109 5220 AppMgmt - ok
    05:23:15.0109 5220 asc - ok
    05:23:15.0109 5220 asc3350p - ok
    05:23:15.0125 5220 asc3550 - ok
    05:23:15.0328 5220 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    05:23:15.0328 5220 aspnet_state - ok
    05:23:15.0453 5220 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    05:23:15.0453 5220 AsyncMac - ok
    05:23:15.0531 5220 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    05:23:15.0546 5220 atapi - ok
    05:23:15.0546 5220 Atdisk - ok
    05:23:15.0578 5220 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    05:23:15.0578 5220 Atmarpc - ok
    05:23:15.0640 5220 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    05:23:15.0640 5220 AudioSrv - ok
    05:23:15.0718 5220 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    05:23:15.0718 5220 audstub - ok
    05:23:15.0781 5220 [ D57E60FF40E858B653C404605BBDD6FC ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    05:23:15.0781 5220 avgntflt - ok
    05:23:15.0828 5220 [ 0189056DDBF23C7DEF09D2B5999C5405 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
    05:23:15.0828 5220 avipbb - ok
    05:23:15.0843 5220 [ 5BE9B023D7917E6B51FC402DE06819B4 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
    05:23:15.0843 5220 avkmgr - ok
    05:23:15.0921 5220 [ C0ACD392ECE55784884CC208AAFA06CE ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    05:23:15.0921 5220 b57w2k - ok
    05:23:16.0078 5220 [ 345D38F298368DD6B0DF5C4F37457A22 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    05:23:16.0093 5220 BCM43XX - ok
    05:23:16.0125 5220 [ 40F8C4C10ED67B1DE44ABF82582BAC37 ] BCOREUSB C:\WINDOWS\system32\Drivers\BCOREUSB.sys
    05:23:16.0140 5220 BCOREUSB - ok
    05:23:16.0171 5220 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    05:23:16.0171 5220 Beep - ok
    05:23:16.0281 5220 [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen C:\WINDOWS\system32\bgsvcgen.exe
    05:23:16.0281 5220 bgsvcgen - ok
    05:23:16.0328 5220 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    05:23:16.0359 5220 BITS - ok
    05:23:16.0453 5220 [ B26E18ADAA16E507166E3B61E79A1E25 ] Bluetooth Hid Switch Service C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
    05:23:16.0453 5220 Bluetooth Hid Switch Service - ok
    05:23:16.0515 5220 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    05:23:16.0515 5220 Browser - ok
    05:23:16.0593 5220 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
    05:23:16.0593 5220 BthEnum - ok
    05:23:16.0671 5220 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
    05:23:16.0671 5220 BthPan - ok
    05:23:16.0718 5220 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
    05:23:16.0718 5220 BTHPORT - ok
    05:23:16.0812 5220 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
    05:23:16.0828 5220 BthServ - ok
    05:23:16.0859 5220 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
    05:23:16.0859 5220 BTHUSB - ok
    05:23:16.0906 5220 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    05:23:16.0906 5220 cbidf2k - ok
    05:23:16.0906 5220 cd20xrnt - ok
    05:23:16.0968 5220 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    05:23:16.0968 5220 Cdaudio - ok
    05:23:16.0984 5220 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    05:23:16.0984 5220 Cdfs - ok
    05:23:17.0000 5220 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    05:23:17.0000 5220 Cdrom - ok
    05:23:17.0125 5220 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
    05:23:17.0125 5220 cercsr6 - ok
    05:23:17.0125 5220 Changer - ok
    05:23:17.0171 5220 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    05:23:17.0171 5220 CiSvc - ok
    05:23:17.0203 5220 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    05:23:17.0203 5220 ClipSrv - ok
    05:23:17.0218 5220 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    05:23:17.0234 5220 clr_optimization_v2.0.50727_32 - ok
    05:23:17.0406 5220 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    05:23:17.0406 5220 clr_optimization_v4.0.30319_32 - ok
    05:23:17.0453 5220 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    05:23:17.0453 5220 CmBatt - ok
    05:23:17.0468 5220 CmdIde - ok
    05:23:17.0484 5220 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
    05:23:17.0484 5220 Compbatt - ok
    05:23:17.0484 5220 COMSysApp - ok
    05:23:17.0484 5220 Cpqarray - ok
    05:23:17.0593 5220 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    05:23:17.0593 5220 CryptSvc - ok
    05:23:17.0609 5220 dac2w2k - ok
    05:23:17.0609 5220 dac960nt - ok
    05:23:17.0750 5220 [ 465EBC2179406DE124D9F9B4912ACB14 ] DB2MGMTSVC_DB2COPY1 C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe
    05:23:17.0750 5220 DB2MGMTSVC_DB2COPY1 - ok
    05:23:17.0843 5220 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    05:23:17.0859 5220 DcomLaunch - ok
    05:23:17.0937 5220 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    05:23:17.0937 5220 Dhcp - ok
    05:23:17.0953 5220 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    05:23:17.0953 5220 Disk - ok
    05:23:17.0953 5220 dmadmin - ok
    05:23:18.0000 5220 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    05:23:18.0015 5220 dmboot - ok
    05:23:18.0031 5220 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    05:23:18.0031 5220 dmio - ok
    05:23:18.0046 5220 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    05:23:18.0046 5220 dmload - ok
    05:23:18.0062 5220 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    05:23:18.0078 5220 dmserver - ok
    05:23:18.0109 5220 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    05:23:18.0109 5220 DMusic - ok
    05:23:18.0156 5220 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    05:23:18.0156 5220 Dnscache - ok
    05:23:18.0187 5220 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    05:23:18.0203 5220 Dot3svc - ok
    05:23:18.0203 5220 dpti2o - ok
    05:23:18.0218 5220 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    05:23:18.0218 5220 drmkaud - ok
    05:23:18.0296 5220 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    05:23:18.0312 5220 EapHost - ok
    05:23:18.0375 5220 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    05:23:18.0375 5220 ERSvc - ok
    05:23:18.0453 5220 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    05:23:18.0468 5220 Eventlog - ok
    05:23:18.0484 5220 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    05:23:18.0500 5220 EventSystem - ok
    05:23:18.0578 5220 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    05:23:18.0578 5220 Fastfat - ok
    05:23:18.0671 5220 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    05:23:18.0671 5220 FastUserSwitchingCompatibility - ok
    05:23:18.0687 5220 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    05:23:18.0687 5220 Fdc - ok
    05:23:18.0703 5220 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    05:23:18.0703 5220 Fips - ok
    05:23:18.0703 5220 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    05:23:18.0703 5220 Flpydisk - ok
    05:23:18.0796 5220 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    05:23:18.0796 5220 FltMgr - ok
    05:23:18.0906 5220 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    05:23:18.0906 5220 FontCache3.0.0.0 - ok
    05:23:18.0921 5220 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    05:23:18.0921 5220 Fs_Rec - ok
    05:23:18.0937 5220 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    05:23:18.0937 5220 Ftdisk - ok
    05:23:18.0953 5220 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    05:23:18.0953 5220 Gpc - ok
    05:23:19.0031 5220 [ C0BDAB85F3E8B2138C513255E2BCC4D8 ] guardian2 C:\WINDOWS\system32\Drivers\oz776.sys
    05:23:19.0031 5220 guardian2 - ok
    05:23:19.0203 5220 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    05:23:19.0203 5220 gupdate - ok
    05:23:19.0296 5220 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    05:23:19.0296 5220 gupdatem - ok
    05:23:19.0437 5220 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    05:23:19.0437 5220 gusvc - ok
    05:23:19.0484 5220 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    05:23:19.0484 5220 HDAudBus - ok
    05:23:19.0671 5220 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    05:23:19.0671 5220 helpsvc - ok
    05:23:19.0687 5220 HidServ - ok
    05:23:19.0734 5220 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    05:23:19.0734 5220 hkmsvc - ok
    05:23:19.0750 5220 hpn - ok
    05:23:19.0968 5220 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    05:23:19.0968 5220 hpqcxs08 - ok
    05:23:20.0000 5220 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    05:23:20.0000 5220 hpqddsvc - ok
    05:23:20.0031 5220 [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
    05:23:20.0031 5220 HPSLPSVC - ok
    05:23:20.0140 5220 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
    05:23:20.0140 5220 HSF_DPV - ok
    05:23:20.0156 5220 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
    05:23:20.0156 5220 HSXHWAZL - ok
    05:23:20.0281 5220 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    05:23:20.0281 5220 HTTP - ok
    05:23:20.0343 5220 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    05:23:20.0359 5220 HTTPFilter - ok
    05:23:20.0359 5220 i2omgmt - ok
    05:23:20.0359 5220 i2omp - ok
    05:23:20.0406 5220 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    05:23:20.0406 5220 i8042prt - ok
    05:23:20.0656 5220 [ E8C7CC369C2FB657E0792AF70DF529E6 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    05:23:20.0687 5220 ialm - ok
    05:23:20.0843 5220 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    05:23:20.0843 5220 IDriverT - ok
    05:23:21.0046 5220 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    05:23:21.0062 5220 idsvc - ok
    05:23:21.0140 5220 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    05:23:21.0140 5220 Imapi - ok
    05:23:21.0265 5220 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    05:23:21.0265 5220 ImapiService - ok
    05:23:21.0265 5220 ini910u - ok
    05:23:21.0281 5220 IntelIde - ok
    05:23:21.0359 5220 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    05:23:21.0359 5220 intelppm - ok
    05:23:21.0406 5220 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    05:23:21.0406 5220 Ip6Fw - ok
    05:23:21.0437 5220 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    05:23:21.0437 5220 IpFilterDriver - ok
    05:23:21.0453 5220 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    05:23:21.0453 5220 IpInIp - ok
    05:23:21.0500 5220 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    05:23:21.0500 5220 IpNat - ok
    05:23:21.0515 5220 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    05:23:21.0515 5220 IPSec - ok
    05:23:21.0562 5220 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    05:23:21.0562 5220 IRENUM - ok
    05:23:21.0609 5220 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    05:23:21.0609 5220 isapnp - ok
    05:23:21.0812 5220 [ 7FBFEEE245821925129C9F86470BF33C ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    05:23:21.0812 5220 JavaQuickStarterService - ok
    05:23:21.0828 5220 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    05:23:21.0828 5220 Kbdclass - ok
    05:23:21.0843 5220 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    05:23:21.0843 5220 kmixer - ok
    05:23:21.0937 5220 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    05:23:21.0937 5220 KSecDD - ok
    05:23:22.0031 5220 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    05:23:22.0031 5220 lanmanserver - ok
    05:23:22.0109 5220 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    05:23:22.0109 5220 lanmanworkstation - ok
    05:23:22.0125 5220 lbrtfdc - ok
    05:23:22.0218 5220 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    05:23:22.0265 5220 LmHosts - ok
    05:23:22.0359 5220 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
    05:23:22.0359 5220 MBAMProtector - ok
    05:23:22.0484 5220 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    05:23:22.0484 5220 MBAMScheduler - ok
    05:23:22.0593 5220 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    05:23:22.0593 5220 MBAMService - ok
    05:23:22.0609 5220 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    05:23:22.0609 5220 mdmxsdk - ok
    05:23:22.0656 5220 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    05:23:22.0671 5220 Messenger - ok
    05:23:22.0718 5220 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    05:23:22.0718 5220 mnmdd - ok
    05:23:22.0796 5220 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    05:23:22.0796 5220 mnmsrvc - ok
    05:23:22.0937 5220 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    05:23:22.0937 5220 Modem - ok
    05:23:22.0937 5220 motandroidusb - ok
    05:23:22.0953 5220 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    05:23:22.0953 5220 Mouclass - ok
    05:23:22.0968 5220 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    05:23:22.0968 5220 MountMgr - ok
    05:23:22.0968 5220 mraid35x - ok
    05:23:22.0968 5220 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    05:23:22.0968 5220 MRxDAV - ok
    05:23:23.0062 5220 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    05:23:23.0062 5220 MRxSmb - ok
    05:23:23.0062 5220 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    05:23:23.0078 5220 MSDTC - ok
    05:23:23.0078 5220 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    05:23:23.0078 5220 Msfs - ok
    05:23:23.0078 5220 MSIServer - ok
    05:23:23.0125 5220 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    05:23:23.0125 5220 MSKSSRV - ok
    05:23:23.0140 5220 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    05:23:23.0140 5220 MSPCLOCK - ok
    05:23:23.0140 5220 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    05:23:23.0140 5220 MSPQM - ok
    05:23:23.0203 5220 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    05:23:23.0203 5220 mssmbios - ok
    05:23:23.0375 5220 [ 7FF9BA6D0BFBCD31DDF23EAF982D7069 ] Multi-user Cleanup Service C:\Program Files\lotus\notes\ntmulti.exe
    05:23:23.0375 5220 Multi-user Cleanup Service - ok
    05:23:23.0468 5220 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    05:23:23.0468 5220 Mup - ok
    05:23:23.0531 5220 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    05:23:23.0562 5220 napagent - ok
    05:23:23.0640 5220 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    05:23:23.0640 5220 NDIS - ok
    05:23:23.0734 5220 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    05:23:23.0734 5220 NdisTapi - ok
    05:23:23.0828 5220 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    05:23:23.0828 5220 Ndisuio - ok
    05:23:23.0828 5220 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    05:23:23.0828 5220 NdisWan - ok
    05:23:23.0890 5220 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    05:23:23.0890 5220 NDProxy - ok
    05:23:23.0968 5220 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
    05:23:23.0984 5220 Net Driver HPZ12 - ok
    05:23:23.0984 5220 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    05:23:23.0984 5220 NetBIOS - ok
    05:23:24.0031 5220 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    05:23:24.0031 5220 NetBT - ok
    05:23:24.0078 5220 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    05:23:24.0093 5220 NetDDE - ok
    05:23:24.0093 5220 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    05:23:24.0093 5220 NetDDEdsdm - ok
    05:23:24.0140 5220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    05:23:24.0140 5220 Netlogon - ok
    05:23:24.0156 5220 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    05:23:24.0156 5220 Netman - ok
    05:23:24.0218 5220 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    05:23:24.0218 5220 NetTcpPortSharing - ok
    05:23:24.0281 5220 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    05:23:24.0296 5220 Nla - ok
    05:23:24.0375 5220 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    05:23:24.0375 5220 Npfs - ok
    05:23:24.0484 5220 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    05:23:24.0484 5220 Ntfs - ok
    05:23:24.0500 5220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    05:23:24.0500 5220 NtLmSsp - ok
    05:23:24.0578 5220 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    05:23:24.0625 5220 NtmsSvc - ok
    05:23:24.0671 5220 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    05:23:24.0671 5220 Null - ok
    05:23:24.0750 5220 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    05:23:24.0750 5220 NwlnkFlt - ok
    05:23:24.0750 5220 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    05:23:24.0750 5220 NwlnkFwd - ok
    05:23:24.0859 5220 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    05:23:24.0859 5220 ose - ok
    05:23:25.0171 5220 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    05:23:25.0203 5220 osppsvc - ok
    05:23:25.0234 5220 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    05:23:25.0234 5220 Parport - ok
    05:23:25.0312 5220 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    05:23:25.0312 5220 PartMgr - ok
    05:23:25.0375 5220 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    05:23:25.0375 5220 ParVdm - ok
    05:23:25.0421 5220 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    05:23:25.0421 5220 PCI - ok
    05:23:25.0437 5220 PCIDump - ok
    05:23:25.0468 5220 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    05:23:25.0468 5220 PCIIde - ok
    05:23:25.0531 5220 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    05:23:25.0531 5220 Pcmcia - ok
    05:23:25.0531 5220 PDCOMP - ok
    05:23:25.0531 5220 PDFRAME - ok
    05:23:25.0546 5220 PDRELI - ok
    05:23:25.0546 5220 PDRFRAME - ok
    05:23:25.0546 5220 perc2 - ok
    05:23:25.0546 5220 perc2hib - ok
    05:23:25.0578 5220 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    05:23:25.0578 5220 PlugPlay - ok
    05:23:25.0640 5220 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
    05:23:25.0640 5220 Pml Driver HPZ12 - ok
    05:23:25.0718 5220 [ 713E294439D982BB161317DE0136FAA0 ] pneteth C:\WINDOWS\system32\DRIVERS\pneteth.sys
    05:23:25.0718 5220 pneteth - ok
    05:23:25.0718 5220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    05:23:25.0718 5220 PolicyAgent - ok
    05:23:25.0734 5220 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    05:23:25.0734 5220 PptpMiniport - ok
    05:23:25.0734 5220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    05:23:25.0734 5220 ProtectedStorage - ok
    05:23:25.0750 5220 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    05:23:25.0750 5220 PSched - ok
    05:23:25.0781 5220 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    05:23:25.0781 5220 Ptilink - ok
    05:23:25.0796 5220 ql1080 - ok
    05:23:25.0796 5220 Ql10wnt - ok
    05:23:25.0796 5220 ql12160 - ok
    05:23:25.0796 5220 ql1240 - ok
    05:23:25.0812 5220 ql1280 - ok
    05:23:25.0859 5220 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    05:23:25.0859 5220 RasAcd - ok
    05:23:25.0906 5220 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    05:23:25.0921 5220 RasAuto - ok
    05:23:25.0968 5220 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    05:23:25.0968 5220 Rasl2tp - ok
    05:23:26.0046 5220 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    05:23:26.0046 5220 RasMan - ok
    05:23:26.0046 5220 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    05:23:26.0046 5220 RasPppoe - ok
    05:23:26.0046 5220 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    05:23:26.0062 5220 Raspti - ok
    05:23:26.0078 5220 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    05:23:26.0078 5220 Rdbss - ok
    05:23:26.0078 5220 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    05:23:26.0078 5220 RDPCDD - ok
    05:23:26.0093 5220 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    05:23:26.0093 5220 rdpdr - ok
    05:23:26.0171 5220 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    05:23:26.0171 5220 RDPWD - ok
    05:23:26.0234 5220 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    05:23:26.0250 5220 RDSessMgr - ok
    05:23:26.0250 5220 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    05:23:26.0250 5220 redbook - ok
    05:23:26.0281 5220 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    05:23:26.0296 5220 RemoteAccess - ok
    05:23:26.0328 5220 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    05:23:26.0343 5220 RemoteRegistry - ok
    05:23:26.0406 5220 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
    05:23:26.0406 5220 RFCOMM - ok
    05:23:26.0437 5220 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    05:23:26.0437 5220 RpcLocator - ok
    05:23:26.0531 5220 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
    05:23:26.0546 5220 RpcSs - ok
    05:23:26.0578 5220 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    05:23:26.0593 5220 RSVP - ok
    05:23:26.0640 5220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    05:23:26.0640 5220 SamSs - ok
    05:23:26.0703 5220 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    05:23:26.0718 5220 SCardSvr - ok
    05:23:26.0750 5220 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    05:23:26.0765 5220 Schedule - ok
    05:23:26.0812 5220 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    05:23:26.0812 5220 Secdrv - ok
    05:23:26.0812 5220 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    05:23:26.0812 5220 seclogon - ok
    05:23:26.0859 5220 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    05:23:26.0859 5220 SENS - ok
    05:23:26.0875 5220 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    05:23:26.0875 5220 serenum - ok
    05:23:26.0890 5220 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    05:23:26.0890 5220 Serial - ok
    05:23:26.0921 5220 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    05:23:26.0921 5220 Sfloppy - ok
    05:23:27.0015 5220 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    05:23:27.0031 5220 SharedAccess - ok
    05:23:27.0046 5220 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    05:23:27.0046 5220 ShellHWDetection - ok
    05:23:27.0046 5220 Simbad - ok
    05:23:27.0062 5220 Sparrow - ok
    05:23:27.0078 5220 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    05:23:27.0078 5220 splitter - ok
    05:23:27.0156 5220 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    05:23:27.0156 5220 Spooler - ok
    05:23:27.0171 5220 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    05:23:27.0171 5220 sr - ok
    05:23:27.0312 5220 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    05:23:27.0406 5220 srservice - ok
    05:23:27.0437 5220 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    05:23:27.0453 5220 Srv - ok
    05:23:27.0484 5220 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    05:23:27.0484 5220 SSDPSRV - ok
    05:23:27.0546 5220 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    05:23:27.0546 5220 ssmdrv - ok
    05:23:27.0656 5220 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
    05:23:27.0671 5220 STHDA - ok
    05:23:27.0750 5220 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
    05:23:27.0750 5220 StillCam - ok
    05:23:27.0843 5220 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    05:23:27.0875 5220 stisvc - ok
    05:23:27.0968 5220 [ 78B58486A5CB4F418D06EA2D6E961DB0 ] SupportSoft RemoteAssist C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
    05:23:27.0968 5220 SupportSoft RemoteAssist - ok
    05:23:28.0046 5220 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    05:23:28.0062 5220 swenum - ok
    05:23:28.0062 5220 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    05:23:28.0062 5220 swmidi - ok
    05:23:28.0062 5220 SwPrv - ok
    05:23:28.0078 5220 symc810 - ok
    05:23:28.0078 5220 symc8xx - ok
    05:23:28.0078 5220 sym_hi - ok
    05:23:28.0078 5220 sym_u3 - ok
    05:23:28.0109 5220 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    05:23:28.0109 5220 sysaudio - ok
    05:23:28.0156 5220 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    05:23:28.0156 5220 SysmonLog - ok
    05:23:28.0187 5220 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    05:23:28.0187 5220 TapiSrv - ok
    05:23:28.0343 5220 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    05:23:28.0343 5220 Tcpip - ok
    05:23:28.0375 5220 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    05:23:28.0390 5220 TDPIPE - ok
    05:23:28.0406 5220 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    05:23:28.0453 5220 TDTCP - ok
    05:23:28.0484 5220 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    05:23:28.0484 5220 TermDD - ok
    05:23:28.0500 5220 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    05:23:28.0515 5220 TermService - ok
    05:23:28.0578 5220 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    05:23:28.0578 5220 Themes - ok
    05:23:28.0640 5220 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    05:23:28.0640 5220 TlntSvr - ok
    05:23:28.0640 5220 TosIde - ok
    05:23:28.0687 5220 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    05:23:28.0703 5220 TrkWks - ok
    05:23:28.0750 5220 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    05:23:28.0750 5220 Udfs - ok
    05:23:28.0765 5220 UIUSys - ok
    05:23:28.0765 5220 ultra - ok
    05:23:28.0812 5220 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    05:23:28.0828 5220 Update - ok
    05:23:28.0859 5220 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    05:23:28.0875 5220 upnphost - ok
    05:23:28.0906 5220 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    05:23:28.0906 5220 UPS - ok
    05:23:28.0953 5220 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    05:23:28.0953 5220 usbccgp - ok
    05:23:29.0000 5220 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    05:23:29.0000 5220 usbehci - ok
    05:23:29.0000 5220 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    05:23:29.0000 5220 usbhub - ok
    05:23:29.0046 5220 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    05:23:29.0046 5220 usbprint - ok
    05:23:29.0062 5220 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    05:23:29.0062 5220 usbscan - ok
    05:23:29.0093 5220 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    05:23:29.0093 5220 USBSTOR - ok
    05:23:29.0093 5220 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    05:23:29.0093 5220 usbuhci - ok
    05:23:29.0109 5220 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    05:23:29.0109 5220 VgaSave - ok
    05:23:29.0109 5220 ViaIde - ok
    05:23:29.0109 5220 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    05:23:29.0125 5220 VolSnap - ok
    05:23:29.0203 5220 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    05:23:29.0203 5220 VSS - ok
    05:23:29.0265 5220 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    05:23:29.0265 5220 W32Time - ok
    05:23:29.0281 5220 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    05:23:29.0281 5220 Wanarp - ok
    05:23:29.0453 5220 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
    05:23:29.0453 5220 Wdf01000 - ok
    05:23:29.0453 5220 WDICA - ok
    05:23:29.0484 5220 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    05:23:29.0484 5220 wdmaud - ok
    05:23:29.0500 5220 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    05:23:29.0515 5220 WebClient - ok
    05:23:29.0687 5220 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
    05:23:29.0703 5220 winachsf - ok
    05:23:29.0875 5220 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    05:23:29.0890 5220 winmgmt - ok
    05:23:29.0968 5220 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
    05:23:30.0171 5220 WinRM - ok
    05:23:30.0218 5220 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
    05:23:30.0218 5220 WinUSB - ok
    05:23:30.0234 5220 wltrysvc - ok
    05:23:30.0265 5220 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    05:23:30.0265 5220 WmdmPmSN - ok
    05:23:30.0343 5220 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    05:23:30.0343 5220 Wmi - ok
    05:23:30.0359 5220 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    05:23:30.0359 5220 WmiAcpi - ok
    05:23:30.0437 5220 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    05:23:30.0437 5220 WmiApSrv - ok
    05:23:30.0578 5220 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    05:23:30.0578 5220 WMPNetworkSvc - ok
    05:23:30.0734 5220 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    05:23:30.0734 5220 WPFFontCache_v0400 - ok
    05:23:30.0812 5220 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    05:23:30.0828 5220 wscsvc - ok
    05:23:30.0828 5220 WSearch - ok
    05:23:30.0906 5220 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    05:23:30.0921 5220 wuauserv - ok
    05:23:30.0984 5220 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    05:23:31.0000 5220 WudfPf - ok
    05:23:31.0078 5220 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    05:23:31.0078 5220 WudfRd - ok
    05:23:31.0156 5220 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    05:23:31.0171 5220 WudfSvc - ok
    05:23:31.0375 5220 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    05:23:31.0453 5220 WZCSVC - ok
    05:23:31.0500 5220 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    05:23:31.0515 5220 xmlprov - ok
    05:23:31.0515 5220 ================ Scan global ===============================
    05:23:31.0578 5220 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    05:23:31.0671 5220 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    05:23:31.0812 5220 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    05:23:31.0828 5220 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    05:23:31.0828 5220 [Global] - ok
    05:23:31.0828 5220 ================ Scan MBR ==================================
    05:23:31.0890 5220 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    05:23:31.0953 5220 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
    05:23:31.0953 5220 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
    05:23:31.0953 5220 ================ Scan VBR ==================================
    05:23:32.0000 5220 [ 36A30189B366FA8D6D26E106AC8E40FC ] \Device\Harddisk0\DR0\Partition1
    05:23:32.0000 5220 \Device\Harddisk0\DR0\Partition1 - ok
    05:23:32.0000 5220 ============================================================
    05:23:32.0000 5220 Scan finished
    05:23:32.0000 5220 ============================================================
    05:23:32.0015 3572 Detected object count: 1
    05:23:32.0015 3572 Actual detected object count: 1
    05:24:25.0609 3572 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - skipped by user
    05:24:25.0609 3572 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Skip
    05:25:32.0890 5920 ============================================================
    05:25:32.0890 5920 Scan started
    05:25:32.0890 5920 Mode: Manual;
    05:25:32.0890 5920 ============================================================
    05:25:33.0375 5920 ================ Scan system memory ========================
    05:25:33.0375 5920 System memory - ok
    05:25:33.0375 5920 ================ Scan services =============================
    05:25:33.0468 5920 Abiosdsk - ok
    05:25:33.0468 5920 abp480n5 - ok
    05:25:33.0546 5920 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    05:25:33.0546 5920 ACPI - ok
    05:25:33.0609 5920 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    05:25:33.0609 5920 ACPIEC - ok
    05:25:33.0734 5920 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    05:25:33.0734 5920 AdobeFlashPlayerUpdateSvc - ok
    05:25:33.0734 5920 adpu160m - ok
    05:25:33.0765 5920 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    05:25:33.0765 5920 aec - ok
    05:25:33.0828 5920 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    05:25:33.0843 5920 AFD - ok
    05:25:33.0843 5920 Aha154x - ok
    05:25:33.0843 5920 aic78u2 - ok
    05:25:33.0843 5920 aic78xx - ok
    05:25:33.0890 5920 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    05:25:33.0890 5920 Alerter - ok
    05:25:33.0953 5920 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    05:25:33.0953 5920 ALG - ok
    05:25:33.0953 5920 AliIde - ok
    05:25:33.0953 5920 amsint - ok
    05:25:34.0234 5920 [ 05EBF798D6A8AB74B4923E49B5681741 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
    05:25:34.0234 5920 AntiVirMailService - ok
    05:25:34.0328 5920 [ EC974E0B4C5290E695F4D99A3571864B ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
    05:25:34.0328 5920 AntiVirSchedulerService - ok
    05:25:34.0375 5920 [ 0CA64AC331DA61CCE0FD2C8FBA129F30 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    05:25:34.0375 5920 AntiVirService - ok
    05:25:34.0421 5920 [ 18BF884CB5B2F3B36EB82A1A2D00E934 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    05:25:34.0437 5920 AntiVirWebService - ok
    05:25:34.0515 5920 [ 090880E9BF20F928BC341F96D27C019E ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    05:25:34.0515 5920 ApfiltrService - ok
    05:25:34.0578 5920 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    05:25:34.0578 5920 AppMgmt - ok
    05:25:34.0578 5920 asc - ok
    05:25:34.0578 5920 asc3350p - ok
    05:25:34.0578 5920 asc3550 - ok
    05:25:34.0765 5920 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    05:25:34.0765 5920 aspnet_state - ok
    05:25:34.0843 5920 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    05:25:34.0843 5920 AsyncMac - ok
    05:25:34.0859 5920 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    05:25:34.0859 5920 atapi - ok
    05:25:34.0859 5920 Atdisk - ok
    05:25:34.0906 5920 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    05:25:34.0906 5920 Atmarpc - ok
    05:25:34.0953 5920 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    05:25:34.0953 5920 AudioSrv - ok
    05:25:35.0046 5920 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    05:25:35.0046 5920 audstub - ok
    05:25:35.0093 5920 [ D57E60FF40E858B653C404605BBDD6FC ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    05:25:35.0093 5920 avgntflt - ok
    05:25:35.0140 5920 [ 0189056DDBF23C7DEF09D2B5999C5405 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
    05:25:35.0140 5920 avipbb - ok
    05:25:35.0140 5920 [ 5BE9B023D7917E6B51FC402DE06819B4 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
    05:25:35.0140 5920 avkmgr - ok
    05:25:35.0234 5920 [ C0ACD392ECE55784884CC208AAFA06CE ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    05:25:35.0234 5920 b57w2k - ok
    05:25:35.0375 5920 [ 345D38F298368DD6B0DF5C4F37457A22 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    05:25:35.0390 5920 BCM43XX - ok
    05:25:35.0437 5920 [ 40F8C4C10ED67B1DE44ABF82582BAC37 ] BCOREUSB C:\WINDOWS\system32\Drivers\BCOREUSB.sys
    05:25:35.0437 5920 BCOREUSB - ok
    05:25:35.0484 5920 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    05:25:35.0484 5920 Beep - ok
    05:25:35.0578 5920 [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen C:\WINDOWS\system32\bgsvcgen.exe
    05:25:35.0578 5920 bgsvcgen - ok
    05:25:35.0625 5920 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    05:25:35.0640 5920 BITS - ok
    05:25:35.0671 5920 [ B26E18ADAA16E507166E3B61E79A1E25 ] Bluetooth Hid Switch Service C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
    05:25:35.0671 5920 Bluetooth Hid Switch Service - ok
    05:25:35.0750 5920 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    05:25:35.0750 5920 Browser - ok
    05:25:35.0781 5920 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
    05:25:35.0781 5920 BthEnum - ok
    05:25:35.0796 5920 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
    05:25:35.0796 5920 BthPan - ok
    05:25:35.0859 5920 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
    05:25:35.0859 5920 BTHPORT - ok
    05:25:35.0953 5920 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
    05:25:35.0953 5920 BthServ - ok
    05:25:36.0000 5920 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
    05:25:36.0000 5920 BTHUSB - ok
    05:25:36.0031 5920 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    05:25:36.0031 5920 cbidf2k - ok
    05:25:36.0031 5920 cd20xrnt - ok
    05:25:36.0093 5920 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    05:25:36.0093 5920 Cdaudio - ok
    05:25:36.0171 5920 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    05:25:36.0171 5920 Cdfs - ok
    05:25:36.0187 5920 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    05:25:36.0187 5920 Cdrom - ok
    05:25:36.0234 5920 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
    05:25:36.0234 5920 cercsr6 - ok
    05:25:36.0234 5920 Changer - ok
    05:25:36.0281 5920 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    05:25:36.0281 5920 CiSvc - ok
    05:25:36.0312 5920 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    05:25:36.0312 5920 ClipSrv - ok
    05:25:36.0328 5920 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    05:25:36.0328 5920 clr_optimization_v2.0.50727_32 - ok
    05:25:36.0406 5920 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    05:25:36.0406 5920 clr_optimization_v4.0.30319_32 - ok
    05:25:36.0421 5920 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    05:25:36.0421 5920 CmBatt - ok
    05:25:36.0421 5920 CmdIde - ok
    05:25:36.0437 5920 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
    05:25:36.0437 5920 Compbatt - ok
    05:25:36.0453 5920 COMSysApp - ok
    05:25:36.0453 5920 Cpqarray - ok
    05:25:36.0531 5920 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    05:25:36.0531 5920 CryptSvc - ok
    05:25:36.0531 5920 dac2w2k - ok
    05:25:36.0546 5920 dac960nt - ok
    05:25:36.0625 5920 [ 465EBC2179406DE124D9F9B4912ACB14 ] DB2MGMTSVC_DB2COPY1 C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe
    05:25:36.0625 5920 DB2MGMTSVC_DB2COPY1 - ok
    05:25:36.0718 5920 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    05:25:36.0718 5920 DcomLaunch - ok
    05:25:36.0812 5920 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    05:25:36.0812 5920 Dhcp - ok
    05:25:36.0828 5920 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    05:25:36.0828 5920 Disk - ok
    05:25:36.0828 5920 dmadmin - ok
    05:25:36.0890 5920 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    05:25:36.0890 5920 dmboot - ok
    05:25:36.0906 5920 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    05:25:36.0906 5920 dmio - ok
    05:25:36.0921 5920 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    05:25:36.0921 5920 dmload - ok
    05:25:36.0937 5920 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    05:25:36.0953 5920 dmserver - ok
    05:25:37.0000 5920 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    05:25:37.0000 5920 DMusic - ok
    05:25:37.0062 5920 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    05:25:37.0062 5920 Dnscache - ok
    05:25:37.0125 5920 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    05:25:37.0125 5920 Dot3svc - ok
    05:25:37.0125 5920 dpti2o - ok
    05:25:37.0125 5920 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    05:25:37.0125 5920 drmkaud - ok
    05:25:37.0156 5920 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    05:25:37.0156 5920 EapHost - ok
    05:25:37.0203 5920 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    05:25:37.0203 5920 ERSvc - ok
    05:25:37.0281 5920 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    05:25:37.0281 5920 Eventlog - ok
    05:25:37.0375 5920 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    05:25:37.0375 5920 EventSystem - ok
    05:25:37.0453 5920 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    05:25:37.0453 5920 Fastfat - ok
    05:25:37.0546 5920 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    05:25:37.0546 5920 FastUserSwitchingCompatibility - ok
    05:25:37.0546 5920 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    05:25:37.0546 5920 Fdc - ok
    05:25:37.0562 5920 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    05:25:37.0562 5920 Fips - ok
    05:25:37.0578 5920 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    05:25:37.0578 5920 Flpydisk - ok
    05:25:37.0656 5920 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    05:25:37.0656 5920 FltMgr - ok
    05:25:37.0765 5920 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    05:25:37.0765 5920 FontCache3.0.0.0 - ok
    05:25:37.0765 5920 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    05:25:37.0765 5920 Fs_Rec - ok
    05:25:37.0781 5920 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    05:25:37.0781 5920 Ftdisk - ok
    05:25:37.0796 5920 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    05:25:37.0796 5920 Gpc - ok
    05:25:37.0875 5920 [ C0BDAB85F3E8B2138C513255E2BCC4D8 ] guardian2 C:\WINDOWS\system32\Drivers\oz776.sys
    05:25:37.0875 5920 guardian2 - ok
    05:25:38.0046 5920 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    05:25:38.0046 5920 gupdate - ok
    05:25:38.0046 5920 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    05:25:38.0046 5920 gupdatem - ok
    05:25:38.0140 5920 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    05:25:38.0140 5920 gusvc - ok
    05:25:38.0171 5920 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    05:25:38.0171 5920 HDAudBus - ok
    05:25:38.0406 5920 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    05:25:38.0406 5920 helpsvc - ok
    05:25:38.0406 5920 HidServ - ok
    05:25:38.0468 5920 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    05:25:38.0468 5920 hkmsvc - ok
    05:25:38.0468 5920 hpn - ok
    05:25:38.0625 5920 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    05:25:38.0625 5920 hpqcxs08 - ok
    05:25:38.0625 5920 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    05:25:38.0625 5920 hpqddsvc - ok
    05:25:38.0671 5920 [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
    05:25:38.0671 5920 HPSLPSVC - ok
    05:25:38.0796 5920 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
    05:25:38.0796 5920 HSF_DPV - ok
    05:25:38.0812 5920 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
    05:25:38.0812 5920 HSXHWAZL - ok
    05:25:38.0906 5920 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    05:25:38.0906 5920 HTTP - ok
    05:25:38.0968 5920 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    05:25:38.0968 5920 HTTPFilter - ok
    05:25:38.0968 5920 i2omgmt - ok
    05:25:38.0968 5920 i2omp - ok
    05:25:39.0015 5920 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    05:25:39.0015 5920 i8042prt - ok
    05:25:39.0250 5920 [ E8C7CC369C2FB657E0792AF70DF529E6 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    05:25:39.0296 5920 ialm - ok
    05:25:39.0421 5920 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    05:25:39.0421 5920 IDriverT - ok
    05:25:39.0546 5920 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    05:25:39.0562 5920 idsvc - ok
    05:25:39.0609 5920 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    05:25:39.0609 5920 Imapi - ok
    05:25:39.0703 5920 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    05:25:39.0703 5920 ImapiService - ok
    05:25:39.0718 5920 ini910u - ok
    05:25:39.0718 5920 IntelIde - ok
    05:25:39.0750 5920 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    05:25:39.0750 5920 intelppm - ok
    05:25:39.0796 5920 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    05:25:39.0796 5920 Ip6Fw - ok
    05:25:39.0828 5920 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    05:25:39.0828 5920 IpFilterDriver - ok
    05:25:39.0843 5920 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    05:25:39.0843 5920 IpInIp - ok
    05:25:39.0890 5920 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    05:25:39.0890 5920 IpNat - ok
    05:25:39.0906 5920 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    05:25:39.0906 5920 IPSec - ok
    05:25:39.0953 5920 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    05:25:39.0953 5920 IRENUM - ok
    05:25:40.0000 5920 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    05:25:40.0000 5920 isapnp - ok
    05:25:40.0156 5920 [ 7FBFEEE245821925129C9F86470BF33C ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    05:25:40.0156 5920 JavaQuickStarterService - ok
    05:25:40.0171 5920 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    05:25:40.0171 5920 Kbdclass - ok
    05:25:40.0187 5920 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    05:25:40.0187 5920 kmixer - ok
    05:25:40.0234 5920 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    05:25:40.0234 5920 KSecDD - ok
    05:25:40.0296 5920 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    05:25:40.0312 5920 lanmanserver - ok
    05:25:40.0390 5920 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    05:25:40.0390 5920 lanmanworkstation - ok
    05:25:40.0390 5920 lbrtfdc - ok
    05:25:40.0484 5920 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    05:25:40.0484 5920 LmHosts - ok
    05:25:40.0531 5920 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
    05:25:40.0531 5920 MBAMProtector - ok
    05:25:40.0578 5920 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    05:25:40.0578 5920 MBAMScheduler - ok
    05:25:40.0609 5920 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    05:25:40.0609 5920 MBAMService - ok
    05:25:40.0625 5920 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    05:25:40.0625 5920 mdmxsdk - ok
    05:25:40.0671 5920 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    05:25:40.0671 5920 Messenger - ok
    05:25:40.0734 5920 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    05:25:40.0734 5920 mnmdd - ok
    05:25:40.0796 5920 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    05:25:40.0796 5920 mnmsrvc - ok
    05:25:40.0796 5920 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    05:25:40.0796 5920 Modem - ok
    05:25:40.0796 5920 motandroidusb - ok
    05:25:40.0828 5920 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    05:25:40.0828 5920 Mouclass - ok
    05:25:40.0828 5920 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    05:25:40.0828 5920 MountMgr - ok
    05:25:40.0828 5920 mraid35x - ok
    05:25:40.0843 5920 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    05:25:40.0843 5920 MRxDAV - ok
    05:25:41.0000 5920 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    05:25:41.0000 5920 MRxSmb - ok
    05:25:41.0000 5920 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    05:25:41.0000 5920 MSDTC - ok
    05:25:41.0015 5920 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    05:25:41.0015 5920 Msfs - ok
    05:25:41.0015 5920 MSIServer - ok
    05:25:41.0062 5920 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    05:25:41.0062 5920 MSKSSRV - ok
    05:25:41.0062 5920 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    05:25:41.0062 5920 MSPCLOCK - ok
    05:25:41.0078 5920 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    05:25:41.0078 5920 MSPQM - ok
    05:25:41.0125 5920 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    05:25:41.0125 5920 mssmbios - ok
    05:25:41.0218 5920 [ 7FF9BA6D0BFBCD31DDF23EAF982D7069 ] Multi-user Cleanup Service C:\Program Files\lotus\notes\ntmulti.exe
    05:25:41.0218 5920 Multi-user Cleanup Service - ok
    05:25:41.0296 5920 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    05:25:41.0296 5920 Mup - ok
    05:25:41.0359 5920 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    05:25:41.0359 5920 napagent - ok
    05:25:41.0406 5920 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    05:25:41.0406 5920 NDIS - ok
    05:25:41.0500 5920 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    05:25:41.0500 5920 NdisTapi - ok
    05:25:41.0578 5920 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    05:25:41.0578 5920 Ndisuio - ok
    05:25:41.0578 5920 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    05:25:41.0593 5920 NdisWan - ok
    05:25:41.0671 5920 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    05:25:41.0671 5920 NDProxy - ok
    05:25:41.0765 5920 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
    05:25:41.0765 5920 Net Driver HPZ12 - ok
    05:25:41.0781 5920 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    05:25:41.0781 5920 NetBIOS - ok
    05:25:41.0875 5920 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    05:25:41.0875 5920 NetBT - ok
    05:25:41.0906 5920 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    05:25:41.0906 5920 NetDDE - ok
    05:25:41.0906 5920 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    05:25:41.0921 5920 NetDDEdsdm - ok
    05:25:41.0968 5920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    05:25:41.0968 5920 Netlogon - ok
    05:25:42.0062 5920 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    05:25:42.0062 5920 Netman - ok
    05:25:42.0125 5920 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    05:25:42.0125 5920 NetTcpPortSharing - ok
    05:25:42.0171 5920 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    05:25:42.0171 5920 Nla - ok
    05:25:42.0187 5920 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    05:25:42.0187 5920 Npfs - ok
    05:25:42.0234 5920 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    05:25:42.0250 5920 Ntfs - ok
    05:25:42.0296 5920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    05:25:42.0296 5920 NtLmSsp - ok
    05:25:42.0343 5920 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    05:25:42.0343 5920 NtmsSvc - ok
    05:25:42.0390 5920 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    05:25:42.0390 5920 Null - ok
    05:25:42.0437 5920 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    05:25:42.0437 5920 NwlnkFlt - ok
    05:25:42.0437 5920 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    05:25:42.0437 5920 NwlnkFwd - ok
    05:25:42.0546 5920 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    05:25:42.0546 5920 ose - ok
    05:25:42.0859 5920 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    05:25:42.0890 5920 osppsvc - ok
    05:25:42.0921 5920 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    05:25:42.0921 5920 Parport - ok
    05:25:43.0000 5920 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    05:25:43.0000 5920 PartMgr - ok
    05:25:43.0062 5920 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    05:25:43.0062 5920 ParVdm - ok
    05:25:43.0062 5920 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    05:25:43.0062 5920 PCI - ok
    05:25:43.0078 5920 PCIDump - ok
    05:25:43.0078 5920 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    05:25:43.0093 5920 PCIIde - ok
    05:25:43.0125 5920 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    05:25:43.0140 5920 Pcmcia - ok
    05:25:43.0140 5920 PDCOMP - ok
    05:25:43.0140 5920 PDFRAME - ok
    05:25:43.0140 5920 PDRELI - ok
    05:25:43.0140 5920 PDRFRAME - ok
    05:25:43.0140 5920 perc2 - ok
    05:25:43.0156 5920 perc2hib - ok
    05:25:43.0171 5920 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    05:25:43.0171 5920 PlugPlay - ok
    05:25:43.0187 5920 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
    05:25:43.0187 5920 Pml Driver HPZ12 - ok
    05:25:43.0265 5920 [ 713E294439D982BB161317DE0136FAA0 ] pneteth C:\WINDOWS\system32\DRIVERS\pneteth.sys
    05:25:43.0265 5920 pneteth - ok
    05:25:43.0265 5920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    05:25:43.0265 5920 PolicyAgent - ok
    05:25:43.0343 5920 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    05:25:43.0343 5920 PptpMiniport - ok
    05:25:43.0359 5920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    05:25:43.0359 5920 ProtectedStorage - ok
    05:25:43.0359 5920 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    05:25:43.0359 5920 PSched - ok
    05:25:43.0406 5920 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    05:25:43.0406 5920 Ptilink - ok
    05:25:43.0406 5920 ql1080 - ok
    05:25:43.0406 5920 Ql10wnt - ok
    05:25:43.0406 5920 ql12160 - ok
    05:25:43.0406 5920 ql1240 - ok
    05:25:43.0406 5920 ql1280 - ok
    05:25:43.0453 5920 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    05:25:43.0453 5920 RasAcd - ok
    05:25:43.0500 5920 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    05:25:43.0500 5920 RasAuto - ok
    05:25:43.0546 5920 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    05:25:43.0546 5920 Rasl2tp - ok
    05:25:43.0625 5920 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    05:25:43.0625 5920 RasMan - ok
    05:25:43.0625 5920 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    05:25:43.0625 5920 RasPppoe - ok
    05:25:43.0625 5920 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    05:25:43.0625 5920 Raspti - ok
    05:25:43.0656 5920 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    05:25:43.0656 5920 Rdbss - ok
    05:25:43.0656 5920 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    05:25:43.0656 5920 RDPCDD - ok
    05:25:43.0671 5920 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    05:25:43.0671 5920 rdpdr - ok
    05:25:43.0750 5920 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    05:25:43.0750 5920 RDPWD - ok
    05:25:43.0812 5920 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    05:25:43.0812 5920 RDSessMgr - ok
    05:25:43.0843 5920 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    05:25:43.0843 5920 redbook - ok
    05:25:43.0890 5920 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    05:25:43.0890 5920 RemoteAccess - ok
    05:25:43.0937 5920 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    05:25:43.0937 5920 RemoteRegistry - ok
    05:25:43.0984 5920 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
    05:25:43.0984 5920 RFCOMM - ok
    05:25:43.0984 5920 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    05:25:43.0984 5920 RpcLocator - ok
    05:25:44.0031 5920 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
    05:25:44.0046 5920 RpcSs - ok
    05:25:44.0078 5920 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    05:25:44.0093 5920 RSVP - ok
    05:25:44.0140 5920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    05:25:44.0140 5920 SamSs - ok
    05:25:44.0156 5920 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    05:25:44.0156 5920 SCardSvr - ok
    05:25:44.0328 5920 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    05:25:44.0328 5920 Schedule - ok
    05:25:44.0375 5920 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    05:25:44.0375 5920 Secdrv - ok
    05:25:44.0421 5920 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    05:25:44.0421 5920 seclogon - ok
    05:25:44.0421 5920 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    05:25:44.0421 5920 SENS - ok
    05:25:44.0437 5920 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    05:25:44.0437 5920 serenum - ok
    05:25:44.0453 5920 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    05:25:44.0453 5920 Serial - ok
    05:25:44.0468 5920 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    05:25:44.0468 5920 Sfloppy - ok
    05:25:44.0562 5920 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    05:25:44.0562 5920 SharedAccess - ok
    05:25:44.0578 5920 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    05:25:44.0578 5920 ShellHWDetection - ok
    05:25:44.0578 5920 Simbad - ok
    05:25:44.0578 5920 Sparrow - ok
    05:25:44.0593 5920 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    05:25:44.0593 5920 splitter - ok
    05:25:44.0687 5920 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    05:25:44.0687 5920 Spooler - ok
    05:25:44.0703 5920 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    05:25:44.0703 5920 sr - ok
    05:25:44.0781 5920 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    05:25:44.0781 5920 srservice - ok
    05:25:44.0828 5920 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    05:25:44.0828 5920 Srv - ok
    05:25:44.0859 5920 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    05:25:44.0859 5920 SSDPSRV - ok
    05:25:44.0890 5920 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    05:25:44.0890 5920 ssmdrv - ok
    05:25:45.0000 5920 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
    05:25:45.0000 5920 STHDA - ok
    05:25:45.0078 5920 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
    05:25:45.0078 5920 StillCam - ok
    05:25:45.0109 5920 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    05:25:45.0109 5920 stisvc - ok
    05:25:45.0218 5920 [ 78B58486A5CB4F418D06EA2D6E961DB0 ] SupportSoft RemoteAssist C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
    05:25:45.0218 5920 SupportSoft RemoteAssist - ok
    05:25:45.0296 5920 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    05:25:45.0296 5920 swenum - ok
    05:25:45.0375 5920 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    05:25:45.0375 5920 swmidi - ok
    05:25:45.0375 5920 SwPrv - ok
    05:25:45.0390 5920 symc810 - ok
    05:25:45.0390 5920 symc8xx - ok
    05:25:45.0390 5920 sym_hi - ok
    05:25:45.0390 5920 sym_u3 - ok
    05:25:45.0406 5920 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    05:25:45.0406 5920 sysaudio - ok
    05:25:45.0421 5920 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    05:25:45.0421 5920 SysmonLog - ok
    05:25:45.0437 5920 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    05:25:45.0437 5920 TapiSrv - ok
    05:25:45.0500 5920 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    05:25:45.0515 5920 Tcpip - ok
    05:25:45.0546 5920 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    05:25:45.0546 5920 TDPIPE - ok
    05:25:45.0562 5920 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    05:25:45.0562 5920 TDTCP - ok
    05:25:45.0609 5920 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    05:25:45.0609 5920 TermDD - ok
    05:25:45.0703 5920 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    05:25:45.0703 5920 TermService - ok
    05:25:45.0718 5920 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    05:25:45.0718 5920 Themes - ok
    05:25:45.0765 5920 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    05:25:45.0765 5920 TlntSvr - ok
    05:25:45.0765 5920 TosIde - ok
    05:25:45.0781 5920 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    05:25:45.0781 5920 TrkWks - ok
    05:25:45.0828 5920 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    05:25:45.0828 5920 Udfs - ok
    05:25:45.0828 5920 UIUSys - ok
    05:25:45.0828 5920 ultra - ok
    05:25:45.0843 5920 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    05:25:45.0843 5920 Update - ok
    05:25:45.0859 5920 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    05:25:45.0875 5920 upnphost - ok
    05:25:45.0906 5920 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    05:25:45.0906 5920 UPS - ok
    05:25:45.0953 5920 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    05:25:45.0953 5920 usbccgp - ok
    05:25:46.0000 5920 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    05:25:46.0000 5920 usbehci - ok
    05:25:46.0015 5920 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    05:25:46.0015 5920 usbhub - ok
    05:25:46.0062 5920 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    05:25:46.0062 5920 usbprint - ok
    05:25:46.0062 5920 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    05:25:46.0062 5920 usbscan - ok
    05:25:46.0109 5920 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    05:25:46.0109 5920 USBSTOR - ok
    05:25:46.0109 5920 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    05:25:46.0109 5920 usbuhci - ok
    05:25:46.0109 5920 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    05:25:46.0125 5920 VgaSave - ok
    05:25:46.0125 5920 ViaIde - ok
    05:25:46.0125 5920 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    05:25:46.0125 5920 VolSnap - ok
    05:25:46.0156 5920 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    05:25:46.0156 5920 VSS - ok
    05:25:46.0187 5920 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    05:25:46.0187 5920 W32Time - ok
    05:25:46.0203 5920 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    05:25:46.0203 5920 Wanarp - ok
    05:25:46.0281 5920 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
    05:25:46.0281 5920 Wdf01000 - ok
    05:25:46.0296 5920 WDICA - ok
    05:25:46.0328 5920 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    05:25:46.0328 5920 wdmaud - ok
    05:25:46.0343 5920 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    05:25:46.0343 5920 WebClient - ok
    05:25:46.0437 5920 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
    05:25:46.0437 5920 winachsf - ok
    05:25:46.0593 5920 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    05:25:46.0593 5920 winmgmt - ok
    05:25:46.0687 5920 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
    05:25:46.0687 5920 WinRM - ok
    05:25:46.0718 5920 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
    05:25:46.0718 5920 WinUSB - ok
    05:25:46.0734 5920 wltrysvc - ok
    05:25:46.0765 5920 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    05:25:46.0765 5920 WmdmPmSN - ok
    05:25:46.0828 5920 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    05:25:46.0828 5920 Wmi - ok
    05:25:46.0843 5920 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    05:25:46.0843 5920 WmiAcpi - ok
    05:25:46.0921 5920 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    05:25:46.0921 5920 WmiApSrv - ok
    05:25:47.0062 5920 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    05:25:47.0062 5920 WMPNetworkSvc - ok
    05:25:47.0156 5920 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    05:25:47.0171 5920 WPFFontCache_v0400 - ok
    05:25:47.0234 5920 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    05:25:47.0234 5920 wscsvc - ok
    05:25:47.0234 5920 WSearch - ok
    05:25:47.0250 5920 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    05:25:47.0250 5920 wuauserv - ok
    05:25:47.0296 5920 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    05:25:47.0312 5920 WudfPf - ok
    05:25:47.0312 5920 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    05:25:47.0312 5920 WudfRd - ok
    05:25:47.0328 5920 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    05:25:47.0328 5920 WudfSvc - ok
    05:25:47.0406 5920 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    05:25:47.0406 5920 WZCSVC - ok
    05:25:47.0437 5920 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    05:25:47.0437 5920 xmlprov - ok
    05:25:47.0453 5920 ================ Scan global ===============================
    05:25:47.0500 5920 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    05:25:47.0562 5920 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    05:25:47.0562 5920 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    05:25:47.0609 5920 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    05:25:47.0609 5920 [Global] - ok
    05:25:47.0609 5920 ================ Scan MBR ==================================
    05:25:47.0656 5920 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    05:25:47.0718 5920 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
    05:25:47.0718 5920 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
    05:25:47.0718 5920 ================ Scan VBR ==================================
    05:25:47.0718 5920 [ 36A30189B366FA8D6D26E106AC8E40FC ] \Device\Harddisk0\DR0\Partition1
    05:25:47.0718 5920 \Device\Harddisk0\DR0\Partition1 - ok
    05:25:47.0718 5920 ============================================================
    05:25:47.0718 5920 Scan finished
    05:25:47.0718 5920 ============================================================
    05:25:47.0734 4232 Detected object count: 1
    05:25:47.0734 4232 Actual detected object count: 1
    05:26:08.0781 4232 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - skipped by user
    05:26:08.0781 4232 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Skip
     
  6. genubi

    genubi Thread Starter

    Joined:
    Oct 12, 2000
    Messages:
    81
    05:23:02.0109 2532 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    05:23:02.0968 2532 ============================================================
    05:23:02.0968 2532 Current date / time: 2013/01/29 05:23:02.0968
    05:23:02.0968 2532 SystemInfo:
    05:23:02.0968 2532
    05:23:02.0968 2532 OS Version: 5.1.2600 ServicePack: 3.0
    05:23:02.0968 2532 Product type: Workstation
    05:23:02.0968 2532 ComputerName: ZUBENAL
    05:23:02.0968 2532 UserName: Michael
    05:23:02.0968 2532 Windows directory: C:\WINDOWS
    05:23:02.0968 2532 System windows directory: C:\WINDOWS
    05:23:02.0968 2532 Processor architecture: Intel x86
    05:23:02.0968 2532 Number of processors: 2
    05:23:02.0968 2532 Page size: 0x1000
    05:23:02.0968 2532 Boot type: Normal boot
    05:23:02.0968 2532 ============================================================
    05:23:05.0875 2532 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    05:23:05.0890 2532 ============================================================
    05:23:05.0890 2532 \Device\Harddisk0\DR0:
    05:23:05.0890 2532 MBR partitions:
    05:23:05.0890 2532 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
    05:23:05.0890 2532 ============================================================
    05:23:05.0937 2532 C: <-> \Device\Harddisk0\DR0\Partition1
    05:23:05.0937 2532 ============================================================
    05:23:05.0937 2532 Initialize success
    05:23:05.0937 2532 ============================================================
    05:23:11.0312 5220 ============================================================
    05:23:11.0312 5220 Scan started
    05:23:11.0312 5220 Mode: Manual;
    05:23:11.0312 5220 ============================================================
    05:23:13.0906 5220 ================ Scan system memory ========================
    05:23:13.0906 5220 System memory - ok
    05:23:13.0906 5220 ================ Scan services =============================
    05:23:14.0015 5220 Abiosdsk - ok
    05:23:14.0015 5220 abp480n5 - ok
    05:23:14.0093 5220 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    05:23:14.0093 5220 ACPI - ok
    05:23:14.0156 5220 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    05:23:14.0156 5220 ACPIEC - ok
    05:23:14.0250 5220 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    05:23:14.0250 5220 AdobeFlashPlayerUpdateSvc - ok
    05:23:14.0265 5220 adpu160m - ok
    05:23:14.0296 5220 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    05:23:14.0312 5220 aec - ok
    05:23:14.0375 5220 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    05:23:14.0390 5220 AFD - ok
    05:23:14.0390 5220 Aha154x - ok
    05:23:14.0390 5220 aic78u2 - ok
    05:23:14.0390 5220 aic78xx - ok
    05:23:14.0453 5220 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    05:23:14.0468 5220 Alerter - ok
    05:23:14.0515 5220 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    05:23:14.0515 5220 ALG - ok
    05:23:14.0515 5220 AliIde - ok
    05:23:14.0515 5220 amsint - ok
    05:23:14.0796 5220 [ 05EBF798D6A8AB74B4923E49B5681741 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
    05:23:14.0812 5220 AntiVirMailService - ok
    05:23:14.0890 5220 [ EC974E0B4C5290E695F4D99A3571864B ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
    05:23:14.0890 5220 AntiVirSchedulerService - ok
    05:23:14.0906 5220 [ 0CA64AC331DA61CCE0FD2C8FBA129F30 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    05:23:14.0906 5220 AntiVirService - ok
    05:23:14.0953 5220 [ 18BF884CB5B2F3B36EB82A1A2D00E934 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    05:23:14.0953 5220 AntiVirWebService - ok
    05:23:15.0031 5220 [ 090880E9BF20F928BC341F96D27C019E ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    05:23:15.0031 5220 ApfiltrService - ok
    05:23:15.0093 5220 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    05:23:15.0109 5220 AppMgmt - ok
    05:23:15.0109 5220 asc - ok
    05:23:15.0109 5220 asc3350p - ok
    05:23:15.0125 5220 asc3550 - ok
    05:23:15.0328 5220 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    05:23:15.0328 5220 aspnet_state - ok
    05:23:15.0453 5220 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    05:23:15.0453 5220 AsyncMac - ok
    05:23:15.0531 5220 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    05:23:15.0546 5220 atapi - ok
    05:23:15.0546 5220 Atdisk - ok
    05:23:15.0578 5220 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    05:23:15.0578 5220 Atmarpc - ok
    05:23:15.0640 5220 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    05:23:15.0640 5220 AudioSrv - ok
    05:23:15.0718 5220 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    05:23:15.0718 5220 audstub - ok
    05:23:15.0781 5220 [ D57E60FF40E858B653C404605BBDD6FC ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    05:23:15.0781 5220 avgntflt - ok
    05:23:15.0828 5220 [ 0189056DDBF23C7DEF09D2B5999C5405 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
    05:23:15.0828 5220 avipbb - ok
    05:23:15.0843 5220 [ 5BE9B023D7917E6B51FC402DE06819B4 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
    05:23:15.0843 5220 avkmgr - ok
    05:23:15.0921 5220 [ C0ACD392ECE55784884CC208AAFA06CE ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    05:23:15.0921 5220 b57w2k - ok
    05:23:16.0078 5220 [ 345D38F298368DD6B0DF5C4F37457A22 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    05:23:16.0093 5220 BCM43XX - ok
    05:23:16.0125 5220 [ 40F8C4C10ED67B1DE44ABF82582BAC37 ] BCOREUSB C:\WINDOWS\system32\Drivers\BCOREUSB.sys
    05:23:16.0140 5220 BCOREUSB - ok
    05:23:16.0171 5220 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    05:23:16.0171 5220 Beep - ok
    05:23:16.0281 5220 [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen C:\WINDOWS\system32\bgsvcgen.exe
    05:23:16.0281 5220 bgsvcgen - ok
    05:23:16.0328 5220 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    05:23:16.0359 5220 BITS - ok
    05:23:16.0453 5220 [ B26E18ADAA16E507166E3B61E79A1E25 ] Bluetooth Hid Switch Service C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
    05:23:16.0453 5220 Bluetooth Hid Switch Service - ok
    05:23:16.0515 5220 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    05:23:16.0515 5220 Browser - ok
    05:23:16.0593 5220 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
    05:23:16.0593 5220 BthEnum - ok
    05:23:16.0671 5220 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
    05:23:16.0671 5220 BthPan - ok
    05:23:16.0718 5220 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
    05:23:16.0718 5220 BTHPORT - ok
    05:23:16.0812 5220 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
    05:23:16.0828 5220 BthServ - ok
    05:23:16.0859 5220 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
    05:23:16.0859 5220 BTHUSB - ok
    05:23:16.0906 5220 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    05:23:16.0906 5220 cbidf2k - ok
    05:23:16.0906 5220 cd20xrnt - ok
    05:23:16.0968 5220 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    05:23:16.0968 5220 Cdaudio - ok
    05:23:16.0984 5220 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    05:23:16.0984 5220 Cdfs - ok
    05:23:17.0000 5220 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    05:23:17.0000 5220 Cdrom - ok
    05:23:17.0125 5220 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
    05:23:17.0125 5220 cercsr6 - ok
    05:23:17.0125 5220 Changer - ok
    05:23:17.0171 5220 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    05:23:17.0171 5220 CiSvc - ok
    05:23:17.0203 5220 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    05:23:17.0203 5220 ClipSrv - ok
    05:23:17.0218 5220 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    05:23:17.0234 5220 clr_optimization_v2.0.50727_32 - ok
    05:23:17.0406 5220 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    05:23:17.0406 5220 clr_optimization_v4.0.30319_32 - ok
    05:23:17.0453 5220 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    05:23:17.0453 5220 CmBatt - ok
    05:23:17.0468 5220 CmdIde - ok
    05:23:17.0484 5220 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
    05:23:17.0484 5220 Compbatt - ok
    05:23:17.0484 5220 COMSysApp - ok
    05:23:17.0484 5220 Cpqarray - ok
    05:23:17.0593 5220 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    05:23:17.0593 5220 CryptSvc - ok
    05:23:17.0609 5220 dac2w2k - ok
    05:23:17.0609 5220 dac960nt - ok
    05:23:17.0750 5220 [ 465EBC2179406DE124D9F9B4912ACB14 ] DB2MGMTSVC_DB2COPY1 C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe
    05:23:17.0750 5220 DB2MGMTSVC_DB2COPY1 - ok
    05:23:17.0843 5220 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    05:23:17.0859 5220 DcomLaunch - ok
    05:23:17.0937 5220 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    05:23:17.0937 5220 Dhcp - ok
    05:23:17.0953 5220 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    05:23:17.0953 5220 Disk - ok
    05:23:17.0953 5220 dmadmin - ok
    05:23:18.0000 5220 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    05:23:18.0015 5220 dmboot - ok
    05:23:18.0031 5220 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    05:23:18.0031 5220 dmio - ok
    05:23:18.0046 5220 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    05:23:18.0046 5220 dmload - ok
    05:23:18.0062 5220 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    05:23:18.0078 5220 dmserver - ok
    05:23:18.0109 5220 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    05:23:18.0109 5220 DMusic - ok
    05:23:18.0156 5220 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    05:23:18.0156 5220 Dnscache - ok
    05:23:18.0187 5220 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    05:23:18.0203 5220 Dot3svc - ok
    05:23:18.0203 5220 dpti2o - ok
    05:23:18.0218 5220 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    05:23:18.0218 5220 drmkaud - ok
    05:23:18.0296 5220 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    05:23:18.0312 5220 EapHost - ok
    05:23:18.0375 5220 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    05:23:18.0375 5220 ERSvc - ok
    05:23:18.0453 5220 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    05:23:18.0468 5220 Eventlog - ok
    05:23:18.0484 5220 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    05:23:18.0500 5220 EventSystem - ok
    05:23:18.0578 5220 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    05:23:18.0578 5220 Fastfat - ok
    05:23:18.0671 5220 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    05:23:18.0671 5220 FastUserSwitchingCompatibility - ok
    05:23:18.0687 5220 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    05:23:18.0687 5220 Fdc - ok
    05:23:18.0703 5220 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    05:23:18.0703 5220 Fips - ok
    05:23:18.0703 5220 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    05:23:18.0703 5220 Flpydisk - ok
    05:23:18.0796 5220 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    05:23:18.0796 5220 FltMgr - ok
    05:23:18.0906 5220 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    05:23:18.0906 5220 FontCache3.0.0.0 - ok
    05:23:18.0921 5220 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    05:23:18.0921 5220 Fs_Rec - ok
    05:23:18.0937 5220 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    05:23:18.0937 5220 Ftdisk - ok
    05:23:18.0953 5220 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    05:23:18.0953 5220 Gpc - ok
    05:23:19.0031 5220 [ C0BDAB85F3E8B2138C513255E2BCC4D8 ] guardian2 C:\WINDOWS\system32\Drivers\oz776.sys
    05:23:19.0031 5220 guardian2 - ok
    05:23:19.0203 5220 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    05:23:19.0203 5220 gupdate - ok
    05:23:19.0296 5220 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    05:23:19.0296 5220 gupdatem - ok
    05:23:19.0437 5220 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    05:23:19.0437 5220 gusvc - ok
    05:23:19.0484 5220 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    05:23:19.0484 5220 HDAudBus - ok
    05:23:19.0671 5220 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    05:23:19.0671 5220 helpsvc - ok
    05:23:19.0687 5220 HidServ - ok
    05:23:19.0734 5220 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    05:23:19.0734 5220 hkmsvc - ok
    05:23:19.0750 5220 hpn - ok
    05:23:19.0968 5220 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    05:23:19.0968 5220 hpqcxs08 - ok
    05:23:20.0000 5220 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    05:23:20.0000 5220 hpqddsvc - ok
    05:23:20.0031 5220 [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
    05:23:20.0031 5220 HPSLPSVC - ok
    05:23:20.0140 5220 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
    05:23:20.0140 5220 HSF_DPV - ok
    05:23:20.0156 5220 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
    05:23:20.0156 5220 HSXHWAZL - ok
    05:23:20.0281 5220 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    05:23:20.0281 5220 HTTP - ok
    05:23:20.0343 5220 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    05:23:20.0359 5220 HTTPFilter - ok
    05:23:20.0359 5220 i2omgmt - ok
    05:23:20.0359 5220 i2omp - ok
    05:23:20.0406 5220 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    05:23:20.0406 5220 i8042prt - ok
    05:23:20.0656 5220 [ E8C7CC369C2FB657E0792AF70DF529E6 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    05:23:20.0687 5220 ialm - ok
    05:23:20.0843 5220 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    05:23:20.0843 5220 IDriverT - ok
    05:23:21.0046 5220 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    05:23:21.0062 5220 idsvc - ok
    05:23:21.0140 5220 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    05:23:21.0140 5220 Imapi - ok
    05:23:21.0265 5220 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    05:23:21.0265 5220 ImapiService - ok
    05:23:21.0265 5220 ini910u - ok
    05:23:21.0281 5220 IntelIde - ok
    05:23:21.0359 5220 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    05:23:21.0359 5220 intelppm - ok
    05:23:21.0406 5220 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    05:23:21.0406 5220 Ip6Fw - ok
    05:23:21.0437 5220 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    05:23:21.0437 5220 IpFilterDriver - ok
    05:23:21.0453 5220 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    05:23:21.0453 5220 IpInIp - ok
    05:23:21.0500 5220 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    05:23:21.0500 5220 IpNat - ok
    05:23:21.0515 5220 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    05:23:21.0515 5220 IPSec - ok
    05:23:21.0562 5220 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    05:23:21.0562 5220 IRENUM - ok
    05:23:21.0609 5220 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    05:23:21.0609 5220 isapnp - ok
    05:23:21.0812 5220 [ 7FBFEEE245821925129C9F86470BF33C ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    05:23:21.0812 5220 JavaQuickStarterService - ok
    05:23:21.0828 5220 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    05:23:21.0828 5220 Kbdclass - ok
    05:23:21.0843 5220 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    05:23:21.0843 5220 kmixer - ok
    05:23:21.0937 5220 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    05:23:21.0937 5220 KSecDD - ok
    05:23:22.0031 5220 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    05:23:22.0031 5220 lanmanserver - ok
    05:23:22.0109 5220 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    05:23:22.0109 5220 lanmanworkstation - ok
    05:23:22.0125 5220 lbrtfdc - ok
    05:23:22.0218 5220 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    05:23:22.0265 5220 LmHosts - ok
    05:23:22.0359 5220 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
    05:23:22.0359 5220 MBAMProtector - ok
    05:23:22.0484 5220 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    05:23:22.0484 5220 MBAMScheduler - ok
    05:23:22.0593 5220 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    05:23:22.0593 5220 MBAMService - ok
    05:23:22.0609 5220 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    05:23:22.0609 5220 mdmxsdk - ok
    05:23:22.0656 5220 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    05:23:22.0671 5220 Messenger - ok
    05:23:22.0718 5220 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    05:23:22.0718 5220 mnmdd - ok
    05:23:22.0796 5220 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    05:23:22.0796 5220 mnmsrvc - ok
    05:23:22.0937 5220 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    05:23:22.0937 5220 Modem - ok
    05:23:22.0937 5220 motandroidusb - ok
    05:23:22.0953 5220 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    05:23:22.0953 5220 Mouclass - ok
    05:23:22.0968 5220 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    05:23:22.0968 5220 MountMgr - ok
    05:23:22.0968 5220 mraid35x - ok
    05:23:22.0968 5220 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    05:23:22.0968 5220 MRxDAV - ok
    05:23:23.0062 5220 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    05:23:23.0062 5220 MRxSmb - ok
    05:23:23.0062 5220 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    05:23:23.0078 5220 MSDTC - ok
    05:23:23.0078 5220 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    05:23:23.0078 5220 Msfs - ok
    05:23:23.0078 5220 MSIServer - ok
    05:23:23.0125 5220 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    05:23:23.0125 5220 MSKSSRV - ok
    05:23:23.0140 5220 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    05:23:23.0140 5220 MSPCLOCK - ok
    05:23:23.0140 5220 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    05:23:23.0140 5220 MSPQM - ok
    05:23:23.0203 5220 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    05:23:23.0203 5220 mssmbios - ok
    05:23:23.0375 5220 [ 7FF9BA6D0BFBCD31DDF23EAF982D7069 ] Multi-user Cleanup Service C:\Program Files\lotus\notes\ntmulti.exe
    05:23:23.0375 5220 Multi-user Cleanup Service - ok
    05:23:23.0468 5220 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    05:23:23.0468 5220 Mup - ok
    05:23:23.0531 5220 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    05:23:23.0562 5220 napagent - ok
    05:23:23.0640 5220 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    05:23:23.0640 5220 NDIS - ok
    05:23:23.0734 5220 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    05:23:23.0734 5220 NdisTapi - ok
    05:23:23.0828 5220 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    05:23:23.0828 5220 Ndisuio - ok
    05:23:23.0828 5220 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    05:23:23.0828 5220 NdisWan - ok
    05:23:23.0890 5220 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    05:23:23.0890 5220 NDProxy - ok
    05:23:23.0968 5220 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
    05:23:23.0984 5220 Net Driver HPZ12 - ok
    05:23:23.0984 5220 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    05:23:23.0984 5220 NetBIOS - ok
    05:23:24.0031 5220 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    05:23:24.0031 5220 NetBT - ok
    05:23:24.0078 5220 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    05:23:24.0093 5220 NetDDE - ok
    05:23:24.0093 5220 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    05:23:24.0093 5220 NetDDEdsdm - ok
    05:23:24.0140 5220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    05:23:24.0140 5220 Netlogon - ok
    05:23:24.0156 5220 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    05:23:24.0156 5220 Netman - ok
    05:23:24.0218 5220 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    05:23:24.0218 5220 NetTcpPortSharing - ok
    05:23:24.0281 5220 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    05:23:24.0296 5220 Nla - ok
    05:23:24.0375 5220 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    05:23:24.0375 5220 Npfs - ok
    05:23:24.0484 5220 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    05:23:24.0484 5220 Ntfs - ok
    05:23:24.0500 5220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    05:23:24.0500 5220 NtLmSsp - ok
    05:23:24.0578 5220 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    05:23:24.0625 5220 NtmsSvc - ok
    05:23:24.0671 5220 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    05:23:24.0671 5220 Null - ok
    05:23:24.0750 5220 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    05:23:24.0750 5220 NwlnkFlt - ok
    05:23:24.0750 5220 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    05:23:24.0750 5220 NwlnkFwd - ok
    05:23:24.0859 5220 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    05:23:24.0859 5220 ose - ok
    05:23:25.0171 5220 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    05:23:25.0203 5220 osppsvc - ok
    05:23:25.0234 5220 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    05:23:25.0234 5220 Parport - ok
    05:23:25.0312 5220 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    05:23:25.0312 5220 PartMgr - ok
    05:23:25.0375 5220 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    05:23:25.0375 5220 ParVdm - ok
    05:23:25.0421 5220 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    05:23:25.0421 5220 PCI - ok
    05:23:25.0437 5220 PCIDump - ok
    05:23:25.0468 5220 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    05:23:25.0468 5220 PCIIde - ok
    05:23:25.0531 5220 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    05:23:25.0531 5220 Pcmcia - ok
    05:23:25.0531 5220 PDCOMP - ok
    05:23:25.0531 5220 PDFRAME - ok
    05:23:25.0546 5220 PDRELI - ok
    05:23:25.0546 5220 PDRFRAME - ok
    05:23:25.0546 5220 perc2 - ok
    05:23:25.0546 5220 perc2hib - ok
    05:23:25.0578 5220 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    05:23:25.0578 5220 PlugPlay - ok
    05:23:25.0640 5220 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
    05:23:25.0640 5220 Pml Driver HPZ12 - ok
    05:23:25.0718 5220 [ 713E294439D982BB161317DE0136FAA0 ] pneteth C:\WINDOWS\system32\DRIVERS\pneteth.sys
    05:23:25.0718 5220 pneteth - ok
    05:23:25.0718 5220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    05:23:25.0718 5220 PolicyAgent - ok
    05:23:25.0734 5220 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    05:23:25.0734 5220 PptpMiniport - ok
    05:23:25.0734 5220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    05:23:25.0734 5220 ProtectedStorage - ok
    05:23:25.0750 5220 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    05:23:25.0750 5220 PSched - ok
    05:23:25.0781 5220 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    05:23:25.0781 5220 Ptilink - ok
    05:23:25.0796 5220 ql1080 - ok
    05:23:25.0796 5220 Ql10wnt - ok
    05:23:25.0796 5220 ql12160 - ok
    05:23:25.0796 5220 ql1240 - ok
    05:23:25.0812 5220 ql1280 - ok
    05:23:25.0859 5220 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    05:23:25.0859 5220 RasAcd - ok
    05:23:25.0906 5220 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    05:23:25.0921 5220 RasAuto - ok
    05:23:25.0968 5220 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    05:23:25.0968 5220 Rasl2tp - ok
    05:23:26.0046 5220 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    05:23:26.0046 5220 RasMan - ok
    05:23:26.0046 5220 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    05:23:26.0046 5220 RasPppoe - ok
    05:23:26.0046 5220 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    05:23:26.0062 5220 Raspti - ok
    05:23:26.0078 5220 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    05:23:26.0078 5220 Rdbss - ok
    05:23:26.0078 5220 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    05:23:26.0078 5220 RDPCDD - ok
    05:23:26.0093 5220 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    05:23:26.0093 5220 rdpdr - ok
    05:23:26.0171 5220 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    05:23:26.0171 5220 RDPWD - ok
    05:23:26.0234 5220 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    05:23:26.0250 5220 RDSessMgr - ok
    05:23:26.0250 5220 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    05:23:26.0250 5220 redbook - ok
    05:23:26.0281 5220 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    05:23:26.0296 5220 RemoteAccess - ok
    05:23:26.0328 5220 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    05:23:26.0343 5220 RemoteRegistry - ok
    05:23:26.0406 5220 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
    05:23:26.0406 5220 RFCOMM - ok
    05:23:26.0437 5220 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    05:23:26.0437 5220 RpcLocator - ok
    05:23:26.0531 5220 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
    05:23:26.0546 5220 RpcSs - ok
    05:23:26.0578 5220 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    05:23:26.0593 5220 RSVP - ok
    05:23:26.0640 5220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    05:23:26.0640 5220 SamSs - ok
    05:23:26.0703 5220 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    05:23:26.0718 5220 SCardSvr - ok
    05:23:26.0750 5220 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    05:23:26.0765 5220 Schedule - ok
    05:23:26.0812 5220 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    05:23:26.0812 5220 Secdrv - ok
    05:23:26.0812 5220 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    05:23:26.0812 5220 seclogon - ok
    05:23:26.0859 5220 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    05:23:26.0859 5220 SENS - ok
    05:23:26.0875 5220 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    05:23:26.0875 5220 serenum - ok
    05:23:26.0890 5220 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    05:23:26.0890 5220 Serial - ok
    05:23:26.0921 5220 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    05:23:26.0921 5220 Sfloppy - ok
    05:23:27.0015 5220 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    05:23:27.0031 5220 SharedAccess - ok
    05:23:27.0046 5220 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    05:23:27.0046 5220 ShellHWDetection - ok
    05:23:27.0046 5220 Simbad - ok
    05:23:27.0062 5220 Sparrow - ok
    05:23:27.0078 5220 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    05:23:27.0078 5220 splitter - ok
    05:23:27.0156 5220 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    05:23:27.0156 5220 Spooler - ok
    05:23:27.0171 5220 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    05:23:27.0171 5220 sr - ok
    05:23:27.0312 5220 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    05:23:27.0406 5220 srservice - ok
    05:23:27.0437 5220 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    05:23:27.0453 5220 Srv - ok
    05:23:27.0484 5220 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    05:23:27.0484 5220 SSDPSRV - ok
    05:23:27.0546 5220 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    05:23:27.0546 5220 ssmdrv - ok
    05:23:27.0656 5220 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
    05:23:27.0671 5220 STHDA - ok
    05:23:27.0750 5220 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
    05:23:27.0750 5220 StillCam - ok
    05:23:27.0843 5220 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    05:23:27.0875 5220 stisvc - ok
    05:23:27.0968 5220 [ 78B58486A5CB4F418D06EA2D6E961DB0 ] SupportSoft RemoteAssist C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
    05:23:27.0968 5220 SupportSoft RemoteAssist - ok
    05:23:28.0046 5220 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    05:23:28.0062 5220 swenum - ok
    05:23:28.0062 5220 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    05:23:28.0062 5220 swmidi - ok
    05:23:28.0062 5220 SwPrv - ok
    05:23:28.0078 5220 symc810 - ok
    05:23:28.0078 5220 symc8xx - ok
    05:23:28.0078 5220 sym_hi - ok
    05:23:28.0078 5220 sym_u3 - ok
    05:23:28.0109 5220 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    05:23:28.0109 5220 sysaudio - ok
    05:23:28.0156 5220 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    05:23:28.0156 5220 SysmonLog - ok
    05:23:28.0187 5220 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    05:23:28.0187 5220 TapiSrv - ok
    05:23:28.0343 5220 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    05:23:28.0343 5220 Tcpip - ok
    05:23:28.0375 5220 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    05:23:28.0390 5220 TDPIPE - ok
    05:23:28.0406 5220 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    05:23:28.0453 5220 TDTCP - ok
    05:23:28.0484 5220 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    05:23:28.0484 5220 TermDD - ok
    05:23:28.0500 5220 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    05:23:28.0515 5220 TermService - ok
    05:23:28.0578 5220 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    05:23:28.0578 5220 Themes - ok
    05:23:28.0640 5220 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    05:23:28.0640 5220 TlntSvr - ok
    05:23:28.0640 5220 TosIde - ok
    05:23:28.0687 5220 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    05:23:28.0703 5220 TrkWks - ok
    05:23:28.0750 5220 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    05:23:28.0750 5220 Udfs - ok
    05:23:28.0765 5220 UIUSys - ok
    05:23:28.0765 5220 ultra - ok
    05:23:28.0812 5220 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    05:23:28.0828 5220 Update - ok
    05:23:28.0859 5220 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    05:23:28.0875 5220 upnphost - ok
    05:23:28.0906 5220 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    05:23:28.0906 5220 UPS - ok
    05:23:28.0953 5220 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    05:23:28.0953 5220 usbccgp - ok
    05:23:29.0000 5220 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    05:23:29.0000 5220 usbehci - ok
    05:23:29.0000 5220 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    05:23:29.0000 5220 usbhub - ok
    05:23:29.0046 5220 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    05:23:29.0046 5220 usbprint - ok
    05:23:29.0062 5220 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    05:23:29.0062 5220 usbscan - ok
    05:23:29.0093 5220 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    05:23:29.0093 5220 USBSTOR - ok
    05:23:29.0093 5220 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    05:23:29.0093 5220 usbuhci - ok
    05:23:29.0109 5220 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    05:23:29.0109 5220 VgaSave - ok
    05:23:29.0109 5220 ViaIde - ok
    05:23:29.0109 5220 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    05:23:29.0125 5220 VolSnap - ok
    05:23:29.0203 5220 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    05:23:29.0203 5220 VSS - ok
    05:23:29.0265 5220 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    05:23:29.0265 5220 W32Time - ok
    05:23:29.0281 5220 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    05:23:29.0281 5220 Wanarp - ok
    05:23:29.0453 5220 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
    05:23:29.0453 5220 Wdf01000 - ok
    05:23:29.0453 5220 WDICA - ok
    05:23:29.0484 5220 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    05:23:29.0484 5220 wdmaud - ok
    05:23:29.0500 5220 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    05:23:29.0515 5220 WebClient - ok
    05:23:29.0687 5220 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
    05:23:29.0703 5220 winachsf - ok
    05:23:29.0875 5220 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    05:23:29.0890 5220 winmgmt - ok
    05:23:29.0968 5220 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
    05:23:30.0171 5220 WinRM - ok
    05:23:30.0218 5220 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
    05:23:30.0218 5220 WinUSB - ok
    05:23:30.0234 5220 wltrysvc - ok
    05:23:30.0265 5220 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    05:23:30.0265 5220 WmdmPmSN - ok
    05:23:30.0343 5220 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    05:23:30.0343 5220 Wmi - ok
    05:23:30.0359 5220 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    05:23:30.0359 5220 WmiAcpi - ok
    05:23:30.0437 5220 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    05:23:30.0437 5220 WmiApSrv - ok
    05:23:30.0578 5220 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    05:23:30.0578 5220 WMPNetworkSvc - ok
    05:23:30.0734 5220 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    05:23:30.0734 5220 WPFFontCache_v0400 - ok
    05:23:30.0812 5220 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    05:23:30.0828 5220 wscsvc - ok
    05:23:30.0828 5220 WSearch - ok
    05:23:30.0906 5220 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    05:23:30.0921 5220 wuauserv - ok
    05:23:30.0984 5220 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    05:23:31.0000 5220 WudfPf - ok
    05:23:31.0078 5220 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    05:23:31.0078 5220 WudfRd - ok
    05:23:31.0156 5220 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    05:23:31.0171 5220 WudfSvc - ok
    05:23:31.0375 5220 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    05:23:31.0453 5220 WZCSVC - ok
    05:23:31.0500 5220 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    05:23:31.0515 5220 xmlprov - ok
    05:23:31.0515 5220 ================ Scan global ===============================
    05:23:31.0578 5220 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    05:23:31.0671 5220 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    05:23:31.0812 5220 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    05:23:31.0828 5220 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    05:23:31.0828 5220 [Global] - ok
    05:23:31.0828 5220 ================ Scan MBR ==================================
    05:23:31.0890 5220 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    05:23:31.0953 5220 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
    05:23:31.0953 5220 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
    05:23:31.0953 5220 ================ Scan VBR ==================================
    05:23:32.0000 5220 [ 36A30189B366FA8D6D26E106AC8E40FC ] \Device\Harddisk0\DR0\Partition1
    05:23:32.0000 5220 \Device\Harddisk0\DR0\Partition1 - ok
    05:23:32.0000 5220 ============================================================
    05:23:32.0000 5220 Scan finished
    05:23:32.0000 5220 ============================================================
    05:23:32.0015 3572 Detected object count: 1
    05:23:32.0015 3572 Actual detected object count: 1
    05:24:25.0609 3572 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - skipped by user
    05:24:25.0609 3572 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Skip
    05:25:32.0890 5920 ============================================================
    05:25:32.0890 5920 Scan started
    05:25:32.0890 5920 Mode: Manual;
    05:25:32.0890 5920 ============================================================
    05:25:33.0375 5920 ================ Scan system memory ========================
    05:25:33.0375 5920 System memory - ok
    05:25:33.0375 5920 ================ Scan services =============================
    05:25:33.0468 5920 Abiosdsk - ok
    05:25:33.0468 5920 abp480n5 - ok
    05:25:33.0546 5920 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    05:25:33.0546 5920 ACPI - ok
    05:25:33.0609 5920 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    05:25:33.0609 5920 ACPIEC - ok
    05:25:33.0734 5920 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    05:25:33.0734 5920 AdobeFlashPlayerUpdateSvc - ok
    05:25:33.0734 5920 adpu160m - ok
    05:25:33.0765 5920 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    05:25:33.0765 5920 aec - ok
    05:25:33.0828 5920 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    05:25:33.0843 5920 AFD - ok
    05:25:33.0843 5920 Aha154x - ok
    05:25:33.0843 5920 aic78u2 - ok
    05:25:33.0843 5920 aic78xx - ok
    05:25:33.0890 5920 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    05:25:33.0890 5920 Alerter - ok
    05:25:33.0953 5920 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    05:25:33.0953 5920 ALG - ok
    05:25:33.0953 5920 AliIde - ok
    05:25:33.0953 5920 amsint - ok
    05:25:34.0234 5920 [ 05EBF798D6A8AB74B4923E49B5681741 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
    05:25:34.0234 5920 AntiVirMailService - ok
    05:25:34.0328 5920 [ EC974E0B4C5290E695F4D99A3571864B ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
    05:25:34.0328 5920 AntiVirSchedulerService - ok
    05:25:34.0375 5920 [ 0CA64AC331DA61CCE0FD2C8FBA129F30 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    05:25:34.0375 5920 AntiVirService - ok
    05:25:34.0421 5920 [ 18BF884CB5B2F3B36EB82A1A2D00E934 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    05:25:34.0437 5920 AntiVirWebService - ok
    05:25:34.0515 5920 [ 090880E9BF20F928BC341F96D27C019E ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    05:25:34.0515 5920 ApfiltrService - ok
    05:25:34.0578 5920 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    05:25:34.0578 5920 AppMgmt - ok
    05:25:34.0578 5920 asc - ok
    05:25:34.0578 5920 asc3350p - ok
    05:25:34.0578 5920 asc3550 - ok
    05:25:34.0765 5920 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    05:25:34.0765 5920 aspnet_state - ok
    05:25:34.0843 5920 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    05:25:34.0843 5920 AsyncMac - ok
    05:25:34.0859 5920 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    05:25:34.0859 5920 atapi - ok
    05:25:34.0859 5920 Atdisk - ok
    05:25:34.0906 5920 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    05:25:34.0906 5920 Atmarpc - ok
    05:25:34.0953 5920 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    05:25:34.0953 5920 AudioSrv - ok
    05:25:35.0046 5920 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    05:25:35.0046 5920 audstub - ok
    05:25:35.0093 5920 [ D57E60FF40E858B653C404605BBDD6FC ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    05:25:35.0093 5920 avgntflt - ok
    05:25:35.0140 5920 [ 0189056DDBF23C7DEF09D2B5999C5405 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
    05:25:35.0140 5920 avipbb - ok
    05:25:35.0140 5920 [ 5BE9B023D7917E6B51FC402DE06819B4 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
    05:25:35.0140 5920 avkmgr - ok
    05:25:35.0234 5920 [ C0ACD392ECE55784884CC208AAFA06CE ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    05:25:35.0234 5920 b57w2k - ok
    05:25:35.0375 5920 [ 345D38F298368DD6B0DF5C4F37457A22 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    05:25:35.0390 5920 BCM43XX - ok
    05:25:35.0437 5920 [ 40F8C4C10ED67B1DE44ABF82582BAC37 ] BCOREUSB C:\WINDOWS\system32\Drivers\BCOREUSB.sys
    05:25:35.0437 5920 BCOREUSB - ok
    05:25:35.0484 5920 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    05:25:35.0484 5920 Beep - ok
    05:25:35.0578 5920 [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen C:\WINDOWS\system32\bgsvcgen.exe
    05:25:35.0578 5920 bgsvcgen - ok
    05:25:35.0625 5920 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    05:25:35.0640 5920 BITS - ok
    05:25:35.0671 5920 [ B26E18ADAA16E507166E3B61E79A1E25 ] Bluetooth Hid Switch Service C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
    05:25:35.0671 5920 Bluetooth Hid Switch Service - ok
    05:25:35.0750 5920 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    05:25:35.0750 5920 Browser - ok
    05:25:35.0781 5920 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
    05:25:35.0781 5920 BthEnum - ok
    05:25:35.0796 5920 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
    05:25:35.0796 5920 BthPan - ok
    05:25:35.0859 5920 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
    05:25:35.0859 5920 BTHPORT - ok
    05:25:35.0953 5920 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
    05:25:35.0953 5920 BthServ - ok
    05:25:36.0000 5920 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
    05:25:36.0000 5920 BTHUSB - ok
    05:25:36.0031 5920 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    05:25:36.0031 5920 cbidf2k - ok
    05:25:36.0031 5920 cd20xrnt - ok
    05:25:36.0093 5920 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    05:25:36.0093 5920 Cdaudio - ok
    05:25:36.0171 5920 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    05:25:36.0171 5920 Cdfs - ok
    05:25:36.0187 5920 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    05:25:36.0187 5920 Cdrom - ok
    05:25:36.0234 5920 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
    05:25:36.0234 5920 cercsr6 - ok
    05:25:36.0234 5920 Changer - ok
    05:25:36.0281 5920 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    05:25:36.0281 5920 CiSvc - ok
    05:25:36.0312 5920 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    05:25:36.0312 5920 ClipSrv - ok
    05:25:36.0328 5920 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    05:25:36.0328 5920 clr_optimization_v2.0.50727_32 - ok
    05:25:36.0406 5920 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    05:25:36.0406 5920 clr_optimization_v4.0.30319_32 - ok
    05:25:36.0421 5920 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    05:25:36.0421 5920 CmBatt - ok
    05:25:36.0421 5920 CmdIde - ok
    05:25:36.0437 5920 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
    05:25:36.0437 5920 Compbatt - ok
    05:25:36.0453 5920 COMSysApp - ok
    05:25:36.0453 5920 Cpqarray - ok
    05:25:36.0531 5920 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    05:25:36.0531 5920 CryptSvc - ok
    05:25:36.0531 5920 dac2w2k - ok
    05:25:36.0546 5920 dac960nt - ok
    05:25:36.0625 5920 [ 465EBC2179406DE124D9F9B4912ACB14 ] DB2MGMTSVC_DB2COPY1 C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe
    05:25:36.0625 5920 DB2MGMTSVC_DB2COPY1 - ok
    05:25:36.0718 5920 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    05:25:36.0718 5920 DcomLaunch - ok
    05:25:36.0812 5920 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    05:25:36.0812 5920 Dhcp - ok
    05:25:36.0828 5920 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    05:25:36.0828 5920 Disk - ok
    05:25:36.0828 5920 dmadmin - ok
    05:25:36.0890 5920 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    05:25:36.0890 5920 dmboot - ok
    05:25:36.0906 5920 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    05:25:36.0906 5920 dmio - ok
    05:25:36.0921 5920 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    05:25:36.0921 5920 dmload - ok
    05:25:36.0937 5920 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    05:25:36.0953 5920 dmserver - ok
    05:25:37.0000 5920 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    05:25:37.0000 5920 DMusic - ok
    05:25:37.0062 5920 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    05:25:37.0062 5920 Dnscache - ok
    05:25:37.0125 5920 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    05:25:37.0125 5920 Dot3svc - ok
    05:25:37.0125 5920 dpti2o - ok
    05:25:37.0125 5920 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    05:25:37.0125 5920 drmkaud - ok
    05:25:37.0156 5920 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    05:25:37.0156 5920 EapHost - ok
    05:25:37.0203 5920 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    05:25:37.0203 5920 ERSvc - ok
    05:25:37.0281 5920 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    05:25:37.0281 5920 Eventlog - ok
    05:25:37.0375 5920 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    05:25:37.0375 5920 EventSystem - ok
    05:25:37.0453 5920 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    05:25:37.0453 5920 Fastfat - ok
    05:25:37.0546 5920 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    05:25:37.0546 5920 FastUserSwitchingCompatibility - ok
    05:25:37.0546 5920 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    05:25:37.0546 5920 Fdc - ok
    05:25:37.0562 5920 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    05:25:37.0562 5920 Fips - ok
    05:25:37.0578 5920 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    05:25:37.0578 5920 Flpydisk - ok
    05:25:37.0656 5920 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    05:25:37.0656 5920 FltMgr - ok
    05:25:37.0765 5920 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    05:25:37.0765 5920 FontCache3.0.0.0 - ok
    05:25:37.0765 5920 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    05:25:37.0765 5920 Fs_Rec - ok
    05:25:37.0781 5920 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    05:25:37.0781 5920 Ftdisk - ok
    05:25:37.0796 5920 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    05:25:37.0796 5920 Gpc - ok
    05:25:37.0875 5920 [ C0BDAB85F3E8B2138C513255E2BCC4D8 ] guardian2 C:\WINDOWS\system32\Drivers\oz776.sys
    05:25:37.0875 5920 guardian2 - ok
    05:25:38.0046 5920 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    05:25:38.0046 5920 gupdate - ok
    05:25:38.0046 5920 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    05:25:38.0046 5920 gupdatem - ok
    05:25:38.0140 5920 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    05:25:38.0140 5920 gusvc - ok
    05:25:38.0171 5920 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    05:25:38.0171 5920 HDAudBus - ok
    05:25:38.0406 5920 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    05:25:38.0406 5920 helpsvc - ok
    05:25:38.0406 5920 HidServ - ok
    05:25:38.0468 5920 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    05:25:38.0468 5920 hkmsvc - ok
    05:25:38.0468 5920 hpn - ok
    05:25:38.0625 5920 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    05:25:38.0625 5920 hpqcxs08 - ok
    05:25:38.0625 5920 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    05:25:38.0625 5920 hpqddsvc - ok
    05:25:38.0671 5920 [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
    05:25:38.0671 5920 HPSLPSVC - ok
    05:25:38.0796 5920 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
    05:25:38.0796 5920 HSF_DPV - ok
    05:25:38.0812 5920 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
    05:25:38.0812 5920 HSXHWAZL - ok
    05:25:38.0906 5920 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    05:25:38.0906 5920 HTTP - ok
    05:25:38.0968 5920 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    05:25:38.0968 5920 HTTPFilter - ok
    05:25:38.0968 5920 i2omgmt - ok
    05:25:38.0968 5920 i2omp - ok
    05:25:39.0015 5920 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    05:25:39.0015 5920 i8042prt - ok
    05:25:39.0250 5920 [ E8C7CC369C2FB657E0792AF70DF529E6 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    05:25:39.0296 5920 ialm - ok
    05:25:39.0421 5920 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    05:25:39.0421 5920 IDriverT - ok
    05:25:39.0546 5920 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    05:25:39.0562 5920 idsvc - ok
    05:25:39.0609 5920 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    05:25:39.0609 5920 Imapi - ok
    05:25:39.0703 5920 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    05:25:39.0703 5920 ImapiService - ok
    05:25:39.0718 5920 ini910u - ok
    05:25:39.0718 5920 IntelIde - ok
    05:25:39.0750 5920 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    05:25:39.0750 5920 intelppm - ok
    05:25:39.0796 5920 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    05:25:39.0796 5920 Ip6Fw - ok
    05:25:39.0828 5920 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    05:25:39.0828 5920 IpFilterDriver - ok
    05:25:39.0843 5920 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    05:25:39.0843 5920 IpInIp - ok
    05:25:39.0890 5920 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    05:25:39.0890 5920 IpNat - ok
    05:25:39.0906 5920 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    05:25:39.0906 5920 IPSec - ok
    05:25:39.0953 5920 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    05:25:39.0953 5920 IRENUM - ok
    05:25:40.0000 5920 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    05:25:40.0000 5920 isapnp - ok
    05:25:40.0156 5920 [ 7FBFEEE245821925129C9F86470BF33C ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    05:25:40.0156 5920 JavaQuickStarterService - ok
    05:25:40.0171 5920 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    05:25:40.0171 5920 Kbdclass - ok
    05:25:40.0187 5920 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    05:25:40.0187 5920 kmixer - ok
    05:25:40.0234 5920 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    05:25:40.0234 5920 KSecDD - ok
    05:25:40.0296 5920 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    05:25:40.0312 5920 lanmanserver - ok
    05:25:40.0390 5920 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    05:25:40.0390 5920 lanmanworkstation - ok
    05:25:40.0390 5920 lbrtfdc - ok
    05:25:40.0484 5920 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    05:25:40.0484 5920 LmHosts - ok
    05:25:40.0531 5920 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
    05:25:40.0531 5920 MBAMProtector - ok
    05:25:40.0578 5920 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    05:25:40.0578 5920 MBAMScheduler - ok
    05:25:40.0609 5920 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    05:25:40.0609 5920 MBAMService - ok
    05:25:40.0625 5920 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    05:25:40.0625 5920 mdmxsdk - ok
    05:25:40.0671 5920 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    05:25:40.0671 5920 Messenger - ok
    05:25:40.0734 5920 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    05:25:40.0734 5920 mnmdd - ok
    05:25:40.0796 5920 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    05:25:40.0796 5920 mnmsrvc - ok
    05:25:40.0796 5920 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    05:25:40.0796 5920 Modem - ok
    05:25:40.0796 5920 motandroidusb - ok
    05:25:40.0828 5920 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    05:25:40.0828 5920 Mouclass - ok
    05:25:40.0828 5920 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    05:25:40.0828 5920 MountMgr - ok
    05:25:40.0828 5920 mraid35x - ok
    05:25:40.0843 5920 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    05:25:40.0843 5920 MRxDAV - ok
    05:25:41.0000 5920 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    05:25:41.0000 5920 MRxSmb - ok
    05:25:41.0000 5920 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    05:25:41.0000 5920 MSDTC - ok
    05:25:41.0015 5920 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    05:25:41.0015 5920 Msfs - ok
    05:25:41.0015 5920 MSIServer - ok
    05:25:41.0062 5920 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    05:25:41.0062 5920 MSKSSRV - ok
    05:25:41.0062 5920 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    05:25:41.0062 5920 MSPCLOCK - ok
    05:25:41.0078 5920 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    05:25:41.0078 5920 MSPQM - ok
    05:25:41.0125 5920 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    05:25:41.0125 5920 mssmbios - ok
    05:25:41.0218 5920 [ 7FF9BA6D0BFBCD31DDF23EAF982D7069 ] Multi-user Cleanup Service C:\Program Files\lotus\notes\ntmulti.exe
    05:25:41.0218 5920 Multi-user Cleanup Service - ok
    05:25:41.0296 5920 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    05:25:41.0296 5920 Mup - ok
    05:25:41.0359 5920 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    05:25:41.0359 5920 napagent - ok
    05:25:41.0406 5920 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    05:25:41.0406 5920 NDIS - ok
    05:25:41.0500 5920 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    05:25:41.0500 5920 NdisTapi - ok
    05:25:41.0578 5920 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    05:25:41.0578 5920 Ndisuio - ok
    05:25:41.0578 5920 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    05:25:41.0593 5920 NdisWan - ok
    05:25:41.0671 5920 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    05:25:41.0671 5920 NDProxy - ok
    05:25:41.0765 5920 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
    05:25:41.0765 5920 Net Driver HPZ12 - ok
    05:25:41.0781 5920 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    05:25:41.0781 5920 NetBIOS - ok
    05:25:41.0875 5920 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    05:25:41.0875 5920 NetBT - ok
    05:25:41.0906 5920 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    05:25:41.0906 5920 NetDDE - ok
    05:25:41.0906 5920 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    05:25:41.0921 5920 NetDDEdsdm - ok
    05:25:41.0968 5920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    05:25:41.0968 5920 Netlogon - ok
    05:25:42.0062 5920 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    05:25:42.0062 5920 Netman - ok
    05:25:42.0125 5920 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    05:25:42.0125 5920 NetTcpPortSharing - ok
    05:25:42.0171 5920 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    05:25:42.0171 5920 Nla - ok
    05:25:42.0187 5920 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    05:25:42.0187 5920 Npfs - ok
    05:25:42.0234 5920 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    05:25:42.0250 5920 Ntfs - ok
    05:25:42.0296 5920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    05:25:42.0296 5920 NtLmSsp - ok
    05:25:42.0343 5920 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    05:25:42.0343 5920 NtmsSvc - ok
    05:25:42.0390 5920 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    05:25:42.0390 5920 Null - ok
    05:25:42.0437 5920 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    05:25:42.0437 5920 NwlnkFlt - ok
    05:25:42.0437 5920 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    05:25:42.0437 5920 NwlnkFwd - ok
    05:25:42.0546 5920 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    05:25:42.0546 5920 ose - ok
    05:25:42.0859 5920 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    05:25:42.0890 5920 osppsvc - ok
    05:25:42.0921 5920 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    05:25:42.0921 5920 Parport - ok
    05:25:43.0000 5920 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    05:25:43.0000 5920 PartMgr - ok
    05:25:43.0062 5920 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    05:25:43.0062 5920 ParVdm - ok
    05:25:43.0062 5920 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    05:25:43.0062 5920 PCI - ok
    05:25:43.0078 5920 PCIDump - ok
    05:25:43.0078 5920 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    05:25:43.0093 5920 PCIIde - ok
    05:25:43.0125 5920 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    05:25:43.0140 5920 Pcmcia - ok
    05:25:43.0140 5920 PDCOMP - ok
    05:25:43.0140 5920 PDFRAME - ok
    05:25:43.0140 5920 PDRELI - ok
    05:25:43.0140 5920 PDRFRAME - ok
    05:25:43.0140 5920 perc2 - ok
    05:25:43.0156 5920 perc2hib - ok
    05:25:43.0171 5920 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    05:25:43.0171 5920 PlugPlay - ok
    05:25:43.0187 5920 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
    05:25:43.0187 5920 Pml Driver HPZ12 - ok
    05:25:43.0265 5920 [ 713E294439D982BB161317DE0136FAA0 ] pneteth C:\WINDOWS\system32\DRIVERS\pneteth.sys
    05:25:43.0265 5920 pneteth - ok
    05:25:43.0265 5920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    05:25:43.0265 5920 PolicyAgent - ok
    05:25:43.0343 5920 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    05:25:43.0343 5920 PptpMiniport - ok
    05:25:43.0359 5920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    05:25:43.0359 5920 ProtectedStorage - ok
    05:25:43.0359 5920 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    05:25:43.0359 5920 PSched - ok
    05:25:43.0406 5920 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    05:25:43.0406 5920 Ptilink - ok
    05:25:43.0406 5920 ql1080 - ok
    05:25:43.0406 5920 Ql10wnt - ok
    05:25:43.0406 5920 ql12160 - ok
    05:25:43.0406 5920 ql1240 - ok
    05:25:43.0406 5920 ql1280 - ok
    05:25:43.0453 5920 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    05:25:43.0453 5920 RasAcd - ok
    05:25:43.0500 5920 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    05:25:43.0500 5920 RasAuto - ok
    05:25:43.0546 5920 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    05:25:43.0546 5920 Rasl2tp - ok
    05:25:43.0625 5920 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    05:25:43.0625 5920 RasMan - ok
    05:25:43.0625 5920 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    05:25:43.0625 5920 RasPppoe - ok
    05:25:43.0625 5920 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    05:25:43.0625 5920 Raspti - ok
    05:25:43.0656 5920 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    05:25:43.0656 5920 Rdbss - ok
    05:25:43.0656 5920 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    05:25:43.0656 5920 RDPCDD - ok
    05:25:43.0671 5920 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    05:25:43.0671 5920 rdpdr - ok
    05:25:43.0750 5920 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    05:25:43.0750 5920 RDPWD - ok
    05:25:43.0812 5920 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    05:25:43.0812 5920 RDSessMgr - ok
    05:25:43.0843 5920 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    05:25:43.0843 5920 redbook - ok
    05:25:43.0890 5920 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    05:25:43.0890 5920 RemoteAccess - ok
    05:25:43.0937 5920 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    05:25:43.0937 5920 RemoteRegistry - ok
    05:25:43.0984 5920 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
    05:25:43.0984 5920 RFCOMM - ok
    05:25:43.0984 5920 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    05:25:43.0984 5920 RpcLocator - ok
    05:25:44.0031 5920 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
    05:25:44.0046 5920 RpcSs - ok
    05:25:44.0078 5920 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    05:25:44.0093 5920 RSVP - ok
    05:25:44.0140 5920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    05:25:44.0140 5920 SamSs - ok
    05:25:44.0156 5920 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    05:25:44.0156 5920 SCardSvr - ok
    05:25:44.0328 5920 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    05:25:44.0328 5920 Schedule - ok
    05:25:44.0375 5920 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    05:25:44.0375 5920 Secdrv - ok
    05:25:44.0421 5920 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    05:25:44.0421 5920 seclogon - ok
    05:25:44.0421 5920 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    05:25:44.0421 5920 SENS - ok
    05:25:44.0437 5920 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    05:25:44.0437 5920 serenum - ok
    05:25:44.0453 5920 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    05:25:44.0453 5920 Serial - ok
    05:25:44.0468 5920 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    05:25:44.0468 5920 Sfloppy - ok
    05:25:44.0562 5920 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    05:25:44.0562 5920 SharedAccess - ok
    05:25:44.0578 5920 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    05:25:44.0578 5920 ShellHWDetection - ok
    05:25:44.0578 5920 Simbad - ok
    05:25:44.0578 5920 Sparrow - ok
    05:25:44.0593 5920 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    05:25:44.0593 5920 splitter - ok
    05:25:44.0687 5920 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    05:25:44.0687 5920 Spooler - ok
    05:25:44.0703 5920 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    05:25:44.0703 5920 sr - ok
    05:25:44.0781 5920 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    05:25:44.0781 5920 srservice - ok
    05:25:44.0828 5920 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    05:25:44.0828 5920 Srv - ok
    05:25:44.0859 5920 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    05:25:44.0859 5920 SSDPSRV - ok
    05:25:44.0890 5920 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    05:25:44.0890 5920 ssmdrv - ok
    05:25:45.0000 5920 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
    05:25:45.0000 5920 STHDA - ok
    05:25:45.0078 5920 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
    05:25:45.0078 5920 StillCam - ok
    05:25:45.0109 5920 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    05:25:45.0109 5920 stisvc - ok
    05:25:45.0218 5920 [ 78B58486A5CB4F418D06EA2D6E961DB0 ] SupportSoft RemoteAssist C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
    05:25:45.0218 5920 SupportSoft RemoteAssist - ok
    05:25:45.0296 5920 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    05:25:45.0296 5920 swenum - ok
    05:25:45.0375 5920 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    05:25:45.0375 5920 swmidi - ok
    05:25:45.0375 5920 SwPrv - ok
    05:25:45.0390 5920 symc810 - ok
    05:25:45.0390 5920 symc8xx - ok
    05:25:45.0390 5920 sym_hi - ok
    05:25:45.0390 5920 sym_u3 - ok
    05:25:45.0406 5920 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    05:25:45.0406 5920 sysaudio - ok
    05:25:45.0421 5920 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    05:25:45.0421 5920 SysmonLog - ok
    05:25:45.0437 5920 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    05:25:45.0437 5920 TapiSrv - ok
    05:25:45.0500 5920 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    05:25:45.0515 5920 Tcpip - ok
    05:25:45.0546 5920 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    05:25:45.0546 5920 TDPIPE - ok
    05:25:45.0562 5920 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    05:25:45.0562 5920 TDTCP - ok
    05:25:45.0609 5920 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    05:25:45.0609 5920 TermDD - ok
    05:25:45.0703 5920 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    05:25:45.0703 5920 TermService - ok
    05:25:45.0718 5920 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    05:25:45.0718 5920 Themes - ok
    05:25:45.0765 5920 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    05:25:45.0765 5920 TlntSvr - ok
    05:25:45.0765 5920 TosIde - ok
    05:25:45.0781 5920 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    05:25:45.0781 5920 TrkWks - ok
    05:25:45.0828 5920 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    05:25:45.0828 5920 Udfs - ok
    05:25:45.0828 5920 UIUSys - ok
    05:25:45.0828 5920 ultra - ok
    05:25:45.0843 5920 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    05:25:45.0843 5920 Update - ok
    05:25:45.0859 5920 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    05:25:45.0875 5920 upnphost - ok
    05:25:45.0906 5920 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    05:25:45.0906 5920 UPS - ok
    05:25:45.0953 5920 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    05:25:45.0953 5920 usbccgp - ok
    05:25:46.0000 5920 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    05:25:46.0000 5920 usbehci - ok
    05:25:46.0015 5920 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    05:25:46.0015 5920 usbhub - ok
    05:25:46.0062 5920 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    05:25:46.0062 5920 usbprint - ok
    05:25:46.0062 5920 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    05:25:46.0062 5920 usbscan - ok
    05:25:46.0109 5920 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    05:25:46.0109 5920 USBSTOR - ok
    05:25:46.0109 5920 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    05:25:46.0109 5920 usbuhci - ok
    05:25:46.0109 5920 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    05:25:46.0125 5920 VgaSave - ok
    05:25:46.0125 5920 ViaIde - ok
    05:25:46.0125 5920 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    05:25:46.0125 5920 VolSnap - ok
    05:25:46.0156 5920 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    05:25:46.0156 5920 VSS - ok
    05:25:46.0187 5920 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    05:25:46.0187 5920 W32Time - ok
    05:25:46.0203 5920 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    05:25:46.0203 5920 Wanarp - ok
    05:25:46.0281 5920 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
    05:25:46.0281 5920 Wdf01000 - ok
    05:25:46.0296 5920 WDICA - ok
    05:25:46.0328 5920 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    05:25:46.0328 5920 wdmaud - ok
    05:25:46.0343 5920 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    05:25:46.0343 5920 WebClient - ok
    05:25:46.0437 5920 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
    05:25:46.0437 5920 winachsf - ok
    05:25:46.0593 5920 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    05:25:46.0593 5920 winmgmt - ok
    05:25:46.0687 5920 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
    05:25:46.0687 5920 WinRM - ok
    05:25:46.0718 5920 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
    05:25:46.0718 5920 WinUSB - ok
    05:25:46.0734 5920 wltrysvc - ok
    05:25:46.0765 5920 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    05:25:46.0765 5920 WmdmPmSN - ok
    05:25:46.0828 5920 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    05:25:46.0828 5920 Wmi - ok
    05:25:46.0843 5920 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    05:25:46.0843 5920 WmiAcpi - ok
    05:25:46.0921 5920 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    05:25:46.0921 5920 WmiApSrv - ok
    05:25:47.0062 5920 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    05:25:47.0062 5920 WMPNetworkSvc - ok
    05:25:47.0156 5920 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    05:25:47.0171 5920 WPFFontCache_v0400 - ok
    05:25:47.0234 5920 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    05:25:47.0234 5920 wscsvc - ok
    05:25:47.0234 5920 WSearch - ok
    05:25:47.0250 5920 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    05:25:47.0250 5920 wuauserv - ok
    05:25:47.0296 5920 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    05:25:47.0312 5920 WudfPf - ok
    05:25:47.0312 5920 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    05:25:47.0312 5920 WudfRd - ok
    05:25:47.0328 5920 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    05:25:47.0328 5920 WudfSvc - ok
    05:25:47.0406 5920 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    05:25:47.0406 5920 WZCSVC - ok
    05:25:47.0437 5920 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    05:25:47.0437 5920 xmlprov - ok
    05:25:47.0453 5920 ================ Scan global ===============================
    05:25:47.0500 5920 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    05:25:47.0562 5920 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    05:25:47.0562 5920 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    05:25:47.0609 5920 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    05:25:47.0609 5920 [Global] - ok
    05:25:47.0609 5920 ================ Scan MBR ==================================
    05:25:47.0656 5920 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    05:25:47.0718 5920 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
    05:25:47.0718 5920 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
    05:25:47.0718 5920 ================ Scan VBR ==================================
    05:25:47.0718 5920 [ 36A30189B366FA8D6D26E106AC8E40FC ] \Device\Harddisk0\DR0\Partition1
    05:25:47.0718 5920 \Device\Harddisk0\DR0\Partition1 - ok
    05:25:47.0718 5920 ============================================================
    05:25:47.0718 5920 Scan finished
    05:25:47.0718 5920 ============================================================
    05:25:47.0734 4232 Detected object count: 1
    05:25:47.0734 4232 Actual detected object count: 1
    05:26:08.0781 4232 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - skipped by user
    05:26:08.0781 4232 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Skip
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,313
    Please run TDSSKiller again and this time select the "cure" option. There is a rootkit infection and the tool should cure it.

    Please post back the resulting log.
     
  8. genubi

    genubi Thread Starter

    Joined:
    Oct 12, 2000
    Messages:
    81
    14:22:58.0671 5188 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    14:22:59.0031 5188 ============================================================
    14:22:59.0031 5188 Current date / time: 2013/01/29 14:22:59.0031
    14:22:59.0031 5188 SystemInfo:
    14:22:59.0031 5188
    14:22:59.0031 5188 OS Version: 5.1.2600 ServicePack: 3.0
    14:22:59.0031 5188 Product type: Workstation
    14:22:59.0031 5188 ComputerName: ZUBENAL
    14:22:59.0031 5188 UserName: Michael
    14:22:59.0031 5188 Windows directory: C:\WINDOWS
    14:22:59.0031 5188 System windows directory: C:\WINDOWS
    14:22:59.0031 5188 Processor architecture: Intel x86
    14:22:59.0031 5188 Number of processors: 2
    14:22:59.0031 5188 Page size: 0x1000
    14:22:59.0031 5188 Boot type: Normal boot
    14:22:59.0031 5188 ============================================================
    14:23:19.0406 5188 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    14:23:19.0437 5188 ============================================================
    14:23:19.0437 5188 \Device\Harddisk0\DR0:
    14:23:19.0453 5188 MBR partitions:
    14:23:19.0453 5188 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
    14:23:19.0453 5188 ============================================================
    14:23:19.0531 5188 C: <-> \Device\Harddisk0\DR0\Partition1
    14:23:19.0531 5188 ============================================================
    14:23:19.0531 5188 Initialize success
    14:23:19.0531 5188 ============================================================
    14:23:22.0343 4552 ============================================================
    14:23:22.0343 4552 Scan started
    14:23:22.0343 4552 Mode: Manual;
    14:23:22.0343 4552 ============================================================
    14:23:26.0593 4552 ================ Scan system memory ========================
    14:23:30.0093 4552 System memory - ok
    14:23:30.0093 4552 ================ Scan services =============================
    14:23:30.0296 4552 Abiosdsk - ok
    14:23:30.0312 4552 abp480n5 - ok
    14:23:30.0375 4552 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    14:23:30.0375 4552 ACPI - ok
    14:23:30.0421 4552 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    14:23:30.0468 4552 ACPIEC - ok
    14:23:30.0640 4552 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    14:23:30.0640 4552 AdobeFlashPlayerUpdateSvc - ok
    14:23:30.0656 4552 adpu160m - ok
    14:23:30.0703 4552 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    14:23:30.0718 4552 aec - ok
    14:23:30.0796 4552 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    14:23:30.0906 4552 AFD - ok
    14:23:30.0906 4552 Aha154x - ok
    14:23:30.0906 4552 aic78u2 - ok
    14:23:30.0906 4552 aic78xx - ok
    14:23:30.0937 4552 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    14:23:30.0953 4552 Alerter - ok
    14:23:31.0015 4552 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    14:23:31.0015 4552 ALG - ok
    14:23:31.0015 4552 AliIde - ok
    14:23:31.0031 4552 amsint - ok
    14:23:31.0437 4552 [ 05EBF798D6A8AB74B4923E49B5681741 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
    14:23:31.0656 4552 AntiVirMailService - ok
    14:23:31.0734 4552 [ EC974E0B4C5290E695F4D99A3571864B ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
    14:23:31.0750 4552 AntiVirSchedulerService - ok
    14:23:31.0750 4552 [ 0CA64AC331DA61CCE0FD2C8FBA129F30 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    14:23:31.0765 4552 AntiVirService - ok
    14:23:31.0796 4552 [ 18BF884CB5B2F3B36EB82A1A2D00E934 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    14:23:32.0015 4552 AntiVirWebService - ok
    14:23:32.0109 4552 [ 090880E9BF20F928BC341F96D27C019E ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    14:23:32.0109 4552 ApfiltrService - ok
    14:23:32.0187 4552 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    14:23:32.0203 4552 AppMgmt - ok
    14:23:32.0203 4552 asc - ok
    14:23:32.0203 4552 asc3350p - ok
    14:23:32.0218 4552 asc3550 - ok
    14:23:32.0593 4552 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    14:23:32.0593 4552 aspnet_state - ok
    14:23:32.0671 4552 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    14:23:32.0671 4552 AsyncMac - ok
    14:23:32.0687 4552 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    14:23:32.0687 4552 atapi - ok
    14:23:32.0687 4552 Atdisk - ok
    14:23:32.0734 4552 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    14:23:32.0734 4552 Atmarpc - ok
    14:23:32.0781 4552 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    14:23:32.0796 4552 AudioSrv - ok
    14:23:32.0859 4552 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    14:23:32.0875 4552 audstub - ok
    14:23:32.0921 4552 [ D57E60FF40E858B653C404605BBDD6FC ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    14:23:32.0921 4552 avgntflt - ok
    14:23:32.0968 4552 [ 0189056DDBF23C7DEF09D2B5999C5405 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
    14:23:32.0968 4552 avipbb - ok
    14:23:33.0046 4552 [ 5BE9B023D7917E6B51FC402DE06819B4 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
    14:23:33.0046 4552 avkmgr - ok
    14:23:33.0140 4552 [ C0ACD392ECE55784884CC208AAFA06CE ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    14:23:33.0140 4552 b57w2k - ok
    14:23:33.0312 4552 [ 345D38F298368DD6B0DF5C4F37457A22 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    14:23:33.0796 4552 BCM43XX - ok
    14:23:33.0890 4552 [ 40F8C4C10ED67B1DE44ABF82582BAC37 ] BCOREUSB C:\WINDOWS\system32\Drivers\BCOREUSB.sys
    14:23:33.0890 4552 BCOREUSB - ok
    14:23:33.0968 4552 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    14:23:33.0984 4552 Beep - ok
    14:23:34.0062 4552 [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen C:\WINDOWS\system32\bgsvcgen.exe
    14:23:34.0062 4552 bgsvcgen - ok
    14:23:34.0156 4552 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    14:23:34.0375 4552 BITS - ok
    14:23:34.0437 4552 [ B26E18ADAA16E507166E3B61E79A1E25 ] Bluetooth Hid Switch Service C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
    14:23:34.0453 4552 Bluetooth Hid Switch Service - ok
    14:23:34.0515 4552 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    14:23:34.0515 4552 Browser - ok
    14:23:34.0562 4552 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
    14:23:34.0562 4552 BthEnum - ok
    14:23:34.0593 4552 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
    14:23:34.0593 4552 BthPan - ok
    14:23:34.0656 4552 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
    14:23:34.0656 4552 BTHPORT - ok
    14:23:34.0734 4552 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
    14:23:34.0734 4552 BthServ - ok
    14:23:34.0781 4552 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
    14:23:34.0781 4552 BTHUSB - ok
    14:23:34.0796 4552 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    14:23:34.0890 4552 cbidf2k - ok
    14:23:34.0890 4552 cd20xrnt - ok
    14:23:34.0968 4552 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    14:23:35.0125 4552 Cdaudio - ok
    14:23:35.0203 4552 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    14:23:35.0296 4552 Cdfs - ok
    14:23:35.0359 4552 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    14:23:35.0359 4552 Cdrom - ok
    14:23:35.0406 4552 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
    14:23:35.0468 4552 cercsr6 - ok
    14:23:35.0468 4552 Changer - ok
    14:23:35.0546 4552 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    14:23:35.0562 4552 CiSvc - ok
    14:23:35.0609 4552 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    14:23:35.0609 4552 ClipSrv - ok
    14:23:35.0625 4552 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    14:23:35.0671 4552 clr_optimization_v2.0.50727_32 - ok
    14:23:35.0765 4552 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    14:23:35.0781 4552 clr_optimization_v4.0.30319_32 - ok
    14:23:35.0781 4552 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    14:23:35.0781 4552 CmBatt - ok
    14:23:35.0796 4552 CmdIde - ok
    14:23:35.0812 4552 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
    14:23:35.0843 4552 Compbatt - ok
    14:23:35.0843 4552 COMSysApp - ok
    14:23:35.0843 4552 Cpqarray - ok
    14:23:36.0078 4552 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    14:23:36.0156 4552 CryptSvc - ok
    14:23:36.0156 4552 dac2w2k - ok
    14:23:36.0171 4552 dac960nt - ok
    14:23:36.0359 4552 [ 465EBC2179406DE124D9F9B4912ACB14 ] DB2MGMTSVC_DB2COPY1 C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe
    14:23:36.0437 4552 DB2MGMTSVC_DB2COPY1 - ok
    14:23:36.0515 4552 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    14:23:36.0609 4552 DcomLaunch - ok
    14:23:36.0687 4552 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    14:23:36.0687 4552 Dhcp - ok
    14:23:36.0734 4552 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    14:23:36.0734 4552 Disk - ok
    14:23:36.0750 4552 dmadmin - ok
    14:23:36.0781 4552 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    14:23:36.0921 4552 dmboot - ok
    14:23:36.0937 4552 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    14:23:36.0953 4552 dmio - ok
    14:23:37.0312 4552 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    14:23:37.0390 4552 dmload - ok
    14:23:37.0437 4552 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    14:23:37.0437 4552 dmserver - ok
    14:23:37.0468 4552 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    14:23:37.0484 4552 DMusic - ok
    14:23:37.0562 4552 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    14:23:37.0562 4552 Dnscache - ok
    14:23:37.0625 4552 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    14:23:37.0625 4552 Dot3svc - ok
    14:23:37.0625 4552 dpti2o - ok
    14:23:37.0671 4552 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    14:23:37.0671 4552 drmkaud - ok
    14:23:37.0703 4552 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    14:23:37.0703 4552 EapHost - ok
    14:23:37.0750 4552 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    14:23:37.0750 4552 ERSvc - ok
    14:23:37.0828 4552 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    14:23:37.0937 4552 Eventlog - ok
    14:23:38.0125 4552 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    14:23:38.0140 4552 EventSystem - ok
    14:23:38.0296 4552 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    14:23:38.0609 4552 Fastfat - ok
    14:23:38.0687 4552 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    14:23:38.0703 4552 FastUserSwitchingCompatibility - ok
    14:23:38.0718 4552 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    14:23:38.0734 4552 Fdc - ok
    14:23:38.0765 4552 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    14:23:38.0781 4552 Fips - ok
    14:23:38.0796 4552 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    14:23:38.0812 4552 Flpydisk - ok
    14:23:38.0906 4552 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    14:23:38.0906 4552 FltMgr - ok
    14:23:39.0000 4552 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    14:23:39.0000 4552 FontCache3.0.0.0 - ok
    14:23:39.0031 4552 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    14:23:39.0109 4552 Fs_Rec - ok
    14:23:39.0109 4552 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    14:23:39.0109 4552 Ftdisk - ok
    14:23:39.0203 4552 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    14:23:39.0203 4552 Gpc - ok
    14:23:39.0296 4552 [ C0BDAB85F3E8B2138C513255E2BCC4D8 ] guardian2 C:\WINDOWS\system32\Drivers\oz776.sys
    14:23:39.0296 4552 guardian2 - ok
    14:23:39.0468 4552 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    14:23:39.0468 4552 gupdate - ok
    14:23:39.0484 4552 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    14:23:39.0484 4552 gupdatem - ok
    14:23:39.0640 4552 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    14:23:39.0640 4552 gusvc - ok
    14:23:39.0687 4552 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    14:23:39.0703 4552 HDAudBus - ok
    14:23:39.0859 4552 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    14:23:39.0859 4552 helpsvc - ok
    14:23:39.0875 4552 HidServ - ok
    14:23:39.0921 4552 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    14:23:39.0921 4552 hkmsvc - ok
    14:23:39.0937 4552 hpn - ok
    14:23:40.0093 4552 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    14:23:40.0109 4552 hpqcxs08 - ok
    14:23:40.0171 4552 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    14:23:40.0171 4552 hpqddsvc - ok
    14:23:40.0250 4552 [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
    14:23:40.0265 4552 HPSLPSVC - ok
    14:23:40.0375 4552 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
    14:23:40.0406 4552 HSF_DPV - ok
    14:23:40.0437 4552 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
    14:23:40.0437 4552 HSXHWAZL - ok
    14:23:40.0515 4552 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    14:23:40.0546 4552 HTTP - ok
    14:23:40.0593 4552 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    14:23:40.0609 4552 HTTPFilter - ok
    14:23:40.0609 4552 i2omgmt - ok
    14:23:40.0625 4552 i2omp - ok
    14:23:40.0656 4552 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    14:23:40.0656 4552 i8042prt - ok
    14:23:41.0078 4552 [ E8C7CC369C2FB657E0792AF70DF529E6 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    14:23:41.0250 4552 ialm - ok
    14:23:41.0390 4552 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    14:23:41.0406 4552 IDriverT - ok
    14:23:41.0562 4552 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    14:23:41.0593 4552 idsvc - ok
    14:23:41.0656 4552 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    14:23:41.0656 4552 Imapi - ok
    14:23:41.0750 4552 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    14:23:41.0750 4552 ImapiService - ok
    14:23:41.0750 4552 ini910u - ok
    14:23:41.0750 4552 IntelIde - ok
    14:23:41.0843 4552 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    14:23:41.0859 4552 intelppm - ok
    14:23:41.0890 4552 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    14:23:41.0906 4552 Ip6Fw - ok
    14:23:41.0921 4552 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    14:23:41.0937 4552 IpFilterDriver - ok
    14:23:41.0953 4552 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    14:23:41.0968 4552 IpInIp - ok
    14:23:42.0015 4552 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    14:23:42.0015 4552 IpNat - ok
    14:23:42.0031 4552 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    14:23:42.0031 4552 IPSec - ok
    14:23:42.0062 4552 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    14:23:42.0078 4552 IRENUM - ok
    14:23:42.0109 4552 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    14:23:42.0109 4552 isapnp - ok
    14:23:42.0265 4552 [ 7FBFEEE245821925129C9F86470BF33C ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    14:23:42.0281 4552 JavaQuickStarterService - ok
    14:23:42.0296 4552 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    14:23:42.0296 4552 Kbdclass - ok
    14:23:42.0312 4552 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    14:23:42.0312 4552 kmixer - ok
    14:23:42.0406 4552 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    14:23:42.0406 4552 KSecDD - ok
    14:23:42.0484 4552 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    14:23:42.0484 4552 lanmanserver - ok
    14:23:42.0578 4552 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    14:23:42.0593 4552 lanmanworkstation - ok
    14:23:42.0593 4552 lbrtfdc - ok
    14:23:42.0671 4552 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    14:23:42.0671 4552 LmHosts - ok
    14:23:42.0718 4552 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
    14:23:42.0718 4552 MBAMProtector - ok
    14:23:42.0765 4552 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    14:23:42.0781 4552 MBAMScheduler - ok
    14:23:42.0812 4552 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    14:23:43.0062 4552 MBAMService - ok
    14:23:43.0078 4552 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    14:23:43.0078 4552 mdmxsdk - ok
    14:23:43.0125 4552 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    14:23:43.0125 4552 Messenger - ok
    14:23:43.0187 4552 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    14:23:43.0203 4552 mnmdd - ok
    14:23:43.0265 4552 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    14:23:43.0265 4552 mnmsrvc - ok
    14:23:43.0281 4552 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    14:23:43.0296 4552 Modem - ok
    14:23:43.0296 4552 motandroidusb - ok
    14:23:43.0296 4552 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    14:23:43.0390 4552 Mouclass - ok
    14:23:43.0484 4552 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    14:23:43.0578 4552 MountMgr - ok
    14:23:43.0578 4552 mraid35x - ok
    14:23:43.0656 4552 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    14:23:43.0703 4552 MRxDAV - ok
    14:23:43.0781 4552 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    14:23:43.0843 4552 MRxSmb - ok
    14:23:43.0843 4552 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    14:23:43.0859 4552 MSDTC - ok
    14:23:43.0921 4552 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    14:23:44.0000 4552 Msfs - ok
    14:23:44.0000 4552 MSIServer - ok
    14:23:44.0046 4552 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    14:23:44.0062 4552 MSKSSRV - ok
    14:23:44.0078 4552 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    14:23:44.0078 4552 MSPCLOCK - ok
    14:23:44.0109 4552 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    14:23:44.0109 4552 MSPQM - ok
    14:23:44.0171 4552 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    14:23:44.0171 4552 mssmbios - ok
    14:23:44.0265 4552 [ 7FF9BA6D0BFBCD31DDF23EAF982D7069 ] Multi-user Cleanup Service C:\Program Files\lotus\notes\ntmulti.exe
    14:23:44.0265 4552 Multi-user Cleanup Service - ok
    14:23:44.0296 4552 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    14:23:44.0296 4552 Mup - ok
    14:23:44.0343 4552 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    14:23:44.0343 4552 napagent - ok
    14:23:44.0390 4552 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    14:23:44.0421 4552 NDIS - ok
    14:23:44.0453 4552 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    14:23:44.0453 4552 NdisTapi - ok
    14:23:44.0531 4552 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    14:23:44.0609 4552 Ndisuio - ok
    14:23:44.0609 4552 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    14:23:44.0625 4552 NdisWan - ok
    14:23:44.0703 4552 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    14:23:44.0703 4552 NDProxy - ok
    14:23:44.0796 4552 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
    14:23:44.0843 4552 Net Driver HPZ12 - ok
    14:23:44.0843 4552 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    14:23:44.0859 4552 NetBIOS - ok
    14:23:44.0937 4552 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    14:23:44.0953 4552 NetBT - ok
    14:23:45.0000 4552 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    14:23:45.0000 4552 NetDDE - ok
    14:23:45.0000 4552 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    14:23:45.0015 4552 NetDDEdsdm - ok
    14:23:45.0078 4552 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    14:23:45.0078 4552 Netlogon - ok
    14:23:45.0171 4552 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    14:23:45.0187 4552 Netman - ok
    14:23:45.0234 4552 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    14:23:45.0234 4552 NetTcpPortSharing - ok
    14:23:45.0296 4552 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    14:23:45.0312 4552 Nla - ok
    14:23:45.0312 4552 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    14:23:45.0390 4552 Npfs - ok
    14:23:45.0484 4552 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    14:23:45.0546 4552 Ntfs - ok
    14:23:45.0609 4552 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    14:23:45.0609 4552 NtLmSsp - ok
    14:23:45.0671 4552 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    14:23:45.0687 4552 NtmsSvc - ok
    14:23:45.0718 4552 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    14:23:45.0750 4552 Null - ok
    14:23:45.0796 4552 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    14:23:45.0796 4552 NwlnkFlt - ok
    14:23:45.0812 4552 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    14:23:45.0812 4552 NwlnkFwd - ok
    14:23:45.0953 4552 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    14:23:45.0953 4552 ose - ok
    14:23:46.0343 4552 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    14:23:46.0609 4552 osppsvc - ok
    14:23:46.0640 4552 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    14:23:46.0718 4552 Parport - ok
    14:23:46.0796 4552 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    14:23:46.0859 4552 PartMgr - ok
    14:23:46.0921 4552 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    14:23:46.0968 4552 ParVdm - ok
    14:23:46.0968 4552 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    14:23:46.0968 4552 PCI - ok
    14:23:46.0984 4552 PCIDump - ok
    14:23:47.0046 4552 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    14:23:47.0046 4552 PCIIde - ok
    14:23:47.0046 4552 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    14:23:47.0046 4552 Pcmcia - ok
    14:23:47.0062 4552 PDCOMP - ok
    14:23:47.0062 4552 PDFRAME - ok
    14:23:47.0062 4552 PDRELI - ok
    14:23:47.0078 4552 PDRFRAME - ok
    14:23:47.0078 4552 perc2 - ok
    14:23:47.0078 4552 perc2hib - ok
    14:23:47.0125 4552 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    14:23:47.0125 4552 PlugPlay - ok
    14:23:47.0140 4552 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
    14:23:47.0140 4552 Pml Driver HPZ12 - ok
    14:23:47.0218 4552 [ 713E294439D982BB161317DE0136FAA0 ] pneteth C:\WINDOWS\system32\DRIVERS\pneteth.sys
    14:23:47.0218 4552 pneteth - ok
    14:23:47.0234 4552 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    14:23:47.0234 4552 PolicyAgent - ok
    14:23:47.0234 4552 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    14:23:47.0250 4552 PptpMiniport - ok
    14:23:47.0250 4552 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    14:23:47.0250 4552 ProtectedStorage - ok
    14:23:47.0265 4552 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    14:23:47.0265 4552 PSched - ok
    14:23:47.0281 4552 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    14:23:47.0281 4552 Ptilink - ok
    14:23:47.0281 4552 ql1080 - ok
    14:23:47.0281 4552 Ql10wnt - ok
    14:23:47.0281 4552 ql12160 - ok
    14:23:47.0296 4552 ql1240 - ok
    14:23:47.0296 4552 ql1280 - ok
    14:23:47.0296 4552 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    14:23:47.0296 4552 RasAcd - ok
    14:23:47.0343 4552 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    14:23:47.0343 4552 RasAuto - ok
    14:23:47.0390 4552 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    14:23:47.0390 4552 Rasl2tp - ok
    14:23:47.0453 4552 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    14:23:47.0468 4552 RasMan - ok
    14:23:47.0484 4552 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    14:23:47.0484 4552 RasPppoe - ok
    14:23:47.0484 4552 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    14:23:47.0484 4552 Raspti - ok
    14:23:47.0515 4552 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    14:23:47.0515 4552 Rdbss - ok
    14:23:47.0515 4552 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    14:23:47.0515 4552 RDPCDD - ok
    14:23:47.0609 4552 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    14:23:47.0609 4552 rdpdr - ok
    14:23:47.0687 4552 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    14:23:47.0687 4552 RDPWD - ok
    14:23:47.0734 4552 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    14:23:47.0734 4552 RDSessMgr - ok
    14:23:47.0796 4552 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    14:23:47.0843 4552 redbook - ok
    14:23:47.0906 4552 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    14:23:47.0906 4552 RemoteAccess - ok
    14:23:47.0968 4552 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    14:23:48.0015 4552 RemoteRegistry - ok
    14:23:48.0031 4552 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
    14:23:48.0046 4552 RFCOMM - ok
    14:23:48.0093 4552 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    14:23:48.0109 4552 RpcLocator - ok
    14:23:48.0140 4552 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
    14:23:48.0140 4552 RpcSs - ok
    14:23:48.0218 4552 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    14:23:48.0234 4552 RSVP - ok
    14:23:48.0250 4552 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    14:23:48.0250 4552 SamSs - ok
    14:23:48.0265 4552 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    14:23:48.0281 4552 SCardSvr - ok
    14:23:48.0375 4552 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    14:23:48.0640 4552 Schedule - ok
    14:23:49.0312 4552 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    14:23:49.0312 4552 Secdrv - ok
    14:23:49.0468 4552 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    14:23:49.0515 4552 seclogon - ok
    14:23:49.0578 4552 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    14:23:49.0593 4552 SENS - ok
    14:23:49.0671 4552 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    14:23:49.0671 4552 serenum - ok
    14:23:49.0765 4552 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    14:23:49.0781 4552 Serial - ok
    14:23:50.0234 4552 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    14:23:50.0359 4552 Sfloppy - ok
    14:23:50.0562 4552 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    14:23:50.0625 4552 SharedAccess - ok
    14:23:50.0656 4552 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    14:23:50.0671 4552 ShellHWDetection - ok
    14:23:50.0671 4552 Simbad - ok
    14:23:50.0671 4552 Sparrow - ok
    14:23:50.0687 4552 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    14:23:50.0687 4552 splitter - ok
    14:23:50.0765 4552 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    14:23:50.0781 4552 Spooler - ok
    14:23:50.0796 4552 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    14:23:50.0796 4552 sr - ok
    14:23:50.0875 4552 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    14:23:50.0890 4552 srservice - ok
    14:23:50.0968 4552 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    14:23:50.0984 4552 Srv - ok
    14:23:51.0000 4552 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    14:23:51.0015 4552 SSDPSRV - ok
    14:23:51.0046 4552 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    14:23:51.0062 4552 ssmdrv - ok
    14:23:51.0171 4552 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
    14:23:51.0437 4552 STHDA - ok
    14:23:51.0531 4552 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
    14:23:51.0531 4552 StillCam - ok
    14:23:51.0703 4552 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    14:23:51.0703 4552 stisvc - ok
    14:23:51.0953 4552 [ 78B58486A5CB4F418D06EA2D6E961DB0 ] SupportSoft RemoteAssist C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
    14:23:51.0953 4552 SupportSoft RemoteAssist - ok
    14:23:52.0093 4552 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    14:23:52.0093 4552 swenum - ok
    14:23:52.0171 4552 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    14:23:52.0171 4552 swmidi - ok
    14:23:52.0171 4552 SwPrv - ok
    14:23:52.0171 4552 symc810 - ok
    14:23:52.0187 4552 symc8xx - ok
    14:23:52.0187 4552 sym_hi - ok
    14:23:52.0187 4552 sym_u3 - ok
    14:23:52.0187 4552 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    14:23:52.0187 4552 sysaudio - ok
    14:23:52.0218 4552 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    14:23:52.0234 4552 SysmonLog - ok
    14:23:52.0265 4552 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    14:23:52.0281 4552 TapiSrv - ok
    14:23:52.0406 4552 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    14:23:52.0421 4552 Tcpip - ok
    14:23:52.0468 4552 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    14:23:52.0515 4552 TDPIPE - ok
    14:23:52.0562 4552 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    14:23:52.0609 4552 TDTCP - ok
    14:23:52.0609 4552 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    14:23:52.0625 4552 TermDD - ok
    14:23:52.0765 4552 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    14:23:52.0781 4552 TermService - ok
    14:23:52.0859 4552 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    14:23:52.0875 4552 Themes - ok
    14:23:52.0921 4552 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    14:23:52.0921 4552 TlntSvr - ok
    14:23:52.0937 4552 TosIde - ok
    14:23:52.0937 4552 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    14:23:52.0937 4552 TrkWks - ok
    14:23:52.0953 4552 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    14:23:53.0015 4552 Udfs - ok
    14:23:53.0031 4552 UIUSys - ok
    14:23:53.0031 4552 ultra - ok
    14:23:53.0125 4552 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    14:23:53.0140 4552 Update - ok
    14:23:53.0187 4552 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    14:23:53.0187 4552 upnphost - ok
    14:23:53.0218 4552 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    14:23:53.0218 4552 UPS - ok
    14:23:53.0296 4552 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    14:23:53.0296 4552 usbccgp - ok
    14:23:53.0343 4552 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    14:23:53.0359 4552 usbehci - ok
    14:23:53.0656 4552 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    14:23:53.0718 4552 usbhub - ok
    14:23:54.0031 4552 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    14:23:54.0031 4552 usbprint - ok
    14:23:54.0125 4552 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    14:23:54.0125 4552 usbscan - ok
    14:23:54.0171 4552 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    14:23:54.0312 4552 USBSTOR - ok
    14:23:54.0312 4552 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    14:23:54.0312 4552 usbuhci - ok
    14:23:54.0359 4552 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    14:23:54.0359 4552 VgaSave - ok
    14:23:54.0359 4552 ViaIde - ok
    14:23:54.0375 4552 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    14:23:54.0687 4552 VolSnap - ok
    14:23:54.0937 4552 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    14:23:55.0250 4552 VSS - ok
    14:23:55.0343 4552 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    14:23:55.0343 4552 W32Time - ok
    14:23:55.0359 4552 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    14:23:55.0359 4552 Wanarp - ok
    14:23:55.0421 4552 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
    14:23:55.0437 4552 Wdf01000 - ok
    14:23:55.0437 4552 WDICA - ok
    14:23:55.0484 4552 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    14:23:55.0484 4552 wdmaud - ok
    14:23:55.0500 4552 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    14:23:55.0609 4552 WebClient - ok
    14:23:55.0703 4552 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
    14:23:55.0718 4552 winachsf - ok
    14:23:55.0937 4552 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    14:23:55.0937 4552 winmgmt - ok
    14:23:56.0031 4552 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
    14:23:56.0093 4552 WinRM - ok
    14:23:56.0140 4552 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
    14:23:56.0140 4552 WinUSB - ok
    14:23:56.0140 4552 wltrysvc - ok
    14:23:56.0187 4552 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    14:23:56.0187 4552 WmdmPmSN - ok
    14:23:56.0250 4552 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    14:23:56.0265 4552 Wmi - ok
    14:23:56.0343 4552 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    14:23:56.0343 4552 WmiAcpi - ok
    14:23:56.0421 4552 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    14:23:56.0421 4552 WmiApSrv - ok
    14:23:56.0781 4552 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    14:23:56.0875 4552 WMPNetworkSvc - ok
    14:23:57.0031 4552 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    14:23:57.0375 4552 WPFFontCache_v0400 - ok
    14:23:57.0453 4552 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    14:23:57.0468 4552 wscsvc - ok
    14:23:57.0468 4552 WSearch - ok
    14:23:57.0546 4552 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    14:23:57.0546 4552 wuauserv - ok
    14:23:57.0578 4552 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    14:23:57.0593 4552 WudfPf - ok
    14:23:57.0656 4552 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    14:23:57.0656 4552 WudfRd - ok
    14:23:57.0671 4552 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    14:23:57.0687 4552 WudfSvc - ok
    14:23:57.0750 4552 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    14:23:57.0765 4552 WZCSVC - ok
    14:23:57.0812 4552 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    14:23:57.0890 4552 xmlprov - ok
    14:23:57.0890 4552 ================ Scan global ===============================
    14:23:57.0953 4552 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    14:23:58.0062 4552 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    14:23:58.0078 4552 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    14:23:58.0156 4552 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    14:23:58.0156 4552 [Global] - ok
    14:23:58.0156 4552 ================ Scan MBR ==================================
    14:23:58.0218 4552 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    14:23:58.0281 4552 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
    14:23:58.0281 4552 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
    14:23:58.0281 4552 ================ Scan VBR ==================================
    14:23:58.0281 4552 [ 36A30189B366FA8D6D26E106AC8E40FC ] \Device\Harddisk0\DR0\Partition1
    14:23:58.0281 4552 \Device\Harddisk0\DR0\Partition1 - ok
    14:23:58.0281 4552 ============================================================
    14:23:58.0281 4552 Scan finished
    14:23:58.0281 4552 ============================================================
    14:23:58.0296 1872 Detected object count: 1
    14:23:58.0296 1872 Actual detected object count: 1
    14:24:07.0515 1872 \Device\Harddisk0\DR0\# - copied to quarantine
    14:24:07.0515 1872 \Device\Harddisk0\DR0 - copied to quarantine
    14:24:07.0562 1872 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
    14:24:07.0703 1872 \Device\Harddisk0\DR0 - ok
    14:24:07.0703 1872 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
     
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,313
    If it didn't reboot please do so. Then I'll need you to run TDSSKiller one more time and post the new log so I can be sure it was indeed cured.
     
  10. genubi

    genubi Thread Starter

    Joined:
    Oct 12, 2000
    Messages:
    81
    It did reboot. before completing the reboot TDSSKiller came back on. I ran it and it said that there were not problems. I closed it. I will run it again and send you the log. However, once I closed TDSSKiller and the reboot completed, my antivirus software, Avira bleeped, the bleep of a bug. The message said the bug was still there.
    Here is the info, there were two entries as follows:
    First
    Virus or unwanted program 'JS/Redirect.CH [virus]'
    detected in file 'C:\Documents and Settings\Michael\Local Settings\Temp\scoped_dir_3184_8685\CRX_INSTALL\manager.js.
    Action performed: Deny access

    Second:
    Virus or unwanted program 'JS/Redirect.CH [virus]'
    detected in file 'C:\Documents and Settings\Michael\Local Settings\Temp\scoped_dir_3184_8685\CRX_INSTALL\manager.js.
    Action performed: Transfer to Scanner

    I have to take my daughter to the dentist, so I will get back on this when I get home.
    Thanks for your help.
     
  11. genubi

    genubi Thread Starter

    Joined:
    Oct 12, 2000
    Messages:
    81
    14:41:14.0609 4088 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    14:41:15.0031 4088 ============================================================
    14:41:15.0031 4088 Current date / time: 2013/01/29 14:41:15.0031
    14:41:15.0031 4088 SystemInfo:
    14:41:15.0031 4088
    14:41:15.0031 4088 OS Version: 5.1.2600 ServicePack: 3.0
    14:41:15.0031 4088 Product type: Workstation
    14:41:15.0031 4088 ComputerName: ZUBENAL
    14:41:15.0031 4088 UserName: Michael
    14:41:15.0031 4088 Windows directory: C:\WINDOWS
    14:41:15.0031 4088 System windows directory: C:\WINDOWS
    14:41:15.0031 4088 Processor architecture: Intel x86
    14:41:15.0031 4088 Number of processors: 2
    14:41:15.0031 4088 Page size: 0x1000
    14:41:15.0031 4088 Boot type: Normal boot
    14:41:15.0031 4088 ============================================================
    14:41:22.0656 4088 BG loaded
    14:41:22.0890 4088 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    14:41:22.0890 4088 ============================================================
    14:41:22.0890 4088 \Device\Harddisk0\DR0:
    14:41:22.0890 4088 MBR partitions:
    14:41:22.0890 4088 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
    14:41:22.0890 4088 ============================================================
    14:41:22.0968 4088 C: <-> \Device\Harddisk0\DR0\Partition1
    14:41:22.0968 4088 ============================================================
    14:41:22.0968 4088 Initialize success
    14:41:22.0968 4088 ============================================================
    14:41:24.0234 5468 ============================================================
    14:41:24.0234 5468 Scan started
    14:41:24.0234 5468 Mode: Manual;
    14:41:24.0234 5468 ============================================================
    14:41:27.0125 5468 ================ Scan system memory ========================
    14:41:27.0125 5468 System memory - ok
    14:41:27.0125 5468 ================ Scan services =============================
    14:41:27.0578 5468 Abiosdsk - ok
    14:41:27.0578 5468 abp480n5 - ok
    14:41:27.0671 5468 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    14:41:27.0671 5468 ACPI - ok
    14:41:27.0734 5468 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    14:41:27.0734 5468 ACPIEC - ok
    14:41:27.0890 5468 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    14:41:27.0890 5468 AdobeFlashPlayerUpdateSvc - ok
    14:41:27.0906 5468 adpu160m - ok
    14:41:27.0968 5468 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    14:41:27.0968 5468 aec - ok
    14:41:28.0109 5468 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    14:41:28.0109 5468 AFD - ok
    14:41:28.0109 5468 Aha154x - ok
    14:41:28.0140 5468 aic78u2 - ok
    14:41:28.0140 5468 aic78xx - ok
    14:41:28.0203 5468 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    14:41:28.0203 5468 Alerter - ok
    14:41:28.0265 5468 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    14:41:28.0265 5468 ALG - ok
    14:41:28.0265 5468 AliIde - ok
    14:41:28.0265 5468 amsint - ok
    14:41:28.0984 5468 [ 05EBF798D6A8AB74B4923E49B5681741 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
    14:41:28.0984 5468 AntiVirMailService - ok
    14:41:29.0187 5468 [ EC974E0B4C5290E695F4D99A3571864B ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
    14:41:29.0187 5468 AntiVirSchedulerService - ok
    14:41:29.0281 5468 [ 0CA64AC331DA61CCE0FD2C8FBA129F30 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    14:41:29.0281 5468 AntiVirService - ok
    14:41:29.0328 5468 [ 18BF884CB5B2F3B36EB82A1A2D00E934 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    14:41:29.0328 5468 AntiVirWebService - ok
    14:41:29.0421 5468 [ 090880E9BF20F928BC341F96D27C019E ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    14:41:29.0421 5468 ApfiltrService - ok
    14:41:29.0468 5468 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    14:41:29.0484 5468 AppMgmt - ok
    14:41:29.0484 5468 asc - ok
    14:41:29.0484 5468 asc3350p - ok
    14:41:29.0484 5468 asc3550 - ok
    14:41:29.0718 5468 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    14:41:29.0718 5468 aspnet_state - ok
    14:41:29.0781 5468 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    14:41:29.0781 5468 AsyncMac - ok
    14:41:29.0875 5468 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    14:41:29.0875 5468 atapi - ok
    14:41:29.0875 5468 Atdisk - ok
    14:41:29.0921 5468 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    14:41:29.0921 5468 Atmarpc - ok
    14:41:29.0968 5468 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    14:41:29.0968 5468 AudioSrv - ok
    14:41:30.0062 5468 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    14:41:30.0062 5468 audstub - ok
    14:41:30.0093 5468 [ D57E60FF40E858B653C404605BBDD6FC ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    14:41:30.0109 5468 avgntflt - ok
    14:41:30.0156 5468 [ 0189056DDBF23C7DEF09D2B5999C5405 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
    14:41:30.0156 5468 avipbb - ok
    14:41:30.0156 5468 [ 5BE9B023D7917E6B51FC402DE06819B4 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
    14:41:30.0156 5468 avkmgr - ok
    14:41:30.0250 5468 [ C0ACD392ECE55784884CC208AAFA06CE ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    14:41:30.0250 5468 b57w2k - ok
    14:41:30.0390 5468 [ 345D38F298368DD6B0DF5C4F37457A22 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    14:41:30.0406 5468 BCM43XX - ok
    14:41:30.0453 5468 [ 40F8C4C10ED67B1DE44ABF82582BAC37 ] BCOREUSB C:\WINDOWS\system32\Drivers\BCOREUSB.sys
    14:41:30.0453 5468 BCOREUSB - ok
    14:41:30.0515 5468 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    14:41:30.0515 5468 Beep - ok
    14:41:30.0656 5468 [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen C:\WINDOWS\system32\bgsvcgen.exe
    14:41:30.0656 5468 bgsvcgen - ok
    14:41:30.0781 5468 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    14:41:30.0781 5468 BITS - ok
    14:41:30.0859 5468 [ B26E18ADAA16E507166E3B61E79A1E25 ] Bluetooth Hid Switch Service C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe
    14:41:30.0859 5468 Bluetooth Hid Switch Service - ok
    14:41:30.0937 5468 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    14:41:30.0937 5468 Browser - ok
    14:41:30.0984 5468 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
    14:41:30.0984 5468 BthEnum - ok
    14:41:31.0000 5468 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
    14:41:31.0000 5468 BthPan - ok
    14:41:31.0062 5468 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
    14:41:31.0062 5468 BTHPORT - ok
    14:41:31.0140 5468 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
    14:41:31.0140 5468 BthServ - ok
    14:41:31.0187 5468 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
    14:41:31.0187 5468 BTHUSB - ok
    14:41:31.0218 5468 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    14:41:31.0218 5468 cbidf2k - ok
    14:41:31.0218 5468 cd20xrnt - ok
    14:41:31.0265 5468 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    14:41:31.0265 5468 Cdaudio - ok
    14:41:31.0281 5468 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    14:41:31.0281 5468 Cdfs - ok
    14:41:31.0296 5468 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    14:41:31.0296 5468 Cdrom - ok
    14:41:31.0343 5468 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
    14:41:31.0359 5468 cercsr6 - ok
    14:41:31.0359 5468 Changer - ok
    14:41:31.0406 5468 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    14:41:31.0406 5468 CiSvc - ok
    14:41:31.0421 5468 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    14:41:31.0421 5468 ClipSrv - ok
    14:41:31.0437 5468 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    14:41:31.0437 5468 clr_optimization_v2.0.50727_32 - ok
    14:41:31.0515 5468 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    14:41:31.0531 5468 clr_optimization_v4.0.30319_32 - ok
    14:41:31.0531 5468 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    14:41:31.0546 5468 CmBatt - ok
    14:41:31.0546 5468 CmdIde - ok
    14:41:31.0609 5468 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
    14:41:31.0609 5468 Compbatt - ok
    14:41:31.0625 5468 COMSysApp - ok
    14:41:31.0625 5468 Cpqarray - ok
    14:41:31.0703 5468 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    14:41:31.0703 5468 CryptSvc - ok
    14:41:31.0703 5468 dac2w2k - ok
    14:41:31.0703 5468 dac960nt - ok
    14:41:31.0906 5468 [ 465EBC2179406DE124D9F9B4912ACB14 ] DB2MGMTSVC_DB2COPY1 C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe
    14:41:31.0906 5468 DB2MGMTSVC_DB2COPY1 - ok
    14:41:31.0984 5468 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    14:41:31.0984 5468 DcomLaunch - ok
    14:41:32.0078 5468 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    14:41:32.0078 5468 Dhcp - ok
    14:41:32.0093 5468 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    14:41:32.0093 5468 Disk - ok
    14:41:32.0093 5468 dmadmin - ok
    14:41:32.0156 5468 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    14:41:32.0156 5468 dmboot - ok
    14:41:32.0171 5468 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    14:41:32.0171 5468 dmio - ok
    14:41:32.0203 5468 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    14:41:32.0203 5468 dmload - ok
    14:41:32.0218 5468 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    14:41:32.0218 5468 dmserver - ok
    14:41:32.0281 5468 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    14:41:32.0281 5468 DMusic - ok
    14:41:32.0343 5468 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    14:41:32.0343 5468 Dnscache - ok
    14:41:32.0406 5468 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    14:41:32.0406 5468 Dot3svc - ok
    14:41:32.0421 5468 dpti2o - ok
    14:41:32.0421 5468 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    14:41:32.0421 5468 drmkaud - ok
    14:41:32.0453 5468 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    14:41:32.0453 5468 EapHost - ok
    14:41:32.0500 5468 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    14:41:32.0500 5468 ERSvc - ok
    14:41:32.0578 5468 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    14:41:32.0593 5468 Eventlog - ok
    14:41:32.0703 5468 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    14:41:32.0703 5468 EventSystem - ok
    14:41:32.0828 5468 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    14:41:32.0828 5468 Fastfat - ok
    14:41:32.0953 5468 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    14:41:32.0953 5468 FastUserSwitchingCompatibility - ok
    14:41:33.0031 5468 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    14:41:33.0031 5468 Fdc - ok
    14:41:33.0140 5468 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    14:41:33.0140 5468 Fips - ok
    14:41:33.0187 5468 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    14:41:33.0187 5468 Flpydisk - ok
    14:41:33.0218 5468 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    14:41:33.0218 5468 FltMgr - ok
    14:41:33.0328 5468 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    14:41:33.0328 5468 FontCache3.0.0.0 - ok
    14:41:33.0343 5468 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    14:41:33.0343 5468 Fs_Rec - ok
    14:41:33.0359 5468 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    14:41:33.0359 5468 Ftdisk - ok
    14:41:33.0359 5468 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    14:41:33.0375 5468 Gpc - ok
    14:41:33.0453 5468 [ C0BDAB85F3E8B2138C513255E2BCC4D8 ] guardian2 C:\WINDOWS\system32\Drivers\oz776.sys
    14:41:33.0453 5468 guardian2 - ok
    14:41:33.0640 5468 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    14:41:33.0640 5468 gupdate - ok
    14:41:33.0640 5468 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    14:41:33.0640 5468 gupdatem - ok
    14:41:33.0796 5468 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    14:41:33.0796 5468 gusvc - ok
    14:41:33.0812 5468 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    14:41:33.0812 5468 HDAudBus - ok
    14:41:33.0984 5468 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    14:41:33.0984 5468 helpsvc - ok
    14:41:33.0984 5468 HidServ - ok
    14:41:34.0046 5468 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    14:41:34.0046 5468 hkmsvc - ok
    14:41:34.0046 5468 hpn - ok
    14:41:34.0203 5468 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    14:41:34.0203 5468 hpqcxs08 - ok
    14:41:34.0218 5468 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    14:41:34.0218 5468 hpqddsvc - ok
    14:41:34.0250 5468 [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
    14:41:34.0265 5468 HPSLPSVC - ok
    14:41:34.0359 5468 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
    14:41:34.0375 5468 HSF_DPV - ok
    14:41:34.0390 5468 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
    14:41:34.0390 5468 HSXHWAZL - ok
    14:41:34.0484 5468 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    14:41:34.0484 5468 HTTP - ok
    14:41:34.0531 5468 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    14:41:34.0531 5468 HTTPFilter - ok
    14:41:34.0531 5468 i2omgmt - ok
    14:41:34.0531 5468 i2omp - ok
    14:41:34.0593 5468 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    14:41:34.0609 5468 i8042prt - ok
    14:41:34.0921 5468 [ E8C7CC369C2FB657E0792AF70DF529E6 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    14:41:34.0953 5468 ialm - ok
    14:41:35.0125 5468 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    14:41:35.0125 5468 IDriverT - ok
    14:41:35.0250 5468 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    14:41:35.0250 5468 idsvc - ok
    14:41:35.0312 5468 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    14:41:35.0312 5468 Imapi - ok
    14:41:35.0406 5468 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    14:41:35.0406 5468 ImapiService - ok
    14:41:35.0421 5468 ini910u - ok
    14:41:35.0421 5468 IntelIde - ok
    14:41:35.0453 5468 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    14:41:35.0453 5468 intelppm - ok
    14:41:35.0500 5468 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    14:41:35.0500 5468 Ip6Fw - ok
    14:41:35.0531 5468 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    14:41:35.0531 5468 IpFilterDriver - ok
    14:41:35.0562 5468 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    14:41:35.0562 5468 IpInIp - ok
    14:41:35.0625 5468 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    14:41:35.0625 5468 IpNat - ok
    14:41:35.0640 5468 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    14:41:35.0640 5468 IPSec - ok
    14:41:35.0687 5468 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    14:41:35.0687 5468 IRENUM - ok
    14:41:35.0750 5468 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    14:41:35.0750 5468 isapnp - ok
    14:41:36.0000 5468 [ 7FBFEEE245821925129C9F86470BF33C ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    14:41:36.0000 5468 JavaQuickStarterService - ok
    14:41:36.0078 5468 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    14:41:36.0078 5468 Kbdclass - ok
    14:41:36.0093 5468 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    14:41:36.0093 5468 kmixer - ok
    14:41:36.0140 5468 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    14:41:36.0140 5468 KSecDD - ok
    14:41:36.0203 5468 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    14:41:36.0203 5468 lanmanserver - ok
    14:41:36.0296 5468 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    14:41:36.0296 5468 lanmanworkstation - ok
    14:41:36.0296 5468 lbrtfdc - ok
    14:41:36.0390 5468 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    14:41:36.0390 5468 LmHosts - ok
    14:41:36.0437 5468 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
    14:41:36.0437 5468 MBAMProtector - ok
    14:41:36.0484 5468 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    14:41:36.0500 5468 MBAMScheduler - ok
    14:41:36.0687 5468 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    14:41:36.0687 5468 MBAMService - ok
    14:41:36.0765 5468 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    14:41:36.0765 5468 mdmxsdk - ok
    14:41:36.0812 5468 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    14:41:36.0812 5468 Messenger - ok
    14:41:36.0875 5468 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    14:41:36.0875 5468 mnmdd - ok
    14:41:36.0937 5468 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    14:41:36.0937 5468 mnmsrvc - ok
    14:41:36.0937 5468 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    14:41:36.0937 5468 Modem - ok
    14:41:36.0953 5468 motandroidusb - ok
    14:41:37.0000 5468 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    14:41:37.0000 5468 Mouclass - ok
    14:41:37.0078 5468 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    14:41:37.0078 5468 MountMgr - ok
    14:41:37.0078 5468 mraid35x - ok
    14:41:37.0156 5468 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    14:41:37.0171 5468 MRxDAV - ok
    14:41:37.0250 5468 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    14:41:37.0250 5468 MRxSmb - ok
    14:41:37.0312 5468 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    14:41:37.0312 5468 MSDTC - ok
    14:41:37.0328 5468 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    14:41:37.0328 5468 Msfs - ok
    14:41:37.0328 5468 MSIServer - ok
    14:41:37.0406 5468 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    14:41:37.0406 5468 MSKSSRV - ok
    14:41:37.0421 5468 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    14:41:37.0421 5468 MSPCLOCK - ok
    14:41:37.0453 5468 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    14:41:37.0453 5468 MSPQM - ok
    14:41:37.0500 5468 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    14:41:37.0500 5468 mssmbios - ok
    14:41:37.0765 5468 [ 7FF9BA6D0BFBCD31DDF23EAF982D7069 ] Multi-user Cleanup Service C:\Program Files\lotus\notes\ntmulti.exe
    14:41:37.0765 5468 Multi-user Cleanup Service - ok
    14:41:37.0968 5468 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    14:41:37.0968 5468 Mup - ok
    14:41:38.0109 5468 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    14:41:38.0109 5468 napagent - ok
    14:41:38.0203 5468 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    14:41:38.0203 5468 NDIS - ok
    14:41:38.0328 5468 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    14:41:38.0328 5468 NdisTapi - ok
    14:41:38.0421 5468 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    14:41:38.0421 5468 Ndisuio - ok
    14:41:38.0421 5468 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    14:41:38.0421 5468 NdisWan - ok
    14:41:38.0515 5468 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    14:41:38.0515 5468 NDProxy - ok
    14:41:38.0625 5468 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
    14:41:38.0625 5468 Net Driver HPZ12 - ok
    14:41:38.0625 5468 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    14:41:38.0625 5468 NetBIOS - ok
    14:41:38.0718 5468 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    14:41:38.0734 5468 NetBT - ok
    14:41:38.0781 5468 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    14:41:38.0796 5468 NetDDE - ok
    14:41:38.0796 5468 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    14:41:38.0796 5468 NetDDEdsdm - ok
    14:41:38.0859 5468 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    14:41:38.0859 5468 Netlogon - ok
    14:41:38.0968 5468 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    14:41:38.0968 5468 Netman - ok
    14:41:39.0015 5468 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    14:41:39.0015 5468 NetTcpPortSharing - ok
    14:41:39.0140 5468 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    14:41:39.0140 5468 Nla - ok
    14:41:39.0156 5468 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    14:41:39.0156 5468 Npfs - ok
    14:41:39.0375 5468 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    14:41:39.0375 5468 Ntfs - ok
    14:41:39.0390 5468 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    14:41:39.0390 5468 NtLmSsp - ok
    14:41:39.0453 5468 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    14:41:39.0468 5468 NtmsSvc - ok
    14:41:39.0500 5468 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    14:41:39.0500 5468 Null - ok
    14:41:39.0562 5468 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    14:41:39.0562 5468 NwlnkFlt - ok
    14:41:39.0562 5468 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    14:41:39.0562 5468 NwlnkFwd - ok
    14:41:39.0718 5468 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    14:41:39.0718 5468 ose - ok
    14:41:40.0281 5468 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    14:41:40.0312 5468 osppsvc - ok
    14:41:40.0406 5468 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    14:41:40.0406 5468 Parport - ok
    14:41:40.0484 5468 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    14:41:40.0484 5468 PartMgr - ok
    14:41:40.0546 5468 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    14:41:40.0546 5468 ParVdm - ok
    14:41:40.0562 5468 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    14:41:40.0562 5468 PCI - ok
    14:41:40.0578 5468 PCIDump - ok
    14:41:40.0625 5468 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    14:41:40.0625 5468 PCIIde - ok
    14:41:41.0000 5468 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    14:41:41.0000 5468 Pcmcia - ok
    14:41:41.0015 5468 PDCOMP - ok
    14:41:41.0015 5468 PDFRAME - ok
    14:41:41.0015 5468 PDRELI - ok
    14:41:41.0031 5468 PDRFRAME - ok
    14:41:41.0031 5468 perc2 - ok
    14:41:41.0062 5468 perc2hib - ok
    14:41:41.0125 5468 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    14:41:41.0125 5468 PlugPlay - ok
    14:41:41.0484 5468 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
    14:41:41.0484 5468 Pml Driver HPZ12 - ok
    14:41:41.0781 5468 [ 713E294439D982BB161317DE0136FAA0 ] pneteth C:\WINDOWS\system32\DRIVERS\pneteth.sys
    14:41:41.0781 5468 pneteth - ok
    14:41:41.0984 5468 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    14:41:41.0984 5468 PolicyAgent - ok
    14:41:42.0031 5468 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    14:41:42.0046 5468 PptpMiniport - ok
    14:41:42.0078 5468 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    14:41:42.0078 5468 ProtectedStorage - ok
    14:41:42.0078 5468 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    14:41:42.0078 5468 PSched - ok
    14:41:42.0125 5468 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    14:41:42.0125 5468 Ptilink - ok
    14:41:42.0125 5468 ql1080 - ok
    14:41:42.0140 5468 Ql10wnt - ok
    14:41:42.0140 5468 ql12160 - ok
    14:41:42.0140 5468 ql1240 - ok
    14:41:42.0156 5468 ql1280 - ok
    14:41:42.0203 5468 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    14:41:42.0203 5468 RasAcd - ok
    14:41:42.0250 5468 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    14:41:42.0250 5468 RasAuto - ok
    14:41:42.0312 5468 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    14:41:42.0312 5468 Rasl2tp - ok
    14:41:42.0390 5468 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    14:41:42.0390 5468 RasMan - ok
    14:41:42.0406 5468 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    14:41:42.0421 5468 RasPppoe - ok
    14:41:42.0421 5468 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    14:41:42.0421 5468 Raspti - ok
    14:41:42.0500 5468 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    14:41:42.0500 5468 Rdbss - ok
    14:41:42.0500 5468 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    14:41:42.0515 5468 RDPCDD - ok
    14:41:42.0593 5468 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    14:41:42.0593 5468 rdpdr - ok
    14:41:42.0734 5468 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    14:41:42.0750 5468 RDPWD - ok
    14:41:43.0078 5468 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    14:41:43.0078 5468 RDSessMgr - ok
    14:41:43.0281 5468 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    14:41:43.0390 5468 redbook - ok
    14:41:43.0484 5468 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    14:41:43.0500 5468 RemoteAccess - ok
    14:41:43.0625 5468 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    14:41:43.0625 5468 RemoteRegistry - ok
    14:41:43.0703 5468 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
    14:41:43.0703 5468 RFCOMM - ok
    14:41:43.0703 5468 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    14:41:43.0703 5468 RpcLocator - ok
    14:41:43.0765 5468 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
    14:41:43.0765 5468 RpcSs - ok
    14:41:43.0843 5468 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    14:41:43.0843 5468 RSVP - ok
    14:41:43.0875 5468 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    14:41:43.0890 5468 SamSs - ok
    14:41:43.0906 5468 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    14:41:43.0906 5468 SCardSvr - ok
    14:41:44.0000 5468 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    14:41:44.0015 5468 Schedule - ok
    14:41:44.0046 5468 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    14:41:44.0109 5468 Secdrv - ok
    14:41:44.0156 5468 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    14:41:44.0156 5468 seclogon - ok
    14:41:44.0156 5468 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    14:41:44.0156 5468 SENS - ok
    14:41:44.0234 5468 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    14:41:44.0234 5468 serenum - ok
    14:41:44.0250 5468 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    14:41:44.0265 5468 Serial - ok
    14:41:44.0328 5468 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    14:41:44.0328 5468 Sfloppy - ok
    14:41:44.0421 5468 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    14:41:44.0421 5468 SharedAccess - ok
    14:41:44.0437 5468 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    14:41:44.0437 5468 ShellHWDetection - ok
    14:41:44.0453 5468 Simbad - ok
    14:41:44.0453 5468 Sparrow - ok
    14:41:44.0468 5468 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    14:41:44.0546 5468 splitter - ok
    14:41:44.0671 5468 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    14:41:44.0671 5468 Spooler - ok
    14:41:44.0765 5468 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    14:41:44.0765 5468 sr - ok
    14:41:44.0859 5468 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    14:41:44.0859 5468 srservice - ok
    14:41:44.0984 5468 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    14:41:44.0984 5468 Srv - ok
    14:41:45.0046 5468 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    14:41:45.0046 5468 SSDPSRV - ok
    14:41:45.0125 5468 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    14:41:45.0125 5468 ssmdrv - ok
    14:41:45.0234 5468 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
    14:41:45.0250 5468 STHDA - ok
    14:41:45.0343 5468 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
    14:41:45.0343 5468 StillCam - ok
    14:41:45.0406 5468 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    14:41:45.0406 5468 stisvc - ok
    14:41:45.0656 5468 [ 78B58486A5CB4F418D06EA2D6E961DB0 ] SupportSoft RemoteAssist C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
    14:41:45.0656 5468 SupportSoft RemoteAssist - ok
    14:41:45.0765 5468 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    14:41:45.0765 5468 swenum - ok
    14:41:45.0843 5468 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    14:41:45.0843 5468 swmidi - ok
    14:41:45.0843 5468 SwPrv - ok
    14:41:45.0843 5468 symc810 - ok
    14:41:45.0859 5468 symc8xx - ok
    14:41:45.0859 5468 sym_hi - ok
    14:41:45.0859 5468 sym_u3 - ok
    14:41:45.0890 5468 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    14:41:45.0890 5468 sysaudio - ok
    14:41:45.0906 5468 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    14:41:45.0921 5468 SysmonLog - ok
    14:41:46.0093 5468 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    14:41:46.0093 5468 TapiSrv - ok
    14:41:46.0312 5468 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    14:41:46.0328 5468 Tcpip - ok
    14:41:46.0375 5468 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    14:41:46.0375 5468 TDPIPE - ok
    14:41:46.0390 5468 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    14:41:46.0390 5468 TDTCP - ok
    14:41:46.0437 5468 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    14:41:46.0437 5468 TermDD - ok
    14:41:46.0453 5468 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    14:41:46.0453 5468 TermService - ok
    14:41:46.0453 5468 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    14:41:46.0468 5468 Themes - ok
    14:41:46.0515 5468 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    14:41:46.0515 5468 TlntSvr - ok
    14:41:46.0515 5468 TosIde - ok
    14:41:46.0515 5468 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    14:41:46.0531 5468 TrkWks - ok
    14:41:46.0546 5468 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    14:41:46.0546 5468 Udfs - ok
    14:41:46.0546 5468 UIUSys - ok
    14:41:46.0546 5468 ultra - ok
    14:41:46.0625 5468 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    14:41:46.0625 5468 Update - ok
    14:41:46.0703 5468 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    14:41:46.0703 5468 upnphost - ok
    14:41:46.0718 5468 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    14:41:46.0718 5468 UPS - ok
    14:41:46.0781 5468 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    14:41:46.0781 5468 usbccgp - ok
    14:41:46.0843 5468 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    14:41:46.0843 5468 usbehci - ok
    14:41:46.0937 5468 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    14:41:46.0937 5468 usbhub - ok
    14:41:46.0984 5468 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    14:41:46.0984 5468 usbprint - ok
    14:41:47.0000 5468 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    14:41:47.0000 5468 usbscan - ok
    14:41:47.0046 5468 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    14:41:47.0046 5468 USBSTOR - ok
    14:41:47.0062 5468 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    14:41:47.0062 5468 usbuhci - ok
    14:41:47.0062 5468 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    14:41:47.0062 5468 VgaSave - ok
    14:41:47.0062 5468 ViaIde - ok
    14:41:47.0078 5468 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    14:41:47.0078 5468 VolSnap - ok
    14:41:47.0125 5468 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    14:41:47.0125 5468 VSS - ok
    14:41:47.0156 5468 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    14:41:47.0156 5468 W32Time - ok
    14:41:47.0234 5468 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    14:41:47.0234 5468 Wanarp - ok
    14:41:47.0328 5468 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
    14:41:47.0328 5468 Wdf01000 - ok
    14:41:47.0328 5468 WDICA - ok
    14:41:47.0375 5468 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    14:41:47.0375 5468 wdmaud - ok
    14:41:47.0468 5468 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    14:41:47.0484 5468 WebClient - ok
    14:41:47.0781 5468 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
    14:41:47.0796 5468 winachsf - ok
    14:41:48.0531 5468 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    14:41:48.0531 5468 winmgmt - ok
    14:41:48.0968 5468 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
    14:41:48.0968 5468 WinRM - ok
    14:41:49.0000 5468 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
    14:41:49.0000 5468 WinUSB - ok
    14:41:49.0000 5468 wltrysvc - ok
    14:41:49.0062 5468 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    14:41:49.0062 5468 WmdmPmSN - ok
    14:41:49.0234 5468 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    14:41:49.0250 5468 Wmi - ok
    14:41:49.0296 5468 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    14:41:49.0296 5468 WmiAcpi - ok
    14:41:49.0375 5468 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    14:41:49.0375 5468 WmiApSrv - ok
    14:41:49.0687 5468 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    14:41:49.0703 5468 WMPNetworkSvc - ok
    14:41:50.0140 5468 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    14:41:50.0187 5468 WPFFontCache_v0400 - ok
    14:41:50.0281 5468 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    14:41:50.0281 5468 wscsvc - ok
    14:41:50.0281 5468 WSearch - ok
    14:41:50.0406 5468 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    14:41:50.0406 5468 wuauserv - ok
    14:41:50.0546 5468 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    14:41:50.0546 5468 WudfPf - ok
    14:41:50.0750 5468 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    14:41:50.0750 5468 WudfRd - ok
    14:41:50.0890 5468 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    14:41:50.0906 5468 WudfSvc - ok
    14:41:51.0265 5468 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    14:41:51.0265 5468 WZCSVC - ok
    14:41:51.0484 5468 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    14:41:51.0484 5468 xmlprov - ok
    14:41:51.0484 5468 ================ Scan global ===============================
    14:41:51.0578 5468 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    14:41:51.0843 5468 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    14:41:51.0859 5468 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    14:41:51.0921 5468 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    14:41:51.0921 5468 [Global] - ok
    14:41:51.0921 5468 ================ Scan MBR ==================================
    14:41:51.0984 5468 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    14:41:52.0421 5468 \Device\Harddisk0\DR0 - ok
    14:41:52.0421 5468 ================ Scan VBR ==================================
    14:41:52.0421 5468 [ 36A30189B366FA8D6D26E106AC8E40FC ] \Device\Harddisk0\DR0\Partition1
    14:41:52.0421 5468 \Device\Harddisk0\DR0\Partition1 - ok
    14:41:52.0421 5468 ============================================================
    14:41:52.0421 5468 Scan finished
    14:41:52.0421 5468 ============================================================
    14:41:52.0437 4028 Detected object count: 0
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,313
    OK. Next, please download OTL to your Desktop.
    • Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under Custom Scans/Fixes type in Netsvcs
    • Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long.
    • When the scan completes, it will open two Notepad windows called OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy and paste the contents of both of these files here in your next reply.
     
  13. genubi

    genubi Thread Starter

    Joined:
    Oct 12, 2000
    Messages:
    81
    OTL logfile created on: 1/29/2013 6:36:42 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Michael\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 53.85% Memory free
    4.83 Gb Paging File | 3.31 Gb Available in Paging File | 68.41% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.79 Gb Total Space | 63.65 Gb Free Space | 56.94% Space Free | Partition Type: NTFS

    Computer Name: ZUBENAL | User Name: Michael | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/29 18:34:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\My Documents\Downloads\OTL.exe
    PRC - [2013/01/29 05:21:47 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael\Desktop\tdsskiller.exe
    PRC - [2013/01/27 10:42:42 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2013/01/18 20:40:53 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2013/01/18 20:39:04 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
    PRC - [2013/01/18 20:39:00 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2013/01/18 20:38:37 | 000,400,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
    PRC - [2013/01/18 20:38:33 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2013/01/18 20:38:32 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2013/01/18 20:38:25 | 000,387,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Program Files\Avira\AntiVir Desktop\avcenter.exe
    PRC - [2013/01/18 03:07:04 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/03/09 12:30:50 | 000,484,976 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe
    PRC - [2010/12/21 00:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    PRC - [2009/05/30 19:55:26 | 000,037,664 | ---- | M] (International Business Machines Corporation) -- C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe
    PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/06/15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
    PRC - [2007/05/10 09:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    PRC - [2005/12/01 06:35:58 | 000,057,393 | ---- | M] (IBM Corp) -- C:\Program Files\lotus\notes\ntmulti.exe
    PRC - [2005/10/07 13:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
    PRC - [2005/07/27 15:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
    PRC - [2004/06/28 22:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/01/26 14:31:15 | 000,595,456 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\wutin.dll
    MOD - [2013/01/18 20:41:10 | 000,397,088 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
    MOD - [2013/01/18 03:07:02 | 012,459,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
    MOD - [2013/01/18 03:07:02 | 000,460,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppgooglenaclpluginchrome.dll
    MOD - [2013/01/18 03:07:01 | 004,012,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
    MOD - [2013/01/18 03:06:15 | 000,597,968 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\libglesv2.dll
    MOD - [2013/01/18 03:06:15 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\libegl.dll
    MOD - [2013/01/18 03:06:13 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll
    MOD - [2012/03/09 12:30:50 | 000,484,976 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe
    MOD - [2009/10/07 14:01:34 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
    MOD - [2009/10/07 14:01:14 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
    MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2004/07/20 16:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - [2013/01/27 10:42:42 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2013/01/18 20:40:53 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2013/01/18 20:39:04 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
    SRV - [2013/01/18 20:38:37 | 000,400,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
    SRV - [2013/01/18 20:38:33 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2013/01/08 23:31:31 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2010/04/16 09:03:12 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
    SRV - [2009/05/30 19:55:26 | 000,037,664 | ---- | M] (International Business Machines Corporation) [Auto | Running] -- C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe -- (DB2MGMTSVC_DB2COPY1)
    SRV - [2007/06/15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen)
    SRV - [2005/12/01 06:35:58 | 000,057,393 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\lotus\notes\ntmulti.exe -- (Multi-user Cleanup Service)
    SRV - [2005/08/30 16:36:00 | 000,188,416 | ---- | M] (Cambridge Silicon Radio) [Disabled | Stopped] -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe -- (Bluetooth Hid Switch Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\motoandroid.sys -- (motandroidusb)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2013/01/18 20:42:19 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
    DRV - [2013/01/18 20:42:15 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012/11/22 15:50:53 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2012/08/27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2011/11/24 23:26:04 | 000,013,440 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
    DRV - [2009/10/07 14:01:32 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2007/12/23 16:18:48 | 000,068,696 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
    DRV - [2007/05/10 09:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2006/11/02 06:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
    DRV - [2005/10/26 09:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2005/10/03 11:57:00 | 000,086,867 | R--- | M] (CSR) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCOREUSB.sys -- (BCOREUSB)
    DRV - [2005/09/28 19:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {CBF54577-AA40-4F81-B9E2-04009F3F95F2}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{CBF54577-AA40-4F81-B9E2-04009F3F95F2}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://fs.lawsonproducts.com/adfs [Binary data over 200 bytes]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://myportal.lawsonproducts.com:50100/irj/portal
    IE - HKCU\..\SearchScopes,DefaultScope = {CBF54577-AA40-4F81-B9E2-04009F3F95F2}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKCU\..\SearchScopes\{CBF54577-AA40-4F81-B9E2-04009F3F95F2}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS493
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: infoatoms%40infoatoms.com:1.4.0.0
    FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
    FF - prefs.js..extensions.enabledAddons: nuance%40pdf7:1.0
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/09 08:56:56 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/09 08:56:56 | 000,000,000 | ---D | M]

    [2012/12/04 05:34:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\j9dwyy0u.default\Extensions
    [2012/12/03 15:13:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla FireFox\extensions
    [2012/12/11 20:31:26 | 000,000,000 | ---D | M] (InfoAtoms) -- C:\Program Files\Mozilla FireFox\extensions\[email protected]
    [2012/11/29 03:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/11/29 03:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.igoogle.com/ig?hl=en
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.igoogle.com/ig?hl=en
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
    CHR - Extension: Gmail Offline = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.19_0\
    CHR - Extension: Collusion for Chrome = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp\2.2.0_0\
    CHR - Extension: AdBlock = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.56_0\
    CHR - Extension: Base CRM + Sales Tracking = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lpncklmdfcdmnlkjdplcmkkijhhphfaa\1.7_0\
    CHR - Extension: ScriptSafe = C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.13_0\

    O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll (BitComet)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [hlsudi] rundll32.exe ",FIsHTMLFileW File not found
    O4 - HKLM..\Run: [mdmap] C:\Documents and Settings\Michael\Application Data\mdmap.dll (S3 Graphics Co., Ltd.)
    O4 - HKLM..\Run: [Nuance PDF Converter 7-reminder] C:\Program Files\Nuance\PDF Converter 7\Ereg\Ereg.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [wutin] C:\Documents and Settings\Michael\Application Data\wutin.dll ()
    O4 - HKCU..\Run: [GoogleChromeAutoLaunch_4C076BC119E24CBAD2D8DD04CD69E50A] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\Michael\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\Michael\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Open with Nuance PDF Converter 7.0 - C:\Program Files\Nuance\PDF Converter 7\cnvres_eng.dll (Nuance Communications, Inc.)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll (BitComet)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1342931355593 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1344518774062 (MUWebControl Class)
    O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.17.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82635800-EA0A-49D8-B7D4-F87E3EF45626}: DhcpNameServer = 192.168.17.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012/07/21 21:21:18 | 000,000,000 | ---- | M] () - C:\autoexec.aos -- [ NTFS ]
    O32 - AutoRun File - [2012/07/22 17:02:44 | 000,000,068 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2012/08/14 05:48:21 | 000,003,481 | ---- | M] () - C:\AutoRun.log -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/29 14:24:03 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2013/01/29 05:21:29 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael\Desktop\tdsskiller.exe
    [2013/01/28 14:59:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Michael\Start Menu\Programs\Administrative Tools
    [2013/01/28 14:44:42 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Michael\Desktop\dds.scr
    [2013/01/28 12:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\reciepts
    [2013/01/27 10:57:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Windows Search
    [2013/01/27 10:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2013/01/27 10:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
    [2013/01/27 10:43:24 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
    [2013/01/27 10:43:23 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2013/01/27 10:43:08 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2013/01/27 10:43:08 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2013/01/27 10:43:08 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2013/01/27 07:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Malwarebytes
    [2013/01/27 07:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/01/27 07:18:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2013/01/27 07:18:05 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2013/01/27 07:18:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/01/27 07:15:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michael\Recent
    [2013/01/26 17:06:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2013/01/26 14:31:40 | 000,351,232 | ---- | C] (S3 Graphics Co., Ltd.) -- C:\Documents and Settings\Michael\Application Data\mdmap.dll
    [2013/01/25 21:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2013/01/25 11:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\My Documents\OneNote Notebooks
    [2013/01/18 20:48:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
    [2013/01/07 19:17:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
    [2013/01/07 19:17:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft Corporation
    [2013/01/07 19:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
    [2013/01/07 14:39:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
    [2013/01/03 05:18:51 | 000,780,192 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
    [2013/01/03 05:18:50 | 000,859,552 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
    [2013/01/01 18:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Cooliris
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/01/29 18:44:54 | 000,006,522 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\301f2239-f268-435c-8e43-af7ee56b6560.crx
    [2013/01/29 18:30:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/01/29 18:29:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/29 14:30:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/01/29 14:30:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/29 14:28:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/01/29 14:17:44 | 000,013,734 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\order.pdf
    [2013/01/29 13:04:04 | 000,014,522 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\adesa.pdf
    [2013/01/29 10:24:09 | 000,002,579 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Agent Order System.lnk
    [2013/01/29 10:23:40 | 000,000,114 | ---- | M] () -- C:\WINDOWS\BS.INI
    [2013/01/29 09:54:18 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Michael\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    [2013/01/29 05:43:39 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010 (2).lnk
    [2013/01/29 05:21:47 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael\Desktop\tdsskiller.exe
    [2013/01/29 02:28:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2013/01/28 17:00:01 | 000,060,304 | ---- | M] () -- C:\Documents and Settings\Michael\g2mdlhlpx.exe
    [2013/01/28 15:10:20 | 000,365,568 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\GMER.exe
    [2013/01/28 14:44:42 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Michael\Desktop\dds.scr
    [2013/01/28 14:09:51 | 000,014,179 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Confrence Schedual.pdf
    [2013/01/28 11:24:53 | 000,022,757 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\dewittfiredpt.pdf
    [2013/01/27 10:44:09 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\HijackThis.lnk
    [2013/01/27 10:42:44 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2013/01/27 10:42:41 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2013/01/27 10:42:41 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2013/01/27 10:42:41 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
    [2013/01/27 10:42:40 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
    [2013/01/27 10:42:40 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
    [2013/01/27 10:42:40 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2013/01/27 07:18:10 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/26 14:35:54 | 000,046,117 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\vpdjallp
    [2013/01/26 14:33:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\SharedSettings.ccs
    [2013/01/26 14:31:40 | 000,351,232 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\Documents and Settings\Michael\Application Data\mdmap.dll
    [2013/01/26 14:31:15 | 000,595,456 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\wutin.dll
    [2013/01/25 15:04:42 | 000,605,749 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\E1038 Ice Melter_Clearance[1].pdf
    [2013/01/25 12:17:11 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2010 (2).lnk
    [2013/01/24 10:04:13 | 000,000,211 | -HS- | M] () -- C:\boot.ini
    [2013/01/23 20:19:31 | 000,034,756 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\angry scott.jpg
    [2013/01/23 04:13:51 | 000,020,854 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\speeedglass2.pdf
    [2013/01/23 04:13:14 | 000,020,876 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Speedglass1.pdf
    [2013/01/22 13:56:57 | 000,000,336 | ---- | M] () -- C:\WINDOWS\ODBC.INI
    [2013/01/22 13:56:55 | 000,038,421 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft Excel 97-2003.ADR
    [2013/01/21 06:41:56 | 000,004,360 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Comma Separated Values (Windows).NOT
    [2013/01/21 06:38:57 | 000,038,429 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Comma Separated Values (Windows).ADR
    [2013/01/18 20:42:19 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
    [2013/01/18 20:42:15 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2013/01/18 19:35:23 | 000,015,534 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\quote.pdf
    [2013/01/18 16:30:26 | 000,002,561 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Agent Order System.lnk
    [2013/01/18 08:47:29 | 000,333,450 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\How-To_Sales Agents Installing Lotus Notes.pdf
    [2013/01/16 06:45:14 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/01/15 09:29:21 | 000,000,067 | ---- | M] () -- C:\WINDOWS\planview.INI
    [2013/01/10 10:06:58 | 000,572,948 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/01/10 10:06:58 | 000,108,514 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/01/09 17:07:13 | 022,912,657 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\vlc-2.0.4-win32.exe
    [2013/01/09 10:55:39 | 001,930,090 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Fastener_Line_Expansion_June_12_2012.pdf
    [2013/01/08 23:31:16 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/01/08 23:31:16 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/01/07 19:16:48 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
    [2013/01/06 00:34:35 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
    [2013/01/04 23:04:41 | 003,525,606 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\backup.zip
    [2013/01/02 16:51:02 | 000,111,913 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\ebsReimbursement.xps
    [2012/12/31 22:13:23 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/01/29 14:17:43 | 000,013,734 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\order.pdf
    [2013/01/29 13:04:02 | 000,014,522 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\adesa.pdf
    [2013/01/28 17:00:01 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\Michael\g2mdlhlpx.exe
    [2013/01/28 15:10:20 | 000,365,568 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\GMER.exe
    [2013/01/28 14:09:51 | 000,014,179 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Confrence Schedual.pdf
    [2013/01/28 11:24:51 | 000,022,757 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\dewittfiredpt.pdf
    [2013/01/27 10:44:09 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\HijackThis.lnk
    [2013/01/27 07:18:10 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/26 22:05:40 | 000,006,522 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\301f2239-f268-435c-8e43-af7ee56b6560.crx
    [2013/01/26 14:35:54 | 000,046,117 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\vpdjallp
    [2013/01/26 14:33:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\SharedSettings.ccs
    [2013/01/26 14:31:15 | 000,595,456 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\wutin.dll
    [2013/01/25 15:04:42 | 000,605,749 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\E1038 Ice Melter_Clearance[1].pdf
    [2013/01/25 11:16:40 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Michael\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    [2013/01/23 20:19:50 | 000,034,756 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\angry scott.jpg
    [2013/01/23 04:13:51 | 000,020,854 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\speeedglass2.pdf
    [2013/01/23 04:13:14 | 000,020,876 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Speedglass1.pdf
    [2013/01/21 06:41:56 | 000,004,360 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Comma Separated Values (Windows).NOT
    [2013/01/21 06:40:39 | 000,038,421 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft Excel 97-2003.ADR
    [2013/01/21 06:38:57 | 000,038,429 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Comma Separated Values (Windows).ADR
    [2013/01/18 08:47:29 | 000,333,450 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\How-To_Sales Agents Installing Lotus Notes.pdf
    [2013/01/15 09:32:29 | 000,015,534 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\quote.pdf
    [2013/01/09 17:04:56 | 022,912,657 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\vlc-2.0.4-win32.exe
    [2013/01/09 10:55:34 | 001,930,090 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Fastener_Line_Expansion_June_12_2012.pdf
    [2013/01/07 19:14:44 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
    [2013/01/07 19:14:43 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
    [2013/01/02 16:48:14 | 000,111,913 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\ebsReimbursement.xps
    [2012/12/31 13:06:33 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/11/19 15:52:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/08/09 08:49:25 | 000,208,147 | ---- | C] () -- C:\WINDOWS\hpoins43.dat
    [2012/08/09 08:49:25 | 000,000,601 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat
    [2012/08/09 08:17:19 | 000,174,406 | ---- | C] () -- C:\WINDOWS\hpoins43.dat.temp
    [2012/08/09 08:17:19 | 000,000,601 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat.temp
    [2012/08/07 17:10:01 | 022,657,136 | ---- | C] () -- C:\WINDOWS\vlc-2.0.2-win32.exe
    [2012/08/07 08:07:34 | 000,000,067 | ---- | C] () -- C:\WINDOWS\planview.INI
    [2012/07/22 16:49:10 | 000,000,336 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2012/07/22 15:01:19 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
    [2012/07/22 15:01:19 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
    [2012/07/22 15:01:19 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
    [2012/07/22 15:01:19 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
    [2012/07/22 15:01:19 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
    [2012/07/22 15:01:19 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
    [2012/07/22 15:01:19 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
    [2012/07/22 15:01:19 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
    [2012/07/22 15:01:19 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
    [2012/07/22 15:01:19 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
    [2012/07/22 15:01:19 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
    [2012/07/22 15:01:19 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
    [2012/07/22 15:01:19 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
    [2012/07/22 15:01:19 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
    [2012/07/22 15:01:19 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
    [2012/07/22 15:01:19 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
    [2012/07/22 15:01:19 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
    [2012/07/22 15:01:19 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
    [2012/07/22 15:01:19 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2012/07/22 13:11:24 | 000,000,114 | ---- | C] () -- C:\WINDOWS\BS.INI
    [2012/07/22 13:08:56 | 000,000,038 | ---- | C] () -- C:\WINDOWS\progman.ini
    [2012/07/21 23:52:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/07/21 22:17:42 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
    [2012/07/21 22:17:41 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
    [2012/07/21 22:17:41 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
    [2012/07/21 22:01:54 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
    [2012/07/21 21:24:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2012/07/21 21:17:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2012/07/21 17:09:58 | 000,004,539 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2012/07/21 17:08:20 | 000,257,456 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    ========== ZeroAccess Check ==========

    [2012/07/22 00:40:25 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2012/04/20 14:29:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D95ACC7D

    < End of report >

    OTL Extras logfile created on: 1/29/2013 6:36:45 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Michael\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 53.85% Memory free
    4.83 Gb Paging File | 3.31 Gb Available in Paging File | 68.41% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.79 Gb Total Space | 63.65 Gb Free Space | 56.94% Space Free | Partition Type: NTFS

    Computer Name: ZUBENAL | User Name: Michael | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
    https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
    "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
    "80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
    "26195:TCP" = 26195:TCP:*:Enabled:BitComet 26195 TCP
    "26195:UDP" = 26195:UDP:*:Enabled:BitComet 26195 UDP
    "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
    "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Documents and Settings\Michael\Local Settings\Temp\7zS339E\setup\hpznui01.exe" = C:\Documents and Settings\Michael\Local Settings\Temp\7zS339E\setup\hpznui01.exe:*:Enabled:hpznui01.exe
    "C:\Documents and Settings\Michael\Local Settings\Temp\7zS2131\setup\hpznui01.exe" = C:\Documents and Settings\Michael\Local Settings\Temp\7zS2131\setup\hpznui01.exe:*:Enabled:hpznui01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)
    "C:\Documents and Settings\Michael\Local Settings\Temp\7zS339E\setup\hpznui01.exe" = C:\Documents and Settings\Michael\Local Settings\Temp\7zS339E\setup\hpznui01.exe:*:Enabled:hpznui01.exe
    "C:\Documents and Settings\Michael\Local Settings\Temp\7zS2131\setup\hpznui01.exe" = C:\Documents and Settings\Michael\Local Settings\Temp\7zS2131\setup\hpznui01.exe:*:Enabled:hpznui01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
    "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Converter
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
    "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
    "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
    "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{355343CA-8E08-42A9-8EBF-419B02D0B721}_is1" = NotesForExchange Outlook AddIn version 0.7
    "{378C743F-06B8-430F-91A0-0EDD06EDD253}" = Nuance PDF Converter 7
    "{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C07F344-1303-475E-A049-47AFE607B4A6}" = Lawson Label Manager
    "{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
    "{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
    "{57DC2147-3B72-480F-8CDE-552836F40861}" = Motorola Mobile Drivers PreRelease 5.2.1
    "{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
    "{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{65C101D4-0032-4970-A99B-476928F3E5D2}" = Bluetooth HID Switch Service
    "{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
    "{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
    "{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.1 HD Edition
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A48DF710-9B1E-4167-BE1F-7D77F7C6D395}" = CatalogLawsonUS
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
    "{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
    "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C7DACB79-D0BE-477B-B63F-4BBF33F39B7A}" = TWC Client ActiveX Controls
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{D69ADB0B-B88E-4339-85BD-6B7AD104F038}" = IBM Data Server Runtime Client - DB2COPY1
    "{DBA8B9E1-C6FF-4624-9598-73D3B41A0904}" = Microsoft Digital Image Pro 9
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
    "{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
    "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
    "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
    "{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{FA00A998-F2EF-4030-9CDA-773FAEED2870}" = Lotus Notes 6.5.5
    "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
    "{FF0176E2-38F9-4233-8038-6DDCFE382BA5}" = AgentOrderSystem
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Avira AntiVir Desktop" = Avira Antivirus Premium
    "BitComet" = BitComet 1.20
    "CCleaner" = CCleaner
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
    "DW WLAN Card Utility" = DW WLAN Card Utility
    "Google Calendar Sync" = Google Calendar Sync
    "Google Chrome" = Google Chrome
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HijackThis" = HijackThis 2.0.2
    "HP Imaging Device Functions" = HP Imaging Device Functions 14.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{4C07F344-1303-475E-A049-47AFE607B4A6}" = Lawson Label Manager
    "InstallShield_{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Office14.SingleImage" = Microsoft Office Home and Business 2010
    "Opera 12.02.1578" = Opera 12.02
    "Opera 12.12.1707" = Opera 12.12
    "PdaNet_is1" = PdaNet for Android 3.50
    "Picasa 3" = Picasa 3
    "PictureIt_v9" = Microsoft Digital Image Pro 9
    "VLC media player" = VLC media player 1.0.5
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "winusb0100" = Microsoft WinUsb 1.0
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 5.1.0.880

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 1/25/2013 9:56:30 PM | Computer Name = ZUBENAL | Source = Application Hang | ID = 1002
    Description = Hanging application nlnotes.exe, version 6.5.50.5334, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 1/25/2013 9:56:39 PM | Computer Name = ZUBENAL | Source = Application Hang | ID = 1002
    Description = Hanging application nlnotes.exe, version 6.5.50.5334, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 1/27/2013 3:01:49 PM | Computer Name = ZUBENAL | Source = ESENT | ID = 490
    Description = svchost (1336) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
    for read / write access failed with system error 32 (0x00000020): "The process
    cannot access the file because it is being used by another process. ". The open
    file operation will fail with error -1032 (0xfffffbf8).

    Error - 1/27/2013 3:01:49 PM | Computer Name = ZUBENAL | Source = ESENT | ID = 439
    Description = Catalog Database (1336) Unable to write a shadowed header for file
    C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb. Error
    -1032.

    Error - 1/27/2013 3:01:49 PM | Computer Name = ZUBENAL | Source = ESENT | ID = 470
    Description = Catalog Database (1336) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    is partially attached. Attachment stage: 1. Error: -1032.

    Error - 1/28/2013 11:08:59 AM | Computer Name = ZUBENAL | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x041a0ff0.

    Error - 1/28/2013 1:41:30 PM | Computer Name = ZUBENAL | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\MICHAEL\RECENT\DEWITTFIREDPT.LNK>
    in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
    A
    device attached to the system is not functioning. (0x8007001f)

    Error - 1/28/2013 1:41:30 PM | Computer Name = ZUBENAL | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\MICHAEL\RECENT\DEWITTFIREDPT.LNK>
    in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
    A
    device attached to the system is not functioning. (0x8007001f)

    Error - 1/28/2013 1:45:54 PM | Computer Name = ZUBENAL | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\MICHAEL\RECENT\DEWITTFIREDPT.LNK>
    in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
    A
    device attached to the system is not functioning. (0x8007001f)

    Error - 1/28/2013 1:45:54 PM | Computer Name = ZUBENAL | Source = Windows Search Service | ID = 3013
    Description = The entry <C:\DOCUMENTS AND SETTINGS\MICHAEL\RECENT\DEWITTFIREDPT.LNK>
    in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
    A
    device attached to the system is not functioning. (0x8007001f)

    [ System Events ]
    Error - 1/18/2013 2:35:15 PM | Computer Name = ZUBENAL | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.33.104 for the Network Card with network
    address 00197E5B063D has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 1/18/2013 5:26:55 PM | Computer Name = ZUBENAL | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.101 for the Network Card with network
    address 00197E5B063D has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 1/21/2013 7:26:17 AM | Computer Name = ZUBENAL | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.104 for the Network Card with network
    address 00197E5B063D has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 1/27/2013 11:39:12 AM | Computer Name = ZUBENAL | Source = DCOM | ID = 10010
    Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
    with DCOM within the required timeout.

    Error - 1/28/2013 11:27:18 AM | Computer Name = ZUBENAL | Source = Dhcp | ID = 1002
    Description = The IP address lease 10.255.171.36 for the Network Card with network
    address 00197E5B063D has been denied by the DHCP server 192.168.5.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 1/28/2013 1:40:59 PM | Computer Name = ZUBENAL | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.5.60 on
    the Network Card with network address 00197E5B063D.

    Error - 1/28/2013 4:17:29 PM | Computer Name = ZUBENAL | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 1/28/2013 4:17:32 PM | Computer Name = ZUBENAL | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 1/29/2013 10:59:53 AM | Computer Name = ZUBENAL | Source = Dhcp | ID = 1001
    Description = Your computer was not assigned an address from the network (by the
    DHCP Server) for the Network Card with network address 00197E5B063D. The following
    error occurred: %%121. Your computer will continue to try and obtain an address on
    its own from the network address (DHCP) server.

    Error - 1/29/2013 3:33:20 PM | Computer Name = ZUBENAL | Source = DCOM | ID = 10010
    Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
    with DCOM within the required timeout.


    < End of report >
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,313
    Please run OTL again. Under the Custom Scans/Fixes box at the bottom paste in the following:

    Code:
    :OTL
    [2012/12/11 20:31:26 | 000,000,000 | ---D | M] (InfoAtoms) -- C:\Program Files\Mozilla FireFox\extensions\[email protected]
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [hlsudi] rundll32.exe ",FIsHTMLFileW File not found
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
     
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


    Also, please do the following.

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    • Double-click SystemLook.exe to run it.
    • Copy the content of the following code box into the main text field:
      Code:
      :dir
      C:\Documents and Settings\Michael\Local Settings\Application Data\vpdjallp
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

    Lastly, please do the following.

    Please go to VirusTotal and upload the following file for scanning.
    • Click Browse
    • Copy and paste the contents of the following code box into the text box next to File name: then click Open
      Code:
      C:\Documents and Settings\Michael\Application Data\mdmap.dll
    • Click Send File
    • If confronted with two options, choose Reanalyse file now
    • Wait for the scan to finish and then copy and paste the URL from your browser address bar in your next reply please.

    Then do the same for this file as well:

    C:\Documents and Settings\Michael\Application Data\wutin.dll
     
  15. genubi

    genubi Thread Starter

    Joined:
    Oct 12, 2000
    Messages:
    81
    I am doing these as your requested in the order you wrote them.
    Thanks,
    ========== OTL ==========
    C:\Program Files\Mozilla FireFox\extensions\[email protected]\chrome\content folder moved successfully.
    C:\Program Files\Mozilla FireFox\extensions\[email protected]\chrome folder moved successfully.
    C:\Program Files\Mozilla FireFox\extensions\[email protected] folder moved successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hlsudi deleted successfully.
    C:\WINDOWS\002918_.tmp deleted successfully.
    C:\WINDOWS\invcol.tmp deleted successfully.
    C:\WINDOWS\SET29.tmp deleted successfully.
    C:\WINDOWS\SET2A.tmp deleted successfully.
    C:\WINDOWS\SET3.tmp deleted successfully.
    C:\WINDOWS\SET4.tmp deleted successfully.
    C:\WINDOWS\SET8.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.

    OTL by OldTimer - Version 3.2.69.0 log created on 01302013_201330
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1087277

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice