Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I can't get rid of Security Shield 2012


  • Please log in to reply
23 replies to this topic

#1 overseastom

overseastom

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 AM

Posted 21 March 2012 - 12:35 AM

Hi everyone. Firstly, I've never posted anything here before so I just wanna say thanks in advance for being such good samaritans and helping us afflicted people out, and all just for the sake of doing good deeds for others. People like you guys & gals are a fine example of what's right in this world, and for this you have my complete and utter gratitude.

Now if you'll permit me, I shall begin my tale of woe. It's pretty short - I somehow got infected by Security Shield 2012, and I'm having a helluva time shaking it off. I followed your guide here, but to no avail.

  • I enter safe mode with networking,
  • I ran rkill (though the log file it generated didn't show that it had shut down anything)
  • I already had MalwareBytes installed, so I opened it, updated its definitions, and did a full scan. It found stuff, which I promptly removed.
  • I downloaded a clean Win 7 Hosts file and replaced the corrupted one with this new one
  • I did not use Secunia PSI yet, but I figured it wasn't actually as much a step for removing the malware, as it was an indicator of potentially how the nasties got in in the first place. Maybe I'm totally wrong here though...
  • After going through all the steps, I finally restarted...and Security Shield popped right back up, like I hadn't done a goddamn thing. I'm actually very impressed at the tenacity of this malware, and would tip my hat to the programmer, if I didn't think he was such a knobhead.

So now I'm a bit baffled as to what steps to take next, and I was wondering if you might be able to light the way for me. A Facebook friend suggested running combofix and then hijackthis, but from a quick perusal of some other problems cases on your site, it seems like there's a particular method to using these two programs and they might not be good to use blindly. Anyway y'all, thanks again for taking your time to help a fella out. Tis mighty kind of you. Cheers,
Tom

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:03 AM

Posted 21 March 2012 - 09:40 AM

Hello Tom, lets get a deeper look.

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 overseastom

overseastom
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 AM

Posted 21 March 2012 - 02:12 PM

Thanks for the speedy reply boopme :) I'm doing as you instructed right now, though I've already got a wee question for you - step 7 says I should "Download and Run DDS which will create a log of programs running on your computer.". I assume that I should run this outside of safe-mode, so that the malware will show up, yes? Sorry to be such a noob, but the instructions didn't mention it, and right now I'm doing everything in Safe Mode... Anyway, when I've got the results, I'll come back here and link to the new thread on the other forum you mention. Thanks again mate!

Edit1: Ok, I tried restarting Windows normally, but it seems the malware has dug in even deeper because now I can't even launch Firefox, and though IE opens, it just displays what I presume to be a fake warning message (it lists "get a license and activate Security Shield" as one of its suggestions). I saw in your Security Shield 2012 removal guide that SS2012 will hijack IE and make it go through a proxy, but when I went into the IE options screen, the proxy box wasn't checked, but the automatic configuration box was (but it normally is, I think). I tried unchecking it, just in case, but it didn't help. So to clarify, I can't even get online when I boot Windows normally. I tried to run the DDS.scr too, but it never opened. So I'm a bit lost, once again. This malware is evil. Have they changed it, but just kept the same interface? That would be a cunning move, because then people like me who try and look for the fix will get the older instructions that no longer work! Those fiendish bastards...

Edited by overseastom, 21 March 2012 - 02:42 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:03 AM

Posted 21 March 2012 - 02:15 PM

Yes run in normal mode. No problem.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 overseastom

overseastom
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 AM

Posted 21 March 2012 - 03:21 PM

Boopme, I'd missed your reply before I edited my post, here's what I added in:

Ok, I tried restarting Windows normally, but it seems the malware has dug in even deeper because now I can't even launch Firefox, and though IE opens, it just displays what I presume to be a fake warning message (it lists "get a license and activate Security Shield" as one of its suggestions). I saw in your Security Shield 2012 removal guide that SS2012 will hijack IE and make it go through a proxy, but when I went into the IE options screen, the proxy box wasn't checked, but the automatic configuration box was (but it normally is, I think). I tried unchecking it, just in case, but it didn't help. So to clarify, I can't even get online when I boot Windows normally. I tried to run the DDS.scr too, but it never opened. So I'm a bit lost, once again. This malware is evil. Have they changed it, but just kept the same interface? That would be a cunning move, because then people like me who try and look for the fix will get the older instructions that no longer work! Those fiendish bastards...



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:03 AM

Posted 21 March 2012 - 07:49 PM

Ok, Houston we have a problem. :)

Try safe with netwoking ... see if you van run this and then DDS

Download FixExec.exe to your desktop.
Double click on the downloaded file to run the fix.
When the program has finished, it will generate a log on the desktop called FixExec.exe.
Post the log in your next reply.

NOTE: If for any reason you're not able to execute FixExec.exe rename it to FixExec.com, FixExec.pif or FixExec.scr.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 overseastom

overseastom
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 AM

Posted 21 March 2012 - 08:23 PM

Oh God, you think we'll need NASA's help?! :P Cheers once again boopme. While waiting for your response, I figured it'd be wise to reboot in safe mode and run another full scan with Malwarebytes (with the new definition files for today, just in case they helped). So at this point, MB found some nasties and removed them, and then I rebooted to safe mode again. So now I'm in safe mode, 've run FixExec, and here's the log DDS produced:



DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by T-Bone at 1:13:50 on 2012-03-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8044.6873 [GMT 0:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Vuze\Azureus.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.

Edited by boopme, 23 March 2012 - 07:15 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:03 AM

Posted 21 March 2012 - 08:38 PM

Cool!! lets try this next.
Post that MBAM log please

The log is automatically saved and can be viewed by clicking the Logs tab.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.



Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the [COLOR="Red"]save log button, save it to your desktop and post it in your next reply.

Edited by boopme, 21 March 2012 - 10:50 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 overseastom

overseastom
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 AM

Posted 21 March 2012 - 08:52 PM

Ok, here's the most recent MBAM log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.21.07

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
T-Bone :: T-LAPTOP [administrator]

22/03/2012 00:01:51
mbam-log-2012-03-22 (00-01-51).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 437021
Time elapsed: 51 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\T-Bone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DIFQEKI\softw[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)


...and here's the second-most recent MBAM log (cos they found two different things):

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.20.07

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
T-Bone :: T-LAPTOP [administrator]

21/03/2012 22:32:01
mbam-log-2012-03-21 (22-32-01).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 437239
Time elapsed: 53 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|GrpConv (Trojan.Agent.Gen) -> Data: grpconv -o -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



I'll get started on the rest - back in a tick.

edit: I won't use quotes :P

Edited by overseastom, 21 March 2012 - 08:54 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:03 AM

Posted 21 March 2012 - 09:02 PM

Thanks
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 overseastom

overseastom
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 AM

Posted 21 March 2012 - 09:03 PM

I'm still in safe mode. Closed Firefox and ran MiniToolBox. Here's the log file:


MiniToolBox by Farbar Version: 18-01-2012
Ran by T-Bone (administrator) on 22-03-2012 at 01:58:56
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Nerwork
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "city.library"
"network.proxy.http_port", 8080
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR5B97 Wireless Network Adapter = Wireless Network Connection (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : T-Laptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5B97 Wireless Network Adapter
Physical Address. . . . . . . . . : 38-59-F9-71-66-40
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::192d:8ec5:bc41:2bcd%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 22 March 2012 01:01:24
Lease Expires . . . . . . . . . . : 22 March 2012 02:31:28
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 389569017
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-29-F2-8E-DC-0E-A1-03-4F-77
DNS Servers . . . . . . . . . . . : 194.168.4.100
194.168.8.100
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : PXE.ACER.COM
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : DC-0E-A1-03-4F-77
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {5ECCAC5F-AB9F-4B62-ACE2-E94F3EC40847}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.PXE.ACER.COM:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cache1.service.virginmedia.net
Address: 194.168.4.100

Name: google.com
Addresses: 173.194.34.134
173.194.34.137
173.194.34.135
173.194.34.129
173.194.34.133
173.194.34.130
173.194.34.136
173.194.34.142
173.194.34.131
173.194.34.132
173.194.34.128


Pinging google.com [173.194.34.137] with 32 bytes of data:
Reply from 173.194.34.137: bytes=32 time=57ms TTL=53
Reply from 173.194.34.137: bytes=32 time=23ms TTL=53

Ping statistics for 173.194.34.137:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 23ms, Maximum = 57ms, Average = 40ms
Server: cache1.service.virginmedia.net
Address: 194.168.4.100

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=150ms TTL=48
Reply from 98.139.183.24: bytes=32 time=226ms TTL=48

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 150ms, Maximum = 226ms, Average = 188ms
Server: cache1.service.virginmedia.net
Address: 194.168.4.100

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...38 59 f9 71 66 40 ......Atheros AR5B97 Wireless Network Adapter
11...dc 0e a1 03 4f 77 ......Broadcom NetLink ™ Gigabit Ethernet
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.3 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.3 276
192.168.0.3 255.255.255.255 On-link 192.168.0.3 276
192.168.0.255 255.255.255.255 On-link 192.168.0.3 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.3 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.3 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 276 fe80::/64 On-link
12 276 fe80::192d:8ec5:bc41:2bcd/128
On-link
1 306 ff00::/8 On-link
12 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/22/2012 01:02:57 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2012 07:34:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2012 07:17:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2012 04:13:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2012 04:09:57 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2012 02:08:31 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2012 00:36:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2012 00:33:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2012 00:19:58 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2012 06:04:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5289


System errors:
=============
Error: (03/22/2012 01:58:34 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/22/2012 01:58:34 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/22/2012 01:58:34 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/22/2012 01:53:34 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/22/2012 01:53:34 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/22/2012 01:53:34 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/22/2012 01:51:26 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/22/2012 01:51:26 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/22/2012 01:51:26 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/22/2012 01:46:26 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (03/22/2012 01:02:57 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2012 07:34:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2012 07:17:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2012 04:13:41 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2012 04:09:57 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2012 02:08:31 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2012 00:36:24 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2012 00:33:52 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2012 00:19:58 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/20/2012 06:04:23 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5289


=========================== Installed Programs ============================

???? ??? Windows Live (Version: 15.4.3502.0922)
???? Windows Live (Version: 15.4.3502.0922)
?????? ??????? ?? Windows Live (Version: 15.4.3502.0922)
???????? ?????????? Windows Live (Version: 15.4.3502.0922)
?????????? Windows Live (Version: 15.4.3502.0922)
??????????? ?? Windows Live (Version: 15.4.3502.0922)
Acer Backup Manager (Version: 3.0.0.100)
Acer Crystal Eye Webcam (Version: 1.0.1904)
Acer ePower Management (Version: 6.00.3008)
Acer eRecovery Management (Version: 5.00.3502)
Acer Registration (Version: 1.04.3503)
Acer Updater (Version: 1.02.3500)
Ad-Aware
Ad-Aware (Version: 9.0.0)
Adobe AIR (Version: 3.1.0.4880)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.63)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Photoshop Lightroom 3.4 64-bit (Version: 3.4.1)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Air Video Server 2.4.3 (Version: 2.4.3)
AnyDVD (Version: 6.8.9.0)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ASIO4ALL (Version: 2.10)
Auto Gordian Knot 2.55 (Version: 2.55)
AviSynth 2.5
Backup Manager V3 (Version: 3.0.0.100)
BeatportDownloader (Version: 1.003)
Bing Bar (Version: 7.0.765.0)
Bonjour (Version: 3.0.0.10)
Broadcom Card Reader Driver Installer (Version: 14.8.2.2)
Broadcom NetLink Controller (Version: 14.8.4.1)
Bulkr (Version: 1.4)
Bulkr (Version: v1.4)
CDisplayEx 1.8
clear.fi (Version: 1.0.1517_36458)
clear.fi (Version: 1.0.2024.00)
clear.fi (Version: 9.0.8026)
clear.fi Client (Version: 1.00.3500)
ComicZeal Sync 0.9.4.5
CutePDF Writer 2.8
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.45.1.0236)
Dolby Advanced Audio v2 (Version: 7.2.7000.7)
Dropbox (Version: 1.2.52)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Evernote v. 4.5.2 (Version: 4.5.2.5904)
FastPictureViewer Codec Pack 3.1.0.49 (Version: 3.1.0.49)
Fotogalerija Windows Live (Version: 15.4.3502.0922)
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922)
Galeria fotografii uslugi Windows Live (Version: 15.4.3502.0922)
Galeria fotogràfica del Windows Live (Version: 15.4.3502.0922)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Galerie foto Windows Live (Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (Version: 15.4.3502.0922)
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (Version: 17.0.963.79)
Hulu Desktop (Version: 0.9.14)
Identity Card (Version: 1.00.3501)
ImgBurn (Version: 2.5.6.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2418)
Intel® Rapid Storage Technology (Version: 10.5.0.1026)
Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)
IrfanView (remove only) (Version: 4.30)
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Codec Pack 8.0.0 (Full) (Version: 8.0.0)
Kobo (Version: 1.9)
Launch Manager (Version: 5.1.7)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
MediaMonkey 4.0 (Version: 4.0)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Image Composite Editor (Version: 1.4.4)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Monitor Off Utility 1.0
Mozilla Firefox 11.0 (x86 en-GB) (Version: 11.0)
Mp3tag v2.49a (Version: v2.49a)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MyWinLocker (Version: 4.0.14.27)
MyWinLocker 4 (Version: 4.0.14.27)
MyWinLocker Suite (Version: 4.0.14.18)
Native Instruments Traktor 2 (Version: 2.0.1.10169)
Nero Burning ROM 11 (Version: 11.0.10400)
Nero Burning ROM 11 (Version: 11.0.12200.23.100)
Nero Burning ROM 11 Help (CHM) (Version: 11.0.10300)
Nero ControlCenter 11 (Version: 11.0.12300.0.23)
Nero ControlCenter 11 Help (CHM) (Version: 11.0.10300)
Nero Core Components 11 (Version: 11.0.14700.1.9)
Nero RescueAgent 11 (Version: 4.0.10600.10.100)
Nero RescueAgent 11 Help (CHM) (Version: 11.0.10400)
Nero Update (Version: 11.0.10623.22.0)
nero.prerequisites.msi (Version: 11.0.20007)
Notepad++ (Version: 5.9.8)
NTI Media Maker 9 (Version: 9.0.2.8942)
OpenOffice.org 3.3 (Version: 3.3.9567)
Paint.NET v3.5.10 (Version: 3.60.0)
PDF Settings CS5 (Version: 10.0)
PDFCreator (Version: 1.2.3)
Picasa 3 (Version: 3.8)
Poczta uslugi Windows Live (Version: 15.4.3502.0922)
Podstawowe programy Windows Live (Version: 15.4.3502.0922)
Pošta Windows Live (Version: 15.4.3502.0922)
QuickTime (Version: 7.71.80.42)
Raccolta foto di Windows Live (Version: 15.4.3502.0922)
Realtek High Definition Audio Driver (Version: 6.0.1.6438)
Reason 5.0 (Version: 5.0)
RoboForm 7-6-9 (All Users) (Version: 7-6-9)
S?????? f?t???af??? t?? Windows Live (Version: 15.4.3502.0922)
Seagate Dashboard (Version: 1.1.0.1548)
Shredder (Version: 2.0.8.9)
Skype™ 5.5 (Version: 5.5.124)
Sound Forge Pro 10.0 (Version: 10.0.425)
Spybot - Search & Destroy (Version: 1.6.2)
Steam (Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 15.1.6.0)
Trine 2 Demo
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update Installer for WildTangent Games App
Vessel Demo
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 1.1.11 (Version: 1.1.11)
VobSub v2.23 (Remove Only)
Vuze (Version: 4.7)
WhereIsIt? 2012 (Version: 2012)
Winamp (Version: 5.622 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Live ??? (Version: 15.4.3502.0922)
Windows Live ???? (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Fotótár (Version: 15.4.3502.0922)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live Fotogalleri (Version: 15.4.3502.0922)
Windows Live Fotogaléria (Version: 15.4.3502.0922)
Windows Live Fotograf Galerisi (Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (Version: 15.4.3502.0922)
Windows Live Galerija fotografija (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Temel Parçalar (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Liven asennustyökalu (Version: 15.4.3502.0922)
Windows Liven sähköposti (Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (Version: 15.4.3502.0922)
WinRAR archiver
XviD MPEG4 Video Codec (remove only)

========================= Memory info: ===================================

Percentage of memory in use: 11%
Total physical RAM: 8043.86 MB
Available physical RAM: 7124.24 MB
Total Pagefile: 16085.91 MB
Available Pagefile: 15241.03 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971.64 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:447.66 GB) (Free:208.58 GB) NTFS

========================= Users: ========================================

User accounts for \\T-LAPTOP

Administrator Guest T-Bone


**** End of log ****

#12 overseastom

overseastom
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 AM

Posted 21 March 2012 - 09:07 PM

TDSSKiller found nothing, so didn't require any decision making from me, or a reboot. Here's the log file:


02:04:22.0470 2080 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
02:04:22.0638 2080 ============================================================
02:04:22.0638 2080 Current date / time: 2012/03/22 02:04:22.0638
02:04:22.0638 2080 SystemInfo:
02:04:22.0638 2080
02:04:22.0638 2080 OS Version: 6.1.7601 ServicePack: 1.0
02:04:22.0638 2080 Product type: Workstation
02:04:22.0638 2080 ComputerName: T-LAPTOP
02:04:22.0638 2080 UserName: T-Bone
02:04:22.0638 2080 Windows directory: C:\Windows
02:04:22.0638 2080 System windows directory: C:\Windows
02:04:22.0638 2080 Running under WOW64
02:04:22.0638 2080 Processor architecture: Intel x64
02:04:22.0638 2080 Number of processors: 4
02:04:22.0638 2080 Page size: 0x1000
02:04:22.0638 2080 Boot type: Safe boot with network
02:04:22.0638 2080 ============================================================
02:04:23.0064 2080 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:04:23.0066 2080 \Device\Harddisk0\DR0:
02:04:23.0067 2080 MBR used
02:04:23.0067 2080 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
02:04:23.0067 2080 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0x37F53000
02:04:23.0101 2080 Initialize success
02:04:23.0101 2080 ============================================================
02:04:50.0262 1568 ============================================================
02:04:50.0262 1568 Scan started
02:04:50.0262 1568 Mode: Manual;
02:04:50.0262 1568 ============================================================
02:04:50.0457 1568 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
02:04:50.0461 1568 1394ohci - ok
02:04:50.0489 1568 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
02:04:50.0492 1568 ACPI - ok
02:04:50.0528 1568 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
02:04:50.0529 1568 AcpiPmi - ok
02:04:50.0606 1568 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
02:04:50.0608 1568 AdobeARMservice - ok
02:04:50.0661 1568 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
02:04:50.0666 1568 adp94xx - ok
02:04:50.0698 1568 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
02:04:50.0702 1568 adpahci - ok
02:04:50.0739 1568 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
02:04:50.0741 1568 adpu320 - ok
02:04:50.0771 1568 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
02:04:50.0773 1568 AeLookupSvc - ok
02:04:50.0853 1568 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
02:04:50.0857 1568 AFD - ok
02:04:50.0883 1568 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
02:04:50.0885 1568 agp440 - ok
02:04:50.0907 1568 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
02:04:50.0909 1568 ALG - ok
02:04:50.0943 1568 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
02:04:50.0944 1568 aliide - ok
02:04:50.0952 1568 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
02:04:50.0953 1568 amdide - ok
02:04:50.0995 1568 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
02:04:50.0997 1568 AmdK8 - ok
02:04:51.0019 1568 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
02:04:51.0020 1568 AmdPPM - ok
02:04:51.0061 1568 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
02:04:51.0063 1568 amdsata - ok
02:04:51.0108 1568 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
02:04:51.0110 1568 amdsbs - ok
02:04:51.0128 1568 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
02:04:51.0140 1568 amdxata - ok
02:04:51.0183 1568 AnyDVD (7ce7d6019d0d73f9203ba4ff4ba35b6a) C:\Windows\system32\Drivers\AnyDVD.sys
02:04:51.0184 1568 AnyDVD - ok
02:04:51.0233 1568 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
02:04:51.0234 1568 AppID - ok
02:04:51.0257 1568 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
02:04:51.0258 1568 AppIDSvc - ok
02:04:51.0271 1568 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
02:04:51.0272 1568 Appinfo - ok
02:04:51.0350 1568 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:04:51.0352 1568 Apple Mobile Device - ok
02:04:51.0403 1568 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
02:04:51.0404 1568 arc - ok
02:04:51.0426 1568 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
02:04:51.0428 1568 arcsas - ok
02:04:51.0456 1568 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
02:04:51.0457 1568 AsyncMac - ok
02:04:51.0482 1568 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
02:04:51.0483 1568 atapi - ok
02:04:51.0557 1568 athr (956bc6eb96aa09478bd897af8df55a62) C:\Windows\system32\DRIVERS\athrx.sys
02:04:51.0613 1568 athr - ok
02:04:51.0668 1568 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
02:04:51.0675 1568 AudioEndpointBuilder - ok
02:04:51.0684 1568 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
02:04:51.0687 1568 AudioSrv - ok
02:04:51.0741 1568 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
02:04:51.0742 1568 AxInstSV - ok
02:04:51.0799 1568 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
02:04:51.0804 1568 b06bdrv - ok
02:04:51.0855 1568 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
02:04:51.0858 1568 b57nd60a - ok
02:04:51.0903 1568 b57xdbd (a424cb46a145e5aabf15621550976df2) C:\Windows\system32\DRIVERS\b57xdbd.sys
02:04:51.0903 1568 b57xdbd - ok
02:04:51.0918 1568 b57xdmp (be4e6fd5a898812b85d5817ad9754a9f) C:\Windows\system32\DRIVERS\b57xdmp.sys
02:04:51.0918 1568 b57xdmp - ok
02:04:51.0984 1568 BBSvc (87f3bcf82a63e900af896cd930bf7e05) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
02:04:51.0987 1568 BBSvc - ok
02:04:52.0015 1568 BBUpdate (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
02:04:52.0017 1568 BBUpdate - ok
02:04:52.0109 1568 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
02:04:52.0110 1568 BDESVC - ok
02:04:52.0199 1568 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
02:04:52.0200 1568 Beep - ok
02:04:52.0271 1568 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
02:04:52.0278 1568 BFE - ok
02:04:52.0364 1568 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
02:04:52.0373 1568 BITS - ok
02:04:52.0419 1568 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
02:04:52.0420 1568 blbdrive - ok
02:04:52.0484 1568 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
02:04:52.0489 1568 Bonjour Service - ok
02:04:52.0523 1568 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
02:04:52.0524 1568 bowser - ok
02:04:52.0541 1568 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
02:04:52.0542 1568 BrFiltLo - ok
02:04:52.0554 1568 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
02:04:52.0555 1568 BrFiltUp - ok
02:04:52.0585 1568 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
02:04:52.0587 1568 Browser - ok
02:04:52.0612 1568 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
02:04:52.0616 1568 Brserid - ok
02:04:52.0627 1568 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
02:04:52.0629 1568 BrSerWdm - ok
02:04:52.0653 1568 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:04:52.0654 1568 BrUsbMdm - ok
02:04:52.0661 1568 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
02:04:52.0662 1568 BrUsbSer - ok
02:04:52.0709 1568 bScsiMSa (0970d8b7151e9113bf8d44ce2e954df7) C:\Windows\system32\DRIVERS\bScsiMSa.sys
02:04:52.0710 1568 bScsiMSa - ok
02:04:52.0746 1568 bScsiSDa (0c1eee5af32402d306874b110de237ec) C:\Windows\system32\DRIVERS\bScsiSDa.sys
02:04:52.0748 1568 bScsiSDa - ok
02:04:52.0772 1568 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
02:04:52.0773 1568 BTHMODEM - ok
02:04:52.0819 1568 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
02:04:52.0821 1568 bthserv - ok
02:04:52.0849 1568 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
02:04:52.0851 1568 cdfs - ok
02:04:52.0883 1568 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
02:04:52.0885 1568 cdrom - ok
02:04:52.0903 1568 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
02:04:52.0905 1568 CertPropSvc - ok
02:04:52.0920 1568 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
02:04:52.0921 1568 circlass - ok
02:04:52.0944 1568 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
02:04:52.0948 1568 CLFS - ok
02:04:53.0009 1568 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:04:53.0011 1568 clr_optimization_v2.0.50727_32 - ok
02:04:53.0043 1568 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:04:53.0044 1568 clr_optimization_v2.0.50727_64 - ok
02:04:53.0107 1568 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:04:53.0108 1568 clr_optimization_v4.0.30319_32 - ok
02:04:53.0140 1568 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:04:53.0143 1568 clr_optimization_v4.0.30319_64 - ok
02:04:53.0218 1568 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
02:04:53.0219 1568 CmBatt - ok
02:04:53.0240 1568 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
02:04:53.0241 1568 cmdide - ok
02:04:53.0303 1568 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
02:04:53.0308 1568 CNG - ok
02:04:53.0345 1568 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
02:04:53.0346 1568 Compbatt - ok
02:04:53.0372 1568 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
02:04:53.0373 1568 CompositeBus - ok
02:04:53.0391 1568 COMSysApp - ok
02:04:53.0452 1568 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
02:04:53.0453 1568 crcdisk - ok
02:04:53.0487 1568 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
02:04:53.0490 1568 CryptSvc - ok
02:04:53.0531 1568 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
02:04:53.0537 1568 DcomLaunch - ok
02:04:53.0578 1568 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
02:04:53.0582 1568 defragsvc - ok
02:04:53.0634 1568 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
02:04:53.0635 1568 DfsC - ok
02:04:53.0664 1568 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
02:04:53.0668 1568 Dhcp - ok
02:04:53.0683 1568 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
02:04:53.0683 1568 discache - ok
02:04:53.0710 1568 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
02:04:53.0711 1568 Disk - ok
02:04:53.0731 1568 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
02:04:53.0734 1568 Dnscache - ok
02:04:53.0776 1568 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
02:04:53.0779 1568 dot3svc - ok
02:04:53.0796 1568 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
02:04:53.0798 1568 DPS - ok
02:04:53.0855 1568 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
02:04:53.0855 1568 drmkaud - ok
02:04:53.0952 1568 DsiWMIService (9dd3a22f804697606c2b7ff9e912ff6b) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
02:04:53.0957 1568 DsiWMIService - ok
02:04:54.0084 1568 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
02:04:54.0085 1568 dtsoftbus01 - ok
02:04:54.0131 1568 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
02:04:54.0145 1568 DXGKrnl - ok
02:04:54.0172 1568 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
02:04:54.0174 1568 EapHost - ok
02:04:54.0246 1568 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
02:04:54.0314 1568 ebdrv - ok
02:04:54.0363 1568 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
02:04:54.0364 1568 EFS - ok
02:04:54.0421 1568 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
02:04:54.0428 1568 ehRecvr - ok
02:04:54.0457 1568 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
02:04:54.0459 1568 ehSched - ok
02:04:54.0535 1568 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
02:04:54.0536 1568 ElbyCDIO - ok
02:04:54.0585 1568 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
02:04:54.0591 1568 elxstor - ok
02:04:54.0661 1568 ePowerSvc (48425c93b6f36529707206e4fa680cf3) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
02:04:54.0670 1568 ePowerSvc - ok
02:04:54.0688 1568 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
02:04:54.0689 1568 ErrDev - ok
02:04:54.0742 1568 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
02:04:54.0747 1568 EventSystem - ok
02:04:54.0768 1568 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
02:04:54.0770 1568 exfat - ok
02:04:54.0794 1568 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
02:04:54.0797 1568 fastfat - ok
02:04:54.0842 1568 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
02:04:54.0849 1568 Fax - ok
02:04:54.0867 1568 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
02:04:54.0868 1568 fdc - ok
02:04:54.0889 1568 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
02:04:54.0890 1568 fdPHost - ok
02:04:54.0903 1568 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
02:04:54.0905 1568 FDResPub - ok
02:04:54.0928 1568 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
02:04:54.0929 1568 FileInfo - ok
02:04:54.0944 1568 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
02:04:54.0945 1568 Filetrace - ok
02:04:55.0010 1568 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
02:04:55.0017 1568 FLEXnet Licensing Service - ok
02:04:55.0049 1568 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
02:04:55.0050 1568 flpydisk - ok
02:04:55.0084 1568 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
02:04:55.0087 1568 FltMgr - ok
02:04:55.0134 1568 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
02:04:55.0163 1568 FontCache - ok
02:04:55.0259 1568 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:04:55.0260 1568 FontCache3.0.0.0 - ok
02:04:55.0310 1568 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
02:04:55.0311 1568 FsDepends - ok
02:04:55.0333 1568 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
02:04:55.0334 1568 Fs_Rec - ok
02:04:55.0367 1568 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
02:04:55.0370 1568 fvevol - ok
02:04:55.0393 1568 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
02:04:55.0395 1568 gagp30kx - ok
02:04:55.0504 1568 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
02:04:55.0506 1568 GamesAppService - ok
02:04:55.0603 1568 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:04:55.0604 1568 GEARAspiWDM - ok
02:04:55.0643 1568 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
02:04:55.0651 1568 gpsvc - ok
02:04:55.0723 1568 GREGService (c9b2d1d3f86fd3673ef847def73b6f9e) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
02:04:55.0724 1568 GREGService - ok
02:04:55.0774 1568 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
02:04:55.0777 1568 gusvc - ok
02:04:55.0877 1568 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
02:04:55.0878 1568 hcw85cir - ok
02:04:55.0912 1568 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
02:04:55.0916 1568 HdAudAddService - ok
02:04:55.0943 1568 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
02:04:55.0944 1568 HDAudBus - ok
02:04:55.0970 1568 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
02:04:55.0972 1568 HidBatt - ok
02:04:55.0995 1568 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
02:04:55.0997 1568 HidBth - ok
02:04:56.0009 1568 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
02:04:56.0010 1568 HidIr - ok
02:04:56.0038 1568 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
02:04:56.0039 1568 hidserv - ok
02:04:56.0070 1568 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
02:04:56.0071 1568 HidUsb - ok
02:04:56.0100 1568 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
02:04:56.0102 1568 hkmsvc - ok
02:04:56.0123 1568 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
02:04:56.0126 1568 HomeGroupListener - ok
02:04:56.0162 1568 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
02:04:56.0165 1568 HomeGroupProvider - ok
02:04:56.0207 1568 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
02:04:56.0208 1568 HpSAMD - ok
02:04:56.0249 1568 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
02:04:56.0256 1568 HTTP - ok
02:04:56.0277 1568 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
02:04:56.0278 1568 hwpolicy - ok
02:04:56.0306 1568 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
02:04:56.0308 1568 i8042prt - ok
02:04:56.0333 1568 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\drivers\iaStor.sys
02:04:56.0336 1568 iaStor - ok
02:04:56.0418 1568 IAStorDataMgrSvc (e79a8e33bd136d14bae1fa20eb2ef124) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
02:04:56.0419 1568 IAStorDataMgrSvc - ok
02:04:56.0524 1568 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
02:04:56.0530 1568 iaStorV - ok
02:04:56.0591 1568 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:04:56.0600 1568 idsvc - ok
02:04:56.0841 1568 igfx (9937600a1584ff00565d5379eb4c9edb) C:\Windows\system32\DRIVERS\igdkmd64.sys
02:04:57.0056 1568 igfx - ok
02:04:57.0085 1568 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
02:04:57.0086 1568 iirsp - ok
02:04:57.0134 1568 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
02:04:57.0143 1568 IKEEXT - ok
02:04:57.0269 1568 IntcAzAudAddService (cb7dadef3d83fe2c12655a0bdcba99f2) C:\Windows\system32\drivers\RTKVHD64.sys
02:04:57.0326 1568 IntcAzAudAddService - ok
02:04:57.0628 1568 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
02:04:57.0631 1568 IntcDAud - ok
02:04:57.0713 1568 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
02:04:57.0714 1568 intelide - ok
02:04:57.0750 1568 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
02:04:57.0752 1568 intelppm - ok
02:04:57.0787 1568 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
02:04:57.0789 1568 IPBusEnum - ok
02:04:57.0803 1568 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:04:57.0805 1568 IpFilterDriver - ok
02:04:57.0834 1568 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
02:04:57.0840 1568 iphlpsvc - ok
02:04:57.0855 1568 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
02:04:57.0857 1568 IPMIDRV - ok
02:04:57.0881 1568 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
02:04:57.0883 1568 IPNAT - ok
02:04:58.0119 1568 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
02:04:58.0128 1568 iPod Service - ok
02:04:58.0218 1568 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
02:04:58.0219 1568 IRENUM - ok
02:04:58.0257 1568 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
02:04:58.0258 1568 isapnp - ok
02:04:58.0291 1568 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
02:04:58.0295 1568 iScsiPrt - ok
02:04:58.0338 1568 k57nd60a (455b75c19bf3f1f2ee3ac10e1169826c) C:\Windows\system32\DRIVERS\k57nd60a.sys
02:04:58.0340 1568 k57nd60a - ok
02:04:58.0374 1568 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
02:04:58.0374 1568 kbdclass - ok
02:04:58.0410 1568 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
02:04:58.0411 1568 kbdhid - ok
02:04:58.0462 1568 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:04:58.0463 1568 KeyIso - ok
02:04:58.0480 1568 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
02:04:58.0482 1568 KSecDD - ok
02:04:58.0503 1568 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
02:04:58.0505 1568 KSecPkg - ok
02:04:58.0543 1568 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
02:04:58.0544 1568 ksthunk - ok
02:04:58.0578 1568 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
02:04:58.0583 1568 KtmRm - ok
02:04:58.0627 1568 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
02:04:58.0630 1568 LanmanServer - ok
02:04:58.0660 1568 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
02:04:58.0663 1568 LanmanWorkstation - ok
02:04:58.0765 1568 Lavasoft Ad-Aware Service (ed60ffd305ac0424920d146db9f9ed78) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
02:04:58.0812 1568 Lavasoft Ad-Aware Service - ok
02:04:58.0867 1568 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
02:04:58.0868 1568 Lavasoft Kernexplorer - ok
02:04:58.0958 1568 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
02:04:58.0960 1568 Lbd - ok
02:04:59.0010 1568 Live Updater Service (b705c7097f9a0ec941d02dce7c7d426c) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
02:04:59.0013 1568 Live Updater Service - ok
02:04:59.0078 1568 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
02:04:59.0080 1568 lltdio - ok
02:04:59.0113 1568 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
02:04:59.0117 1568 lltdsvc - ok
02:04:59.0138 1568 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
02:04:59.0139 1568 lmhosts - ok
02:04:59.0216 1568 LMS (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
02:04:59.0220 1568 LMS - ok
02:04:59.0300 1568 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
02:04:59.0302 1568 LSI_FC - ok
02:04:59.0321 1568 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
02:04:59.0322 1568 LSI_SAS - ok
02:04:59.0344 1568 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
02:04:59.0346 1568 LSI_SAS2 - ok
02:04:59.0366 1568 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
02:04:59.0368 1568 LSI_SCSI - ok
02:04:59.0397 1568 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
02:04:59.0399 1568 luafv - ok
02:04:59.0419 1568 McAfee SiteAdvisor Service - ok
02:04:59.0500 1568 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
02:04:59.0502 1568 Mcx2Svc - ok
02:04:59.0573 1568 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
02:04:59.0573 1568 megasas - ok
02:04:59.0598 1568 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
02:04:59.0602 1568 MegaSR - ok
02:04:59.0708 1568 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
02:04:59.0709 1568 MEIx64 - ok
02:04:59.0785 1568 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:04:59.0787 1568 MMCSS - ok
02:04:59.0820 1568 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
02:04:59.0821 1568 Modem - ok
02:04:59.0899 1568 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
02:04:59.0900 1568 monitor - ok
02:04:59.0950 1568 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
02:04:59.0950 1568 mouclass - ok
02:04:59.0976 1568 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
02:04:59.0977 1568 mouhid - ok
02:04:59.0992 1568 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
02:04:59.0993 1568 mountmgr - ok
02:05:00.0010 1568 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
02:05:00.0013 1568 mpio - ok
02:05:00.0031 1568 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
02:05:00.0032 1568 mpsdrv - ok
02:05:00.0089 1568 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
02:05:00.0098 1568 MpsSvc - ok
02:05:00.0167 1568 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
02:05:00.0169 1568 MRxDAV - ok
02:05:00.0196 1568 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:05:00.0198 1568 mrxsmb - ok
02:05:00.0238 1568 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:05:00.0241 1568 mrxsmb10 - ok
02:05:00.0294 1568 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:05:00.0296 1568 mrxsmb20 - ok
02:05:00.0318 1568 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
02:05:00.0319 1568 msahci - ok
02:05:00.0345 1568 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
02:05:00.0347 1568 msdsm - ok
02:05:00.0383 1568 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
02:05:00.0385 1568 MSDTC - ok
02:05:00.0427 1568 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
02:05:00.0428 1568 Msfs - ok
02:05:00.0449 1568 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
02:05:00.0450 1568 mshidkmdf - ok
02:05:00.0467 1568 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
02:05:00.0468 1568 msisadrv - ok
02:05:00.0507 1568 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
02:05:00.0510 1568 MSiSCSI - ok
02:05:00.0519 1568 msiserver - ok
02:05:00.0578 1568 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
02:05:00.0579 1568 MSKSSRV - ok
02:05:00.0589 1568 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
02:05:00.0589 1568 MSPCLOCK - ok
02:05:00.0598 1568 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
02:05:00.0599 1568 MSPQM - ok
02:05:00.0646 1568 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
02:05:00.0650 1568 MsRPC - ok
02:05:00.0686 1568 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
02:05:00.0687 1568 mssmbios - ok
02:05:00.0701 1568 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
02:05:00.0701 1568 MSTEE - ok
02:05:00.0715 1568 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
02:05:00.0716 1568 MTConfig - ok
02:05:00.0731 1568 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
02:05:00.0732 1568 Mup - ok
02:05:00.0773 1568 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
02:05:00.0780 1568 napagent - ok
02:05:00.0841 1568 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
02:05:00.0845 1568 NativeWifiP - ok
02:05:00.0984 1568 NAUpdate (1bbbf640bc0e0b750537baece8d66c18) C:\Program Files (x86)\Nero\Update\NASvc.exe
02:05:00.0991 1568 NAUpdate - ok
02:05:01.0107 1568 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
02:05:01.0116 1568 NDIS - ok
02:05:01.0150 1568 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
02:05:01.0151 1568 NdisCap - ok
02:05:01.0189 1568 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
02:05:01.0190 1568 NdisTapi - ok
02:05:01.0214 1568 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
02:05:01.0215 1568 Ndisuio - ok
02:05:01.0244 1568 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
02:05:01.0246 1568 NdisWan - ok
02:05:01.0272 1568 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
02:05:01.0273 1568 NDProxy - ok
02:05:01.0300 1568 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
02:05:01.0301 1568 NetBIOS - ok
02:05:01.0321 1568 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
02:05:01.0324 1568 NetBT - ok
02:05:01.0373 1568 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:05:01.0374 1568 Netlogon - ok
02:05:01.0411 1568 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
02:05:01.0416 1568 Netman - ok
02:05:01.0435 1568 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
02:05:01.0440 1568 netprofm - ok
02:05:01.0501 1568 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:05:01.0503 1568 NetTcpPortSharing - ok
02:05:01.0560 1568 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
02:05:01.0561 1568 nfrd960 - ok
02:05:01.0604 1568 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
02:05:01.0608 1568 NlaSvc - ok
02:05:01.0621 1568 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
02:05:01.0622 1568 Npfs - ok
02:05:01.0639 1568 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
02:05:01.0640 1568 nsi - ok
02:05:01.0654 1568 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
02:05:01.0654 1568 nsiproxy - ok
02:05:01.0702 1568 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
02:05:01.0734 1568 Ntfs - ok
02:05:01.0862 1568 NTI IScheduleSvc (d27a4546417ed7c4aea7b3420d4f1f50) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
02:05:01.0865 1568 NTI IScheduleSvc - ok
02:05:01.0984 1568 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
02:05:01.0984 1568 NTIDrvr - ok
02:05:02.0018 1568 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
02:05:02.0019 1568 Null - ok
02:05:02.0073 1568 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
02:05:02.0075 1568 nvraid - ok
02:05:02.0102 1568 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
02:05:02.0104 1568 nvstor - ok
02:05:02.0114 1568 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
02:05:02.0116 1568 nv_agp - ok
02:05:02.0132 1568 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
02:05:02.0133 1568 ohci1394 - ok
02:05:02.0172 1568 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:05:02.0176 1568 p2pimsvc - ok
02:05:02.0200 1568 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
02:05:02.0206 1568 p2psvc - ok
02:05:02.0275 1568 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
02:05:02.0276 1568 Parport - ok
02:05:02.0291 1568 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
02:05:02.0292 1568 partmgr - ok
02:05:02.0335 1568 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
02:05:02.0338 1568 PcaSvc - ok
02:05:02.0402 1568 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
02:05:02.0405 1568 pci - ok
02:05:02.0425 1568 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
02:05:02.0427 1568 pciide - ok
02:05:02.0449 1568 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
02:05:02.0452 1568 pcmcia - ok
02:05:02.0467 1568 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
02:05:02.0468 1568 pcw - ok
02:05:02.0499 1568 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
02:05:02.0506 1568 PEAUTH - ok
02:05:02.0556 1568 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
02:05:02.0558 1568 PerfHost - ok
02:05:02.0643 1568 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
02:05:02.0675 1568 pla - ok
02:05:02.0721 1568 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
02:05:02.0726 1568 PlugPlay - ok
02:05:02.0756 1568 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
02:05:02.0758 1568 PNRPAutoReg - ok
02:05:02.0783 1568 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:05:02.0786 1568 PNRPsvc - ok
02:05:02.0825 1568 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
02:05:02.0831 1568 PolicyAgent - ok
02:05:02.0861 1568 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
02:05:02.0864 1568 Power - ok
02:05:02.0921 1568 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
02:05:02.0922 1568 PptpMiniport - ok
02:05:02.0940 1568 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
02:05:02.0941 1568 Processor - ok
02:05:02.0989 1568 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
02:05:02.0992 1568 ProfSvc - ok
02:05:03.0040 1568 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:05:03.0040 1568 ProtectedStorage - ok
02:05:03.0101 1568 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
02:05:03.0102 1568 Psched - ok
02:05:03.0138 1568 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
02:05:03.0170 1568 ql2300 - ok
02:05:03.0188 1568 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
02:05:03.0190 1568 ql40xx - ok
02:05:03.0229 1568 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
02:05:03.0232 1568 QWAVE - ok
02:05:03.0251 1568 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
02:05:03.0252 1568 QWAVEdrv - ok
02:05:03.0273 1568 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
02:05:03.0274 1568 RasAcd - ok
02:05:03.0314 1568 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:05:03.0315 1568 RasAgileVpn - ok
02:05:03.0353 1568 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
02:05:03.0355 1568 RasAuto - ok
02:05:03.0383 1568 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:05:03.0385 1568 Rasl2tp - ok
02:05:03.0410 1568 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
02:05:03.0415 1568 RasMan - ok
02:05:03.0438 1568 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
02:05:03.0439 1568 RasPppoe - ok
02:05:03.0470 1568 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
02:05:03.0472 1568 RasSstp - ok
02:05:03.0496 1568 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
02:05:03.0500 1568 rdbss - ok
02:05:03.0520 1568 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
02:05:03.0521 1568 rdpbus - ok
02:05:03.0540 1568 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:05:03.0541 1568 RDPCDD - ok
02:05:03.0583 1568 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
02:05:03.0583 1568 RDPENCDD - ok
02:05:03.0601 1568 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
02:05:03.0601 1568 RDPREFMP - ok
02:05:03.0656 1568 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
02:05:03.0658 1568 RDPWD - ok
02:05:03.0689 1568 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
02:05:03.0692 1568 rdyboost - ok
02:05:03.0729 1568 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
02:05:03.0731 1568 RemoteAccess - ok
02:05:03.0771 1568 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
02:05:03.0774 1568 RemoteRegistry - ok
02:05:03.0805 1568 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
02:05:03.0807 1568 RpcEptMapper - ok
02:05:03.0835 1568 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
02:05:03.0837 1568 RpcLocator - ok
02:05:03.0863 1568 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
02:05:03.0867 1568 RpcSs - ok
02:05:03.0931 1568 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
02:05:03.0933 1568 rspndr - ok
02:05:03.0984 1568 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:05:03.0985 1568 SamSs - ok
02:05:04.0008 1568 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
02:05:04.0009 1568 sbp2port - ok
02:05:04.0134 1568 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
02:05:04.0164 1568 SBSDWSCService - ok
02:05:04.0262 1568 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
02:05:04.0265 1568 SCardSvr - ok
02:05:04.0323 1568 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
02:05:04.0324 1568 scfilter - ok
02:05:04.0377 1568 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
02:05:04.0395 1568 Schedule - ok
02:05:04.0441 1568 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
02:05:04.0442 1568 SCPolicySvc - ok
02:05:04.0487 1568 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
02:05:04.0488 1568 sdbus - ok
02:05:04.0523 1568 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
02:05:04.0527 1568 SDRSVC - ok
02:05:04.0653 1568 SeagateDashboardService (a1a26e8ec51e199d873d85f3e2b6fc65) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
02:05:04.0655 1568 SeagateDashboardService - ok
02:05:04.0791 1568 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
02:05:04.0792 1568 secdrv - ok
02:05:04.0834 1568 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
02:05:04.0836 1568 seclogon - ok
02:05:04.0876 1568 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
02:05:04.0878 1568 SENS - ok
02:05:04.0911 1568 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
02:05:04.0912 1568 SensrSvc - ok
02:05:04.0968 1568 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
02:05:04.0969 1568 Serenum - ok
02:05:05.0012 1568 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
02:05:05.0013 1568 Serial - ok
02:05:05.0032 1568 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
02:05:05.0033 1568 sermouse - ok
02:05:05.0068 1568 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
02:05:05.0071 1568 SessionEnv - ok
02:05:05.0144 1568 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
02:05:05.0145 1568 sffdisk - ok
02:05:05.0187 1568 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
02:05:05.0188 1568 sffp_mmc - ok
02:05:05.0216 1568 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
02:05:05.0217 1568 sffp_sd - ok
02:05:05.0295 1568 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
02:05:05.0296 1568 sfloppy - ok
02:05:05.0347 1568 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
02:05:05.0352 1568 SharedAccess - ok
02:05:05.0406 1568 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
02:05:05.0411 1568 ShellHWDetection - ok
02:05:05.0480 1568 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
02:05:05.0481 1568 SiSRaid2 - ok
02:05:05.0535 1568 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
02:05:05.0537 1568 SiSRaid4 - ok
02:05:05.0593 1568 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
02:05:05.0595 1568 Smb - ok
02:05:05.0691 1568 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
02:05:05.0693 1568 SNMPTRAP - ok
02:05:05.0761 1568 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
02:05:05.0762 1568 spldr - ok
02:05:05.0890 1568 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
02:05:05.0897 1568 Spooler - ok
02:05:06.0035 1568 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
02:05:06.0102 1568 sppsvc - ok
02:05:06.0206 1568 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
02:05:06.0208 1568 sppuinotify - ok
02:05:06.0278 1568 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
02:05:06.0283 1568 srv - ok
02:05:06.0305 1568 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
02:05:06.0309 1568 srv2 - ok
02:05:06.0339 1568 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
02:05:06.0341 1568 srvnet - ok
02:05:06.0395 1568 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
02:05:06.0398 1568 SSDPSRV - ok
02:05:06.0423 1568 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
02:05:06.0426 1568 SstpSvc - ok
02:05:06.0482 1568 Steam Client Service - ok
02:05:06.0639 1568 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
02:05:06.0640 1568 stexstor - ok
02:05:06.0714 1568 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
02:05:06.0721 1568 stisvc - ok
02:05:06.0740 1568 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
02:05:06.0740 1568 swenum - ok
02:05:06.0901 1568 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
02:05:06.0907 1568 SwitchBoard - ok
02:05:07.0038 1568 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
02:05:07.0044 1568 swprv - ok
02:05:07.0130 1568 SynTP (ef51b22706db03f0857fade127c804ec) C:\Windows\system32\DRIVERS\SynTP.sys
02:05:07.0137 1568 SynTP - ok
02:05:07.0217 1568 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
02:05:07.0250 1568 SysMain - ok
02:05:07.0326 1568 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
02:05:07.0328 1568 TabletInputService - ok
02:05:07.0354 1568 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
02:05:07.0358 1568 TapiSrv - ok
02:05:07.0403 1568 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
02:05:07.0404 1568 TBS - ok
02:05:07.0487 1568 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
02:05:07.0532 1568 Tcpip - ok
02:05:07.0753 1568 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
02:05:07.0763 1568 TCPIP6 - ok
02:05:07.0831 1568 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
02:05:07.0832 1568 tcpipreg - ok
02:05:07.0854 1568 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
02:05:07.0854 1568 TDPIPE - ok
02:05:07.0884 1568 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
02:05:07.0884 1568 TDTCP - ok
02:05:07.0964 1568 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
02:05:07.0966 1568 tdx - ok
02:05:07.0980 1568 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
02:05:07.0980 1568 TermDD - ok
02:05:08.0043 1568 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
02:05:08.0051 1568 TermService - ok
02:05:08.0074 1568 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
02:05:08.0076 1568 Themes - ok
02:05:08.0117 1568 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:05:08.0119 1568 THREADORDER - ok
02:05:08.0177 1568 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
02:05:08.0179 1568 TrkWks - ok
02:05:08.0262 1568 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
02:05:08.0265 1568 TrustedInstaller - ok
02:05:08.0361 1568 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:05:08.0362 1568 tssecsrv - ok
02:05:08.0573 1568 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
02:05:08.0602 1568 TsUsbFlt - ok
02:05:08.0742 1568 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
02:05:08.0743 1568 TsUsbGD - ok
02:05:08.0936 1568 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
02:05:08.0938 1568 tunnel - ok
02:05:09.0039 1568 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
02:05:09.0040 1568 TurboB - ok
02:05:09.0097 1568 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
02:05:09.0100 1568 TurboBoost - ok
02:05:09.0256 1568 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
02:05:09.0258 1568 uagp35 - ok
02:05:09.0444 1568 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
02:05:09.0445 1568 UBHelper - ok
02:05:09.0584 1568 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
02:05:09.0588 1568 udfs - ok
02:05:09.0732 1568 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
02:05:09.0734 1568 UI0Detect - ok
02:05:09.0870 1568 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
02:05:09.0871 1568 uliagpkx - ok
02:05:10.0061 1568 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
02:05:10.0062 1568 umbus - ok
02:05:10.0253 1568 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
02:05:10.0254 1568 UmPass - ok
02:05:10.0380 1568 UNS (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
02:05:10.0437 1568 UNS - ok
02:05:10.0617 1568 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
02:05:10.0622 1568 upnphost - ok
02:05:10.0799 1568 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
02:05:10.0800 1568 USBAAPL64 - ok
02:05:10.0874 1568 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
02:05:10.0875 1568 usbccgp - ok
02:05:11.0063 1568 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
02:05:11.0064 1568 usbcir - ok
02:05:11.0236 1568 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
02:05:11.0237 1568 usbehci - ok
02:05:11.0427 1568 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
02:05:11.0431 1568 usbhub - ok
02:05:11.0493 1568 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
02:05:11.0494 1568 usbohci - ok
02:05:11.0504 1568 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
02:05:11.0505 1568 usbprint - ok
02:05:11.0551 1568 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:05:11.0552 1568 USBSTOR - ok
02:05:11.0580 1568 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
02:05:11.0581 1568 usbuhci - ok
02:05:11.0684 1568 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
02:05:11.0686 1568 usbvideo - ok
02:05:11.0778 1568 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
02:05:11.0781 1568 UxSms - ok
02:05:11.0917 1568 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:05:11.0918 1568 VaultSvc - ok
02:05:12.0049 1568 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
02:05:12.0050 1568 vdrvroot - ok
02:05:12.0193 1568 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
02:05:12.0200 1568 vds - ok
02:05:12.0371 1568 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
02:05:12.0372 1568 vga - ok
02:05:12.0395 1568 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
02:05:12.0396 1568 VgaSave - ok
02:05:12.0558 1568 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
02:05:12.0560 1568 vhdmp - ok
02:05:12.0577 1568 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
02:05:12.0578 1568 viaide - ok
02:05:12.0759 1568 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
02:05:12.0762 1568 volmgr - ok
02:05:12.0828 1568 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
02:05:12.0848 1568 volmgrx - ok
02:05:13.0011 1568 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
02:05:13.0014 1568 volsnap - ok
02:05:13.0058 1568 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
02:05:13.0060 1568 vsmraid - ok
02:05:13.0133 1568 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
02:05:13.0163 1568 VSS - ok
02:05:13.0284 1568 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
02:05:13.0285 1568 vwifibus - ok
02:05:13.0345 1568 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
02:05:13.0346 1568 vwififlt - ok
02:05:13.0402 1568 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
02:05:13.0407 1568 W32Time - ok
02:05:13.0449 1568 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
02:05:13.0450 1568 WacomPen - ok
02:05:13.0489 1568 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:05:13.0490 1568 WANARP - ok
02:05:13.0508 1568 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:05:13.0508 1568 Wanarpv6 - ok
02:05:13.0660 1568 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
02:05:13.0690 1568 WatAdminSvc - ok
02:05:13.0762 1568 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
02:05:13.0795 1568 wbengine - ok
02:05:13.0825 1568 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
02:05:13.0829 1568 WbioSrvc - ok
02:05:13.0851 1568 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
02:05:13.0856 1568 wcncsvc - ok
02:05:13.0888 1568 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
02:05:13.0890 1568 WcsPlugInService - ok
02:05:13.0922 1568 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
02:05:13.0923 1568 Wd - ok
02:05:13.0954 1568 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
02:05:13.0961 1568 Wdf01000 - ok
02:05:13.0969 1568 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:05:13.0972 1568 WdiServiceHost - ok
02:05:13.0975 1568 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:05:13.0977 1568 WdiSystemHost - ok
02:05:14.0016 1568 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
02:05:14.0020 1568 WebClient - ok
02:05:14.0038 1568 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
02:05:14.0041 1568 Wecsvc - ok
02:05:14.0091 1568 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
02:05:14.0093 1568 wercplsupport - ok
02:05:14.0128 1568 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
02:05:14.0130 1568 WerSvc - ok
02:05:14.0167 1568 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
02:05:14.0168 1568 WfpLwf - ok
02:05:14.0188 1568 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
02:05:14.0189 1568 WIMMount - ok
02:05:14.0226 1568 WinDefend - ok
02:05:14.0230 1568 WinHttpAutoProxySvc - ok
02:05:14.0320 1568 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
02:05:14.0324 1568 Winmgmt - ok
02:05:14.0434 1568 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
02:05:14.0479 1568 WinRM - ok
02:05:14.0636 1568 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
02:05:14.0637 1568 WinUsb - ok
02:05:14.0691 1568 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
02:05:14.0701 1568 Wlansvc - ok
02:05:14.0765 1568 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
02:05:14.0767 1568 wlcrasvc - ok
02:05:14.0851 1568 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:05:14.0897 1568 wlidsvc - ok
02:05:15.0035 1568 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
02:05:15.0036 1568 WmiAcpi - ok
02:05:15.0084 1568 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
02:05:15.0088 1568 wmiApSrv - ok
02:05:15.0181 1568 WMPNetworkSvc - ok
02:05:15.0292 1568 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
02:05:15.0293 1568 WPCSvc - ok
02:05:15.0314 1568 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
02:05:15.0316 1568 WPDBusEnum - ok
02:05:15.0429 1568 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
02:05:15.0430 1568 ws2ifsl - ok
02:05:15.0579 1568 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
02:05:15.0581 1568 wscsvc - ok
02:05:15.0588 1568 WSearch - ok
02:05:15.0658 1568 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
02:05:15.0704 1568 wuauserv - ok
02:05:15.0839 1568 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
02:05:15.0841 1568 WudfPf - ok
02:05:15.0875 1568 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:05:15.0877 1568 WUDFRd - ok
02:05:15.0914 1568 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
02:05:15.0917 1568 wudfsvc - ok
02:05:15.0942 1568 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
02:05:15.0946 1568 WwanSvc - ok
02:05:15.0973 1568 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
02:05:16.0038 1568 \Device\Harddisk0\DR0 - ok
02:05:16.0040 1568 Boot (0x1200) (2208bd149bb5dc2f870eb324b4569622) \Device\Harddisk0\DR0\Partition0
02:05:16.0041 1568 \Device\Harddisk0\DR0\Partition0 - ok
02:05:16.0050 1568 Boot (0x1200) (0ebe50c3299c804dfd289e328c43f9e1) \Device\Harddisk0\DR0\Partition1
02:05:16.0051 1568 \Device\Harddisk0\DR0\Partition1 - ok
02:05:16.0052 1568 ============================================================
02:05:16.0052 1568 Scan finished
02:05:16.0052 1568 ============================================================
02:05:16.0059 2704 Detected object count: 0
02:05:16.0059 2704 Actual detected object count: 0
02:05:44.0900 2508 Deinitialize success




Edit1: I'm still in safe mode btw.

Edited by overseastom, 21 March 2012 - 09:08 PM.


#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:03 AM

Posted 21 March 2012 - 09:30 PM

OK,after aswMBR
Reset the HOSTS file it still showed empty.

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 overseastom

overseastom
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 AM

Posted 21 March 2012 - 09:38 PM

Still in safe mode, now running aswMBR. I allowed it to update the Avast virus definitions and then scanned. Here's the log file:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-22 02:09:11
-----------------------------
02:09:11.093 OS Version: Windows x64 6.1.7601 Service Pack 1
02:09:11.093 Number of processors: 4 586 0x2A07
02:09:11.093 ComputerName: T-LAPTOP UserName: T-Bone
02:09:12.188 Initialize success
02:09:46.705 AVAST engine defs: 12032000
02:11:11.258 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:11:11.259 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
02:11:11.278 Disk 0 MBR read successfully
02:11:11.284 Disk 0 MBR scan
02:11:11.287 Disk 0 Windows 7 default MBR code
02:11:11.320 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18432 MB offset 2048
02:11:11.331 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 37750784
02:11:11.344 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 458406 MB offset 37955584
02:11:11.369 Disk 0 scanning C:\Windows\system32\drivers
02:11:17.931 Service scanning
02:11:35.101 Modules scanning
02:11:35.107 Disk 0 trace - called modules:
02:11:35.122 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
02:11:35.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80092bd060]
02:11:35.129 3 CLASSPNP.SYS[fffff88001d7543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007a08050]
02:11:36.489 AVAST engine scan C:\Windows
02:11:38.471 AVAST engine scan C:\Windows\system32
02:13:30.910 AVAST engine scan C:\Windows\system32\drivers
02:13:39.065 AVAST engine scan C:\Users\T-Bone
02:36:47.279 Disk 0 MBR has been saved successfully to "C:\Users\T-Bone\Desktop\MBR.dat"
02:36:47.279 The log file has been saved successfully to "C:\Users\T-Bone\Desktop\aswMBR.txt"




I just realised that it was only set to quick scan. Should I have done a full scan?

#15 overseastom

overseastom
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 AM

Posted 21 March 2012 - 09:46 PM

I tried using the FixIt button to reset the hosts file, but unfortunately the installer won't run in Safe Mode. I did download a blank Win 7 hosts file from an earlier link though, so perhaps that's why you're not seeing anything suspect in it?

Here's the text of the current hosts file:


# Copyright © 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users