Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some really weird behaviour going on


  • Please log in to reply
12 replies to this topic

#1 Blue_Wolf

Blue_Wolf

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 20 July 2012 - 04:15 PM

Over the last week my pc has been suddenly freezing up whether it was something in a game I did or something I clicked in a browser. This can happen 5 minutes after I start it up or after 5 hours.

Other programs will still be clickable but the taskbar will start to randomly go in and out of focus, flashing, and not be clickable.


Then, JUST my browser internet dies. It just forever says 'Connecting...' until I reboot. But chat programs and games will still be online.


During the freezing episodes I try going to Ctrl + Alt + Delete and it takes ages, then an error comes up saying shut down and restart options are missing.

When I try doing a system restore it fails saying it couldn't copy my windows folder.

I tried doing a system restore through the F8 boot option and that worked, it said it failed, but then when I logged in it said it worked.


Also everything seems to be fine in safe mode, internet never dies. That's what is making me suspect a rootkit or something.

Does this sound like a virus is messing with my pc? what should I do?


I have tried:

Super Anti Spyware full scan
Malwarebytes full scan
MS Securities Essentials full scan
Sophos Anti Rootkit
malicious software removal tool

Thanks in advance.

Edited by Blue_Wolf, 20 July 2012 - 04:19 PM.


BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:00 PM

Posted 20 July 2012 - 07:44 PM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs, unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

Step 1

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Step 2

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 3

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Step 4

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points
NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 Blue_Wolf

Blue_Wolf
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 21 July 2012 - 04:58 AM

Hi, thanks for getting back to me, here are my results.

1. TDSS Rootkit Removing Tool

10:13:18.0379 2428 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
10:13:18.0489 2428 ============================================================
10:13:18.0489 2428 Current date / time: 2012/07/21 10:13:18.0489
10:13:18.0489 2428 SystemInfo:
10:13:18.0489 2428
10:13:18.0489 2428 OS Version: 6.1.7601 ServicePack: 1.0
10:13:18.0489 2428 Product type: Workstation
10:13:18.0489 2428 ComputerName: M17X-PC
10:13:18.0489 2428 UserName: M17x
10:13:18.0489 2428 Windows directory: C:\Windows
10:13:18.0489 2428 System windows directory: C:\Windows
10:13:18.0489 2428 Running under WOW64
10:13:18.0489 2428 Processor architecture: Intel x64
10:13:18.0489 2428 Number of processors: 4
10:13:18.0489 2428 Page size: 0x1000
10:13:18.0490 2428 Boot type: Normal boot
10:13:18.0490 2428 ============================================================
10:13:19.0727 2428 Drive \Device\Harddisk0\DR0 - Size: 0xE8E1800000 (931.52 Gb), SectorSize: 0x200, Cylinders: 0x1DB02, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:13:19.0738 2428 ============================================================
10:13:19.0738 2428 \Device\Harddisk0\DR0:
10:13:19.0738 2428 MBR partitions:
10:13:19.0738 2428 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x7343F000
10:13:19.0738 2428 ============================================================
10:13:19.0779 2428 C: <-> \Device\Harddisk0\DR0\Partition0
10:13:19.0779 2428 ============================================================
10:13:19.0779 2428 Initialize success
10:13:19.0780 2428 ============================================================
10:13:24.0637 4468 ============================================================
10:13:24.0637 4468 Scan started
10:13:24.0637 4468 Mode: Manual; SigCheck; TDLFS;
10:13:24.0637 4468 ============================================================
10:13:25.0385 4468 !SASCORE (a0709b82fa3b5afad1467e565b8b3ba0) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
10:13:25.0430 4468 !SASCORE ( UnsignedFile.Multi.Generic ) - warning
10:13:25.0430 4468 !SASCORE - detected UnsignedFile.Multi.Generic (1)
10:13:25.0673 4468 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:13:25.0692 4468 1394ohci - ok
10:13:25.0787 4468 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:13:25.0803 4468 ACPI - ok
10:13:25.0880 4468 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:13:25.0896 4468 AcpiPmi - ok
10:13:26.0090 4468 Ad-Aware Service (09e61047b0cef21559cfcedf4f14d216) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
10:13:26.0115 4468 Ad-Aware Service - ok
10:13:26.0273 4468 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:13:26.0283 4468 AdobeARMservice - ok
10:13:26.0579 4468 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:13:26.0591 4468 AdobeFlashPlayerUpdateSvc - ok
10:13:26.0776 4468 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:13:26.0794 4468 adp94xx - ok
10:13:26.0841 4468 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:13:26.0857 4468 adpahci - ok
10:13:26.0873 4468 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:13:26.0887 4468 adpu320 - ok
10:13:26.0936 4468 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:13:26.0970 4468 AeLookupSvc - ok
10:13:27.0310 4468 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac576d174925c1c6\AESTSr64.exe
10:13:27.0324 4468 AESTFilters - ok
10:13:27.0444 4468 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:13:27.0462 4468 AFD - ok
10:13:27.0523 4468 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:13:27.0535 4468 agp440 - ok
10:13:27.0598 4468 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:13:27.0613 4468 ALG - ok
10:13:27.0792 4468 AlienFusionService (a99e57669390f265d25288c8ba042d78) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
10:13:27.0800 4468 AlienFusionService - ok
10:13:27.0842 4468 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:13:27.0854 4468 aliide - ok
10:13:27.0879 4468 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:13:27.0891 4468 amdide - ok
10:13:27.0936 4468 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:13:27.0950 4468 AmdK8 - ok
10:13:27.0955 4468 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:13:27.0969 4468 AmdPPM - ok
10:13:28.0065 4468 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:13:28.0077 4468 amdsata - ok
10:13:28.0100 4468 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:13:28.0113 4468 amdsbs - ok
10:13:28.0125 4468 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:13:28.0136 4468 amdxata - ok
10:13:28.0201 4468 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:13:28.0233 4468 AppID - ok
10:13:28.0251 4468 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:13:28.0284 4468 AppIDSvc - ok
10:13:28.0307 4468 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:13:28.0339 4468 Appinfo - ok
10:13:28.0466 4468 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:13:28.0476 4468 Apple Mobile Device - ok
10:13:28.0549 4468 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
10:13:28.0564 4468 AppMgmt - ok
10:13:28.0596 4468 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:13:28.0608 4468 arc - ok
10:13:28.0615 4468 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:13:28.0628 4468 arcsas - ok
10:13:28.0853 4468 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:13:28.0863 4468 aspnet_state - ok
10:13:28.0933 4468 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:13:28.0966 4468 AsyncMac - ok
10:13:29.0028 4468 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:13:29.0040 4468 atapi - ok
10:13:29.0187 4468 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:13:29.0224 4468 AudioEndpointBuilder - ok
10:13:29.0230 4468 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:13:29.0267 4468 AudioSrv - ok
10:13:29.0345 4468 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:13:29.0364 4468 AxInstSV - ok
10:13:29.0406 4468 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:13:29.0423 4468 b06bdrv - ok
10:13:29.0456 4468 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:13:29.0472 4468 b57nd60a - ok
10:13:29.0492 4468 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
10:13:29.0562 4468 BCM42RLY - ok
10:13:29.0695 4468 BCM43XX (d84b17b03376acbb7717928071429707) C:\Windows\system32\DRIVERS\bcmwl664.sys
10:13:29.0741 4468 BCM43XX - ok
10:13:29.0895 4468 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:13:29.0909 4468 BDESVC - ok
10:13:29.0947 4468 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:13:29.0980 4468 Beep - ok
10:13:30.0131 4468 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:13:30.0169 4468 BFE - ok
10:13:30.0264 4468 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
10:13:30.0304 4468 BITS - ok
10:13:30.0344 4468 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:13:30.0358 4468 blbdrive - ok
10:13:30.0568 4468 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:13:30.0582 4468 Bonjour Service - ok
10:13:30.0651 4468 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:13:30.0665 4468 bowser - ok
10:13:30.0677 4468 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:13:30.0693 4468 BrFiltLo - ok
10:13:30.0703 4468 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:13:30.0718 4468 BrFiltUp - ok
10:13:30.0801 4468 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:13:30.0834 4468 Browser - ok
10:13:30.0877 4468 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:13:30.0894 4468 Brserid - ok
10:13:30.0898 4468 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:13:30.0914 4468 BrSerWdm - ok
10:13:30.0924 4468 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:13:30.0940 4468 BrUsbMdm - ok
10:13:30.0953 4468 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:13:30.0967 4468 BrUsbSer - ok
10:13:30.0978 4468 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:13:30.0995 4468 BTHMODEM - ok
10:13:31.0012 4468 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:13:31.0046 4468 bthserv - ok
10:13:31.0066 4468 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:13:31.0100 4468 cdfs - ok
10:13:31.0177 4468 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:13:31.0192 4468 cdrom - ok
10:13:31.0295 4468 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:13:31.0327 4468 CertPropSvc - ok
10:13:31.0374 4468 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:13:31.0390 4468 circlass - ok
10:13:31.0430 4468 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:13:31.0446 4468 CLFS - ok
10:13:31.0536 4468 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:13:31.0547 4468 clr_optimization_v2.0.50727_32 - ok
10:13:31.0606 4468 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:13:31.0617 4468 clr_optimization_v2.0.50727_64 - ok
10:13:31.0795 4468 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:13:31.0805 4468 clr_optimization_v4.0.30319_32 - ok
10:13:32.0008 4468 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:13:32.0019 4468 clr_optimization_v4.0.30319_64 - ok
10:13:32.0120 4468 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:13:32.0134 4468 CmBatt - ok
10:13:32.0216 4468 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:13:32.0227 4468 cmdide - ok
10:13:32.0304 4468 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
10:13:32.0326 4468 CNG - ok
10:13:32.0383 4468 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:13:32.0395 4468 Compbatt - ok
10:13:32.0442 4468 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:13:32.0458 4468 CompositeBus - ok
10:13:32.0480 4468 COMSysApp - ok
10:13:32.0670 4468 cpuz130 - ok
10:13:32.0707 4468 cpuz132 - ok
10:13:32.0772 4468 cpuz135 (ccb09eb78e047c931708149992c2e435) C:\Windows\system32\drivers\cpuz135_x64.sys
10:13:32.0781 4468 cpuz135 - ok
10:13:32.0817 4468 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:13:32.0829 4468 crcdisk - ok
10:13:32.0911 4468 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
10:13:32.0927 4468 CryptSvc - ok
10:13:33.0018 4468 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
10:13:33.0036 4468 CSC - ok
10:13:33.0131 4468 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
10:13:33.0150 4468 CscService - ok
10:13:33.0297 4468 CYUSB (8ec96b753727b380089d66d4ab5869df) C:\Windows\system32\Drivers\CYUSB.sys
10:13:33.0308 4468 CYUSB - ok
10:13:33.0360 4468 danewFltr (003626f7ca17c204f16cd5047af0703a) C:\Windows\system32\drivers\danew.sys
10:13:33.0365 4468 danewFltr ( UnsignedFile.Multi.Generic ) - warning
10:13:33.0365 4468 danewFltr - detected UnsignedFile.Multi.Generic (1)
10:13:33.0452 4468 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:13:33.0489 4468 DcomLaunch - ok
10:13:33.0537 4468 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:13:33.0573 4468 defragsvc - ok
10:13:33.0633 4468 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:13:33.0666 4468 DfsC - ok
10:13:33.0730 4468 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:13:33.0764 4468 Dhcp - ok
10:13:33.0796 4468 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:13:33.0829 4468 discache - ok
10:13:33.0920 4468 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:13:33.0932 4468 Disk - ok
10:13:34.0005 4468 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:13:34.0020 4468 Dnscache - ok
10:13:34.0092 4468 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:13:34.0126 4468 dot3svc - ok
10:13:34.0148 4468 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:13:34.0181 4468 DPS - ok
10:13:34.0209 4468 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:13:34.0225 4468 drmkaud - ok
10:13:34.0316 4468 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:13:34.0340 4468 DXGKrnl - ok
10:13:34.0396 4468 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:13:34.0430 4468 EapHost - ok
10:13:34.0583 4468 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:13:34.0626 4468 ebdrv - ok
10:13:34.0785 4468 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:13:34.0800 4468 EFS - ok
10:13:34.0903 4468 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:13:34.0923 4468 ehRecvr - ok
10:13:34.0953 4468 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:13:34.0968 4468 ehSched - ok
10:13:35.0070 4468 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:13:35.0088 4468 elxstor - ok
10:13:35.0137 4468 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:13:35.0151 4468 ErrDev - ok
10:13:35.0228 4468 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:13:35.0264 4468 EventSystem - ok
10:13:35.0287 4468 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:13:35.0321 4468 exfat - ok
10:13:35.0460 4468 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
10:13:35.0471 4468 FACAP - ok
10:13:35.0690 4468 FAService (53e30a6e86aa93c0ffc0bc0439e3e636) C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
10:13:35.0728 4468 FAService - ok
10:13:35.0869 4468 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:13:35.0904 4468 fastfat - ok
10:13:35.0935 4468 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:13:35.0949 4468 fdc - ok
10:13:35.0978 4468 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:13:36.0011 4468 fdPHost - ok
10:13:36.0022 4468 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:13:36.0055 4468 FDResPub - ok
10:13:36.0089 4468 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:13:36.0101 4468 FileInfo - ok
10:13:36.0118 4468 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:13:36.0151 4468 Filetrace - ok
10:13:36.0183 4468 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:13:36.0197 4468 flpydisk - ok
10:13:36.0286 4468 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:13:36.0301 4468 FltMgr - ok
10:13:36.0401 4468 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:13:36.0425 4468 FontCache - ok
10:13:36.0556 4468 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:13:36.0565 4468 FontCache3.0.0.0 - ok
10:13:36.0628 4468 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:13:36.0640 4468 FsDepends - ok
10:13:36.0690 4468 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:13:36.0701 4468 Fs_Rec - ok
10:13:36.0891 4468 Futuremark SystemInfo Service (79b4cde2b69ed8ba4011859780a66a4d) C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
10:13:36.0901 4468 Futuremark SystemInfo Service - ok
10:13:36.0973 4468 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:13:36.0990 4468 fvevol - ok
10:13:37.0015 4468 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:13:37.0027 4468 gagp30kx - ok
10:13:37.0064 4468 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:13:37.0073 4468 GEARAspiWDM - ok
10:13:37.0160 4468 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:13:37.0199 4468 gpsvc - ok
10:13:37.0400 4468 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:13:37.0410 4468 gupdate - ok
10:13:37.0415 4468 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:13:37.0425 4468 gupdatem - ok
10:13:37.0477 4468 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
10:13:37.0487 4468 hamachi - ok
10:13:37.0697 4468 Hamachi2Svc (21d24138b736983f6e23823e092e9428) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
10:13:37.0735 4468 Hamachi2Svc - ok
10:13:37.0916 4468 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:13:37.0930 4468 hcw85cir - ok
10:13:38.0016 4468 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:13:38.0035 4468 HdAudAddService - ok
10:13:38.0121 4468 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:13:38.0138 4468 HDAudBus - ok
10:13:38.0148 4468 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:13:38.0162 4468 HidBatt - ok
10:13:38.0175 4468 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:13:38.0191 4468 HidBth - ok
10:13:38.0291 4468 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:13:38.0307 4468 HidIr - ok
10:13:38.0342 4468 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
10:13:38.0375 4468 hidserv - ok
10:13:38.0426 4468 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
10:13:38.0440 4468 HidUsb - ok
10:13:38.0532 4468 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:13:38.0565 4468 hkmsvc - ok
10:13:38.0633 4468 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:13:38.0648 4468 HomeGroupListener - ok
10:13:38.0727 4468 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:13:38.0743 4468 HomeGroupProvider - ok
10:13:38.0804 4468 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:13:38.0816 4468 HpSAMD - ok
10:13:38.0904 4468 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:13:38.0942 4468 HTTP - ok
10:13:38.0947 4468 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:13:38.0959 4468 hwpolicy - ok
10:13:39.0033 4468 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:13:39.0047 4468 i8042prt - ok
10:13:39.0078 4468 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:13:39.0094 4468 iaStorV - ok
10:13:39.0238 4468 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:13:39.0258 4468 idsvc - ok
10:13:39.0374 4468 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:13:39.0386 4468 iirsp - ok
10:13:39.0481 4468 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:13:39.0520 4468 IKEEXT - ok
10:13:39.0538 4468 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:13:39.0550 4468 intelide - ok
10:13:39.0612 4468 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:13:39.0626 4468 intelppm - ok
10:13:39.0662 4468 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:13:39.0696 4468 IPBusEnum - ok
10:13:39.0762 4468 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:13:39.0794 4468 IpFilterDriver - ok
10:13:39.0878 4468 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:13:39.0915 4468 iphlpsvc - ok
10:13:39.0977 4468 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:13:39.0991 4468 IPMIDRV - ok
10:13:40.0006 4468 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:13:40.0039 4468 IPNAT - ok
10:13:40.0279 4468 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
10:13:40.0299 4468 iPod Service - ok
10:13:40.0339 4468 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:13:40.0357 4468 IRENUM - ok
10:13:40.0415 4468 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:13:40.0427 4468 isapnp - ok
10:13:40.0509 4468 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:13:40.0523 4468 iScsiPrt - ok
10:13:40.0557 4468 itecir (8d990a44b4f2b68e2c56a3724ec3eb84) C:\Windows\system32\DRIVERS\itecir.sys
10:13:40.0566 4468 itecir - ok
10:13:40.0607 4468 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:13:40.0619 4468 kbdclass - ok
10:13:40.0670 4468 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:13:40.0684 4468 kbdhid - ok
10:13:40.0751 4468 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:13:40.0765 4468 KeyIso - ok
10:13:40.0826 4468 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
10:13:40.0839 4468 KSecDD - ok
10:13:40.0889 4468 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
10:13:40.0902 4468 KSecPkg - ok
10:13:40.0931 4468 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:13:40.0963 4468 ksthunk - ok
10:13:41.0040 4468 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:13:41.0077 4468 KtmRm - ok
10:13:41.0167 4468 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
10:13:41.0202 4468 LanmanServer - ok
10:13:41.0303 4468 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:13:41.0337 4468 LanmanWorkstation - ok
10:13:41.0398 4468 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:13:41.0431 4468 lltdio - ok
10:13:41.0470 4468 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:13:41.0507 4468 lltdsvc - ok
10:13:41.0530 4468 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:13:41.0563 4468 lmhosts - ok
10:13:41.0619 4468 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:13:41.0631 4468 LSI_FC - ok
10:13:41.0642 4468 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:13:41.0654 4468 LSI_SAS - ok
10:13:41.0664 4468 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:13:41.0676 4468 LSI_SAS2 - ok
10:13:41.0707 4468 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:13:41.0720 4468 LSI_SCSI - ok
10:13:41.0759 4468 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:13:41.0792 4468 luafv - ok
10:13:41.0865 4468 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:13:41.0880 4468 Mcx2Svc - ok
10:13:41.0886 4468 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:13:41.0899 4468 megasas - ok
10:13:41.0931 4468 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:13:41.0946 4468 MegaSR - ok
10:13:42.0047 4468 MEMSWEEP2 (d70476ad02d6fd75282b196d3b58831d) C:\Windows\system32\90DB.tmp
10:13:42.0051 4468 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - warning
10:13:42.0051 4468 MEMSWEEP2 - detected UnsignedFile.Multi.Generic (1)
10:13:42.0089 4468 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:13:42.0123 4468 MMCSS - ok
10:13:42.0130 4468 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:13:42.0163 4468 Modem - ok
10:13:42.0255 4468 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:13:42.0271 4468 monitor - ok
10:13:42.0328 4468 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:13:42.0340 4468 mouclass - ok
10:13:42.0390 4468 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:13:42.0404 4468 mouhid - ok
10:13:42.0446 4468 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:13:42.0458 4468 mountmgr - ok
10:13:42.0614 4468 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:13:42.0625 4468 MozillaMaintenance - ok
10:13:42.0740 4468 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
10:13:42.0755 4468 MpFilter - ok
10:13:42.0825 4468 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:13:42.0839 4468 mpio - ok
10:13:42.0850 4468 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:13:42.0883 4468 mpsdrv - ok
10:13:42.0978 4468 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:13:43.0018 4468 MpsSvc - ok
10:13:43.0049 4468 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:13:43.0068 4468 MRxDAV - ok
10:13:43.0131 4468 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:13:43.0145 4468 mrxsmb - ok
10:13:43.0219 4468 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:13:43.0235 4468 mrxsmb10 - ok
10:13:43.0312 4468 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:13:43.0326 4468 mrxsmb20 - ok
10:13:43.0364 4468 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:13:43.0375 4468 msahci - ok
10:13:43.0417 4468 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:13:43.0430 4468 msdsm - ok
10:13:43.0474 4468 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:13:43.0489 4468 MSDTC - ok
10:13:43.0538 4468 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:13:43.0570 4468 Msfs - ok
10:13:43.0594 4468 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:13:43.0627 4468 mshidkmdf - ok
10:13:43.0675 4468 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:13:43.0686 4468 msisadrv - ok
10:13:43.0752 4468 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:13:43.0787 4468 MSiSCSI - ok
10:13:43.0790 4468 msiserver - ok
10:13:43.0829 4468 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:13:43.0861 4468 MSKSSRV - ok
10:13:44.0041 4468 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:13:44.0053 4468 MsMpSvc - ok
10:13:44.0090 4468 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:13:44.0123 4468 MSPCLOCK - ok
10:13:44.0136 4468 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:13:44.0169 4468 MSPQM - ok
10:13:44.0252 4468 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:13:44.0268 4468 MsRPC - ok
10:13:44.0298 4468 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:13:44.0310 4468 mssmbios - ok
10:13:44.0314 4468 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:13:44.0347 4468 MSTEE - ok
10:13:44.0362 4468 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:13:44.0376 4468 MTConfig - ok
10:13:44.0432 4468 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:13:44.0444 4468 Mup - ok
10:13:44.0523 4468 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:13:44.0560 4468 napagent - ok
10:13:44.0663 4468 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:13:44.0683 4468 NativeWifiP - ok
10:13:44.0742 4468 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:13:44.0765 4468 NDIS - ok
10:13:44.0783 4468 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:13:44.0816 4468 NdisCap - ok
10:13:44.0822 4468 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:13:44.0854 4468 NdisTapi - ok
10:13:44.0913 4468 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:13:44.0945 4468 Ndisuio - ok
10:13:45.0020 4468 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:13:45.0053 4468 NdisWan - ok
10:13:45.0120 4468 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:13:45.0152 4468 NDProxy - ok
10:13:45.0207 4468 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:13:45.0240 4468 NetBIOS - ok
10:13:45.0266 4468 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:13:45.0300 4468 NetBT - ok
10:13:45.0364 4468 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:13:45.0378 4468 Netlogon - ok
10:13:45.0460 4468 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:13:45.0497 4468 Netman - ok
10:13:45.0724 4468 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:13:45.0735 4468 NetMsmqActivator - ok
10:13:45.0738 4468 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:13:45.0748 4468 NetPipeActivator - ok
10:13:45.0798 4468 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:13:45.0835 4468 netprofm - ok
10:13:45.0839 4468 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:13:45.0849 4468 NetTcpActivator - ok
10:13:45.0852 4468 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:13:45.0862 4468 NetTcpPortSharing - ok
10:13:45.0925 4468 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:13:45.0937 4468 nfrd960 - ok
10:13:46.0004 4468 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:13:46.0026 4468 NisDrv - ok
10:13:46.0241 4468 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
10:13:46.0272 4468 NisSrv - ok
10:13:46.0361 4468 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:13:46.0397 4468 NlaSvc - ok
10:13:46.0618 4468 nlsX86cc (1e38790bdea07472c4b16add469e9912) C:\Windows\SysWOW64\NLSSRV32.EXE
10:13:46.0628 4468 nlsX86cc - ok
10:13:46.0717 4468 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:13:46.0751 4468 Npfs - ok
10:13:46.0774 4468 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:13:46.0808 4468 nsi - ok
10:13:46.0815 4468 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:13:46.0848 4468 nsiproxy - ok
10:13:46.0974 4468 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:13:47.0006 4468 Ntfs - ok
10:13:47.0138 4468 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:13:47.0172 4468 Null - ok
10:13:47.0248 4468 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
10:13:47.0266 4468 NVENETFD - ok
10:13:47.0946 4468 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:13:48.0121 4468 nvlddmkm - ok
10:13:48.0280 4468 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:13:48.0293 4468 nvraid - ok
10:13:48.0351 4468 nvrd64 (6f2d9d7f339f0c9ef358793f92ba3393) C:\Windows\system32\DRIVERS\nvrd64.sys
10:13:48.0362 4468 nvrd64 - ok
10:13:48.0461 4468 nvsmu (61a59fb62864eb3f32d24985a505ce03) C:\Windows\system32\DRIVERS\nvsmu.sys
10:13:48.0469 4468 nvsmu - ok
10:13:48.0519 4468 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:13:48.0532 4468 nvstor - ok
10:13:48.0600 4468 nvstor64 (a1578751d32b2ced76dca2b20c2b22a5) C:\Windows\system32\DRIVERS\nvstor64.sys
10:13:48.0611 4468 nvstor64 - ok
10:13:48.0758 4468 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
10:13:48.0789 4468 nvsvc - ok
10:13:49.0080 4468 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
10:13:49.0118 4468 nvUpdatusService - ok
10:13:49.0284 4468 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:13:49.0297 4468 nv_agp - ok
10:13:49.0361 4468 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:13:49.0375 4468 ohci1394 - ok
10:13:49.0527 4468 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:13:49.0538 4468 ose - ok
10:13:49.0600 4468 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:13:49.0618 4468 p2pimsvc - ok
10:13:49.0663 4468 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:13:49.0681 4468 p2psvc - ok
10:13:49.0718 4468 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:13:49.0732 4468 Parport - ok
10:13:49.0800 4468 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
10:13:49.0812 4468 partmgr - ok
10:13:49.0868 4468 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:13:49.0887 4468 PcaSvc - ok
10:13:49.0916 4468 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:13:49.0929 4468 pci - ok
10:13:49.0942 4468 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:13:49.0953 4468 pciide - ok
10:13:49.0978 4468 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:13:49.0992 4468 pcmcia - ok
10:13:50.0014 4468 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:13:50.0026 4468 pcw - ok
10:13:50.0068 4468 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:13:50.0106 4468 PEAUTH - ok
10:13:50.0189 4468 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
10:13:50.0215 4468 PeerDistSvc - ok
10:13:50.0352 4468 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:13:50.0367 4468 PerfHost - ok
10:13:50.0543 4468 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:13:50.0588 4468 pla - ok
10:13:50.0738 4468 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:13:50.0756 4468 PlugPlay - ok
10:13:50.0809 4468 PnkBstrA - ok
10:13:50.0865 4468 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:13:50.0880 4468 PNRPAutoReg - ok
10:13:50.0912 4468 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:13:50.0930 4468 PNRPsvc - ok
10:13:51.0009 4468 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:13:51.0045 4468 PolicyAgent - ok
10:13:51.0076 4468 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:13:51.0112 4468 Power - ok
10:13:51.0191 4468 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:13:51.0223 4468 PptpMiniport - ok
10:13:51.0250 4468 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:13:51.0264 4468 Processor - ok
10:13:51.0366 4468 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
10:13:51.0382 4468 ProfSvc - ok
10:13:51.0428 4468 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:13:51.0443 4468 ProtectedStorage - ok
10:13:51.0512 4468 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:13:51.0544 4468 Psched - ok
10:13:51.0625 4468 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:13:51.0655 4468 ql2300 - ok
10:13:51.0772 4468 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:13:51.0785 4468 ql40xx - ok
10:13:51.0823 4468 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:13:51.0844 4468 QWAVE - ok
10:13:51.0852 4468 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:13:51.0870 4468 QWAVEdrv - ok
10:13:51.0881 4468 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:13:51.0914 4468 RasAcd - ok
10:13:51.0977 4468 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:13:52.0010 4468 RasAgileVpn - ok
10:13:52.0041 4468 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:13:52.0076 4468 RasAuto - ok
10:13:52.0144 4468 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:13:52.0177 4468 Rasl2tp - ok
10:13:52.0258 4468 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:13:52.0294 4468 RasMan - ok
10:13:52.0320 4468 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:13:52.0354 4468 RasPppoe - ok
10:13:52.0382 4468 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:13:52.0416 4468 RasSstp - ok
10:13:52.0479 4468 Razerlow (81ddbf4fe998ef1f4ba230f7e8d8c67e) C:\Windows\system32\drivers\DB3G.sys
10:13:52.0490 4468 Razerlow - ok
10:13:52.0523 4468 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:13:52.0557 4468 rdbss - ok
10:13:52.0569 4468 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:13:52.0585 4468 rdpbus - ok
10:13:52.0595 4468 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:13:52.0628 4468 RDPCDD - ok
10:13:52.0708 4468 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
10:13:52.0723 4468 RDPDR - ok
10:13:52.0752 4468 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:13:52.0785 4468 RDPENCDD - ok
10:13:52.0808 4468 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:13:52.0841 4468 RDPREFMP - ok
10:13:52.0958 4468 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
10:13:52.0972 4468 RdpVideoMiniport - ok
10:13:53.0023 4468 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
10:13:53.0038 4468 RDPWD - ok
10:13:53.0102 4468 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:13:53.0116 4468 rdyboost - ok
10:13:53.0139 4468 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:13:53.0175 4468 RemoteAccess - ok
10:13:53.0222 4468 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:13:53.0257 4468 RemoteRegistry - ok
10:13:53.0303 4468 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
10:13:53.0315 4468 rimmptsk - ok
10:13:53.0341 4468 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
10:13:53.0353 4468 rimsptsk - ok
10:13:53.0369 4468 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
10:13:53.0380 4468 rismxdp - ok
10:13:53.0493 4468 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:13:53.0563 4468 RpcEptMapper - ok
10:13:53.0586 4468 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:13:53.0601 4468 RpcLocator - ok
10:13:53.0794 4468 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:13:53.0831 4468 RpcSs - ok
10:13:53.0905 4468 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:13:53.0939 4468 rspndr - ok
10:13:53.0996 4468 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
10:13:54.0010 4468 s3cap - ok
10:13:54.0107 4468 s616bus (3b50c84f0a19944e9bcc48ef90e4c237) C:\Windows\system32\DRIVERS\s616bus.sys
10:13:54.0118 4468 s616bus - ok
10:13:54.0214 4468 s616nd5 (432dd0baf3e22f03f022d16c98d2cd41) C:\Windows\system32\DRIVERS\s616nd5.sys
10:13:54.0224 4468 s616nd5 - ok
10:13:54.0298 4468 s616unic (17feb2a5f3dbfd9fa6186b052dfb4665) C:\Windows\system32\DRIVERS\s616unic.sys
10:13:54.0309 4468 s616unic - ok
10:13:54.0374 4468 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:13:54.0388 4468 SamSs - ok
10:13:54.0521 4468 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
10:13:54.0531 4468 SASKUTIL - ok
10:13:54.0536 4468 SAVRKBootTasks - ok
10:13:54.0783 4468 SBAMSvc (bce943896289a91ad75cc5652620b1c6) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
10:13:54.0837 4468 SBAMSvc - ok
10:13:55.0048 4468 sbapifs (6e342316e72f4b6fa39c99e06373a1a3) C:\Windows\system32\DRIVERS\sbapifs.sys
10:13:55.0057 4468 sbapifs - ok
10:13:55.0124 4468 SbFw (19954328dda3d656f8a879b3a46ffed6) C:\Windows\system32\drivers\SbFw.sys
10:13:55.0136 4468 SbFw - ok
10:13:55.0220 4468 SBFWIMCL (513b3bfcd3c465b9820c2d05fa94e630) C:\Windows\system32\DRIVERS\sbfwim.sys
10:13:55.0230 4468 SBFWIMCL - ok
10:13:55.0237 4468 SBFWIMCLMP (513b3bfcd3c465b9820c2d05fa94e630) C:\Windows\system32\DRIVERS\SBFWIM.sys
10:13:55.0247 4468 SBFWIMCLMP - ok
10:13:55.0292 4468 sbhips (b671eef468d13016b9286f5835a06ae1) C:\Windows\system32\drivers\sbhips.sys
10:13:55.0301 4468 sbhips - ok
10:13:55.0389 4468 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:13:55.0402 4468 sbp2port - ok
10:13:55.0412 4468 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys
10:13:55.0421 4468 SBRE - ok
10:13:55.0524 4468 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
10:13:55.0547 4468 SBSDWSCService - ok
10:13:55.0746 4468 sbwtis (eab54adcceca64b2f38cd859fb494895) C:\Windows\system32\DRIVERS\sbwtis.sys
10:13:55.0755 4468 sbwtis - ok
10:13:55.0807 4468 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:13:55.0843 4468 SCardSvr - ok
10:13:55.0903 4468 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:13:55.0935 4468 scfilter - ok
10:13:56.0042 4468 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:13:56.0084 4468 Schedule - ok
10:13:56.0145 4468 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:13:56.0177 4468 SCPolicySvc - ok
10:13:56.0255 4468 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
10:13:56.0272 4468 sdbus - ok
10:13:56.0336 4468 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:13:56.0352 4468 SDRSVC - ok
10:13:56.0397 4468 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:13:56.0430 4468 secdrv - ok
10:13:56.0453 4468 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:13:56.0487 4468 seclogon - ok
10:13:56.0511 4468 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
10:13:56.0544 4468 SENS - ok
10:13:56.0565 4468 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:13:56.0580 4468 SensrSvc - ok
10:13:56.0608 4468 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:13:56.0622 4468 Serenum - ok
10:13:56.0649 4468 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:13:56.0664 4468 Serial - ok
10:13:56.0726 4468 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:13:56.0740 4468 sermouse - ok
10:13:56.0807 4468 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:13:56.0840 4468 SessionEnv - ok
10:13:56.0849 4468 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:13:56.0862 4468 sffdisk - ok
10:13:56.0873 4468 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:13:56.0887 4468 sffp_mmc - ok
10:13:56.0898 4468 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:13:56.0914 4468 sffp_sd - ok
10:13:56.0964 4468 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:13:56.0978 4468 sfloppy - ok
10:13:57.0012 4468 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:13:57.0048 4468 SharedAccess - ok
10:13:57.0089 4468 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:13:57.0124 4468 ShellHWDetection - ok
10:13:57.0153 4468 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:13:57.0165 4468 SiSRaid2 - ok
10:13:57.0176 4468 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:13:57.0189 4468 SiSRaid4 - ok
10:13:57.0452 4468 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
10:13:57.0500 4468 Skype C2C Service - ok
10:13:57.0660 4468 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe
10:13:57.0670 4468 SkypeUpdate - ok
10:13:57.0804 4468 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:13:57.0838 4468 Smb - ok
10:13:57.0895 4468 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:13:57.0911 4468 SNMPTRAP - ok
10:13:57.0920 4468 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:13:57.0932 4468 spldr - ok
10:13:58.0016 4468 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:13:58.0053 4468 Spooler - ok
10:13:58.0251 4468 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:13:58.0316 4468 sppsvc - ok
10:13:58.0398 4468 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:13:58.0433 4468 sppuinotify - ok
10:13:58.0603 4468 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
10:13:58.0604 4468 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
10:13:58.0606 4468 sptd ( LockedFile.Multi.Generic ) - warning
10:13:58.0606 4468 sptd - detected LockedFile.Multi.Generic (1)
10:13:58.0688 4468 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:13:58.0704 4468 srv - ok
10:13:58.0778 4468 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:13:58.0795 4468 srv2 - ok
10:13:58.0869 4468 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:13:58.0883 4468 srvnet - ok
10:13:58.0934 4468 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:13:58.0970 4468 SSDPSRV - ok
10:13:58.0997 4468 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:13:59.0032 4468 SstpSvc - ok
10:13:59.0209 4468 STacSV (caa31ea6ba02fc2013793b07dde8510c) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac576d174925c1c6\STacSV64.exe
10:13:59.0223 4468 STacSV - ok
10:13:59.0319 4468 Steam Client Service - ok
10:13:59.0450 4468 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:13:59.0464 4468 Stereo Service - ok
10:13:59.0521 4468 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:13:59.0533 4468 stexstor - ok
10:13:59.0576 4468 STHDA (0a98661f2261446eed7a0eb79b286d5c) C:\Windows\system32\DRIVERS\stwrt64.sys
10:13:59.0592 4468 STHDA - ok
10:13:59.0675 4468 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:13:59.0699 4468 stisvc - ok
10:13:59.0787 4468 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
10:13:59.0799 4468 storflt - ok
10:13:59.0855 4468 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
10:13:59.0867 4468 storvsc - ok
10:13:59.0887 4468 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:13:59.0899 4468 swenum - ok
10:13:59.0948 4468 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:13:59.0987 4468 swprv - ok
10:14:00.0031 4468 Synth3dVsc - ok
10:14:00.0218 4468 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:14:00.0253 4468 SysMain - ok
10:14:00.0369 4468 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:14:00.0389 4468 TabletInputService - ok
10:14:00.0458 4468 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:14:00.0494 4468 TapiSrv - ok
10:14:00.0517 4468 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:14:00.0553 4468 TBS - ok
10:14:00.0719 4468 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
10:14:00.0754 4468 Tcpip - ok
10:14:01.0000 4468 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
10:14:01.0035 4468 TCPIP6 - ok
10:14:01.0192 4468 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:14:01.0225 4468 tcpipreg - ok
10:14:01.0248 4468 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:14:01.0261 4468 TDPIPE - ok
10:14:01.0310 4468 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:14:01.0323 4468 TDTCP - ok
10:14:01.0385 4468 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:14:01.0418 4468 tdx - ok
10:14:01.0478 4468 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:14:01.0490 4468 TermDD - ok
10:14:01.0574 4468 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:14:01.0613 4468 TermService - ok
10:14:01.0634 4468 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:14:01.0654 4468 Themes - ok
10:14:01.0678 4468 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:14:01.0712 4468 THREADORDER - ok
10:14:01.0744 4468 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:14:01.0778 4468 TrkWks - ok
10:14:01.0859 4468 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:14:01.0891 4468 TrustedInstaller - ok
10:14:01.0941 4468 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:14:01.0973 4468 tssecsrv - ok
10:14:02.0029 4468 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:14:02.0043 4468 TsUsbFlt - ok
10:14:02.0046 4468 tsusbhub - ok
10:14:02.0134 4468 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:14:02.0167 4468 tunnel - ok
10:14:02.0194 4468 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:14:02.0206 4468 uagp35 - ok
10:14:02.0282 4468 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:14:02.0316 4468 udfs - ok
10:14:02.0345 4468 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:14:02.0361 4468 UI0Detect - ok
10:14:02.0424 4468 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:14:02.0436 4468 uliagpkx - ok
10:14:02.0522 4468 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:14:02.0536 4468 umbus - ok
10:14:02.0540 4468 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:14:02.0554 4468 UmPass - ok
10:14:02.0581 4468 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
10:14:02.0597 4468 UmRdpService - ok
10:14:02.0636 4468 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:14:02.0674 4468 upnphost - ok
10:14:02.0743 4468 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
10:14:02.0755 4468 USBAAPL64 - ok
10:14:02.0851 4468 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
10:14:02.0867 4468 usbaudio - ok
10:14:02.0889 4468 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:14:02.0903 4468 usbccgp - ok
10:14:02.0959 4468 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:14:02.0975 4468 usbcir - ok
10:14:03.0027 4468 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:14:03.0041 4468 usbehci - ok
10:14:03.0104 4468 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:14:03.0120 4468 usbhub - ok
10:14:03.0141 4468 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
10:14:03.0155 4468 usbohci - ok
10:14:03.0186 4468 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:14:03.0202 4468 usbprint - ok
10:14:03.0222 4468 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:14:03.0236 4468 USBSTOR - ok
10:14:03.0262 4468 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:14:03.0276 4468 usbuhci - ok
10:14:03.0391 4468 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
10:14:03.0409 4468 usbvideo - ok
10:14:03.0453 4468 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:14:03.0488 4468 UxSms - ok
10:14:03.0550 4468 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:14:03.0564 4468 VaultSvc - ok
10:14:03.0617 4468 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:14:03.0629 4468 vdrvroot - ok
10:14:03.0729 4468 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:14:03.0766 4468 vds - ok
10:14:03.0803 4468 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:14:03.0819 4468 vga - ok
10:14:03.0859 4468 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:14:03.0892 4468 VgaSave - ok
10:14:03.0897 4468 VGPU - ok
10:14:03.0971 4468 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:14:03.0985 4468 vhdmp - ok
10:14:04.0022 4468 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:14:04.0034 4468 viaide - ok
10:14:04.0100 4468 VKbms (3b59bb6d10cf969dbe4db93d9ead7fb4) C:\Windows\system32\DRIVERS\VKbms.sys
10:14:04.0112 4468 VKbms - ok
10:14:04.0168 4468 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
10:14:04.0181 4468 vmbus - ok
10:14:04.0223 4468 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
10:14:04.0236 4468 VMBusHID - ok
10:14:04.0240 4468 VMnetAdapter - ok
10:14:04.0290 4468 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:14:04.0302 4468 volmgr - ok
10:14:04.0381 4468 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:14:04.0397 4468 volmgrx - ok
10:14:04.0461 4468 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:14:04.0477 4468 volsnap - ok
10:14:04.0546 4468 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:14:04.0559 4468 vsmraid - ok
10:14:04.0674 4468 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:14:04.0721 4468 VSS - ok
10:14:04.0842 4468 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:14:04.0858 4468 vwifibus - ok
10:14:04.0915 4468 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:14:04.0933 4468 vwififlt - ok
10:14:04.0973 4468 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:14:05.0010 4468 W32Time - ok
10:14:05.0029 4468 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:14:05.0043 4468 WacomPen - ok
10:14:05.0137 4468 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:14:05.0170 4468 WANARP - ok
10:14:05.0196 4468 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:14:05.0228 4468 Wanarpv6 - ok
10:14:05.0321 4468 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:14:05.0349 4468 WatAdminSvc - ok
10:14:05.0475 4468 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:14:05.0503 4468 wbengine - ok
10:14:05.0613 4468 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:14:05.0633 4468 WbioSrvc - ok
10:14:05.0704 4468 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:14:05.0726 4468 wcncsvc - ok
10:14:05.0744 4468 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:14:05.0759 4468 WcsPlugInService - ok
10:14:05.0825 4468 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:14:05.0836 4468 Wd - ok
10:14:05.0903 4468 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:14:05.0923 4468 Wdf01000 - ok
10:14:05.0940 4468 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:14:05.0960 4468 WdiServiceHost - ok
10:14:05.0963 4468 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:14:05.0984 4468 WdiSystemHost - ok
10:14:06.0196 4468 Web Assistant Updater (efb3074bdbabe0a137d89d8e58f02392) C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
10:14:06.0202 4468 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - warning
10:14:06.0202 4468 Web Assistant Updater - detected UnsignedFile.Multi.Generic (1)
10:14:06.0299 4468 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:14:06.0320 4468 WebClient - ok
10:14:06.0351 4468 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:14:06.0387 4468 Wecsvc - ok
10:14:06.0397 4468 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:14:06.0432 4468 wercplsupport - ok
10:14:06.0486 4468 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:14:06.0521 4468 WerSvc - ok
10:14:06.0591 4468 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:14:06.0624 4468 WfpLwf - ok
10:14:06.0644 4468 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:14:06.0656 4468 WIMMount - ok
10:14:06.0684 4468 WinDefend - ok
10:14:06.0691 4468 WinHttpAutoProxySvc - ok
10:14:06.0747 4468 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:14:06.0782 4468 Winmgmt - ok
10:14:06.0928 4468 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:14:06.0979 4468 WinRM - ok
10:14:07.0168 4468 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:14:07.0194 4468 Wlansvc - ok
10:14:07.0457 4468 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:14:07.0496 4468 wlidsvc - ok
10:14:07.0579 4468 wltrysvc (6db47e66dccf04342c5f2a67a0edb17e) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
10:14:07.0584 4468 wltrysvc ( UnsignedFile.Multi.Generic ) - warning
10:14:07.0584 4468 wltrysvc - detected UnsignedFile.Multi.Generic (1)
10:14:07.0691 4468 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:14:07.0705 4468 WmiAcpi - ok
10:14:07.0780 4468 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:14:07.0796 4468 wmiApSrv - ok
10:14:07.0825 4468 WMPNetworkSvc - ok
10:14:07.0847 4468 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:14:07.0862 4468 WPCSvc - ok
10:14:07.0924 4468 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:14:07.0941 4468 WPDBusEnum - ok
10:14:07.0962 4468 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:14:07.0995 4468 ws2ifsl - ok
10:14:08.0027 4468 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
10:14:08.0047 4468 wscsvc - ok
10:14:08.0050 4468 WSearch - ok
10:14:08.0209 4468 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
10:14:08.0252 4468 wuauserv - ok
10:14:08.0430 4468 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:14:08.0463 4468 WudfPf - ok
10:14:08.0521 4468 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:14:08.0554 4468 WUDFRd - ok
10:14:08.0624 4468 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:14:08.0658 4468 wudfsvc - ok
10:14:08.0699 4468 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:14:08.0720 4468 WwanSvc - ok
10:14:08.0783 4468 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:14:09.0393 4468 \Device\Harddisk0\DR0 - ok
10:14:09.0396 4468 Boot (0x1200) (a1fa627afa1b42278c4b9b53275b2172) \Device\Harddisk0\DR0\Partition0
10:14:09.0397 4468 \Device\Harddisk0\DR0\Partition0 - ok
10:14:09.0398 4468 ============================================================
10:14:09.0398 4468 Scan finished
10:14:09.0398 4468 ============================================================
10:14:09.0406 3844 Detected object count: 6
10:14:09.0406 3844 Actual detected object count: 6
10:14:17.0993 3844 !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
10:14:17.0993 3844 !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:14:17.0993 3844 danewFltr ( UnsignedFile.Multi.Generic ) - skipped by user
10:14:17.0993 3844 danewFltr ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:14:17.0995 3844 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - skipped by user
10:14:17.0995 3844 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:14:17.0996 3844 sptd ( LockedFile.Multi.Generic ) - skipped by user
10:14:17.0996 3844 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
10:14:17.0997 3844 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - skipped by user
10:14:17.0997 3844 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:14:17.0998 3844 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:14:17.0998 3844 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:35:09.0712 1324 Deinitialize success


2. Security Check


Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Lavasoft Ad-Aware
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Spybot - Search & Destroy
Sophos Anti-Rootkit 1.5.4
Java™ 6 Update 22
Java version out of Date!
Adobe Reader X (10.1.1)
Mozilla Firefox 13.0.1 Firefox out of Date!
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Spybot Teatimer.exe is disabled!
Ad-Aware Antivirus AdAwareService.exe
Ad-Aware Antivirus SBAMSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 18% Defragment your hard drive soon!
````````````````````End of Log``````````````````````



3. Farbar Service Scanner


Farbar Service Scanner Version: 19-07-2012
Ran by M17x (administrator) on 21-07-2012 at 10:30:43
Running from "C:\Users\M17x\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


4. MiniToolBox

MiniToolBox by Farbar Version: 15-07-2012
Ran by M17x (administrator) on 21-07-2012 at 10:40:38
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

There are 14420 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Dell Wireless 1510 Wireless-N WLAN Mini-Card = Wireless Network Connection (Connected)
Hamachi Network Interface = Hamachi (Connected)
NVIDIA nForce Networking Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=5.0.0.1 publish=Yes
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set subinterface interface=?+ subinterface=wireless_0 mtu=900
set subinterface interface=?+ subinterface=ethernet_6 mtu=900
add address name="Local Area Connection* 16-QoS Packet Scheduler-0000" address=192.168.75.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : M17x-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1510 Wireless-N WLAN Mini-Card
Physical Address. . . . . . . . . : 0C-EE-E6-A8-AE-35
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 21 July 2012 09:53:54
Lease Expires . . . . . . . . . . : 21 July 2012 11:23:55
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 194.168.4.100
194.168.8.100
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-26-B9-6F-DB-BE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-05-45-ED-28
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2620:9b::545:ed28(Preferred)
Link-local IPv6 Address . . . . . : fe80::49b5:81e6:dbae:c2e0%16(Preferred)
IPv4 Address. . . . . . . . . . . : 5.69.237.40(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : 21 July 2012 09:53:49
Lease Expires . . . . . . . . . . : 21 July 2013 09:55:56
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 259684838
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-0D-3C-9D-00-26-B9-6F-DB-BE
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:73b8:201c:1cd9:adfc:c0ca(Preferred)
Link-local IPv6 Address . . . . . : fe80::201c:1cd9:adfc:c0ca%19(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.cable.virginmedia.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{07808FBD-1A27-48F4-93DB-946FB752904E}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{3BC7150A-7823-4569-BF66-D5925D2169AA}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cache1.service.virginmedia.net
Address: 194.168.4.100

Name: google.com
Addresses: 2a00:1450:4009:803::100e
173.194.34.100
173.194.34.96
173.194.34.97
173.194.34.101
173.194.34.110
173.194.34.103
173.194.34.99
173.194.34.104
173.194.34.102
173.194.34.105
173.194.34.98


Pinging google.com [173.194.34.97] with 32 bytes of data:
Reply from 173.194.34.97: bytes=32 time=27ms TTL=55
Reply from 173.194.34.97: bytes=32 time=26ms TTL=55

Ping statistics for 173.194.34.97:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 26ms, Maximum = 27ms, Average = 26ms
Server: cache1.service.virginmedia.net
Address: 194.168.4.100

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=167ms TTL=52
Reply from 72.30.38.140: bytes=32 time=180ms TTL=52

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 167ms, Maximum = 180ms, Average = 173ms
Server: cache1.service.virginmedia.net
Address: 194.168.4.100

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...0c ee e6 a8 ae 35 ......Dell Wireless 1510 Wireless-N WLAN Mini-Card
10...00 26 b9 6f db be ......NVIDIA nForce Networking Controller
16...7a 79 05 45 ed 28 ......Hamachi Network Interface
1...........................Software Loopback Interface 1
19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 5.0.0.1 5.69.237.40 9256
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.6 25
5.0.0.0 255.0.0.0 On-link 5.69.237.40 9256
5.69.237.40 255.255.255.255 On-link 5.69.237.40 9256
5.255.255.255 255.255.255.255 On-link 5.69.237.40 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.6 281
192.168.0.6 255.255.255.255 On-link 192.168.0.6 281
192.168.0.255 255.255.255.255 On-link 192.168.0.6 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 5.69.237.40 9256
224.0.0.0 240.0.0.0 On-link 192.168.0.6 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 5.69.237.40 9256
255.255.255.255 255.255.255.255 On-link 192.168.0.6 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
19 58 2001::/32 On-link
19 306 2001:0:5ef5:73b8:201c:1cd9:adfc:c0ca/128
On-link
16 276 2620:9b::/96 On-link
16 276 2620:9b::545:ed28/128 On-link
16 276 fe80::/64 On-link
19 306 fe80::/64 On-link
19 306 fe80::201c:1cd9:adfc:c0ca/128
On-link
16 276 fe80::49b5:81e6:dbae:c2e0/128
On-link
1 306 ff00::/8 On-link
19 306 ff00::/8 On-link
16 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll [File Not found] ()
x64-Catalog9 12 C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/21/2012 10:38:19 AM) (Source: Application Hang) (User: )
Description: The program MiniToolBox.exe version 3.3.8.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9a4

Start Time: 01cd6724532abdb0

Termination Time: 0

Application Path: C:\Users\M17x\Desktop\MiniToolBox.exe

Report Id:

Error: (07/21/2012 01:29:35 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"1".
Dependent Assembly Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/20/2012 11:58:01 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (07/20/2012 11:23:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: SBAMSvc.exe, version: 5.0.5116.0, time stamp: 0x4eef7ad0
Faulting module name: SbWebFilter.dll, version: 5.1.70.0, time stamp: 0x4eef1fa0
Exception code: 0xc0000005
Fault offset: 0x00019f3c
Faulting process id: 0xdbc
Faulting application start time: 0xSBAMSvc.exe0
Faulting application path: SBAMSvc.exe1
Faulting module path: SBAMSvc.exe2
Report Id: SBAMSvc.exe3

Error: (07/20/2012 09:52:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: SBAMSvc.exe, version: 5.0.5116.0, time stamp: 0x4eef7ad0
Faulting module name: SbWebFilter.dll, version: 5.1.70.0, time stamp: 0x4eef1fa0
Exception code: 0xc0000005
Fault offset: 0x00019f3c
Faulting process id: 0x920
Faulting application start time: 0xSBAMSvc.exe0
Faulting application path: SBAMSvc.exe1
Faulting module path: SBAMSvc.exe2
Report Id: SBAMSvc.exe3

Error: (07/19/2012 11:23:18 PM) (Source: Application Hang) (User: )
Description: The program swtor.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c98

Start Time: 01cd65e095849450

Termination Time: 5902

Application Path: C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\RetailClient\swtor.exe

Report Id: a09821f1-d1eb-11e1-862e-0026b96fdbbe

Error: (07/19/2012 10:47:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: SBAMSvc.exe, version: 5.0.5116.0, time stamp: 0x4eef7ad0
Faulting module name: SbWebFilter.dll, version: 5.1.70.0, time stamp: 0x4eef1fa0
Exception code: 0xc0000005
Fault offset: 0x00019f3c
Faulting process id: 0x9c4
Faulting application start time: 0xSBAMSvc.exe0
Faulting application path: SBAMSvc.exe1
Faulting module path: SBAMSvc.exe2
Report Id: SBAMSvc.exe3

Error: (07/19/2012 07:48:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: SBAMSvc.exe, version: 5.0.5116.0, time stamp: 0x4eef7ad0
Faulting module name: SbWebFilter.dll, version: 5.1.70.0, time stamp: 0x4eef1fa0
Exception code: 0xc0000005
Fault offset: 0x00019f3c
Faulting process id: 0x628
Faulting application start time: 0xSBAMSvc.exe0
Faulting application path: SBAMSvc.exe1
Faulting module path: SBAMSvc.exe2
Report Id: SBAMSvc.exe3

Error: (07/19/2012 06:17:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: SBAMSvc.exe, version: 5.0.5116.0, time stamp: 0x4eef7ad0
Faulting module name: SbWebFilter.dll, version: 5.1.70.0, time stamp: 0x4eef1fa0
Exception code: 0xc0000005
Fault offset: 0x00045b67
Faulting process id: 0x480
Faulting application start time: 0xSBAMSvc.exe0
Faulting application path: SBAMSvc.exe1
Faulting module path: SBAMSvc.exe2
Report Id: SBAMSvc.exe3

Error: (07/18/2012 07:59:20 PM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80071a90.


System errors:
=============
Error: (07/21/2012 09:56:39 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (07/21/2012 09:56:38 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (07/21/2012 09:54:58 AM) (Source: nvrd64) (User: )
Description: The driver detected a controller error on .

Error: (07/21/2012 09:54:04 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SAVRKBootTasks

Error: (07/21/2012 00:57:06 AM) (Source: nvrd64) (User: )
Description: The driver detected a controller error on .

Error: (07/21/2012 00:56:38 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SAVRKBootTasks

Error: (07/21/2012 00:55:49 AM) (Source: Microsoft Antimalware) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

Signatures Attempted: %24

Error Code: 0x80070002

Error description: The system cannot find the file specified.

Signature version: 1.129.1632.0;1.129.1632.0

Engine version: %600

Error: (07/20/2012 11:57:00 PM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (07/20/2012 11:56:47 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (07/20/2012 11:56:47 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (07/21/2012 10:38:19 AM) (Source: Application Hang)(User: )
Description: MiniToolBox.exe3.3.8.19a401cd6724532abdb00C:\Users\M17x\Desktop\MiniToolBox.exe

Error: (07/21/2012 01:29:35 AM) (Source: SideBySide)(User: )
Description: Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0"C:\Program Files (x86)\SplitMediaLabs\XSplit\XSplitBroadcasterSrc.exe

Error: (07/20/2012 11:58:01 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (07/20/2012 11:23:21 PM) (Source: Application Error)(User: )
Description: SBAMSvc.exe5.0.5116.04eef7ad0SbWebFilter.dll5.1.70.04eef1fa0c000000500019f3cdbc01cd66c48bb38690C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exeC:\Program Files (x86)\Ad-Aware Antivirus\SbWebFilter.dll82ef8700-d2b9-11e1-b39b-0026b96fdbbe

Error: (07/20/2012 09:52:38 PM) (Source: Application Error)(User: )
Description: SBAMSvc.exe5.0.5116.04eef7ad0SbWebFilter.dll5.1.70.04eef1fa0c000000500019f3c92001cd66b0c39b71d0C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exeC:\Program Files (x86)\Ad-Aware Antivirus\SbWebFilter.dlld6b5e3f0-d2ac-11e1-ac89-0026b96fdbbe

Error: (07/19/2012 11:23:18 PM) (Source: Application Hang)(User: )
Description: swtor.exe1.0.0.0c9801cd65e0958494505902C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\RetailClient\swtor.exea09821f1-d1eb-11e1-862e-0026b96fdbbe

Error: (07/19/2012 10:47:34 PM) (Source: Application Error)(User: )
Description: SBAMSvc.exe5.0.5116.04eef7ad0SbWebFilter.dll5.1.70.04eef1fa0c000000500019f3c9c401cd65e09cc089e0C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exeC:\Program Files (x86)\Ad-Aware Antivirus\SbWebFilter.dll58f868a0-d1eb-11e1-862e-0026b96fdbbe

Error: (07/19/2012 07:48:38 PM) (Source: Application Error)(User: )
Description: SBAMSvc.exe5.0.5116.04eef7ad0SbWebFilter.dll5.1.70.04eef1fa0c000000500019f3c62801cd65d4ca958890C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exeC:\Program Files (x86)\Ad-Aware Antivirus\SbWebFilter.dll594e8140-d1d2-11e1-9a5a-0026b96fdbbe

Error: (07/19/2012 06:17:26 PM) (Source: Application Error)(User: )
Description: SBAMSvc.exe5.0.5116.04eef7ad0SbWebFilter.dll5.1.70.04eef1fa0c000000500045b6748001cd65d20f2ac860C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exeC:\Program Files (x86)\Ad-Aware Antivirus\SbWebFilter.dll9be56c60-d1c5-11e1-906d-0026b96fdbbe

Error: (07/18/2012 07:59:20 PM) (Source: System Restore)(User: )
Description: Windows Update0x80071a90


=========================== Installed Programs ============================

3DMark06 (Version: 1.2.0)
7-Zip 4.65
Ad-Aware Antivirus (Version: 10.1.211.3382)
Ad-Aware Browsing Protection (Version: 0.9.0.2)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.1)
Adobe AIR (Version: 2.6.0.19140)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS (Version: CS)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Advanced Combat Tracker (remove only)
All Points Bulletin
Amazon MP3 Downloader 1.0.9
AMR to MP3 Converter 1.4
AnVir Task Manager Free (Version: 6.3.1)
APB Reloaded (Version: 1.3.3.560517)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ARMA 2
ARMA 2: Operation Arrowhead
ASIO4ALL
Assassin's Creed Revelations
µTorrent (Version: 3.1.3)
Audacity 1.2.6
Audacity 1.3.13 (Unicode)
Audiosurf
Auslogics Disk Defrag (Version: version 3.1)
AutoHotkey 1.1.05.01 (Version: 1.1.05.01)
Autorun Eater v2.4
Battlefield 3™ (Version: 1.0.0.0)
Battlefield 3™ Open Beta (Version: 1.0.0.0)
Bing Maps 3D (Version: 4.0.903.16005)
Bonjour (Version: 3.0.0.10)
Borderlands
Broadcom Wireless Utility (Version: 5.30.21.0)
Bulletstorm (Version: 1.0.0000.130)
BulletStorm (Version: 1.0.0001.130)
BulletStorm (Version: 1.0.0005.130)
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Multiplayer
Call of Duty: World at War
CCleaner (Version: 3.00)
Champions Online
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Command & Conquer 3 (Version: 1.00.0000)
Command & Conquer™ 3: Kane's Wrath (Version: 1.00.0000)
Command Center (Version: 2.5.54.0)
CPUID CPU-Z 1.57
Curse Client (Version: 4.0.1.260)
D3DX10 (Version: 15.4.2368.0902)
Darkspore™ (Version: 1.00.0000)
Dead Rising 2
Diablo III (Version: 1.0.1.9558)
DivX Setup (Version: 2.0.4.2)
DivX Web Player (Version: 1.5.0)
Driver Detective (Version: 8.0.1)
Driver Sweeper 2.1.0
Driving Test Success - All Tests 2012 Edition (Update 1) (Version: 16.0)
Driving Test Success - All Tests 2012 Edition (Version: 16.0)
Dual-Core Optimizer (Version: 1.1.4.0169)
EA Installer (Version: 2.2.0.62)
FL Studio 9
Fraps (remove only)
Futuremark SystemInfo (Version: 4.0.0.0)
GameRanger
GamersFirst LIVE!
Google Chrome (Version: 20.0.1132.57)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.115)
Grand Theft Auto IV
Haali Media Splitter
Hardcore
HiJackThis (Version: 1.0.0)
iCloud (Version: 1.0.2.17)
IDT Audio (Version: 1.0.6233.0)
IL Download Manager
iTunes (Version: 10.6.0.40)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 22 (Version: 6.0.220)
Killing Floor
LDC Driving Test Complete (Version: 3.0)
League of Legends (Version: 1.3)
Left 4 Dead
Left 4 Dead 2
LogMeIn Hamachi (Version: 2.1.0.210)
Magic ISO Maker v5.5 (build 0281)
Malwarebytes' Anti-Malware
Mass Effect 2 (Version: 1.02)
Mass Effect™ 3 (Version: 1.03.0.0)
Mass Effect™ 3 Demo (Version: 1.0.0.0)
Medieval II Total War (Version: 1.00.0000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft PowerPoint Viewer (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
MobileMe Control Panel (Version: 3.1.8.0)
Moonbase Alpha
Mozilla Firefox 13.0.1 (x86 en-GB) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mumble 1.2.3 (Version: 1.2.3)
Nation Red
NVIDIA 3D Vision Controller Driver 285.62 (Version: 285.62)
NVIDIA 3D Vision Driver 285.62 (Version: 285.62)
NVIDIA Control Panel 285.62 (Version: 285.62)
NVIDIA Drivers (Version: 1.3)
NVIDIA Graphics Driver 285.62 (Version: 285.62)
NVIDIA HD Audio Driver 1.2.24.0 (Version: 1.2.24.0)
NVIDIA Install Application (Version: 2.1002.46.235)
NVIDIA MediaShield (Version: 11.1.0.43)
NVIDIA nView 136.02 (Version: 136.02)
NVIDIA Optimus 1.5.20 (Version: 1.5.20)
NVIDIA PhysX (Version: 9.11.1107)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.8562)
NVIDIA Update 1.5.20 (Version: 1.5.20)
NVIDIA Update Components (Version: 1.5.20)
Octoshape Streaming Services
OpenAL
Opera 11.51 (Version: 11.51.1087)
Orcs Must Die!
Origin (Version: 8.5.0.4554)
PAYDAY: The Heist
PDFill PDF Editor with FREE Writer and FREE Tools (Version: 8.0)
PerformanceTest v7.0 (64-bit) (Version: 7.0)
PoiZone
Portal
PunkBuster Services (Version: 0.991)
QuickTime (Version: 7.71.80.42)
RarZilla Free Unrar (Version: 2.80)
RICOH R5U8xx Media Driver ver.3.62.02 (Version: 3.62.02)
Rome: Total War Gold Edition
Sawer
Sid Meier's Civilization IV
Sid Meier's Civilization V
Six Updater (Version: 2.09.7006)
Skype Click to Call (Version: 6.1.10441)
Skype™ 5.10 (Version: 5.10.115)
Sophos Anti-Rootkit 1.5.4 (Version: 1.5.4)
Spybot - Search & Destroy (Version: 1.6.2)
Star Wars® Knights of the Old Republic® II: The Sith Lords™ (Version: 1.00.0000)
Star Wars: Knights of the Old Republic
Star Wars: The Old Republic (Version: 1.00)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 4.42.1000)
SWMoniTOR 1.0
System Requirements Lab (Version: 4.1.72.0)
System Requirements Lab CYRI (64-bit) (Version: 4.3.1.0)
System Requirements Lab CYRI (Version: 4.4.26.0)
Terraria
The Elder Scrolls V: Skyrim
Toxic Biohazard
Ubisoft Game Launcher (Version: 1.0.0.0)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Ventrilo Client for Windows x64 (Version: 3.0.7.0)
Web Assistant 2.0.0.439
Winamp (Version: 5.623 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Internet Explorer Platform Preview (Version: 2.10.1008.16421)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinRAR archiver
World of Warcraft (Version: 4.3.3.15354)
Xfire (remove only)
XSplit (Version: 1.0.1206.0203)
Xvid Video Codec (Version: 1.3.2)
Zero Gear

========================= Devices: ================================

Name: Integrated Webcam
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: facap, FastAccess Video Capture
Description: facap, FastAccess Video Capture
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Sensible Vision
Service: FACAP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft ACPI-Compliant Control Method Battery
Description: Microsoft ACPI-Compliant Control Method Battery
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: CmBatt
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 40%
Total physical RAM: 4094.35 MB
Available physical RAM: 2417.08 MB
Total Pagefile: 10233.54 MB
Available Pagefile: 8331.28 MB
Total Virtual: 4095.88 MB
Available Virtual: 3968.18 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:922.12 GB) (Free:166.58 GB) NTFS

========================= Users: ========================================

User accounts for \\M17X-PC

Administrator Guest M17x
UpdatusUser

========================= Minidump Files ==================================

========================= Restore Points ==================================

14-07-2012 15:27:24 Restore Operation
16-07-2012 17:34:58 Windows Update
16-07-2012 17:59:51 Installed Sophos Virus Removal Tool.
18-07-2012 17:52:41 Restore Operation
19-07-2012 19:08:15 Windows Update
20-07-2012 19:56:42 Windows Update
21-07-2012 00:06:30 Windows Update

**** End of log ****

#4 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:00 PM

Posted 21 July 2012 - 08:00 AM

Hi

:step1:
Going over your logs I noticed that you have utorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall utorrent, however that choice is up to you.

If you choose to remove these programs, you can do so via:

  • Click the "Windows Orb" button - Posted Image.
  • Click Control Panel then Programs and Features..

If you wish to keep it, please do not use it until your computer is cleaned.


:step2:
  • Launch Malwarebytes' Anti-Malware (MBAM)
  • Click on the tab update, then click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Then on the Scanner tab select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log in your next reply.

Note: Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Users\<Username>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt


:step3:
I'd like us to scan your machine with ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Note: Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • On ESET: Click the Back button, then the Finish button.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#5 Blue_Wolf

Blue_Wolf
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 22 July 2012 - 06:59 AM

I didn't realise how much can be bundled into torrents, it looks like this is definitely how I got infected.

Here's my next scans:


Malwarebytes' Anti-Malware

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.22.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
M17x :: M17X-PC [administrator]

22/07/2012 08:18:46
mbam-log-2012-07-22 (08-18-46).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 674579
Time elapsed: 4 hour(s), 14 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ESET Online Scanner

C:\Users\M17x\AppData\Local\Downloaded Installations\{44EDBDE5-587A-4FB1-803F-43CDA250D6CD}\Command Center.msi a variant of Win32/PSWTool.IEPasswordsRevealer.A application deleted - quarantined
C:\Users\M17x\Desktop\My Stuff\Work Stuff\PDFCreator-1_2_1_setup.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\M17x\Downloads\1303171053_Carmageddon1.7.0.0Installer.exe a variant of Win32/Packed.ExeScript.B trojan cleaned by deleting - quarantined
C:\Users\M17x\Downloads\AoE2WideSetup.msi Win32/PrcView application deleted - quarantined
C:\Users\M17x\Downloads\winamp5601_full_emusic-7plus_en-us.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\M17x\Downloads\winamp5623_full_emusic-7plus_all.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Windows\Installer\cf30c8.msi a variant of Win32/PSWTool.IEPasswordsRevealer.A application deleted - quarantined


---


At this point, the computer has not done any of the behavior in my original post, it seems a lot faster but it could still be infected with a number of things.

There is a 'web assistant' aka incredibar program still on there that I'm not sure how to go about getting rid of.


Also, I've been using Adaware as antivirus, is this sufficient enough for me to keep using or should I switch to something else?

Edited by Blue_Wolf, 22 July 2012 - 07:00 AM.


#6 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:00 PM

Posted 22 July 2012 - 12:20 PM

Hi

At this point, the computer has not done any of the behavior in my original post, it seems a lot faster

Ok thanks for letting me know.

Also, I've been using Adaware as antivirus, is this sufficient enough for me to keep using or should I switch to something else?

Ad-Aware is no longer recommended
  • mvps.org is no longer recommending Ad-Aware due to poor testing results. See here - (scroll down and read under Freeware Antispyware Products).
  • Therefore, I strongly recommend uninstalling Ad-Aware.
You have Microsoft Security Essentials installed, which is a good Antivirus program.


There is a 'web assistant' aka incredibar program still on there that I'm not sure how to go about getting rid of.

Please try the answer on link

How is the computer running now?

Edited by dev00790, 22 July 2012 - 12:22 PM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#7 Blue_Wolf

Blue_Wolf
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 23 July 2012 - 12:34 PM

Ok, thanks I'll uninstall Adaware.

I got rid of the Web Assistant using your link, thank you.


The computer is still running well, no lockups or slowness to report.


Is there anything else I should run before we can resolve this?

#8 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:00 PM

Posted 23 July 2012 - 06:04 PM

Hi

Ok Great :).

The computer is still running well, no lockups or slowness to report.


Let's run defogger, then GMER to double check for rootkits next:

:step1:
Please follow Step 6 only of the preparation guide here.


:step2:
Please follow step 8 only of the preparation guide here.
Post the log (ark.txt) in your next reply.

If GMER crashes please give details along with any error message if applicable.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#9 Blue_Wolf

Blue_Wolf
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 24 July 2012 - 01:59 PM

My system is 64 bit so most of the checkboxes are greyed out. Is there another one I can run that's compatible?

#10 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:00 PM

Posted 26 July 2012 - 07:32 PM

Hi

Apologies for the delay.

I'm looking into this.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#11 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:00 PM

Posted 27 July 2012 - 09:39 AM

Ok we'll skip the GMER check.

Please do the following next:

:step1:

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.


Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
    64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.

Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u5-windows-i586.exe (or jre-7u5-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

:step2:

Your version of Adobe Reader is outdated.

Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs (or Programs and Features), the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!


:step3:

Important Note: Your version of Firefox is out of date.

Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to update Firefox:

:step4:

I recommend you defragment your hard drive. Auslogics disk defrag is the software I use when defragmenting my disk.


:step5:

How is the computer running now?

Edited by dev00790, 27 July 2012 - 09:40 AM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#12 Blue_Wolf

Blue_Wolf
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 28 July 2012 - 08:43 AM

Ok, Java, Firefox and Adobe Reader are all up to date now and I've finished a defrag. My system is running a lot faster now, no issues to report.

#13 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:00 PM

Posted 28 July 2012 - 05:16 PM

Hi

Ok, Java, Firefox and Adobe Reader are all up to date now and I've finished a defrag. My system is running a lot faster now, no issues to report.

Ok great :)

----------------------

Good stuff, your computer appears to be clean! :thumbup2:

Let's do some clearing up

Please set your system to hide all hidden files.

  • Click Start, open My Computer, select the Tools menu and click Folder Options.
  • Select the View Tab. Under the Hidden files and folders heading,
    • Uncheck Show hidden files and folders.
    • Check: Hide file extensions for known file types.
    • Check: Hide protected operating system files (recommended) option.
  • Click Yes to confirm.

Removing all System Restore points except the last

  • Click Start, Run and type CLEANMGR and press Enter
  • Select the hard disk partition (usually C:) then press OK
  • At the top of the dialog, click the tab More Options. - If the tab this is not visible then press Clean up system files, then Select the hard disk partition (usually C:), then press OK. Then click on the More options button.
  • Under System Restore section, click the button Clean up....
  • Click Delete.


---------------------------------------------------------------------

Here's some advice on how you can keep your PC clean

Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir - though if you choose Avira you should make sure that you uncheck the box offering to install the Ask toolbar. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerabilities that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector, Calendar of Updates., and FileHippo Update checker


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

That's it, happy surfing!

Cheers,

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users