Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus & Firewall Blocking


  • Please log in to reply
11 replies to this topic

#1 Herro Panda

Herro Panda

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 09 August 2012 - 08:58 PM

Originally started with the Security Shield virus, which I was able to get rid of. After rebooting the computer, I began getting redirected to other sites from google searches. This eventually became so bad that I was no longer able to even click on a search result without being redirected so I downloaded and ran the TDSS rootkiller tool from Kaspersky labs. It removed two things which initially eliminated the redirect virus, but occasionally I am still redirected. However, the problem now is that something is preventing McAfee Firewall from turning on. I have run Malwarebytes, Mcafee scan (which found a Desktop.ini with a ZeroAccess trojen but apparently cant delete it), Spybot, and the TDSS killer from Kaspersky but nothing is found. I am running Windows 7 64-bit.

Thank you

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:16 PM

Posted 09 August 2012 - 09:00 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Herro Panda

Herro Panda
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 15 August 2012 - 04:43 PM

12:17:32.0050 1112 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
12:17:32.0346 1112 ============================================================
12:17:32.0346 1112 Current date / time: 2012/08/15 12:17:32.0346
12:17:32.0346 1112 SystemInfo:
12:17:32.0346 1112
12:17:32.0346 1112 OS Version: 6.1.7601 ServicePack: 1.0
12:17:32.0346 1112 Product type: Workstation
12:17:32.0346 1112 ComputerName: DAVID-PC
12:17:32.0346 1112 UserName: David
12:17:32.0346 1112 Windows directory: C:\windows
12:17:32.0346 1112 System windows directory: C:\windows
12:17:32.0346 1112 Running under WOW64
12:17:32.0346 1112 Processor architecture: Intel x64
12:17:32.0346 1112 Number of processors: 4
12:17:32.0346 1112 Page size: 0x1000
12:17:32.0346 1112 Boot type: Normal boot
12:17:32.0346 1112 ============================================================
12:17:32.0721 1112 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:17:32.0736 1112 ============================================================
12:17:32.0736 1112 \Device\Harddisk0\DR0:
12:17:32.0736 1112 MBR partitions:
12:17:32.0736 1112 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x5561A000
12:17:32.0736 1112 ============================================================
12:17:32.0783 1112 C: <-> \Device\Harddisk0\DR0\Partition1
12:17:32.0783 1112 ============================================================
12:17:32.0783 1112 Initialize success
12:17:32.0783 1112 ============================================================
12:17:47.0697 6428 ============================================================
12:17:47.0697 6428 Scan started
12:17:47.0697 6428 Mode: Manual; TDLFS;
12:17:47.0697 6428 ============================================================
12:17:48.0149 6428 ================ Scan services =============================
12:17:48.0243 6428 [ 7d9d615201a483d6fa99491c2e655a5a ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
12:17:48.0243 6428 !SASCORE - ok
12:17:48.0414 6428 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
12:17:48.0446 6428 1394ohci - ok
12:17:48.0477 6428 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\windows\system32\drivers\ACPI.sys
12:17:48.0477 6428 ACPI - ok
12:17:48.0508 6428 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
12:17:48.0508 6428 AcpiPmi - ok
12:17:48.0586 6428 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:17:48.0586 6428 AdobeARMservice - ok
12:17:48.0711 6428 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:17:48.0711 6428 AdobeFlashPlayerUpdateSvc - ok
12:17:48.0758 6428 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
12:17:48.0758 6428 adp94xx - ok
12:17:48.0804 6428 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\windows\system32\drivers\adpahci.sys
12:17:48.0820 6428 adpahci - ok
12:17:48.0836 6428 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
12:17:48.0836 6428 adpu320 - ok
12:17:48.0867 6428 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
12:17:48.0867 6428 AeLookupSvc - ok
12:17:48.0914 6428 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\windows\system32\drivers\afd.sys
12:17:48.0914 6428 AFD - ok
12:17:48.0945 6428 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\windows\system32\drivers\agp440.sys
12:17:48.0960 6428 agp440 - ok
12:17:48.0976 6428 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\windows\System32\alg.exe
12:17:48.0976 6428 ALG - ok
12:17:49.0007 6428 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\windows\system32\drivers\aliide.sys
12:17:49.0007 6428 aliide - ok
12:17:49.0007 6428 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\windows\system32\drivers\amdide.sys
12:17:49.0023 6428 amdide - ok
12:17:49.0038 6428 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
12:17:49.0038 6428 AmdK8 - ok
12:17:49.0070 6428 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
12:17:49.0070 6428 AmdPPM - ok
12:17:49.0116 6428 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\windows\system32\drivers\amdsata.sys
12:17:49.0116 6428 amdsata - ok
12:17:49.0132 6428 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\windows\system32\drivers\amdsbs.sys
12:17:49.0132 6428 amdsbs - ok
12:17:49.0148 6428 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
12:17:49.0148 6428 amdxata - ok
12:17:49.0194 6428 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\windows\system32\drivers\appid.sys
12:17:49.0194 6428 AppID - ok
12:17:49.0226 6428 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\windows\System32\appidsvc.dll
12:17:49.0226 6428 AppIDSvc - ok
12:17:49.0241 6428 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\windows\System32\appinfo.dll
12:17:49.0257 6428 Appinfo - ok
12:17:49.0272 6428 [ c484f8ceb1717c540242531db7845c4e ] arc C:\windows\system32\drivers\arc.sys
12:17:49.0272 6428 arc - ok
12:17:49.0304 6428 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\windows\system32\drivers\arcsas.sys
12:17:49.0304 6428 arcsas - ok
12:17:49.0335 6428 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
12:17:49.0335 6428 AsyncMac - ok
12:17:49.0382 6428 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\windows\system32\drivers\atapi.sys
12:17:49.0382 6428 atapi - ok
12:17:49.0413 6428 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
12:17:49.0428 6428 AudioEndpointBuilder - ok
12:17:49.0428 6428 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\windows\System32\Audiosrv.dll
12:17:49.0428 6428 AudioSrv - ok
12:17:49.0491 6428 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\windows\System32\AxInstSV.dll
12:17:49.0491 6428 AxInstSV - ok
12:17:49.0538 6428 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
12:17:49.0553 6428 b06bdrv - ok
12:17:49.0584 6428 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
12:17:49.0584 6428 b57nd60a - ok
12:17:49.0616 6428 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\windows\System32\bdesvc.dll
12:17:49.0616 6428 BDESVC - ok
12:17:49.0631 6428 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\windows\system32\drivers\Beep.sys
12:17:49.0631 6428 Beep - ok
12:17:49.0662 6428 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\windows\system32\drivers\blbdrive.sys
12:17:49.0662 6428 blbdrive - ok
12:17:49.0709 6428 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
12:17:49.0709 6428 bowser - ok
12:17:49.0725 6428 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
12:17:49.0725 6428 BrFiltLo - ok
12:17:49.0740 6428 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
12:17:49.0740 6428 BrFiltUp - ok
12:17:49.0772 6428 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\windows\System32\browser.dll
12:17:49.0772 6428 Browser - ok
12:17:49.0818 6428 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\windows\System32\Drivers\Brserid.sys
12:17:49.0818 6428 Brserid - ok
12:17:49.0818 6428 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
12:17:49.0818 6428 BrSerWdm - ok
12:17:49.0850 6428 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
12:17:49.0850 6428 BrUsbMdm - ok
12:17:49.0865 6428 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
12:17:49.0865 6428 BrUsbSer - ok
12:17:49.0881 6428 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
12:17:49.0881 6428 BTHMODEM - ok
12:17:49.0912 6428 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\windows\system32\bthserv.dll
12:17:49.0912 6428 bthserv - ok
12:17:49.0928 6428 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
12:17:49.0928 6428 cdfs - ok
12:17:49.0974 6428 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
12:17:49.0974 6428 cdrom - ok
12:17:50.0021 6428 [ a965b206921c55f2d1481789d609b711 ] CeKbFilter C:\windows\system32\DRIVERS\CeKbFilter.sys
12:17:50.0021 6428 CeKbFilter - ok
12:17:50.0068 6428 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\windows\System32\certprop.dll
12:17:50.0068 6428 CertPropSvc - ok
12:17:50.0115 6428 [ 274ce03459896006f7a5069266e0469e ] cfwids C:\windows\system32\drivers\cfwids.sys
12:17:50.0115 6428 cfwids - ok
12:17:50.0146 6428 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\windows\system32\DRIVERS\circlass.sys
12:17:50.0146 6428 circlass - ok
12:17:50.0193 6428 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\windows\system32\CLFS.sys
12:17:50.0193 6428 CLFS - ok
12:17:50.0240 6428 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:17:50.0240 6428 clr_optimization_v2.0.50727_32 - ok
12:17:50.0271 6428 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:17:50.0271 6428 clr_optimization_v2.0.50727_64 - ok
12:17:50.0349 6428 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:17:50.0349 6428 clr_optimization_v4.0.30319_32 - ok
12:17:50.0380 6428 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:17:50.0380 6428 clr_optimization_v4.0.30319_64 - ok
12:17:50.0411 6428 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\windows\system32\drivers\CmBatt.sys
12:17:50.0411 6428 CmBatt - ok
12:17:50.0427 6428 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\windows\system32\drivers\cmdide.sys
12:17:50.0427 6428 cmdide - ok
12:17:50.0489 6428 [ c4943b6c962e4b82197542447ad599f4 ] CNG C:\windows\system32\Drivers\cng.sys
12:17:50.0489 6428 CNG - ok
12:17:50.0536 6428 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
12:17:50.0536 6428 Compbatt - ok
12:17:50.0552 6428 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
12:17:50.0552 6428 CompositeBus - ok
12:17:50.0567 6428 COMSysApp - ok
12:17:50.0583 6428 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
12:17:50.0583 6428 crcdisk - ok
12:17:50.0614 6428 [ 15597883fbe9b056f276ada3ad87d9af ] CryptSvc C:\windows\system32\cryptsvc.dll
12:17:50.0614 6428 CryptSvc - ok
12:17:50.0692 6428 [ 72794d112cbaff3bc0c29bf7350d4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:17:50.0692 6428 cvhsvc - ok
12:17:50.0739 6428 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\windows\system32\rpcss.dll
12:17:50.0739 6428 DcomLaunch - ok
12:17:50.0770 6428 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\windows\System32\defragsvc.dll
12:17:50.0770 6428 defragsvc - ok
12:17:50.0786 6428 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
12:17:50.0786 6428 DfsC - ok
12:17:50.0817 6428 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\windows\system32\dhcpcore.dll
12:17:50.0817 6428 Dhcp - ok
12:17:50.0848 6428 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\windows\system32\drivers\discache.sys
12:17:50.0848 6428 discache - ok
12:17:50.0895 6428 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\windows\system32\drivers\disk.sys
12:17:50.0895 6428 Disk - ok
12:17:50.0957 6428 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\windows\System32\dnsrslvr.dll
12:17:50.0957 6428 Dnscache - ok
12:17:50.0988 6428 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\windows\System32\dot3svc.dll
12:17:50.0988 6428 dot3svc - ok
12:17:51.0004 6428 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\windows\system32\dps.dll
12:17:51.0004 6428 DPS - ok
12:17:51.0035 6428 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
12:17:51.0035 6428 drmkaud - ok
12:17:51.0082 6428 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
12:17:51.0098 6428 DXGKrnl - ok
12:17:51.0129 6428 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\windows\System32\eapsvc.dll
12:17:51.0129 6428 EapHost - ok
12:17:51.0176 6428 [ 7a0887b0c3f5d8768c2f7c8524834fe6 ] easytether C:\windows\system32\DRIVERS\easytthr.sys
12:17:51.0176 6428 easytether - ok
12:17:51.0238 6428 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\windows\system32\drivers\evbda.sys
12:17:51.0269 6428 ebdrv - ok
12:17:51.0316 6428 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\windows\System32\lsass.exe
12:17:51.0316 6428 EFS - ok
12:17:51.0347 6428 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
12:17:51.0394 6428 ehRecvr - ok
12:17:51.0410 6428 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\windows\ehome\ehsched.exe
12:17:51.0410 6428 ehSched - ok
12:17:51.0456 6428 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
12:17:51.0456 6428 elxstor - ok
12:17:51.0503 6428 [ 524c79054636d2e5751169005006460b ] enecir C:\windows\system32\DRIVERS\enecir.sys
12:17:51.0503 6428 enecir - ok
12:17:51.0519 6428 [ e17eb95358f396e27d573a1b20f891f8 ] enecirhid C:\windows\system32\DRIVERS\enecirhid.sys
12:17:51.0519 6428 enecirhid - ok
12:17:51.0534 6428 [ 8492d808c79bd6fe439f77be84956cdf ] enecirhidma C:\windows\system32\DRIVERS\enecirhidma.sys
12:17:51.0534 6428 enecirhidma - ok
12:17:51.0534 6428 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\windows\system32\drivers\errdev.sys
12:17:51.0550 6428 ErrDev - ok
12:17:51.0581 6428 esgiguard - ok
12:17:51.0612 6428 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\windows\system32\es.dll
12:17:51.0628 6428 EventSystem - ok
12:17:51.0706 6428 [ 7ee9f35bc1dd0ce1a4976032f9ac5162 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:17:51.0722 6428 EvtEng - ok
12:17:51.0753 6428 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\windows\system32\drivers\exfat.sys
12:17:51.0753 6428 exfat - ok
12:17:51.0768 6428 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\windows\system32\drivers\fastfat.sys
12:17:51.0768 6428 fastfat - ok
12:17:51.0815 6428 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\windows\system32\fxssvc.exe
12:17:51.0831 6428 Fax - ok
12:17:51.0862 6428 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\windows\system32\drivers\fdc.sys
12:17:51.0862 6428 fdc - ok
12:17:51.0893 6428 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\windows\system32\fdPHost.dll
12:17:51.0893 6428 fdPHost - ok
12:17:51.0893 6428 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\windows\system32\fdrespub.dll
12:17:51.0893 6428 FDResPub - ok
12:17:51.0924 6428 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
12:17:51.0924 6428 FileInfo - ok
12:17:51.0940 6428 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
12:17:51.0940 6428 Filetrace - ok
12:17:51.0971 6428 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
12:17:51.0971 6428 flpydisk - ok
12:17:52.0002 6428 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
12:17:52.0002 6428 FltMgr - ok
12:17:52.0034 6428 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\windows\system32\FntCache.dll
12:17:52.0049 6428 FontCache - ok
12:17:52.0096 6428 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:17:52.0096 6428 FontCache3.0.0.0 - ok
12:17:52.0112 6428 [ d43703496149971890703b4b1b723eac ] FsDepends C:\windows\system32\drivers\FsDepends.sys
12:17:52.0127 6428 FsDepends - ok
12:17:52.0143 6428 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
12:17:52.0143 6428 Fs_Rec - ok
12:17:52.0174 6428 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
12:17:52.0190 6428 fvevol - ok
12:17:52.0221 6428 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
12:17:52.0221 6428 gagp30kx - ok
12:17:52.0252 6428 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\windows\System32\gpsvc.dll
12:17:52.0252 6428 gpsvc - ok
12:17:52.0377 6428 [ 506708142bc63daba64f2d3ad1dcd5bf ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:17:52.0377 6428 gupdate - ok
12:17:52.0408 6428 [ 506708142bc63daba64f2d3ad1dcd5bf ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:17:52.0408 6428 gupdatem - ok
12:17:52.0439 6428 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
12:17:52.0439 6428 hcw85cir - ok
12:17:52.0470 6428 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
12:17:52.0470 6428 HdAudAddService - ok
12:17:52.0502 6428 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
12:17:52.0502 6428 HDAudBus - ok
12:17:52.0517 6428 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\windows\system32\drivers\HidBatt.sys
12:17:52.0517 6428 HidBatt - ok
12:17:52.0517 6428 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\windows\system32\drivers\hidbth.sys
12:17:52.0517 6428 HidBth - ok
12:17:52.0564 6428 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
12:17:52.0564 6428 HidIr - ok
12:17:52.0595 6428 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\windows\system32\hidserv.dll
12:17:52.0595 6428 hidserv - ok
12:17:52.0626 6428 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
12:17:52.0626 6428 HidUsb - ok
12:17:52.0658 6428 [ 44f92c1f913e582bef9cac66443c6230 ] hitmanpro36 C:\windows\system32\drivers\hitmanpro36.sys
12:17:52.0658 6428 hitmanpro36 - ok
12:17:52.0673 6428 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\windows\system32\kmsvc.dll
12:17:52.0673 6428 hkmsvc - ok
12:17:52.0704 6428 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\windows\system32\ListSvc.dll
12:17:52.0704 6428 HomeGroupListener - ok
12:17:52.0736 6428 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
12:17:52.0736 6428 HomeGroupProvider - ok
12:17:52.0782 6428 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
12:17:52.0798 6428 HpSAMD - ok
12:17:52.0829 6428 [ f47cec45fb85791d4ab237563ad0fa8f ] HTCAND64 C:\windows\system32\Drivers\ANDROIDUSB.sys
12:17:52.0860 6428 HTCAND64 - ok
12:17:52.0892 6428 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\windows\system32\drivers\HTTP.sys
12:17:52.0892 6428 HTTP - ok
12:17:52.0907 6428 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
12:17:52.0907 6428 hwpolicy - ok
12:17:52.0954 6428 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
12:17:52.0954 6428 i8042prt - ok
12:17:53.0001 6428 [ d469b77687e12fe43e344806740b624d ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
12:17:53.0001 6428 iaStor - ok
12:17:53.0048 6428 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
12:17:53.0048 6428 iaStorV - ok
12:17:53.0094 6428 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:17:53.0110 6428 idsvc - ok
12:17:53.0313 6428 [ 370c2a8629b30f910f740387795ddc6f ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
12:17:53.0531 6428 igfx - ok
12:17:53.0562 6428 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\windows\system32\drivers\iirsp.sys
12:17:53.0562 6428 iirsp - ok
12:17:53.0609 6428 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\windows\System32\ikeext.dll
12:17:53.0625 6428 IKEEXT - ok
12:17:53.0703 6428 [ ac9aafd18e4d52084c4aa8a38795b7e4 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
12:17:53.0718 6428 IntcAzAudAddService - ok
12:17:53.0765 6428 [ fc727061c0f47c8059e88e05d5c8e381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
12:17:53.0781 6428 IntcDAud - ok
12:17:53.0796 6428 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\windows\system32\drivers\intelide.sys
12:17:53.0796 6428 intelide - ok
12:17:53.0828 6428 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
12:17:53.0843 6428 intelppm - ok
12:17:53.0859 6428 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\windows\system32\ipbusenum.dll
12:17:53.0859 6428 IPBusEnum - ok
12:17:53.0890 6428 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
12:17:53.0890 6428 IpFilterDriver - ok
12:17:53.0890 6428 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
12:17:53.0890 6428 IPMIDRV - ok
12:17:53.0906 6428 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
12:17:53.0906 6428 IPNAT - ok
12:17:53.0952 6428 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\windows\system32\drivers\irenum.sys
12:17:53.0952 6428 IRENUM - ok
12:17:53.0968 6428 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\windows\system32\drivers\isapnp.sys
12:17:53.0968 6428 isapnp - ok
12:17:53.0984 6428 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
12:17:53.0999 6428 iScsiPrt - ok
12:17:54.0030 6428 [ 0b44199365a69696109ab9a5855e0841 ] JMCR C:\windows\system32\DRIVERS\jmcr.sys
12:17:54.0030 6428 JMCR - ok
12:17:54.0062 6428 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
12:17:54.0077 6428 kbdclass - ok
12:17:54.0093 6428 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
12:17:54.0093 6428 kbdhid - ok
12:17:54.0124 6428 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\windows\system32\lsass.exe
12:17:54.0124 6428 KeyIso - ok
12:17:54.0155 6428 [ da1e991a61cfdd755a589e206b97644b ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
12:17:54.0155 6428 KSecDD - ok
12:17:54.0171 6428 [ 7e33198d956943a4f11a5474c1e9106f ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
12:17:54.0171 6428 KSecPkg - ok
12:17:54.0202 6428 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
12:17:54.0202 6428 ksthunk - ok
12:17:54.0233 6428 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\windows\system32\msdtckrm.dll
12:17:54.0249 6428 KtmRm - ok
12:17:54.0280 6428 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\windows\system32\srvsvc.dll
12:17:54.0280 6428 LanmanServer - ok
12:17:54.0311 6428 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\windows\System32\wkssvc.dll
12:17:54.0311 6428 LanmanWorkstation - ok
12:17:54.0342 6428 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
12:17:54.0342 6428 lltdio - ok
12:17:54.0389 6428 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\windows\System32\lltdsvc.dll
12:17:54.0389 6428 lltdsvc - ok
12:17:54.0405 6428 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\windows\System32\lmhsvc.dll
12:17:54.0405 6428 lmhosts - ok
12:17:54.0452 6428 [ 50c7ce53ef461870410355f1f2e7d515 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:17:54.0452 6428 LMS - ok
12:17:54.0514 6428 [ 2825a71e7501cb33b3b9f856610c729d ] LPCFilter C:\windows\system32\DRIVERS\LPCFilter.sys
12:17:54.0514 6428 LPCFilter - ok
12:17:54.0545 6428 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
12:17:54.0561 6428 LSI_FC - ok
12:17:54.0576 6428 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
12:17:54.0576 6428 LSI_SAS - ok
12:17:54.0592 6428 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
12:17:54.0592 6428 LSI_SAS2 - ok
12:17:54.0592 6428 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
12:17:54.0608 6428 LSI_SCSI - ok
12:17:54.0654 6428 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\windows\system32\drivers\luafv.sys
12:17:54.0654 6428 luafv - ok
12:17:54.0717 6428 [ acb01bf1a905356ab7f978c7fe852209 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
12:17:54.0717 6428 McAfee SiteAdvisor Service - ok
12:17:54.0764 6428 [ 79d51e7f5926e8ce1b3ebecebae28cff ] mcdbus C:\windows\system32\DRIVERS\mcdbus.sys
12:17:54.0764 6428 mcdbus - ok
12:17:54.0795 6428 [ acb01bf1a905356ab7f978c7fe852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
12:17:54.0795 6428 McMPFSvc - ok
12:17:54.0795 6428 [ acb01bf1a905356ab7f978c7fe852209 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
12:17:54.0795 6428 mcmscsvc - ok
12:17:54.0810 6428 [ acb01bf1a905356ab7f978c7fe852209 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
12:17:54.0810 6428 McNaiAnn - ok
12:17:54.0873 6428 [ acb01bf1a905356ab7f978c7fe852209 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
12:17:54.0873 6428 McNASvc - ok
12:17:54.0935 6428 [ dd2321925274f2902929d76ce2b0eb45 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
12:17:54.0935 6428 McODS - ok
12:17:54.0982 6428 [ acb01bf1a905356ab7f978c7fe852209 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
12:17:54.0982 6428 McProxy - ok
12:17:55.0044 6428 [ e998e3b12101288d716558466cbf6ae1 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
12:17:55.0044 6428 McShield - ok
12:17:55.0076 6428 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
12:17:55.0076 6428 Mcx2Svc - ok
12:17:55.0076 6428 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\windows\system32\drivers\megasas.sys
12:17:55.0076 6428 megasas - ok
12:17:55.0122 6428 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
12:17:55.0122 6428 MegaSR - ok
12:17:55.0169 6428 [ a6518dcc42f7a6e999bb3bea8fd87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
12:17:55.0169 6428 MEIx64 - ok
12:17:55.0216 6428 [ 01884cb7655c8908b43ff5e364fe6fd2 ] mfeapfk C:\windows\system32\drivers\mfeapfk.sys
12:17:55.0216 6428 mfeapfk - ok
12:17:55.0278 6428 [ dab9a9cdfb04e4d68924492aa043019d ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys
12:17:55.0278 6428 mfeavfk - ok
12:17:55.0294 6428 mfeavfk01 - ok
12:17:55.0325 6428 [ b26782c3d6045b4464017d7926877560 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
12:17:55.0325 6428 mfefire - ok
12:17:55.0372 6428 [ ce9a3680675c0907ade16404ca967b49 ] mfefirek C:\windows\system32\drivers\mfefirek.sys
12:17:55.0372 6428 mfefirek - ok
12:17:55.0419 6428 [ 60cf67458dd29cd17e77f2327b1a9a54 ] mfehidk C:\windows\system32\drivers\mfehidk.sys
12:17:55.0419 6428 mfehidk - ok
12:17:55.0450 6428 [ a8129cfb919347f8533c934b365e9202 ] mfenlfk C:\windows\system32\DRIVERS\mfenlfk.sys
12:17:55.0450 6428 mfenlfk - ok
12:17:55.0481 6428 [ 5041fa2bd2b3a2693b015771bfbf6dca ] mferkdet C:\windows\system32\drivers\mferkdet.sys
12:17:55.0481 6428 mferkdet - ok
12:17:55.0528 6428 [ 723a5eb6cef7f408c3d0f15a82a6bff8 ] mfevtp C:\windows\system32\mfevtps.exe
12:17:55.0528 6428 mfevtp - ok
12:17:55.0575 6428 [ 919c56db14a0e1e2ab6da5d2821dc26e ] mfewfpk C:\windows\system32\drivers\mfewfpk.sys
12:17:55.0575 6428 mfewfpk - ok
12:17:55.0637 6428 Microsoft SharePoint Workspace Audit Service - ok
12:17:55.0653 6428 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\windows\system32\mmcss.dll
12:17:55.0653 6428 MMCSS - ok
12:17:55.0715 6428 [ 8cc001c65c31633171991fa72a551d43 ] MOBKbackup C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
12:17:55.0715 6428 MOBKbackup - ok
12:17:55.0731 6428 [ 3800c23d0d90c59aafcdefdc82b5c4af ] MOBKFilter C:\windows\system32\DRIVERS\MOBK.sys
12:17:55.0731 6428 MOBKFilter - ok
12:17:55.0746 6428 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\windows\system32\drivers\modem.sys
12:17:55.0746 6428 Modem - ok
12:17:55.0778 6428 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\windows\system32\DRIVERS\monitor.sys
12:17:55.0778 6428 monitor - ok
12:17:55.0809 6428 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
12:17:55.0809 6428 mouclass - ok
12:17:55.0824 6428 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
12:17:55.0824 6428 mouhid - ok
12:17:55.0856 6428 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\windows\system32\drivers\mountmgr.sys
12:17:55.0856 6428 mountmgr - ok
12:17:55.0965 6428 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe
12:17:55.0965 6428 MozillaMaintenance - ok
12:17:55.0996 6428 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\windows\system32\drivers\mpio.sys
12:17:56.0027 6428 mpio - ok
12:17:56.0043 6428 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
12:17:56.0043 6428 mpsdrv - ok
12:17:56.0058 6428 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
12:17:56.0058 6428 MRxDAV - ok
12:17:56.0090 6428 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
12:17:56.0090 6428 mrxsmb - ok
12:17:56.0105 6428 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
12:17:56.0105 6428 mrxsmb10 - ok
12:17:56.0121 6428 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
12:17:56.0136 6428 mrxsmb20 - ok
12:17:56.0152 6428 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys
12:17:56.0152 6428 msahci - ok
12:17:56.0168 6428 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\windows\system32\drivers\msdsm.sys
12:17:56.0168 6428 msdsm - ok
12:17:56.0183 6428 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\windows\System32\msdtc.exe
12:17:56.0183 6428 MSDTC - ok
12:17:56.0214 6428 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\windows\system32\drivers\Msfs.sys
12:17:56.0214 6428 Msfs - ok
12:17:56.0230 6428 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
12:17:56.0230 6428 mshidkmdf - ok
12:17:56.0246 6428 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\windows\system32\drivers\msisadrv.sys
12:17:56.0246 6428 msisadrv - ok
12:17:56.0277 6428 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
12:17:56.0277 6428 MSiSCSI - ok
12:17:56.0277 6428 msiserver - ok
12:17:56.0292 6428 [ acb01bf1a905356ab7f978c7fe852209 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
12:17:56.0308 6428 MSK80Service - ok
12:17:56.0324 6428 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
12:17:56.0324 6428 MSKSSRV - ok
12:17:56.0355 6428 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
12:17:56.0355 6428 MSPCLOCK - ok
12:17:56.0355 6428 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
12:17:56.0355 6428 MSPQM - ok
12:17:56.0386 6428 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\windows\system32\drivers\MsRPC.sys
12:17:56.0386 6428 MsRPC - ok
12:17:56.0402 6428 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
12:17:56.0402 6428 mssmbios - ok
12:17:56.0417 6428 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
12:17:56.0417 6428 MSTEE - ok
12:17:56.0433 6428 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\windows\system32\drivers\MTConfig.sys
12:17:56.0433 6428 MTConfig - ok
12:17:56.0464 6428 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\windows\system32\Drivers\mup.sys
12:17:56.0464 6428 Mup - ok
12:17:56.0511 6428 [ 0cf5580f27918ffd2e165ecafa734103 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
12:17:56.0511 6428 MyWiFiDHCPDNS - ok
12:17:56.0542 6428 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\windows\system32\qagentRT.dll
12:17:56.0558 6428 napagent - ok
12:17:56.0589 6428 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
12:17:56.0604 6428 NativeWifiP - ok
12:17:56.0651 6428 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\windows\system32\drivers\ndis.sys
12:17:56.0651 6428 NDIS - ok
12:17:56.0667 6428 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
12:17:56.0667 6428 NdisCap - ok
12:17:56.0714 6428 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
12:17:56.0714 6428 NdisTapi - ok
12:17:56.0745 6428 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
12:17:56.0745 6428 Ndisuio - ok
12:17:56.0760 6428 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
12:17:56.0807 6428 NdisWan - ok
12:17:56.0838 6428 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
12:17:56.0838 6428 NDProxy - ok
12:17:56.0870 6428 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
12:17:56.0870 6428 NetBIOS - ok
12:17:56.0885 6428 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
12:17:56.0885 6428 NetBT - ok
12:17:56.0901 6428 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\windows\system32\lsass.exe
12:17:56.0901 6428 Netlogon - ok
12:17:56.0948 6428 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\windows\System32\netman.dll
12:17:56.0948 6428 Netman - ok
12:17:56.0963 6428 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\windows\System32\netprofm.dll
12:17:56.0979 6428 netprofm - ok
12:17:56.0994 6428 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:17:56.0994 6428 NetTcpPortSharing - ok
12:17:57.0150 6428 [ b9c587bdaa61a689883439d5ae6fe7f3 ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
12:17:57.0338 6428 NETwNs64 - ok
12:17:57.0369 6428 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
12:17:57.0369 6428 nfrd960 - ok
12:17:57.0400 6428 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
12:17:57.0416 6428 NlaSvc - ok
12:17:57.0447 6428 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\windows\system32\drivers\Npfs.sys
12:17:57.0447 6428 Npfs - ok
12:17:57.0462 6428 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\windows\system32\nsisvc.dll
12:17:57.0462 6428 nsi - ok
12:17:57.0478 6428 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
12:17:57.0478 6428 nsiproxy - ok
12:17:57.0540 6428 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
12:17:57.0556 6428 Ntfs - ok
12:17:57.0587 6428 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\windows\system32\drivers\Null.sys
12:17:57.0587 6428 Null - ok
12:17:57.0618 6428 [ 0ebc9d13cd96c15b1b18d8678a609e4b ] nusb3hub C:\windows\system32\DRIVERS\nusb3hub.sys
12:17:57.0618 6428 nusb3hub - ok
12:17:57.0634 6428 [ 7bdec000d56d485021d9c1e63c2f81ca ] nusb3xhc C:\windows\system32\DRIVERS\nusb3xhc.sys
12:17:57.0634 6428 nusb3xhc - ok
12:17:57.0899 6428 [ ba0b4889c40380a01ecdf84c227a89c9 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
12:17:58.0242 6428 nvlddmkm - ok
12:17:58.0289 6428 [ 715d45ed30003fc70cfa0d9c6dd0b538 ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys
12:17:58.0289 6428 nvpciflt - ok
12:17:58.0320 6428 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\windows\system32\drivers\nvraid.sys
12:17:58.0320 6428 nvraid - ok
12:17:58.0336 6428 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\windows\system32\drivers\nvstor.sys
12:17:58.0352 6428 nvstor - ok
12:17:58.0398 6428 [ 06633cf95bea62164c3bfca24bce6b11 ] NVSvc C:\windows\system32\nvvsvc.exe
12:17:58.0414 6428 NVSvc - ok
12:17:58.0492 6428 [ 53b629ce436b110c5689c2f6439e567b ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:17:58.0492 6428 nvUpdatusService - ok
12:17:58.0523 6428 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
12:17:58.0523 6428 nv_agp - ok
12:17:58.0539 6428 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
12:17:58.0539 6428 ohci1394 - ok
12:17:58.0570 6428 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:17:58.0570 6428 ose - ok
12:17:58.0695 6428 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:17:58.0773 6428 osppsvc - ok
12:17:58.0851 6428 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\windows\system32\pnrpsvc.dll
12:17:58.0851 6428 p2pimsvc - ok
12:17:58.0866 6428 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\windows\system32\p2psvc.dll
12:17:58.0882 6428 p2psvc - ok
12:17:58.0913 6428 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\windows\system32\drivers\parport.sys
12:17:58.0913 6428 Parport - ok
12:17:58.0944 6428 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\windows\system32\drivers\partmgr.sys
12:17:58.0944 6428 partmgr - ok
12:17:58.0990 6428 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
12:17:58.0992 6428 PcaSvc - ok
12:17:59.0004 6428 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\windows\system32\drivers\pci.sys
12:17:59.0004 6428 pci - ok
12:17:59.0044 6428 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\windows\system32\DRIVERS\pciide.sys
12:17:59.0044 6428 pciide - ok
12:17:59.0054 6428 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\windows\system32\drivers\pcmcia.sys
12:17:59.0054 6428 pcmcia - ok
12:17:59.0074 6428 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\windows\system32\drivers\pcw.sys
12:17:59.0074 6428 pcw - ok
12:17:59.0094 6428 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\windows\system32\drivers\peauth.sys
12:17:59.0104 6428 PEAUTH - ok
12:17:59.0166 6428 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\windows\SysWow64\perfhost.exe
12:17:59.0182 6428 PerfHost - ok
12:17:59.0213 6428 [ 91111cebbde8015e822c46120ed9537c ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
12:17:59.0213 6428 PGEffect - ok
12:17:59.0260 6428 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\windows\system32\pla.dll
12:17:59.0275 6428 pla - ok
12:17:59.0306 6428 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
12:17:59.0322 6428 PlugPlay - ok
12:17:59.0353 6428 PnkBstrA - ok
12:17:59.0369 6428 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
12:17:59.0369 6428 PNRPAutoReg - ok
12:17:59.0384 6428 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\windows\system32\pnrpsvc.dll
12:17:59.0384 6428 PNRPsvc - ok
12:17:59.0416 6428 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
12:17:59.0416 6428 PolicyAgent - ok
12:17:59.0447 6428 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\windows\system32\umpo.dll
12:17:59.0447 6428 Power - ok
12:17:59.0494 6428 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
12:17:59.0494 6428 PptpMiniport - ok
12:17:59.0509 6428 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\windows\system32\drivers\processr.sys
12:17:59.0525 6428 Processor - ok
12:17:59.0540 6428 [ 5c78838b4d166d1a27db3a8a820c799a ] ProfSvc C:\windows\system32\profsvc.dll
12:17:59.0540 6428 ProfSvc - ok
12:17:59.0556 6428 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\windows\system32\lsass.exe
12:17:59.0556 6428 ProtectedStorage - ok
12:17:59.0587 6428 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\windows\system32\DRIVERS\pacer.sys
12:17:59.0587 6428 Psched - ok
12:17:59.0634 6428 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
12:17:59.0650 6428 ql2300 - ok
12:17:59.0681 6428 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
12:17:59.0681 6428 ql40xx - ok
12:17:59.0712 6428 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\windows\system32\qwave.dll
12:17:59.0712 6428 QWAVE - ok
12:17:59.0728 6428 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
12:17:59.0728 6428 QWAVEdrv - ok
12:17:59.0743 6428 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
12:17:59.0743 6428 RasAcd - ok
12:17:59.0790 6428 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
12:17:59.0790 6428 RasAgileVpn - ok
12:17:59.0821 6428 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\windows\System32\rasauto.dll
12:17:59.0821 6428 RasAuto - ok
12:17:59.0837 6428 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
12:17:59.0837 6428 Rasl2tp - ok
12:17:59.0852 6428 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\windows\System32\rasmans.dll
12:17:59.0852 6428 RasMan - ok
12:17:59.0884 6428 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
12:17:59.0884 6428 RasPppoe - ok
12:17:59.0899 6428 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
12:17:59.0899 6428 RasSstp - ok
12:17:59.0915 6428 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
12:17:59.0915 6428 rdbss - ok
12:17:59.0946 6428 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\windows\system32\drivers\rdpbus.sys
12:17:59.0946 6428 rdpbus - ok
12:17:59.0946 6428 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
12:17:59.0946 6428 RDPCDD - ok
12:17:59.0977 6428 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
12:17:59.0977 6428 RDPENCDD - ok
12:17:59.0977 6428 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
12:17:59.0977 6428 RDPREFMP - ok
12:18:00.0008 6428 [ 6d76e6433574b058adcb0c50df834492 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
12:18:00.0008 6428 RDPWD - ok
12:18:00.0040 6428 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
12:18:00.0040 6428 rdyboost - ok
12:18:00.0102 6428 [ aa9fd849c028ccb441a78061b57db734 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:18:00.0102 6428 RegSrvc - ok
12:18:00.0133 6428 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\windows\System32\mprdim.dll
12:18:00.0133 6428 RemoteAccess - ok
12:18:00.0180 6428 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
12:18:00.0180 6428 RemoteRegistry - ok
12:18:00.0211 6428 [ caf88d6573d21cd2aa27001ddbfdc74d ] RMCAST C:\windows\system32\DRIVERS\RMCAST.sys
12:18:00.0211 6428 RMCAST - ok
12:18:00.0227 6428 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
12:18:00.0227 6428 RpcEptMapper - ok
12:18:00.0258 6428 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\windows\system32\locator.exe
12:18:00.0258 6428 RpcLocator - ok
12:18:00.0274 6428 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\windows\system32\rpcss.dll
12:18:00.0289 6428 RpcSs - ok
12:18:00.0320 6428 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
12:18:00.0320 6428 rspndr - ok
12:18:00.0352 6428 [ ee082e06a82ff630351d1e0ebbd3d8d0 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
12:18:00.0367 6428 RTL8167 - ok
12:18:00.0383 6428 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\windows\system32\lsass.exe
12:18:00.0383 6428 SamSs - ok
12:18:00.0445 6428 [ 3289766038db2cb14d07dc84392138d5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:18:00.0445 6428 SASDIFSV - ok
12:18:00.0445 6428 [ 58a38e75f3316a83c23df6173d41f2b5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:18:00.0445 6428 SASKUTIL - ok
12:18:00.0461 6428 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\windows\system32\drivers\sbp2port.sys
12:18:00.0461 6428 sbp2port - ok
12:18:00.0508 6428 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\windows\System32\SCardSvr.dll
12:18:00.0508 6428 SCardSvr - ok
12:18:00.0539 6428 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
12:18:00.0539 6428 scfilter - ok
12:18:00.0570 6428 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\windows\system32\schedsvc.dll
12:18:00.0586 6428 Schedule - ok
12:18:00.0601 6428 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\windows\System32\certprop.dll
12:18:00.0601 6428 SCPolicySvc - ok
12:18:00.0632 6428 [ 111e0ebc0ad79cb0fa014b907b231cf0 ] sdbus C:\windows\system32\DRIVERS\sdbus.sys
12:18:00.0632 6428 sdbus - ok
12:18:00.0664 6428 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
12:18:00.0664 6428 SDRSVC - ok
12:18:00.0679 6428 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
12:18:00.0679 6428 secdrv - ok
12:18:00.0695 6428 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\windows\system32\seclogon.dll
12:18:00.0695 6428 seclogon - ok
12:18:00.0710 6428 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\windows\System32\sens.dll
12:18:00.0710 6428 SENS - ok
12:18:00.0742 6428 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\windows\system32\sensrsvc.dll
12:18:00.0742 6428 SensrSvc - ok
12:18:00.0773 6428 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\windows\system32\drivers\serenum.sys
12:18:00.0773 6428 Serenum - ok
12:18:00.0804 6428 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\windows\system32\drivers\serial.sys
12:18:00.0804 6428 Serial - ok
12:18:00.0820 6428 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\windows\system32\drivers\sermouse.sys
12:18:00.0820 6428 sermouse - ok
12:18:00.0898 6428 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\windows\system32\sessenv.dll
12:18:00.0898 6428 SessionEnv - ok
12:18:00.0913 6428 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\windows\system32\drivers\sffdisk.sys
12:18:00.0913 6428 sffdisk - ok
12:18:00.0929 6428 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
12:18:00.0929 6428 sffp_mmc - ok
12:18:00.0929 6428 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
12:18:00.0944 6428 sffp_sd - ok
12:18:00.0944 6428 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
12:18:00.0944 6428 sfloppy - ok
12:18:00.0976 6428 [ c6cc9297bd53e5229653303e556aa539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
12:18:00.0991 6428 Sftfs - ok
12:18:01.0038 6428 [ 13693b6354dd6e72dc5131da7d764b90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:18:01.0054 6428 sftlist - ok
12:18:01.0069 6428 [ 390aa7bc52cee43f6790cdea1e776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
12:18:01.0085 6428 Sftplay - ok
12:18:01.0100 6428 [ 617e29a0b0a2807466560d4c4e338d3e ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
12:18:01.0100 6428 Sftredir - ok
12:18:01.0100 6428 [ 8f571f016fa1976f445147e9e6c8ae9b ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
12:18:01.0100 6428 Sftvol - ok
12:18:01.0116 6428 [ c3cddd18f43d44ab713cf8c4916f7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:18:01.0116 6428 sftvsa - ok
12:18:01.0147 6428 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\windows\System32\shsvcs.dll
12:18:01.0147 6428 ShellHWDetection - ok
12:18:01.0178 6428 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
12:18:01.0178 6428 SiSRaid2 - ok
12:18:01.0194 6428 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
12:18:01.0194 6428 SiSRaid4 - ok
12:18:01.0241 6428 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\windows\system32\DRIVERS\smb.sys
12:18:01.0241 6428 Smb - ok
12:18:01.0272 6428 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\windows\System32\snmptrap.exe
12:18:01.0272 6428 SNMPTRAP - ok
12:18:01.0303 6428 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\windows\system32\drivers\spldr.sys
12:18:01.0303 6428 spldr - ok
12:18:01.0319 6428 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\windows\System32\spoolsv.exe
12:18:01.0334 6428 Spooler - ok
12:18:01.0397 6428 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\windows\system32\sppsvc.exe
12:18:01.0412 6428 sppsvc - ok
12:18:01.0428 6428 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\windows\system32\sppuinotify.dll
12:18:01.0444 6428 sppuinotify - ok
12:18:01.0475 6428 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\windows\system32\DRIVERS\srv.sys
12:18:01.0475 6428 srv - ok
12:18:01.0490 6428 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
12:18:01.0490 6428 srv2 - ok
12:18:01.0506 6428 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
12:18:01.0506 6428 srvnet - ok
12:18:01.0537 6428 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
12:18:01.0553 6428 SSDPSRV - ok
12:18:01.0553 6428 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\windows\system32\sstpsvc.dll
12:18:01.0568 6428 SstpSvc - ok
12:18:01.0584 6428 Steam Client Service - ok
12:18:01.0615 6428 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\windows\system32\drivers\stexstor.sys
12:18:01.0615 6428 stexstor - ok
12:18:01.0662 6428 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\windows\System32\wiaservc.dll
12:18:01.0662 6428 stisvc - ok
12:18:01.0678 6428 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\windows\system32\drivers\swenum.sys
12:18:01.0678 6428 swenum - ok
12:18:01.0709 6428 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\windows\System32\swprv.dll
12:18:01.0709 6428 swprv - ok
12:18:01.0771 6428 [ f5b46df59feaa48a442aed7eeb754d4b ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
12:18:01.0787 6428 SynTP - ok
12:18:01.0818 6428 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\windows\system32\sysmain.dll
12:18:01.0849 6428 SysMain - ok
12:18:01.0865 6428 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\windows\System32\TabSvc.dll
12:18:01.0880 6428 TabletInputService - ok
12:18:01.0896 6428 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\windows\System32\tapisrv.dll
12:18:01.0896 6428 TapiSrv - ok
12:18:01.0912 6428 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\windows\System32\tbssvc.dll
12:18:01.0912 6428 TBS - ok
12:18:01.0974 6428 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\windows\system32\drivers\tcpip.sys
12:18:02.0005 6428 Tcpip - ok
12:18:02.0036 6428 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
12:18:02.0052 6428 TCPIP6 - ok
12:18:02.0068 6428 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
12:18:02.0068 6428 tcpipreg - ok
12:18:02.0130 6428 [ fd542b661bd22fa69ca789ad0ac58c29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
12:18:02.0161 6428 tdcmdpst - ok
12:18:02.0177 6428 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
12:18:02.0177 6428 TDPIPE - ok
12:18:02.0192 6428 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
12:18:02.0208 6428 TDTCP - ok
12:18:02.0224 6428 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
12:18:02.0224 6428 tdx - ok
12:18:02.0239 6428 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\windows\system32\drivers\termdd.sys
12:18:02.0239 6428 TermDD - ok
12:18:02.0270 6428 [ 2e648163254233755035b46dd7b89123 ] TermService C:\windows\System32\termsrv.dll
12:18:02.0286 6428 TermService - ok
12:18:02.0286 6428 [ f0344071948d1a1fa732231785a0664c ] Themes C:\windows\system32\themeservice.dll
12:18:02.0302 6428 Themes - ok
12:18:02.0333 6428 [ c013f6acaa9761f571bd28dada7c157d ] Thpdrv C:\windows\system32\DRIVERS\thpdrv.sys
12:18:02.0333 6428 Thpdrv - ok
12:18:02.0364 6428 [ b4e609047434ed948af7bdef2fa66e38 ] Thpevm C:\windows\system32\DRIVERS\Thpevm.SYS
12:18:02.0364 6428 Thpevm - ok
12:18:02.0395 6428 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\windows\system32\mmcss.dll
12:18:02.0395 6428 THREADORDER - ok
12:18:02.0458 6428 [ 83e91963c4452be6899503cf9ebfd3ed ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
12:18:02.0458 6428 TMachInfo - ok
12:18:02.0489 6428 [ 8e2c799d3476eac32c3ba0df7ce6af19 ] TODDSrv C:\windows\system32\TODDSrv.exe
12:18:02.0489 6428 TODDSrv - ok
12:18:02.0551 6428 [ cdc97fa5c42b07fb0d4600e17c32f582 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
12:18:02.0551 6428 TosCoSrv - ok
12:18:02.0629 6428 [ d33d5588576b04fc489dccc66e98f546 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
12:18:02.0629 6428 TOSHIBA eco Utility Service - ok
12:18:02.0676 6428 [ edb4b432db13ea3d1eb2356310d33263 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
12:18:02.0676 6428 TOSHIBA HDD SSD Alert Service - ok
12:18:02.0723 6428 [ 09ff7b0b1b5c3d225495cb6f5a9b39f8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
12:18:02.0723 6428 tos_sps64 - ok
12:18:02.0770 6428 [ d65c6b0c070534336b72005391b6168a ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
12:18:02.0770 6428 TPCHSrv - ok
12:18:02.0801 6428 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\windows\System32\trkwks.dll
12:18:02.0801 6428 TrkWks - ok
12:18:02.0848 6428 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
12:18:02.0848 6428 TrustedInstaller - ok
12:18:02.0863 6428 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
12:18:02.0863 6428 tssecsrv - ok
12:18:02.0910 6428 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
12:18:02.0910 6428 TsUsbFlt - ok
12:18:02.0926 6428 [ 9cc2ccae8a84820eaecb886d477cbcb8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
12:18:02.0926 6428 TsUsbGD - ok
12:18:02.0941 6428 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
12:18:02.0972 6428 tunnel - ok
12:18:03.0004 6428 [ 550b567f9364d8f7684c3fb3ea665a72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
12:18:03.0004 6428 TVALZ - ok
12:18:03.0035 6428 [ 9c7191f4b2e49bff47a6c1144b5923fa ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
12:18:03.0035 6428 TVALZFL - ok
12:18:03.0050 6428 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
12:18:03.0050 6428 uagp35 - ok
12:18:03.0082 6428 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
12:18:03.0082 6428 udfs - ok
12:18:03.0113 6428 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\windows\system32\UI0Detect.exe
12:18:03.0113 6428 UI0Detect - ok
12:18:03.0144 6428 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
12:18:03.0144 6428 uliagpkx - ok
12:18:03.0175 6428 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
12:18:03.0175 6428 umbus - ok
12:18:03.0191 6428 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\windows\system32\drivers\umpass.sys
12:18:03.0191 6428 UmPass - ok
12:18:03.0269 6428 [ 374ebda379a8f38e0cfc2211611e7167 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:18:03.0300 6428 UNS - ok
12:18:03.0331 6428 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\windows\System32\upnphost.dll
12:18:03.0331 6428 upnphost - ok
12:18:03.0378 6428 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
12:18:03.0378 6428 usbccgp - ok
12:18:03.0425 6428 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\windows\system32\drivers\usbcir.sys
12:18:03.0425 6428 usbcir - ok
12:18:03.0440 6428 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\windows\system32\drivers\usbehci.sys
12:18:03.0440 6428 usbehci - ok
12:18:03.0487 6428 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
12:18:03.0487 6428 usbhub - ok
12:18:03.0518 6428 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\windows\system32\drivers\usbohci.sys
12:18:03.0550 6428 usbohci - ok
12:18:03.0581 6428 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
12:18:03.0581 6428 usbprint - ok
12:18:03.0596 6428 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
12:18:03.0596 6428 USBSTOR - ok
12:18:03.0612 6428 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\windows\system32\drivers\usbuhci.sys
12:18:03.0612 6428 usbuhci - ok
12:18:03.0659 6428 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
12:18:03.0659 6428 usbvideo - ok
12:18:03.0706 6428 [ 70d05ee263568a742d14e1876df80532 ] usb_rndisx C:\windows\system32\DRIVERS\usb8023x.sys
12:18:03.0706 6428 usb_rndisx - ok
12:18:03.0737 6428 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\windows\System32\uxsms.dll
12:18:03.0737 6428 UxSms - ok
12:18:03.0752 6428 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\windows\system32\lsass.exe
12:18:03.0752 6428 VaultSvc - ok
12:18:03.0784 6428 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
12:18:03.0784 6428 vdrvroot - ok
12:18:03.0799 6428 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\windows\System32\vds.exe
12:18:03.0815 6428 vds - ok
12:18:03.0830 6428 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\windows\system32\DRIVERS\vgapnp.sys
12:18:03.0830 6428 vga - ok
12:18:03.0846 6428 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\windows\System32\drivers\vga.sys
12:18:03.0862 6428 VgaSave - ok
12:18:03.0877 6428 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\windows\system32\drivers\vhdmp.sys
12:18:03.0877 6428 vhdmp - ok
12:18:03.0908 6428 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\windows\system32\drivers\viaide.sys
12:18:03.0908 6428 viaide - ok
12:18:03.0924 6428 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\windows\system32\drivers\volmgr.sys
12:18:03.0924 6428 volmgr - ok
12:18:03.0940 6428 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\windows\system32\drivers\volmgrx.sys
12:18:03.0955 6428 volmgrx - ok
12:18:03.0986 6428 [ df8126bd41180351a093a3ad2fc8903b ] volsnap C:\windows\system32\drivers\volsnap.sys
12:18:04.0002 6428 volsnap - ok
12:18:04.0033 6428 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
12:18:04.0033 6428 vsmraid - ok
12:18:04.0096 6428 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\windows\system32\vssvc.exe
12:18:04.0142 6428 VSS - ok
12:18:04.0174 6428 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
12:18:04.0174 6428 vwifibus - ok
12:18:04.0189 6428 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
12:18:04.0205 6428 vwififlt - ok
12:18:04.0220 6428 [ 6a638fc4bfddc4d9b186c28c91bd1a01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
12:18:04.0220 6428 vwifimp - ok
12:18:04.0236 6428 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\windows\system32\w32time.dll
12:18:04.0236 6428 W32Time - ok
12:18:04.0252 6428 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\windows\system32\drivers\wacompen.sys
12:18:04.0267 6428 WacomPen - ok
12:18:04.0314 6428 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
12:18:04.0314 6428 WANARP - ok
12:18:04.0314 6428 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
12:18:04.0314 6428 Wanarpv6 - ok
12:18:04.0361 6428 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
12:18:04.0376 6428 WatAdminSvc - ok
12:18:04.0423 6428 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\windows\system32\wbengine.exe
12:18:04.0439 6428 wbengine - ok
12:18:04.0470 6428 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
12:18:04.0470 6428 WbioSrvc - ok
12:18:04.0486 6428 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\windows\System32\wcncsvc.dll
12:18:04.0486 6428 wcncsvc - ok
12:18:04.0532 6428 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
12:18:04.0532 6428 WcsPlugInService - ok
12:18:04.0564 6428 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\windows\system32\drivers\wd.sys
12:18:04.0564 6428 Wd - ok
12:18:04.0595 6428 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
12:18:04.0595 6428 Wdf01000 - ok
12:18:04.0610 6428 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\windows\system32\wdi.dll
12:18:04.0610 6428 WdiServiceHost - ok
12:18:04.0626 6428 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\windows\system32\wdi.dll
12:18:04.0626 6428 WdiSystemHost - ok
12:18:04.0657 6428 [ 5e1640435dd54d00451156ca5340b109 ] wdkmd C:\windows\system32\DRIVERS\WDKMD.sys
12:18:04.0657 6428 wdkmd - ok
12:18:04.0688 6428 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\windows\System32\webclnt.dll
12:18:04.0688 6428 WebClient - ok
12:18:04.0704 6428 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\windows\system32\wecsvc.dll
12:18:04.0704 6428 Wecsvc - ok
12:18:04.0720 6428 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\windows\System32\wercplsupport.dll
12:18:04.0735 6428 wercplsupport - ok
12:18:04.0766 6428 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\windows\System32\WerSvc.dll
12:18:04.0782 6428 WerSvc - ok
12:18:04.0813 6428 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
12:18:04.0813 6428 WfpLwf - ok
12:18:04.0829 6428 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\windows\system32\drivers\wimmount.sys
12:18:04.0829 6428 WIMMount - ok
12:18:04.0829 6428 WinHttpAutoProxySvc - ok
12:18:04.0891 6428 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
12:18:04.0891 6428 Winmgmt - ok
12:18:04.0969 6428 WinRing0_1_2_0 - ok
12:18:05.0063 6428 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\windows\system32\WsmSvc.dll
12:18:05.0078 6428 WinRM - ok
12:18:05.0125 6428 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
12:18:05.0125 6428 WinUsb - ok
12:18:05.0156 6428 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\windows\System32\wlansvc.dll
12:18:05.0172 6428 Wlansvc - ok
12:18:05.0219 6428 [ 06c8fa1cf39de6a735b54d906ba791c6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:18:05.0250 6428 wlcrasvc - ok
12:18:05.0328 6428 [ 7e47c328fc4768cb8beafbcfafa70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:18:05.0344 6428 wlidsvc - ok
12:18:05.0359 6428 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
12:18:05.0359 6428 WmiAcpi - ok
12:18:05.0390 6428 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
12:18:05.0390 6428 wmiApSrv - ok
12:18:05.0422 6428 WMPNetworkSvc - ok
12:18:05.0437 6428 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\windows\System32\wpcsvc.dll
12:18:05.0437 6428 WPCSvc - ok
12:18:05.0453 6428 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
12:18:05.0468 6428 WPDBusEnum - ok
12:18:05.0484 6428 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
12:18:05.0484 6428 ws2ifsl - ok
12:18:05.0484 6428 WSearch - ok
12:18:05.0500 6428 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\windows\system32\drivers\WudfPf.sys
12:18:05.0500 6428 WudfPf - ok
12:18:05.0531 6428 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
12:18:05.0562 6428 WUDFRd - ok
12:18:05.0593 6428 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
12:18:05.0593 6428 wudfsvc - ok
12:18:05.0609 6428 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\windows\System32\wwansvc.dll
12:18:05.0609 6428 WwanSvc - ok
12:18:05.0656 6428 [ 2ee48cfce7ca8e0db4c44c7476c0943b ] xusb21 C:\windows\system32\DRIVERS\xusb21.sys
12:18:05.0656 6428 xusb21 - ok
12:18:05.0687 6428 ================ Scan global ===============================
12:18:05.0702 6428 (ba0cd8c393e8c9f83354106093832c7b) C:\windows\system32\basesrv.dll
12:18:05.0734 6428 (eb6a48cc998e1090e44e8e7f1009a640) C:\windows\system32\winsrv.dll
12:18:05.0749 6428 (eb6a48cc998e1090e44e8e7f1009a640) C:\windows\system32\winsrv.dll
12:18:05.0765 6428 (d6160f9d869ba3af0b787f971db56368) C:\windows\system32\sxssrv.dll
12:18:05.0796 6428 (24acb7e5be595468e3b9aa488b9b4fcb) C:\windows\system32\services.exe
12:18:05.0796 6428 [Global] - ok
12:18:05.0796 6428 ================ Scan MBR ==================================
12:18:05.0812 6428 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
12:18:06.0794 6428 \Device\Harddisk0\DR0 - ok
12:18:06.0794 6428 ================ Scan VBR ==================================
12:18:06.0826 6428 Boot (0x1200) (f6faa202c2f12057872a7c212d740d74) \Device\Harddisk0\DR0\Partition1
12:18:06.0826 6428 \Device\Harddisk0\DR0\Partition1 - ok
12:18:06.0826 6428 ============================================================
12:18:06.0826 6428 Scan finished
12:18:06.0826 6428 ============================================================
12:18:06.0841 5612 Detected object count: 0
12:18:06.0841 5612 Actual detected object count: 0




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-15 12:19:11
-----------------------------
12:19:11.801 OS Version: Windows x64 6.1.7601 Service Pack 1
12:19:11.801 Number of processors: 4 586 0x2A07
12:19:11.801 ComputerName: DAVID-PC UserName: David
12:19:13.392 Initialize success
12:25:11.180 AVAST engine defs: 12081503
12:29:20.408 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:29:20.408 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3
12:29:20.448 Disk 0 MBR read successfully
12:29:20.448 Disk 0 MBR scan
12:29:20.448 Disk 0 Windows VISTA default MBR code
12:29:20.468 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
12:29:20.478 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 699444 MB offset 3074048
12:29:20.508 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14459 MB offset 1435535360
12:29:20.568 Disk 0 scanning C:\windows\system32\drivers
12:29:30.121 Service scanning
12:30:15.133 Modules scanning
12:30:15.133 Disk 0 trace - called modules:
12:30:15.148 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
12:30:15.148 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007c3c060]
12:30:15.148 3 CLASSPNP.SYS[fffff880013d143f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8007c3b060]
12:30:15.164 5 thpdrv.sys[fffff8800187ecc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005dd5050]
12:30:17.909 AVAST engine scan C:\windows
12:30:20.171 AVAST engine scan C:\windows\system32
12:33:43.205 AVAST engine scan C:\windows\system32\drivers
12:34:14.389 AVAST engine scan C:\Users\David
12:43:28.975 AVAST engine scan C:\ProgramData
12:48:41.383 Scan finished successfully
17:41:25.008 Disk 0 MBR has been saved successfully to "C:\Users\David\Desktop\MBR.dat"
17:41:25.008 The log file has been saved successfully to "C:\Users\David\Desktop\aswMBR.txt"



ESET
C:\Program Files (x86)\Loaris\Trojan Remover 1.2\ltr12.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\Users\David\AppData\Local\{22DED2B2-D39A-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:16 PM

Posted 15 August 2012 - 07:44 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 Herro Panda

Herro Panda
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 15 August 2012 - 11:31 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by David (administrator) on 16-08-2012 at 00:29:30
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Intel® WiFi Link 1000 BGN = Wireless Network Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 5 (Hardware not present)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 4 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="Wireless Network Connection 5" address=192.168.16.2 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : David-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 4:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #3
Physical Address. . . . . . . . . : 8C-A9-82-93-C2-39
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : B8-70-F4-65-95-D6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® WiFi Link 1000 BGN
Physical Address. . . . . . . . . : 8C-A9-82-93-C2-38
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b81a:7415:5955:e370%15(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, August 15, 2012 11:35:11 PM
Lease Expires . . . . . . . . . . : Thursday, August 16, 2012 11:35:11 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 260876674
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-8C-3A-22-8C-A9-82-93-C2-38
DNS Servers . . . . . . . . . . . : 192.168.17.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.wowway.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.17.1

Name: google.com
Addresses: 2607:f8b0:4004:801::1002
74.125.228.2
74.125.228.3
74.125.228.4
74.125.228.5
74.125.228.6
74.125.228.7
74.125.228.8
74.125.228.9
74.125.228.14
74.125.228.0
74.125.228.1


Pinging google.com [74.125.228.0] with 32 bytes of data:
Reply from 74.125.228.0: bytes=32 time=28ms TTL=51
Reply from 74.125.228.0: bytes=32 time=29ms TTL=51

Ping statistics for 74.125.228.0:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 28ms, Maximum = 29ms, Average = 28ms
Server: UnKnown
Address: 192.168.17.1

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=90ms TTL=45
Reply from 72.30.38.140: bytes=32 time=99ms TTL=45

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 90ms, Maximum = 99ms, Average = 94ms
Server: UnKnown
Address: 192.168.17.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
17...8c a9 82 93 c2 39 ......Microsoft Virtual WiFi Miniport Adapter #3
16...b8 70 f4 65 95 d6 ......Realtek PCIe GBE Family Controller
15...8c a9 82 93 c2 38 ......Intel® WiFi Link 1000 BGN
1...........................Software Loopback Interface 1
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.101 281
192.168.1.101 255.255.255.255 On-link 192.168.1.101 281
192.168.1.255 255.255.255.255 On-link 192.168.1.101 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.101 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.101 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
15 281 fe80::/64 On-link
15 281 fe80::b81a:7415:5955:e370/128
On-link
1 306 ff00::/8 On-link
15 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/15/2012 11:37:14 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {2106edcd-6eab-4018-92d7-36afee762108}

Error: (08/15/2012 11:35:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/15/2012 00:29:43 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/15/2012 00:29:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/15/2012 00:29:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/15/2012 00:29:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/15/2012 00:16:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/15/2012 00:14:45 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (08/14/2012 05:31:32 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (08/13/2012 10:38:12 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108


System errors:
=============
Error: (08/15/2012 11:37:17 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

Error: (08/15/2012 11:37:17 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

Error: (08/15/2012 11:37:12 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (08/15/2012 11:37:12 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (08/15/2012 11:36:47 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (08/15/2012 11:36:47 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/15/2012 11:35:17 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/15/2012 11:35:07 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/15/2012 11:35:06 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (08/15/2012 11:35:06 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.


Microsoft Office Sessions:
=========================
Error: (08/15/2012 11:37:14 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {2106edcd-6eab-4018-92d7-36afee762108}

Error: (08/15/2012 11:35:08 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/15/2012 00:29:43 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\David\Downloads\esetsmartinstaller_enu.exe

Error: (08/15/2012 00:29:38 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\David\Downloads\esetsmartinstaller_enu.exe

Error: (08/15/2012 00:29:38 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\David\Downloads\esetsmartinstaller_enu.exe

Error: (08/15/2012 00:29:38 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\David\Downloads\esetsmartinstaller_enu.exe

Error: (08/15/2012 00:16:18 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\David\Downloads\esetsmartinstaller_enu.exe

Error: (08/15/2012 00:14:45 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (08/14/2012 05:31:32 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (08/13/2012 10:38:12 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 90080108


=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
7-Zip 9.22 (x64 edition) (Version: 9.22.00.0)
Adobe AIR (Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
Adobe Reader X (10.1.4) (Version: 10.1.4)
AOL Toolbar
Audacity 1.3.14 (Unicode)
CCleaner (Version: 3.21)
CDBurnerXP (Version: 4.4.1.3243)
Content Transfer (Version: 1.3.0.23190)
Counter-Strike: Source
D3DX10 (Version: 15.4.2368.0902)
Day of Defeat: Source
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diablo III (Version: 1.0.3.10485)
EasyTether (Version: 1.1.16)
ENE CIR Receiver Driver (Version: 2.7.4.1)
ESET Online Scanner v3
GameSpy Comrade (Version: 1.5.0.156)
Google Chrome (Version: 21.0.1180.79)
Google Earth Plug-in (Version: 6.2.2.6613)
Google Update Helper (Version: 1.3.21.115)
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Lost Coast
HiJackThis (Version: 1.0.0)
HitmanPro 3.6 (Version: 3.6.1.163)
HTC BMP USB Driver (Version: 1.0.5375)
HTC Driver Installer (Version: 3.0.0.021)
Intel PROSet Wireless
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2353)
Intel® PROSet/Wireless WiFi Software (Version: 14.0.2000)
Intel® Rapid Storage Technology (Version: 10.1.2.1004)
Intel® Wireless Display
Intel® Wireless Display (Version: 2.0.29.0)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
JMicron Flash Media Controller Driver (Version: 1.0.57.2)
Junk Mail filter update (Version: 15.4.3502.0922)
Label@Once 1.0 (Version: 1.0)
League of Legends (Version: 1.3)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Mass Effect (Version: 1.00)
MATLAB R2012a (Version: 7.14)
Max Payne
McAfee Internet Security (Version: 11.0.678)
McAfee Online Backup (Version: 1.16.4.0)
Media Player Codec Pack 4.1.1
MediaMonkey 4.0 (Version: 4.0)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Mumble 1.2.3 (Version: 1.2.3)
NVIDIA 3D Vision Controller Driver (Version: 266.84)
NVIDIA 3D Vision Controller Driver 301.42 (Version: 301.42)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA Optimus 1.8.15 (Version: 1.8.15)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Update 1.5.20 (Version: 1.5.20)
NVIDIA Update Components (Version: 1.8.15)
Pando Media Booster (Version: 2.6.0.1)
Pazera Free FLV to AVI Converter 1.5 (Version: 1.5)
Pixillion Image Converter
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
PunkBuster Services (Version: 0.986)
Realtek Ethernet Controller Driver (Version: 7.38.113.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6305)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.34.0)
Skype Launcher (Version: 2.01)
Spybot - Search & Destroy (Version: 1.6.2)
Star Wars®: Knights of the Old Republic ™
Steam (Version: 1.0.0.0)
Stronghold Kingdoms
SUPERAntiSpyware (Version: 5.5.1012)
Switch Sound File Converter
Synaptics Pointing Device Driver (Version: 15.2.11.1)
System Requirements Lab CYRI (Version: 4.5.1.0)
The Lord of the Rings Online™ v03.07.01.8015 (Version: 03.07.01.8015)
TOSHIBA Application Installer (Version: 9.0.1.1)
TOSHIBA Assist (Version: 4.02.02)
TOSHIBA eco Utility (Version: 1.2.24.64)
TOSHIBA Face Recognition (Version: 3.1.9.64)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.12C)
TOSHIBA Hardware Setup (Version: 1.63.1.34C)
TOSHIBA HDD Protection (Version: 2.2.1.12)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.8)
TOSHIBA Media Controller (Version: 1.0.86.2)
TOSHIBA Media Controller Plug-in (Version: 1.0.6.1)
Toshiba Online Backup (Version: 2.0.0.25)
TOSHIBA PC Health Monitor (Version: 1.7.5.64)
TOSHIBA Quality Application (Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.3.5109)
TOSHIBA ReelTime (Version: 1.7.17.64)
TOSHIBA Resolution+ Plug-in for Windows Media Player (Version: 1.1.0)
TOSHIBA Service Station (Version: 2.1.52)
TOSHIBA Sleep Utility (Version: 1.4.2.7)
TOSHIBA Supervisor Password (Version: 1.63.51.2C)
TOSHIBA Value Added Package (Version: 1.5.4.64)
TOSHIBA VIDEO PLAYER (Version: 4.00.6.08-A)
TOSHIBA Web Camera Application (Version: 2.0.0.19)
TOSHIBA Wireless Display Monitor (Version: 1.0.1)
TOSHIBA Wireless LAN Indicator (Version: 1.0.3)
ToshibaRegistration (Version: 1.0.4)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Utility Common Driver (Version: 1.0.52.2C)
Ventrilo Client (Version: 3.0.8)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
Veoh Web Player (Version: 1.1.2.0000)
VLC media player 2.0.2 (Version: 2.0.2)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

========================= Memory info: ===================================

Percentage of memory in use: 22%
Total physical RAM: 6050.69 MB
Available physical RAM: 4682.64 MB
Total Pagefile: 12099.57 MB
Available Pagefile: 9704.41 MB
Total Virtual: 4095.88 MB
Available Virtual: 3958.7 MB

========================= Partitions: =====================================

1 Drive c: (TI106151W0F) (Fixed) (Total:683.05 GB) (Free:494.4 GB) NTFS

========================= Users: ========================================

User accounts for \\DAVID-PC

Administrator ASPNET David
Guest UpdatusUser


**** End of log ****












Farbar Service Scanner Version: 06-08-2012
Ran by David (administrator) on 15-08-2012 at 23:32:41
Running from "C:\Users\David\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****










# AdwCleaner v1.801 - Logfile created 08/15/2012 at 23:33:29
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : David - DAVID-PC
# Boot Mode : Normal
# Running from : C:\Users\David\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\David\AppData\Local\Conduit
Folder Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Folder Deleted : C:\Users\David\AppData\LocalLow\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Funmoods
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
File Deleted : C:\Users\David\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\user.js

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
[x64] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\k314zds6.default\prefs.js

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\k314zds6.default\user.js ... Deleted !

Deleted : user_pref("extensions.funmoods.aflt", "axl");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.cntry", "US");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "FFC1468C67DD2F57587078C9C859E379");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2[...]
Deleted : user_pref("extensions.funmoods.id", "B870F46595D6D1DB");
Deleted : user_pref("extensions.funmoods.instlDay", "15527");
Deleted : user_pref("extensions.funmoods.instlRef", "axl");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2215:59:25");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEt[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2Xzuy[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2215:59:25");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2215:59:25");

-\\ Google Chrome v21.0.1180.79

File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "baseUrl": "hxxp://start.funmoods.com/results.php?",
Deleted : "update_url": "hxxp://update.funmoods.com/speeddial/update.xml?bu=st",

*************************

AdwCleaner[S1].txt - [6802 octets] - [15/08/2012 23:33:29]

########## EOF - C:\AdwCleaner[S1].txt - [6930 octets] ##########

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:16 PM

Posted 15 August 2012 - 11:33 PM

MBAM log?

Download

MpsSvc
BFE
wscsvc
defender
wuauserv
BITS
Sharedaccess

Launch them ,click YES when you get UAC prompt

restart the PC


Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
reset file permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair hosts


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the FSS log

Any current issues?

#7 Herro Panda

Herro Panda
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 06 September 2012 - 10:21 AM

MAMB log
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.16.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
David :: DAVID-PC [administrator]

8/19/2012 2:57:29 PM
mbam-log-2012-08-19 (14-57-29).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 455890
Time elapsed: 1 hour(s), 58 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


I didn't know how to get the log from the window repair program as it restarted once it was done and didn't save the log. The redirect virus and whatever was blocking my mcafee firewall seems to be gone, but now every time i refresh my desktop, all the icons get pushed into the left corner.

Sorry for the extremely late response, Ive had a pretty busy month.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:16 PM

Posted 06 September 2012 - 10:26 AM

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Right click on the desktop. Choose "Personalize".

On the left side of this control pannel, click "Change desktop icons."

There is a box that was checked next to "Allow themes to change deskop icons."unchecked this box and restart computer.

See if that helps

#9 Herro Panda

Herro Panda
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 17 September 2012 - 04:30 PM

Farbar Service Scanner Version: 06-08-2012
Ran by David (administrator) on 17-09-2012 at 17:28:53
Running from "C:\Users\David\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-09-12 11:23] - [2012-08-22 14:12] - 1913200 ____A (Microsoft Corporation) F782CAD3CEDBB3F9FFE3BF2775D92DDC

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****













Rkill 2.3.15 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/17/2012 05:29:34 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\David\Downloads\FSS.exe (PID: 6228) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 [ZA Reg Hijack]
* C:\Users\David\AppData\Local\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\ [ZA Dir]
* C:\Users\David\AppData\Local\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\@ [ZA File]
* C:\Users\David\AppData\Local\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\L\ [ZA Dir]
* C:\Users\David\AppData\Local\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\U\ [ZA Dir]
* C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\ [ZA Dir]
* C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\@ [ZA File]
* C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\L\ [ZA Dir]
* C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\L\00000004.@ [ZA File]
* C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\L\201d3dde [ZA File]
* C:\windows\installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\U\ [ZA Dir]

Checking Windows Service Integrity:

* iphlpsvc [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/17/2012 05:29:57 PM
Execution time: 0 hours(s), 0 minute(s), and 23 seconds(s)

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:16 PM

Posted 17 September 2012 - 11:11 PM

Run RKILL again and post the new log

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

Edited by narenxp, 23 October 2012 - 01:24 PM.


#11 Herro Panda

Herro Panda
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:16 PM

Posted 23 October 2012 - 12:53 PM

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : David [Admin rights]
Mode : Remove -- Date : 10/23/2012 13:49:07

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\David\AppData\Local\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\n.) -> REPLACED (C:\windows\system32\shell32.dll)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\windows\Installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\windows\Installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\windows\Installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\windows\Installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\David\AppData\Local\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\David\AppData\Local\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK7575GSX +++++
--- User ---
[MBR] 7044ba571af396f92392ef5619b83f49
[BSP] cf81b80618fd166be3ab24b66ded586c : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 699444 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1435535360 | Size: 14459 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

















Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : David [Admin rights]
Mode : Remove -- Date : 10/23/2012 13:49:07

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\David\AppData\Local\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\n.) -> REPLACED (C:\windows\system32\shell32.dll)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\windows\Installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\windows\Installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\windows\Installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\windows\Installer\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\David\AppData\Local\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\David\AppData\Local\{7071c129-b290-e3c2-8de9-8f27f79d6a60}\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK7575GSX +++++
--- User ---
[MBR] 7044ba571af396f92392ef5619b83f49
[BSP] cf81b80618fd166be3ab24b66ded586c : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 699444 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1435535360 | Size: 14459 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:16 PM

Posted 23 October 2012 - 01:24 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users