Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Live Security Platinum


  • Please log in to reply
14 replies to this topic

#1 DrifterMiles

DrifterMiles

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 21 August 2012 - 02:47 AM

Damn reddit link...

Just got this bad boy after being free of infection for months. I went into safemode and ran Malwarebytes and it removed like 4 things. Here is the log. I just want to make sure this thing and anything else that may have squeezed through are completely off my computer. Any advice in making sure it's clean would be greatly appreciated.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.21.02

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
David :: DAVID-PC [administrator]

8/21/2012 2:27:29 AM
mbam-log-2012-08-21 (02-27-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221746
Time elapsed: 8 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.LameShield) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|0C1CFB2600486FA815C782F8F875F002 (Trojan.LameShield) -> Data: C:\ProgramData\0C1CFB2600486FA815C782F8F875F002\0C1CFB2600486FA815C782F8F875F002.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cmdfo32 (Trojan.RedirRdll4.Gen) -> Data: rundll32 "C:\Users\David\AppData\Local\Temp\cmdkgini.dll",CreateProcessNotify -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|fltMSVCS (Trojan.RedirRdll4.Gen) -> Data: rundll32 "C:\Users\David\AppData\Local\Temp\cmdkgini64.dll",CreateProcessNotify -> Quarantined and deleted successfully.

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.

Files Detected: 10
C:\ProgramData\0C1CFB2600486FA815C782F8F875F002\0C1CFB2600486FA815C782F8F875F002.exe (Trojan.LameShield) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\3E6A3E.exe (Trojan.Winlock.P) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Local\Temp\msimg32.dll (RootKit.0Access) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Local\Temp\wpbt0.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Local\Temp\~!#A8A8.tmp (RootKit.0Access) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Local\Temp\~!#B0E5.tmp (Trojan.Winlock.P) -> Quarantined and deleted successfully.
C:\Users\David\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Local\Temp\cmdkgini.dll (Trojan.RedirRdll4.Gen) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Local\Temp\cmdkgini64.dll (Trojan.RedirRdll4.Gen) -> Quarantined and deleted successfully.

(end)

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 PM

Posted 21 August 2012 - 02:51 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 DrifterMiles

DrifterMiles
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 21 August 2012 - 07:30 PM

Ok will post with results when all finished. Thanks for the help.

#4 DrifterMiles

DrifterMiles
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 21 August 2012 - 10:25 PM

aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-21 22:06:41
-----------------------------
22:06:41.358 OS Version: Windows x64 6.1.7601 Service Pack 1
22:06:41.359 Number of processors: 2 586 0xF0D
22:06:41.360 ComputerName: DAVID-PC UserName: David
22:06:43.602 Initialize success
22:07:59.487 AVAST engine defs: 12082100
22:13:24.247 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-8
22:13:24.249 Disk 0 Vendor: ST3250410AS 3.AAF Size: 238475MB BusType: 3
22:13:24.270 Disk 0 MBR read successfully
22:13:24.272 Disk 0 MBR scan
22:13:24.277 Disk 0 Windows 7 default MBR code
22:13:24.287 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
22:13:24.299 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238273 MB offset 411648
22:13:24.319 Disk 0 scanning C:\Windows\system32\drivers
22:13:43.864 Service scanning
22:14:08.258 Modules scanning
22:14:08.271 Disk 0 trace - called modules:
22:14:08.286 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:14:08.294 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b3a500]
22:14:08.304 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa800471a520]
22:14:08.310 5 ACPI.sys[fffff88000fa97a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-8[0xfffffa80046f6060]
22:14:09.411 AVAST engine scan C:\Windows
22:14:14.241 AVAST engine scan C:\Windows\system32
22:20:26.934 AVAST engine scan C:\Windows\system32\drivers
22:20:51.324 AVAST engine scan C:\Users\David
22:23:03.425 Disk 0 MBR has been saved successfully to "C:\Users\David\Desktop\MBR.dat"
22:23:03.454 The log file has been saved successfully to "C:\Users\David\Desktop\aswMBR.txt"




TDSkiller

18:46:06.0734 3944 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
18:46:07.0007 3944 ============================================================
18:46:07.0007 3944 Current date / time: 2012/08/21 18:46:07.0007
18:46:07.0007 3944 SystemInfo:
18:46:07.0007 3944
18:46:07.0007 3944 OS Version: 6.1.7601 ServicePack: 1.0
18:46:07.0007 3944 Product type: Workstation
18:46:07.0007 3944 ComputerName: DAVID-PC
18:46:07.0007 3944 UserName: David
18:46:07.0007 3944 Windows directory: C:\Windows
18:46:07.0007 3944 System windows directory: C:\Windows
18:46:07.0007 3944 Running under WOW64
18:46:07.0008 3944 Processor architecture: Intel x64
18:46:07.0008 3944 Number of processors: 2
18:46:07.0008 3944 Page size: 0x1000
18:46:07.0008 3944 Boot type: Normal boot
18:46:07.0008 3944 ============================================================
18:46:08.0224 3944 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:46:08.0228 3944 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D55E00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:46:08.0236 3944 ============================================================
18:46:08.0236 3944 \Device\Harddisk0\DR0:
18:46:08.0240 3944 MBR partitions:
18:46:08.0240 3944 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
18:46:08.0240 3944 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x1D160800
18:46:08.0240 3944 \Device\Harddisk1\DR1:
18:46:08.0241 3944 MBR partitions:
18:46:08.0241 3944 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
18:46:08.0241 3944 ============================================================
18:46:08.0264 3944 C: <-> \Device\Harddisk0\DR0\Partition2
18:46:08.0283 3944 G: <-> \Device\Harddisk1\DR1\Partition1
18:46:08.0283 3944 ============================================================
18:46:08.0283 3944 Initialize success
18:46:08.0283 3944 ============================================================
18:46:21.0773 4704 ============================================================
18:46:21.0773 4704 Scan started
18:46:21.0773 4704 Mode: Manual; TDLFS;
18:46:21.0773 4704 ============================================================
18:46:24.0090 4704 ================ Scan system memory ========================
18:46:24.0090 4704 System memory - ok
18:46:24.0091 4704 ================ Scan services =============================
18:46:24.0293 4704 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:46:24.0302 4704 1394ohci - ok
18:46:24.0349 4704 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:46:24.0361 4704 ACPI - ok
18:46:24.0387 4704 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:46:24.0390 4704 AcpiPmi - ok
18:46:24.0447 4704 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:46:24.0467 4704 adp94xx - ok
18:46:24.0501 4704 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:46:24.0510 4704 adpahci - ok
18:46:24.0538 4704 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:46:24.0545 4704 adpu320 - ok
18:46:24.0598 4704 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:46:24.0600 4704 AeLookupSvc - ok
18:46:24.0649 4704 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:46:24.0685 4704 AFD - ok
18:46:24.0725 4704 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:46:24.0730 4704 agp440 - ok
18:46:24.0749 4704 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:46:24.0755 4704 ALG - ok
18:46:24.0771 4704 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:46:24.0796 4704 aliide - ok
18:46:24.0820 4704 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:46:24.0823 4704 amdide - ok
18:46:24.0851 4704 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:46:24.0856 4704 AmdK8 - ok
18:46:24.0871 4704 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:46:24.0874 4704 AmdPPM - ok
18:46:24.0896 4704 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:46:24.0901 4704 amdsata - ok
18:46:24.0931 4704 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:46:24.0937 4704 amdsbs - ok
18:46:24.0951 4704 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:46:24.0954 4704 amdxata - ok
18:46:25.0005 4704 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:46:25.0008 4704 AppID - ok
18:46:25.0046 4704 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:46:25.0048 4704 AppIDSvc - ok
18:46:25.0090 4704 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:46:25.0091 4704 Appinfo - ok
18:46:25.0207 4704 [ D503DF3ABA595F551B98B9BAE017A271 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:46:25.0212 4704 Apple Mobile Device - ok
18:46:25.0273 4704 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:46:25.0279 4704 arc - ok
18:46:25.0311 4704 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:46:25.0316 4704 arcsas - ok
18:46:25.0342 4704 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:46:25.0346 4704 AsyncMac - ok
18:46:25.0398 4704 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:46:25.0399 4704 atapi - ok
18:46:25.0457 4704 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:46:25.0462 4704 AudioEndpointBuilder - ok
18:46:25.0491 4704 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:46:25.0495 4704 AudioSrv - ok
18:46:25.0552 4704 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:46:25.0558 4704 AxInstSV - ok
18:46:25.0590 4704 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:46:25.0610 4704 b06bdrv - ok
18:46:25.0644 4704 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:46:25.0656 4704 b57nd60a - ok
18:46:25.0707 4704 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:46:25.0713 4704 BDESVC - ok
18:46:25.0731 4704 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:46:25.0735 4704 Beep - ok
18:46:25.0812 4704 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:46:25.0817 4704 BFE - ok
18:46:25.0875 4704 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
18:46:25.0883 4704 BITS - ok
18:46:25.0908 4704 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:46:25.0911 4704 blbdrive - ok
18:46:25.0953 4704 [ EBAD0F51D8D4DADE7660B1851ADDBD07 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
18:46:25.0957 4704 Bonjour Service - ok
18:46:26.0010 4704 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:46:26.0016 4704 bowser - ok
18:46:26.0066 4704 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:46:26.0071 4704 BrFiltLo - ok
18:46:26.0085 4704 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:46:26.0089 4704 BrFiltUp - ok
18:46:26.0137 4704 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
18:46:26.0139 4704 Browser - ok
18:46:26.0161 4704 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:46:26.0172 4704 Brserid - ok
18:46:26.0192 4704 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:46:26.0196 4704 BrSerWdm - ok
18:46:26.0208 4704 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:46:26.0211 4704 BrUsbMdm - ok
18:46:26.0227 4704 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:46:26.0230 4704 BrUsbSer - ok
18:46:26.0258 4704 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:46:26.0262 4704 BTHMODEM - ok
18:46:26.0324 4704 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:46:26.0329 4704 bthserv - ok
18:46:26.0346 4704 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:46:26.0352 4704 cdfs - ok
18:46:26.0410 4704 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
18:46:26.0417 4704 cdrom - ok
18:46:26.0477 4704 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:46:26.0478 4704 CertPropSvc - ok
18:46:26.0501 4704 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:46:26.0505 4704 circlass - ok
18:46:26.0534 4704 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:46:26.0538 4704 CLFS - ok
18:46:26.0629 4704 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:46:26.0635 4704 clr_optimization_v2.0.50727_32 - ok
18:46:26.0709 4704 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:46:26.0715 4704 clr_optimization_v2.0.50727_64 - ok
18:46:26.0783 4704 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:46:26.0789 4704 clr_optimization_v4.0.30319_32 - ok
18:46:26.0830 4704 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:46:26.0841 4704 clr_optimization_v4.0.30319_64 - ok
18:46:26.0863 4704 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:46:26.0867 4704 CmBatt - ok
18:46:26.0903 4704 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:46:26.0906 4704 cmdide - ok
18:46:26.0950 4704 [ D5FEA92400F12412B3922087C09DA6A5 ] CNG C:\Windows\system32\Drivers\cng.sys
18:46:26.0970 4704 CNG - ok
18:46:27.0010 4704 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:46:27.0013 4704 Compbatt - ok
18:46:27.0062 4704 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:46:27.0065 4704 CompositeBus - ok
18:46:27.0074 4704 COMSysApp - ok
18:46:27.0117 4704 [ 262969A3FAB32B9E17E63E2D17A57744 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
18:46:27.0124 4704 cpuz135 - ok
18:46:27.0138 4704 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:46:27.0141 4704 crcdisk - ok
18:46:27.0198 4704 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:46:27.0200 4704 CryptSvc - ok
18:46:27.0262 4704 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:46:27.0267 4704 DcomLaunch - ok
18:46:27.0314 4704 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:46:27.0322 4704 defragsvc - ok
18:46:27.0367 4704 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:46:27.0372 4704 DfsC - ok
18:46:27.0438 4704 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:46:27.0441 4704 Dhcp - ok
18:46:27.0458 4704 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:46:27.0461 4704 discache - ok
18:46:27.0484 4704 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:46:27.0488 4704 Disk - ok
18:46:27.0534 4704 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:46:27.0536 4704 Dnscache - ok
18:46:27.0576 4704 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:46:27.0584 4704 dot3svc - ok
18:46:27.0628 4704 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:46:27.0631 4704 DPS - ok
18:46:27.0679 4704 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:46:27.0682 4704 drmkaud - ok
18:46:27.0716 4704 [ D3D64CF7B2BCEAA34A270F45A3FFFB36 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:46:27.0739 4704 dtsoftbus01 - ok
18:46:27.0814 4704 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:46:27.0851 4704 DXGKrnl - ok
18:46:27.0931 4704 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:46:27.0933 4704 EapHost - ok
18:46:28.0048 4704 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:46:28.0132 4704 ebdrv - ok
18:46:28.0178 4704 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
18:46:28.0180 4704 EFS - ok
18:46:28.0250 4704 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:46:28.0272 4704 ehRecvr - ok
18:46:28.0319 4704 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:46:28.0325 4704 ehSched - ok
18:46:28.0379 4704 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:46:28.0393 4704 elxstor - ok
18:46:28.0444 4704 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:46:28.0448 4704 ErrDev - ok
18:46:28.0510 4704 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:46:28.0516 4704 EventSystem - ok
18:46:28.0544 4704 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:46:28.0553 4704 exfat - ok
18:46:28.0571 4704 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:46:28.0579 4704 fastfat - ok
18:46:28.0635 4704 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:46:28.0640 4704 Fax - ok
18:46:28.0659 4704 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:46:28.0662 4704 fdc - ok
18:46:28.0692 4704 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:46:28.0695 4704 fdPHost - ok
18:46:28.0709 4704 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:46:28.0713 4704 FDResPub - ok
18:46:28.0727 4704 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:46:28.0731 4704 FileInfo - ok
18:46:28.0742 4704 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:46:28.0746 4704 Filetrace - ok
18:46:28.0811 4704 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:46:28.0831 4704 FLEXnet Licensing Service - ok
18:46:28.0845 4704 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:46:28.0848 4704 flpydisk - ok
18:46:28.0897 4704 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:46:28.0907 4704 FltMgr - ok
18:46:28.0976 4704 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
18:46:28.0992 4704 FontCache - ok
18:46:29.0074 4704 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:46:29.0079 4704 FontCache3.0.0.0 - ok
18:46:29.0128 4704 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:46:29.0133 4704 FsDepends - ok
18:46:29.0176 4704 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:46:29.0180 4704 Fs_Rec - ok
18:46:29.0208 4704 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:46:29.0217 4704 fvevol - ok
18:46:29.0240 4704 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:46:29.0245 4704 gagp30kx - ok
18:46:29.0274 4704 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:46:29.0278 4704 GEARAspiWDM - ok
18:46:29.0307 4704 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:46:29.0314 4704 gpsvc - ok
18:46:29.0335 4704 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:46:29.0338 4704 hcw85cir - ok
18:46:29.0404 4704 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:46:29.0424 4704 HdAudAddService - ok
18:46:29.0450 4704 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:46:29.0455 4704 HDAudBus - ok
18:46:29.0476 4704 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:46:29.0478 4704 HidBatt - ok
18:46:29.0495 4704 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:46:29.0499 4704 HidBth - ok
18:46:29.0520 4704 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:46:29.0523 4704 HidIr - ok
18:46:29.0562 4704 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
18:46:29.0564 4704 hidserv - ok
18:46:29.0595 4704 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
18:46:29.0598 4704 HidUsb - ok
18:46:29.0641 4704 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:46:29.0644 4704 hkmsvc - ok
18:46:29.0695 4704 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:46:29.0706 4704 HomeGroupListener - ok
18:46:29.0724 4704 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:46:29.0729 4704 HomeGroupProvider - ok
18:46:29.0782 4704 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:46:29.0788 4704 HpSAMD - ok
18:46:29.0852 4704 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:46:29.0875 4704 HTTP - ok
18:46:29.0892 4704 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:46:29.0896 4704 hwpolicy - ok
18:46:29.0947 4704 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:46:29.0952 4704 i8042prt - ok
18:46:29.0986 4704 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:46:30.0006 4704 iaStorV - ok
18:46:30.0050 4704 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:46:30.0070 4704 idsvc - ok
18:46:30.0110 4704 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:46:30.0114 4704 iirsp - ok
18:46:30.0160 4704 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:46:30.0170 4704 IKEEXT - ok
18:46:30.0287 4704 [ 26407A11D7E222AFB7CE32700ABBD9D1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:46:30.0354 4704 IntcAzAudAddService - ok
18:46:30.0395 4704 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:46:30.0398 4704 intelide - ok
18:46:30.0419 4704 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:46:30.0423 4704 intelppm - ok
18:46:30.0466 4704 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:46:30.0470 4704 IPBusEnum - ok
18:46:30.0522 4704 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:46:30.0527 4704 IpFilterDriver - ok
18:46:30.0566 4704 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:46:30.0572 4704 IPMIDRV - ok
18:46:30.0604 4704 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:46:30.0610 4704 IPNAT - ok
18:46:30.0689 4704 [ 662F56BB84094B46BD9B3CF777BD1F6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:46:30.0696 4704 iPod Service - ok
18:46:30.0726 4704 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:46:30.0729 4704 IRENUM - ok
18:46:30.0757 4704 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:46:30.0760 4704 isapnp - ok
18:46:30.0789 4704 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:46:30.0796 4704 iScsiPrt - ok
18:46:30.0832 4704 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:46:30.0836 4704 kbdclass - ok
18:46:30.0872 4704 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:46:30.0875 4704 kbdhid - ok
18:46:30.0894 4704 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
18:46:30.0895 4704 KeyIso - ok
18:46:30.0945 4704 [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:46:30.0950 4704 KSecDD - ok
18:46:30.0998 4704 [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:46:31.0005 4704 KSecPkg - ok
18:46:31.0056 4704 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:46:31.0060 4704 ksthunk - ok
18:46:31.0120 4704 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:46:31.0165 4704 KtmRm - ok
18:46:31.0216 4704 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
18:46:31.0222 4704 LanmanServer - ok
18:46:31.0252 4704 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:46:31.0258 4704 LanmanWorkstation - ok
18:46:31.0289 4704 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:46:31.0295 4704 lltdio - ok
18:46:31.0319 4704 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:46:31.0330 4704 lltdsvc - ok
18:46:31.0346 4704 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:46:31.0349 4704 lmhosts - ok
18:46:31.0373 4704 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:46:31.0377 4704 LSI_FC - ok
18:46:31.0425 4704 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:46:31.0430 4704 LSI_SAS - ok
18:46:31.0450 4704 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:46:31.0454 4704 LSI_SAS2 - ok
18:46:31.0473 4704 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:46:31.0478 4704 LSI_SCSI - ok
18:46:31.0504 4704 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:46:31.0508 4704 luafv - ok
18:46:31.0548 4704 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:46:31.0553 4704 Mcx2Svc - ok
18:46:31.0569 4704 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:46:31.0572 4704 megasas - ok
18:46:31.0602 4704 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:46:31.0608 4704 MegaSR - ok
18:46:31.0648 4704 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:46:31.0651 4704 MMCSS - ok
18:46:31.0674 4704 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:46:31.0678 4704 Modem - ok
18:46:31.0707 4704 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:46:31.0711 4704 monitor - ok
18:46:31.0767 4704 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
18:46:31.0771 4704 mouclass - ok
18:46:31.0795 4704 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:46:31.0800 4704 mouhid - ok
18:46:31.0847 4704 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:46:31.0853 4704 mountmgr - ok
18:46:31.0955 4704 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:46:31.0962 4704 MozillaMaintenance - ok
18:46:31.0985 4704 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:46:31.0992 4704 mpio - ok
18:46:32.0013 4704 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:46:32.0019 4704 mpsdrv - ok
18:46:32.0076 4704 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:46:32.0087 4704 MpsSvc - ok
18:46:32.0143 4704 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:46:32.0154 4704 MRxDAV - ok
18:46:32.0202 4704 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:46:32.0213 4704 mrxsmb - ok
18:46:32.0237 4704 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:46:32.0247 4704 mrxsmb10 - ok
18:46:32.0265 4704 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:46:32.0271 4704 mrxsmb20 - ok
18:46:32.0314 4704 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:46:32.0317 4704 msahci - ok
18:46:32.0367 4704 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:46:32.0374 4704 msdsm - ok
18:46:32.0397 4704 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:46:32.0406 4704 MSDTC - ok
18:46:32.0494 4704 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:46:32.0498 4704 Msfs - ok
18:46:32.0548 4704 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:46:32.0552 4704 mshidkmdf - ok
18:46:32.0616 4704 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:46:32.0620 4704 msisadrv - ok
18:46:32.0659 4704 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:46:32.0667 4704 MSiSCSI - ok
18:46:32.0675 4704 msiserver - ok
18:46:32.0702 4704 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:46:32.0705 4704 MSKSSRV - ok
18:46:32.0727 4704 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:46:32.0729 4704 MSPCLOCK - ok
18:46:32.0748 4704 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:46:32.0751 4704 MSPQM - ok
18:46:32.0802 4704 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:46:32.0811 4704 MsRPC - ok
18:46:32.0832 4704 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:46:32.0836 4704 mssmbios - ok
18:46:32.0878 4704 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:46:32.0882 4704 MSTEE - ok
18:46:32.0897 4704 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:46:32.0901 4704 MTConfig - ok
18:46:32.0924 4704 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:46:32.0929 4704 Mup - ok
18:46:32.0991 4704 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:46:32.0999 4704 napagent - ok
18:46:33.0052 4704 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:46:33.0063 4704 NativeWifiP - ok
18:46:33.0106 4704 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
18:46:33.0113 4704 NDIS - ok
18:46:33.0127 4704 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:46:33.0131 4704 NdisCap - ok
18:46:33.0157 4704 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:46:33.0160 4704 NdisTapi - ok
18:46:33.0200 4704 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:46:33.0204 4704 Ndisuio - ok
18:46:33.0248 4704 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:46:33.0255 4704 NdisWan - ok
18:46:33.0303 4704 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:46:33.0309 4704 NDProxy - ok
18:46:33.0319 4704 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:46:33.0323 4704 NetBIOS - ok
18:46:33.0368 4704 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:46:33.0375 4704 NetBT - ok
18:46:33.0383 4704 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
18:46:33.0385 4704 Netlogon - ok
18:46:33.0450 4704 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:46:33.0456 4704 Netman - ok
18:46:33.0482 4704 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:46:33.0487 4704 netprofm - ok
18:46:33.0537 4704 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:46:33.0539 4704 NetTcpPortSharing - ok
18:46:33.0557 4704 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:46:33.0561 4704 nfrd960 - ok
18:46:33.0594 4704 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:46:33.0598 4704 NlaSvc - ok
18:46:33.0635 4704 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
18:46:33.0639 4704 NMSAccess - ok
18:46:33.0650 4704 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:46:33.0654 4704 Npfs - ok
18:46:33.0675 4704 npggsvc - ok
18:46:33.0721 4704 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:46:33.0724 4704 nsi - ok
18:46:33.0736 4704 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:46:33.0740 4704 nsiproxy - ok
18:46:33.0827 4704 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:46:33.0879 4704 Ntfs - ok
18:46:33.0892 4704 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:46:33.0896 4704 Null - ok
18:46:33.0937 4704 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
18:46:33.0943 4704 NVHDA - ok
18:46:34.0259 4704 [ 0EB204639119370F5F8F2871FBF4E14B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:46:35.0028 4704 nvlddmkm - ok
18:46:35.0084 4704 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:46:35.0089 4704 nvraid - ok
18:46:35.0101 4704 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:46:35.0107 4704 nvstor - ok
18:46:35.0153 4704 [ 32FF8EE6DCEE5C0CB91FF892FB1CA364 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:46:35.0162 4704 nvsvc - ok
18:46:35.0251 4704 [ BD012DC22C78BE1071BC21EB125D782F ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:46:35.0265 4704 nvUpdatusService - ok
18:46:35.0308 4704 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:46:35.0313 4704 nv_agp - ok
18:46:35.0358 4704 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:46:35.0361 4704 ohci1394 - ok
18:46:35.0407 4704 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:46:35.0413 4704 ose - ok
18:46:35.0456 4704 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:46:35.0465 4704 p2pimsvc - ok
18:46:35.0517 4704 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:46:35.0539 4704 p2psvc - ok
18:46:35.0589 4704 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:46:35.0593 4704 Parport - ok
18:46:35.0629 4704 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:46:35.0633 4704 partmgr - ok
18:46:35.0657 4704 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:46:35.0662 4704 PcaSvc - ok
18:46:35.0676 4704 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:46:35.0683 4704 pci - ok
18:46:35.0725 4704 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:46:35.0729 4704 pciide - ok
18:46:35.0753 4704 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:46:35.0761 4704 pcmcia - ok
18:46:35.0782 4704 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:46:35.0787 4704 pcw - ok
18:46:35.0815 4704 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:46:35.0837 4704 PEAUTH - ok
18:46:36.0035 4704 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:46:36.0039 4704 PerfHost - ok
18:46:36.0222 4704 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:46:36.0272 4704 pla - ok
18:46:36.0338 4704 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:46:36.0345 4704 PlugPlay - ok
18:46:36.0386 4704 PnkBstrA - ok
18:46:36.0408 4704 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:46:36.0414 4704 PNRPAutoReg - ok
18:46:36.0439 4704 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:46:36.0445 4704 PNRPsvc - ok
18:46:36.0485 4704 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:46:36.0494 4704 PolicyAgent - ok
18:46:36.0535 4704 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:46:36.0538 4704 Power - ok
18:46:36.0641 4704 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:46:36.0647 4704 PptpMiniport - ok
18:46:36.0685 4704 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:46:36.0690 4704 Processor - ok
18:46:36.0731 4704 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
18:46:36.0736 4704 ProfSvc - ok
18:46:36.0806 4704 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
18:46:36.0808 4704 ProtectedStorage - ok
18:46:36.0897 4704 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:46:36.0900 4704 Psched - ok
18:46:36.0962 4704 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
18:46:36.0972 4704 PSI - ok
18:46:37.0029 4704 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:46:37.0393 4704 ql2300 - ok
18:46:37.0417 4704 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:46:37.0421 4704 ql40xx - ok
18:46:37.0468 4704 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:46:37.0487 4704 QWAVE - ok
18:46:37.0505 4704 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:46:37.0509 4704 QWAVEdrv - ok
18:46:37.0526 4704 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:46:37.0529 4704 RasAcd - ok
18:46:37.0575 4704 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:46:37.0580 4704 RasAgileVpn - ok
18:46:37.0590 4704 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:46:37.0595 4704 RasAuto - ok
18:46:37.0653 4704 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:46:37.0659 4704 Rasl2tp - ok
18:46:37.0711 4704 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:46:37.0717 4704 RasMan - ok
18:46:37.0735 4704 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:46:37.0740 4704 RasPppoe - ok
18:46:37.0762 4704 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:46:37.0767 4704 RasSstp - ok
18:46:37.0816 4704 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:46:37.0826 4704 rdbss - ok
18:46:37.0848 4704 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:46:37.0852 4704 rdpbus - ok
18:46:37.0867 4704 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:46:37.0870 4704 RDPCDD - ok
18:46:37.0896 4704 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:46:37.0900 4704 RDPENCDD - ok
18:46:37.0912 4704 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:46:37.0915 4704 RDPREFMP - ok
18:46:37.0941 4704 [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:46:37.0947 4704 RDPWD - ok
18:46:37.0994 4704 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:46:38.0000 4704 rdyboost - ok
18:46:38.0046 4704 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:46:38.0057 4704 RemoteAccess - ok
18:46:38.0109 4704 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:46:38.0119 4704 RemoteRegistry - ok
18:46:38.0129 4704 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:46:38.0132 4704 RpcEptMapper - ok
18:46:38.0143 4704 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:46:38.0146 4704 RpcLocator - ok
18:46:38.0196 4704 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:46:38.0204 4704 RpcSs - ok
18:46:38.0250 4704 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:46:38.0256 4704 rspndr - ok
18:46:38.0360 4704 [ A61979ABF1750503B79F1712889A6751 ] RTCore64 C:\Program Files (x86)\EVGA Precision\RTCore64.sys
18:46:38.0364 4704 RTCore64 - ok
18:46:38.0419 4704 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:46:38.0426 4704 RTL8167 - ok
18:46:38.0446 4704 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
18:46:38.0449 4704 SamSs - ok
18:46:38.0611 4704 [ 18530D2F605F1EC48CA20A7B184CCBCC ] SBAMSvc C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
18:46:38.0633 4704 SBAMSvc - ok
18:46:38.0662 4704 [ 6E342316E72F4B6FA39C99E06373A1A3 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
18:46:38.0666 4704 sbapifs - ok
18:46:38.0705 4704 [ C0ACD574F740C5781031FD533C2494F5 ] SbFw C:\Windows\system32\drivers\SbFw.sys
18:46:38.0721 4704 SbFw - ok
18:46:38.0785 4704 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys
18:46:38.0791 4704 SBFWIMCL - ok
18:46:38.0818 4704 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys
18:46:38.0820 4704 SBFWIMCLMP - ok
18:46:38.0872 4704 [ F2C38F62E9C540F40C2A5F6172D9D07B ] SbHips C:\Windows\system32\drivers\sbhips.sys
18:46:38.0888 4704 SbHips - ok
18:46:38.0929 4704 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:46:38.0933 4704 sbp2port - ok
18:46:38.0989 4704 [ 2815772894855506E94008CC0E602738 ] SBPIMSvc C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
18:46:39.0008 4704 SBPIMSvc - ok
18:46:39.0058 4704 [ AAE41EFBAD69B78513875C2EB3DE7008 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
18:46:39.0071 4704 SBRE - ok
18:46:39.0112 4704 [ F9AA83A88EABE22B29D8F293C21AAA4D ] sbwtis C:\Windows\system32\DRIVERS\sbwtis.sys
18:46:39.0129 4704 sbwtis - ok
18:46:39.0169 4704 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:46:39.0177 4704 SCardSvr - ok
18:46:39.0220 4704 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:46:39.0224 4704 scfilter - ok
18:46:39.0290 4704 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:46:39.0304 4704 Schedule - ok
18:46:39.0342 4704 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:46:39.0343 4704 SCPolicySvc - ok
18:46:39.0393 4704 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:46:39.0413 4704 SDRSVC - ok
18:46:39.0473 4704 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:46:39.0477 4704 secdrv - ok
18:46:39.0493 4704 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:46:39.0499 4704 seclogon - ok
18:46:39.0570 4704 [ 5B66DB4877BBAC9F7493AA8D84421E49 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
18:46:39.0582 4704 Secunia PSI Agent - ok
18:46:39.0616 4704 [ 0E88FDF474F2CDD370A4A6CE77D018F0 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
18:46:39.0620 4704 Secunia Update Agent - ok
18:46:39.0659 4704 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
18:46:39.0661 4704 SENS - ok
18:46:39.0672 4704 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:46:39.0676 4704 SensrSvc - ok
18:46:39.0729 4704 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:46:39.0732 4704 Serenum - ok
18:46:39.0740 4704 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:46:39.0744 4704 Serial - ok
18:46:39.0785 4704 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:46:39.0787 4704 sermouse - ok
18:46:39.0843 4704 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:46:39.0847 4704 SessionEnv - ok
18:46:39.0868 4704 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:46:39.0872 4704 sffdisk - ok
18:46:39.0883 4704 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:46:39.0887 4704 sffp_mmc - ok
18:46:39.0894 4704 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:46:39.0898 4704 sffp_sd - ok
18:46:39.0917 4704 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:46:39.0920 4704 sfloppy - ok
18:46:39.0990 4704 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:46:40.0009 4704 SharedAccess - ok
18:46:40.0028 4704 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:46:40.0036 4704 ShellHWDetection - ok
18:46:40.0050 4704 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:46:40.0053 4704 SiSRaid2 - ok
18:46:40.0071 4704 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:46:40.0075 4704 SiSRaid4 - ok
18:46:40.0143 4704 [ DB0405D9AAD62F0762E0876AC142B7E1 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:46:40.0149 4704 SkypeUpdate - ok
18:46:40.0174 4704 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:46:40.0178 4704 Smb - ok
18:46:40.0239 4704 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:46:40.0243 4704 SNMPTRAP - ok
18:46:40.0256 4704 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:46:40.0259 4704 spldr - ok
18:46:40.0315 4704 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
18:46:40.0342 4704 Spooler - ok
18:46:40.0478 4704 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:46:40.0585 4704 sppsvc - ok
18:46:40.0616 4704 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:46:40.0621 4704 sppuinotify - ok
18:46:40.0647 4704 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:46:40.0666 4704 srv - ok
18:46:40.0686 4704 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:46:40.0696 4704 srv2 - ok
18:46:40.0712 4704 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:46:40.0718 4704 srvnet - ok
18:46:40.0762 4704 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:46:40.0770 4704 SSDPSRV - ok
18:46:40.0783 4704 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:46:40.0789 4704 SstpSvc - ok
18:46:40.0815 4704 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
18:46:40.0817 4704 StarOpen - ok
18:46:40.0854 4704 Steam Client Service - ok
18:46:40.0923 4704 [ FC0A58529A02B1EED55DDC58696B7908 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:46:40.0931 4704 Stereo Service - ok
18:46:40.0982 4704 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:46:40.0986 4704 stexstor - ok
18:46:41.0042 4704 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:46:41.0063 4704 stisvc - ok
18:46:41.0108 4704 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:46:41.0112 4704 swenum - ok
18:46:41.0162 4704 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:46:41.0183 4704 swprv - ok
18:46:41.0273 4704 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:46:41.0293 4704 SysMain - ok
18:46:41.0345 4704 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:46:41.0356 4704 TabletInputService - ok
18:46:41.0372 4704 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:46:41.0381 4704 TapiSrv - ok
18:46:41.0399 4704 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:46:41.0404 4704 TBS - ok
18:46:41.0479 4704 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:46:41.0541 4704 Tcpip - ok
18:46:41.0622 4704 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:46:41.0634 4704 TCPIP6 - ok
18:46:41.0681 4704 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:46:41.0686 4704 tcpipreg - ok
18:46:41.0725 4704 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:46:41.0728 4704 TDPIPE - ok
18:46:41.0746 4704 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:46:41.0749 4704 TDTCP - ok
18:46:41.0792 4704 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:46:41.0798 4704 tdx - ok
18:46:41.0845 4704 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:46:41.0850 4704 TermDD - ok
18:46:41.0912 4704 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:46:41.0922 4704 TermService - ok
18:46:41.0962 4704 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:46:41.0967 4704 Themes - ok
18:46:42.0006 4704 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:46:42.0009 4704 THREADORDER - ok
18:46:42.0028 4704 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:46:42.0033 4704 TrkWks - ok
18:46:42.0115 4704 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:46:42.0123 4704 TrustedInstaller - ok
18:46:42.0176 4704 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:46:42.0180 4704 tssecsrv - ok
18:46:42.0234 4704 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:46:42.0239 4704 TsUsbFlt - ok
18:46:42.0304 4704 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:46:42.0312 4704 tunnel - ok
18:46:42.0364 4704 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:46:42.0486 4704 uagp35 - ok
18:46:42.0544 4704 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:46:42.0555 4704 udfs - ok
18:46:42.0608 4704 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:46:42.0619 4704 UI0Detect - ok
18:46:42.0661 4704 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:46:42.0667 4704 uliagpkx - ok
18:46:42.0687 4704 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:46:42.0690 4704 umbus - ok
18:46:42.0704 4704 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:46:42.0706 4704 UmPass - ok
18:46:42.0734 4704 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:46:42.0738 4704 upnphost - ok
18:46:42.0768 4704 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:46:42.0773 4704 usbaudio - ok
18:46:42.0783 4704 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:46:42.0788 4704 usbccgp - ok
18:46:42.0814 4704 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:46:42.0818 4704 usbcir - ok
18:46:42.0835 4704 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:46:42.0838 4704 usbehci - ok
18:46:42.0864 4704 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:46:42.0873 4704 usbhub - ok
18:46:42.0893 4704 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:46:42.0896 4704 usbohci - ok
18:46:42.0910 4704 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:46:42.0913 4704 usbprint - ok
18:46:42.0920 4704 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
18:46:42.0924 4704 USBSTOR - ok
18:46:42.0935 4704 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:46:42.0938 4704 usbuhci - ok
18:46:42.0962 4704 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
18:46:42.0968 4704 usbvideo - ok
18:46:43.0009 4704 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:46:43.0011 4704 UxSms - ok
18:46:43.0026 4704 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
18:46:43.0029 4704 VaultSvc - ok
18:46:43.0044 4704 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:46:43.0048 4704 vdrvroot - ok
18:46:43.0095 4704 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:46:43.0114 4704 vds - ok
18:46:43.0160 4704 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:46:43.0164 4704 vga - ok
18:46:43.0177 4704 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:46:43.0180 4704 VgaSave - ok
18:46:43.0202 4704 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:46:43.0208 4704 vhdmp - ok
18:46:43.0227 4704 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:46:43.0231 4704 viaide - ok
18:46:43.0246 4704 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:46:43.0250 4704 volmgr - ok
18:46:43.0299 4704 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:46:43.0307 4704 volmgrx - ok
18:46:43.0324 4704 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:46:43.0332 4704 volsnap - ok
18:46:43.0351 4704 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:46:43.0356 4704 vsmraid - ok
18:46:43.0430 4704 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:46:43.0488 4704 VSS - ok
18:46:43.0501 4704 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:46:43.0504 4704 vwifibus - ok
18:46:43.0558 4704 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:46:43.0565 4704 W32Time - ok
18:46:43.0586 4704 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:46:43.0590 4704 WacomPen - ok
18:46:43.0635 4704 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:46:43.0640 4704 WANARP - ok
18:46:43.0652 4704 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:46:43.0653 4704 Wanarpv6 - ok
18:46:43.0722 4704 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:46:43.0770 4704 wbengine - ok
18:46:43.0789 4704 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:46:43.0797 4704 WbioSrvc - ok
18:46:43.0845 4704 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:46:43.0857 4704 wcncsvc - ok
18:46:43.0870 4704 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:46:43.0875 4704 WcsPlugInService - ok
18:46:43.0915 4704 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:46:43.0919 4704 Wd - ok
18:46:43.0958 4704 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:46:43.0980 4704 Wdf01000 - ok
18:46:43.0996 4704 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:46:44.0001 4704 WdiServiceHost - ok
18:46:44.0012 4704 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:46:44.0015 4704 WdiSystemHost - ok
18:46:44.0063 4704 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:46:44.0075 4704 WebClient - ok
18:46:44.0096 4704 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:46:44.0105 4704 Wecsvc - ok
18:46:44.0116 4704 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:46:44.0119 4704 wercplsupport - ok
18:46:44.0144 4704 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:46:44.0150 4704 WerSvc - ok
18:46:44.0158 4704 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:46:44.0160 4704 WfpLwf - ok
18:46:44.0177 4704 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:46:44.0180 4704 WIMMount - ok
18:46:44.0235 4704 WinDefend - ok
18:46:44.0241 4704 WinHttpAutoProxySvc - ok
18:46:44.0329 4704 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:46:44.0333 4704 Winmgmt - ok
18:46:44.0424 4704 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:46:44.0493 4704 WinRM - ok
18:46:44.0587 4704 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:46:44.0657 4704 Wlansvc - ok
18:46:44.0840 4704 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:46:44.0866 4704 wlidsvc - ok
18:46:44.0904 4704 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:46:44.0908 4704 WmiAcpi - ok
18:46:44.0956 4704 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:46:44.0965 4704 wmiApSrv - ok
18:46:45.0001 4704 WMPNetworkSvc - ok
18:46:45.0038 4704 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:46:45.0045 4704 WPCSvc - ok
18:46:45.0093 4704 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:46:45.0103 4704 WPDBusEnum - ok
18:46:45.0144 4704 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:46:45.0149 4704 ws2ifsl - ok
18:46:45.0200 4704 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
18:46:45.0205 4704 wscsvc - ok
18:46:45.0212 4704 WSearch - ok
18:46:45.0320 4704 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:46:45.0337 4704 wuauserv - ok
18:46:45.0382 4704 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:46:45.0388 4704 WudfPf - ok
18:46:45.0428 4704 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:46:45.0436 4704 WUDFRd - ok
18:46:45.0482 4704 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:46:45.0489 4704 wudfsvc - ok
18:46:45.0507 4704 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:46:45.0527 4704 WwanSvc - ok
18:46:45.0540 4704 ================ Scan global ===============================
18:46:45.0584 4704 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:46:45.0631 4704 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:46:45.0656 4704 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:46:45.0704 4704 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:46:45.0729 4704 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:46:45.0736 4704 [Global] - ok
18:46:45.0737 4704 ================ Scan MBR ==================================
18:46:45.0753 4704 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:46:45.0980 4704 \Device\Harddisk0\DR0 - ok
18:46:45.0987 4704 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
18:46:46.0080 4704 \Device\Harddisk1\DR1 - ok
18:46:46.0081 4704 ================ Scan VBR ==================================
18:46:46.0089 4704 [ B89D8AA0A7E1FD83426305D6568425AB ] \Device\Harddisk0\DR0\Partition1
18:46:46.0091 4704 \Device\Harddisk0\DR0\Partition1 - ok
18:46:46.0116 4704 [ 3FAE16A654C4F79AD529FC7E650E84AD ] \Device\Harddisk0\DR0\Partition2
18:46:46.0117 4704 \Device\Harddisk0\DR0\Partition2 - ok
18:46:46.0121 4704 [ E956EF744C76289579DA678E0EC69FE8 ] \Device\Harddisk1\DR1\Partition1
18:46:46.0123 4704 \Device\Harddisk1\DR1\Partition1 - ok
18:46:46.0124 4704 ============================================================
18:46:46.0124 4704 Scan finished
18:46:46.0124 4704 ============================================================
18:46:46.0136 2376 Detected object count: 0
18:46:46.0136 2376 Actual detected object count: 0
18:46:59.0172 4268 Deinitialize success


Eset is running now.

#5 DrifterMiles

DrifterMiles
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 23 August 2012 - 07:01 PM

eset

C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Default\aahgdcaiefgilmkokfagekfbhdaokcij\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\David\AppData\Roaming\mseut.dll a variant of Win32/Medfos.CR trojan cleaned by deleting (after the next restart) - quarantined

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 PM

Posted 23 August 2012 - 07:21 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#7 DrifterMiles

DrifterMiles
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 24 August 2012 - 07:56 AM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.23.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
David :: DAVID-PC [administrator]

8/23/2012 8:51:19 PM
mbam-log-2012-08-23 (20-51-19).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 851904
Time elapsed: 4 hour(s), 3 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



minibox

MiniToolBox by Farbar Version: 23-07-2012
Ran by David (administrator) on 24-08-2012 at 07:54:21
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : David-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.tn.comcast.net.

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hsd1.tn.comcast.net.
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-21-85-10-1A-49
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2daa:9c3d:1df4:742c%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, August 22, 2012 12:53:42 AM
Lease Expires . . . . . . . . . . : Saturday, August 25, 2012 12:54:44 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234889605
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-1E-50-E7-00-21-85-10-1A-49
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.hsd1.tn.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 2001:4860:800a::8a
74.125.139.102
74.125.139.139
74.125.139.101
74.125.139.113
74.125.139.138
74.125.139.100


Pinging google.com [74.125.137.138] with 32 bytes of data:
Reply from 74.125.137.138: bytes=32 time=19ms TTL=49
Reply from 74.125.137.138: bytes=32 time=20ms TTL=49

Ping statistics for 74.125.137.138:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 20ms, Average = 19ms
Server: cdns01.comcast.net
Address: 75.75.75.75

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=102ms TTL=52
Reply from 98.139.183.24: bytes=32 time=60ms TTL=51

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 60ms, Maximum = 102ms, Average = 81ms
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...00 21 85 10 1a 49 ......Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.100 276
192.168.1.100 255.255.255.255 On-link 192.168.1.100 276
192.168.1.255 255.255.255.255 On-link 192.168.1.100 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.100 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.100 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::2daa:9c3d:1df4:742c/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\nwprovau.dll [File Not found] ()
Catalog5 03 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 04 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/24/2012 07:52:55 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (08/24/2012 06:22:55 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (08/24/2012 04:51:52 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (08/24/2012 03:22:08 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (08/24/2012 01:49:57 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (08/24/2012 00:19:54 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (08/23/2012 10:47:21 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (08/23/2012 10:19:57 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (08/23/2012 08:49:55 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (08/23/2012 08:17:55 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (08/22/2012 00:53:40 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:52:13 AM on ?8/?22/?2012 was unexpected.

Error: (08/21/2012 02:39:51 AM) (Source: DCOM) (User: )
Description: {0002DF01-0000-0000-C000-000000000046}

Error: (08/21/2012 02:36:13 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/21/2012 02:26:03 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/21/2012 02:26:03 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/21/2012 02:26:03 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/21/2012 02:26:03 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/21/2012 02:26:02 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (08/21/2012 02:26:02 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/21/2012 02:26:00 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}


Microsoft Office Sessions:
=========================
Error: (08/24/2012 07:52:55 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/24/2012 06:22:55 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/24/2012 04:51:52 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/24/2012 03:22:08 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/24/2012 01:49:57 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/24/2012 00:19:54 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/23/2012 10:47:21 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/23/2012 10:19:57 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/23/2012 08:49:55 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/23/2012 08:17:55 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


=========================== Installed Programs ============================

µTorrent (Version: 2.0.0)
Adobe AIR (Version: 3.3.0.3650)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.55)
Adobe Reader 9.3 (Version: 9.3.0)
Apple Application Support (Version: 1.2.1)
Apple Mobile Device Support (Version: 3.0.1.3)
Apple Software Update (Version: 2.1.2.120)
ArmA 2 Free Uninstall
ARMA 2 Operation Arrowhead Uninstall
Bandisoft MPEG-1 Decoder
BattlEye (A2Free) Uninstall
BattlEye for OA Uninstall
Best Buy pc app (Version: 3.5.1.2)
Bonjour (Version: 2.0.1.2)
CDBurnerXP (Version: 4.3.0.2015)
Cockatrice
Counter-Strike: Source
Counter-Strike: Source Beta
CPUID CPU-Z 1.58
DAEMON Tools Lite (Version: 4.41.3.0173)
DAEMON Tools Toolbar (Version: 1.1.7.0190)
Day of Defeat: Source
Diablo II
Diablo III (Version: 1.0.3.10235)
DivX Setup (Version: 2.6.1.9)
Dota 2
Download Updater (AOL LLC)
Dual-Core Optimizer (Version: 1.1.4.0169)
EasyBits GO
Entropia Universe (Version: 12.5.3.94131)
ESET Online Scanner v3
ESN Sonar (Version: 0.70.0)
EVGA OC Scanner 1.7.3
EVGA Precision 2.0.2 (Version: 2.0.2)
Express Dictate
Express Scribe
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Google Chrome (Version: 21.0.1180.83)
Grand Theft Auto IV
Grand Theft Auto: Episodes from Liberty City
Heroes of Newerth (Version: 1.0.0)
ImgBurn (Version: 2.5.5.0)
iTunes (Version: 9.1.1.12)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 26 (Version: 6.0.260)
Java™ 7 Update 4 (Version: 7.0.40)
JavaFX 2.1.0 (Version: 2.1.0)
Kingdoms of Amalur: Reckoning (Version: 1.0.0.0)
League of Legends (Version: 1.0020)
League of Legends (Version: 1.3)
Macro Wizard 4.1
Magic Online (Version: 3.00.0000)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mumble 1.2.3 (Version: 1.2.3)
NVIDIA 3D Vision Controller Driver (Version: 280.19)
NVIDIA 3D Vision Controller Driver 296.10 (Version: 296.10)
NVIDIA 3D Vision Driver 296.10 (Version: 296.10)
NVIDIA Control Panel 296.10 (Version: 296.10)
NVIDIA Graphics Driver 296.10 (Version: 296.10)
NVIDIA HD Audio Driver 1.3.12.0 (Version: 1.3.12.0)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.9610)
NVIDIA Update 1.7.11 (Version: 1.7.11)
NVIDIA Update Components (Version: 1.7.11)
Octoshape Streaming Services
OpenAL
Origin (Version: 8.5.0.4554)
Pando Media Booster (Version: 2.6.0.8)
QuickTime (Version: 7.66.71.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6363)
Rosetta Stone Version 3 (Version: 3.4.5.0)
Rosetta Stone Version 3 (Version: 3.4.7.0)
Secunia PSI (2.0.0.4003) (Version: 2.0.0.4003)
Six Updater (Version: 2.08.0026)
Six Updater (Version: 2.09.5033)
Skype Click to Call (Version: 5.9.9216)
Skype™ 5.8 (Version: 5.8.158)
Star Wars: The Old Republic (Version: 1.00)
StarCraft II (Version: 1.4.1.19776)
Steam (Version: 1.0.0.0)
System Requirements Lab
System Requirements Lab (Version: 4.1.72.0)
System Requirements Lab CYRI (Version: 4.3.1.0)
Team Fortress 2
TERA (Version: 1.38)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Ventrilo Client (Version: 3.0.7)
VIPRE Internet Security (Version: 5.2.5162)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
World of Warcraft (Version: 4.3.4.15595)

========================= Memory info: ===================================

Percentage of memory in use: 67%
Total physical RAM: 4095.16 MB
Available physical RAM: 1321.92 MB
Total Pagefile: 8188.51 MB
Available Pagefile: 5608.07 MB
Total Virtual: 4095.88 MB
Available Virtual: 3962.79 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.69 GB) (Free:36.43 GB) NTFS
4 Drive g: (External Drive) (Fixed) (Total:298.09 GB) (Free:29.45 GB) NTFS

========================= Users: ========================================

User accounts for \\DAVID-PC

Administrator ASPNET David
Guest UpdatusUser


**** End of log ****

Farbar Service Scanner Version: 06-08-2012
Ran by David (administrator) on 24-08-2012 at 07:55:41
Running from "C:\Users\David\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#8 DrifterMiles

DrifterMiles
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 24 August 2012 - 08:02 AM

# AdwCleaner v1.801 - Logfile created 08/24/2012 at 07:57:11
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : David - DAVID-PC
# Boot Mode : Normal
# Running from : C:\Users\David\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
File Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rgk8u3u6.default\searchplugins\daemon-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rgk8u3u6.default\prefs.js

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\rgk8u3u6.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3494 octets] - [24/08/2012 07:57:11]

########## EOF - C:\AdwCleaner[S1].txt - [3622 octets] ##########

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 PM

Posted 24 August 2012 - 08:09 AM

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

Any current issues?

#10 DrifterMiles

DrifterMiles
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 26 August 2012 - 01:41 AM

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/26/2012 01:39:31 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 [ZA Reg Hijack]
* C:\Users\David\AppData\Local\{2e30ba54-3471-860b-59e1-61015768b6f7}\ [ZA Dir]
* C:\Users\David\AppData\Local\{2e30ba54-3471-860b-59e1-61015768b6f7}\@ [ZA File]
* C:\Users\David\AppData\Local\{2e30ba54-3471-860b-59e1-61015768b6f7}\L\ [ZA Dir]
* C:\Users\David\AppData\Local\{2e30ba54-3471-860b-59e1-61015768b6f7}\U\ [ZA Dir]

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Disabled

* Security Center (wscsvc) is not Running.
Startup Type set to: Disabled

* Windows Update (wuauserv) is not Running.
Startup Type set to: Disabled

* CscService [Missing Service]
* PeerDistSvc [Missing Service]
* UmRdpService [Missing Service]
* WatAdminSvc [Missing Service]

* iphlpsvc [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/26/2012 01:40:44 AM
Execution time: 0 hours(s), 1 minute(s), and 12 seconds(s)



No real problems as of lately.

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 PM

Posted 26 August 2012 - 07:06 AM

Press Windows+R key and type

notepad and click ok

Copy this script
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
  65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"

Click on FILE-SAVE AS

Filename:fix.reg
Save as :All files

Launch the FIX.REG

Click YES when you receive a prompt

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Users\David\AppData\Local\{2e30ba54-3471-860b-59e1-61015768b6f7}

delete the folder

Run RKILL again and post the new log

Press Windows+R key and type

services.msc and click ok

Right click on security center and windows update service and change the startup type to automatic and start them

#12 DrifterMiles

DrifterMiles
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 26 August 2012 - 06:33 PM

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/26/2012 06:32:37 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Disabled

* Security Center (wscsvc) is not Running.
Startup Type set to: Disabled

* Windows Update (wuauserv) is not Running.
Startup Type set to: Disabled

* CscService [Missing Service]
* PeerDistSvc [Missing Service]
* UmRdpService [Missing Service]
* WatAdminSvc [Missing Service]

* iphlpsvc [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/26/2012 06:33:16 PM
Execution time: 0 hours(s), 0 minute(s), and 39 seconds(s)

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 PM

Posted 26 August 2012 - 08:31 PM

Press Windows+R key and type

services.msc and click ok

Right click on security center and windows update service and change the startup type to automatic and start them


Please do this and run RKILL again

#14 DrifterMiles

DrifterMiles
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 26 August 2012 - 09:14 PM

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/26/2012 09:14:08 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Disabled

* CscService [Missing Service]
* PeerDistSvc [Missing Service]
* UmRdpService [Missing Service]
* WatAdminSvc [Missing Service]

* iphlpsvc [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/26/2012 09:14:21 PM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:22 PM

Posted 26 August 2012 - 09:19 PM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users