Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firewall Will Not Enable


  • Please log in to reply
11 replies to this topic

#1 out2late

out2late

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:13 AM

Posted 24 August 2012 - 11:23 AM

Hello everyone,

Seem to be having an issue with Windows 7 x64 firewall. Had Norton Internet 2011 however service expired, so now use Security Essentials. Now windows firewall will not start up (also desktop icon issue but lets tackle one problem at a time). I have tried uninstalling MSE and rebooting in safe mode however the issue is still there.

When in control panel, under firewall, I click on Use Recommended Settings, the wait icon pops up and nothing happens.

Ive tried running MicrosoftFixit.WindowsFirewall.RNP.23269253326113752.1.Run however the Microsoft Fix It it tells me it cannot fix the issue.

When I try to start the Firewall Service in Services.msc I get "Cannot start on local computer see error code 5".

I have run Superantispyware and Malware Bytes they were both clean except a MSE scan showed the following (see attachments).

I have also provided my FSS results.

Please help me Bleepingcomputer, your my only hope!!

Edited by Orange Blossom, 24 August 2012 - 11:48 AM.
Moved to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:13 AM

Posted 24 August 2012 - 11:31 AM

We need to remove zero access rootkit first


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 out2late

out2late
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:13 AM

Posted 24 August 2012 - 04:54 PM

wow... such a fast response... thank you

here you go

Results From TDSSkiller:

12:35:20.0206 1224 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
12:35:20.0493 1224 ============================================================
12:35:20.0493 1224 Current date / time: 2012/08/24 12:35:20.0493
12:35:20.0493 1224 SystemInfo:
12:35:20.0493 1224
12:35:20.0493 1224 OS Version: 6.1.7601 ServicePack: 1.0
12:35:20.0493 1224 Product type: Workstation
12:35:20.0493 1224 ComputerName: PETER-PC
12:35:20.0495 1224 UserName: Peter
12:35:20.0495 1224 Windows directory: C:\Windows
12:35:20.0495 1224 System windows directory: C:\Windows
12:35:20.0495 1224 Running under WOW64
12:35:20.0495 1224 Processor architecture: Intel x64
12:35:20.0495 1224 Number of processors: 4
12:35:20.0495 1224 Page size: 0x1000
12:35:20.0495 1224 Boot type: Normal boot
12:35:20.0495 1224 ============================================================
12:35:21.0200 1224 Drive \Device\Harddisk0\DR0 - Size: 0x7470900000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:35:21.0256 1224 Drive \Device\Harddisk1\DR1 - Size: 0x3A381D00000 (3726.03 Gb), SectorSize: 0x200, Cylinders: 0x76C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:35:21.0282 1224 ============================================================
12:35:21.0282 1224 \Device\Harddisk0\DR0:
12:35:21.0282 1224 MBR partitions:
12:35:21.0282 1224 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:35:21.0282 1224 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A351800
12:35:21.0282 1224 \Device\Harddisk1\DR1:
12:35:21.0282 1224 GPT partitions:
12:35:21.0282 1224 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {CA1EBF56-D3CB-4871-BCBD-DADD26205202}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
12:35:21.0282 1224 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {D27EEFD4-3B2F-4F0E-AE24-BC6AA9383C01}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0xD1BCD800
12:35:21.0282 1224 MBR partitions:
12:35:21.0282 1224 ============================================================
12:35:21.0313 1224 C: <-> \Device\Harddisk0\DR0\Partition2
12:35:21.0399 1224 D: <-> \Device\Harddisk1\DR1\Partition2
12:35:21.0399 1224 ============================================================
12:35:21.0399 1224 Initialize success
12:35:21.0399 1224 ============================================================
12:36:37.0080 3576 ============================================================
12:36:37.0080 3576 Scan started
12:36:37.0080 3576 Mode: Manual; TDLFS;
12:36:37.0080 3576 ============================================================
12:36:37.0244 3576 ================ Scan system memory ========================
12:36:37.0244 3576 System memory - ok
12:36:37.0245 3576 ================ Scan services =============================
12:36:37.0415 3576 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:36:37.0484 3576 1394ohci - ok
12:36:37.0542 3576 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:36:37.0556 3576 ACPI - ok
12:36:37.0590 3576 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:36:37.0597 3576 AcpiPmi - ok
12:36:37.0816 3576 [ C245E08EC469A52A622EFDC9787A0DCC ] AdobeActiveFileMonitor10.0 C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
12:36:37.0817 3576 AdobeActiveFileMonitor10.0 - ok
12:36:37.0948 3576 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:36:37.0950 3576 AdobeARMservice - ok
12:36:38.0077 3576 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:36:38.0079 3576 AdobeFlashPlayerUpdateSvc - ok
12:36:38.0124 3576 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:36:38.0145 3576 adp94xx - ok
12:36:38.0174 3576 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:36:38.0179 3576 adpahci - ok
12:36:38.0206 3576 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:36:38.0224 3576 adpu320 - ok
12:36:38.0254 3576 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:36:38.0256 3576 AeLookupSvc - ok
12:36:38.0302 3576 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:36:38.0306 3576 AFD - ok
12:36:38.0321 3576 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:36:38.0323 3576 agp440 - ok
12:36:38.0355 3576 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:36:38.0357 3576 ALG - ok
12:36:38.0373 3576 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:36:38.0374 3576 aliide - ok
12:36:38.0432 3576 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:36:38.0444 3576 AMD External Events Utility - ok
12:36:38.0468 3576 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:36:38.0476 3576 amdide - ok
12:36:38.0483 3576 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:36:38.0485 3576 AmdK8 - ok
12:36:38.0711 3576 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:36:38.0930 3576 amdkmdag - ok
12:36:38.0974 3576 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:36:38.0976 3576 amdkmdap - ok
12:36:38.0990 3576 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:36:38.0991 3576 AmdPPM - ok
12:36:39.0022 3576 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:36:39.0024 3576 amdsata - ok
12:36:39.0039 3576 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:36:39.0050 3576 amdsbs - ok
12:36:39.0072 3576 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:36:39.0073 3576 amdxata - ok
12:36:39.0119 3576 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:36:39.0178 3576 AppID - ok
12:36:39.0202 3576 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:36:39.0203 3576 AppIDSvc - ok
12:36:39.0240 3576 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:36:39.0242 3576 Appinfo - ok
12:36:39.0358 3576 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:36:39.0359 3576 Apple Mobile Device - ok
12:36:39.0403 3576 [ 0EEFF7103E4F3E783F3D2B870AF67F1C ] appliand C:\Windows\system32\DRIVERS\appliand.sys
12:36:39.0416 3576 appliand - ok
12:36:39.0420 3576 [ 0EEFF7103E4F3E783F3D2B870AF67F1C ] appliandMP C:\Windows\system32\DRIVERS\appliand.sys
12:36:39.0420 3576 appliandMP - ok
12:36:39.0477 3576 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
12:36:39.0489 3576 AppMgmt - ok
12:36:39.0517 3576 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
12:36:39.0530 3576 arc - ok
12:36:39.0554 3576 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:36:39.0556 3576 arcsas - ok
12:36:39.0584 3576 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:36:39.0585 3576 AsyncMac - ok
12:36:39.0624 3576 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:36:39.0624 3576 atapi - ok
12:36:39.0679 3576 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
12:36:39.0680 3576 AtiHDAudioService - ok
12:36:39.0912 3576 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:36:39.0976 3576 atikmdag - ok
12:36:40.0055 3576 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:36:40.0083 3576 AudioEndpointBuilder - ok
12:36:40.0105 3576 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:36:40.0109 3576 AudioSrv - ok
12:36:40.0153 3576 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:36:40.0155 3576 AxInstSV - ok
12:36:40.0202 3576 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:36:40.0206 3576 b06bdrv - ok
12:36:40.0251 3576 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:36:40.0267 3576 b57nd60a - ok
12:36:40.0297 3576 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:36:40.0300 3576 BDESVC - ok
12:36:40.0315 3576 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:36:40.0315 3576 Beep - ok
12:36:40.0408 3576 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:36:40.0414 3576 BFE - ok
12:36:40.0430 3576 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:36:40.0431 3576 blbdrive - ok
12:36:40.0507 3576 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:36:40.0522 3576 Bonjour Service - ok
12:36:40.0569 3576 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:36:40.0571 3576 bowser - ok
12:36:40.0589 3576 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:36:40.0598 3576 BrFiltLo - ok
12:36:40.0604 3576 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:36:40.0605 3576 BrFiltUp - ok
12:36:40.0636 3576 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:36:40.0647 3576 Browser - ok
12:36:40.0678 3576 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\system32\DRIVERS\BrSerId.sys
12:36:40.0693 3576 Brserid - ok
12:36:40.0708 3576 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:36:40.0716 3576 BrSerWdm - ok
12:36:40.0729 3576 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:36:40.0730 3576 BrUsbMdm - ok
12:36:40.0755 3576 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys
12:36:40.0756 3576 BrUsbSer - ok
12:36:40.0778 3576 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:36:40.0792 3576 BTHMODEM - ok
12:36:40.0818 3576 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:36:40.0820 3576 bthserv - ok
12:36:40.0832 3576 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:36:40.0842 3576 cdfs - ok
12:36:40.0880 3576 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
12:36:40.0892 3576 cdrom - ok
12:36:40.0935 3576 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:36:40.0937 3576 CertPropSvc - ok
12:36:40.0942 3576 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:36:40.0955 3576 circlass - ok
12:36:40.0989 3576 [ FF60401F1C659CA2ED4BAE85D3FD14DA ] CISVC C:\Windows\system32\CISVC.EXE
12:36:40.0990 3576 CISVC - ok
12:36:41.0031 3576 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:36:41.0042 3576 CLFS - ok
12:36:41.0112 3576 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:36:41.0125 3576 clr_optimization_v2.0.50727_32 - ok
12:36:41.0166 3576 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:36:41.0179 3576 clr_optimization_v2.0.50727_64 - ok
12:36:41.0226 3576 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:36:41.0228 3576 clr_optimization_v4.0.30319_32 - ok
12:36:41.0263 3576 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:36:41.0277 3576 clr_optimization_v4.0.30319_64 - ok
12:36:41.0293 3576 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:36:41.0294 3576 CmBatt - ok
12:36:41.0317 3576 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:36:41.0318 3576 cmdide - ok
12:36:41.0366 3576 [ 2835BF2A864CDE9184C80CF4E6A485F9 ] cmuda3 C:\Windows\system32\drivers\cmudax3.sys
12:36:41.0408 3576 cmuda3 - ok
12:36:41.0438 3576 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:36:41.0452 3576 CNG - ok
12:36:41.0465 3576 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:36:41.0473 3576 Compbatt - ok
12:36:41.0500 3576 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:36:41.0501 3576 CompositeBus - ok
12:36:41.0506 3576 COMSysApp - ok
12:36:41.0564 3576 [ 3CA734CE373E5675FBC15CA2C45228E5 ] cpudrv64 C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
12:36:41.0573 3576 cpudrv64 - ok
12:36:41.0590 3576 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:36:41.0592 3576 crcdisk - ok
12:36:41.0669 3576 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:36:41.0671 3576 CryptSvc - ok
12:36:41.0704 3576 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
12:36:41.0749 3576 CSC - ok
12:36:41.0793 3576 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
12:36:41.0863 3576 CscService - ok
12:36:41.0891 3576 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:36:41.0895 3576 DcomLaunch - ok
12:36:41.0923 3576 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:36:41.0933 3576 defragsvc - ok
12:36:41.0967 3576 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:36:41.0969 3576 DfsC - ok
12:36:42.0004 3576 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:36:42.0007 3576 Dhcp - ok
12:36:42.0019 3576 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:36:42.0020 3576 discache - ok
12:36:42.0054 3576 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:36:42.0055 3576 Disk - ok
12:36:42.0080 3576 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:36:42.0081 3576 Dnscache - ok
12:36:42.0113 3576 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:36:42.0139 3576 dot3svc - ok
12:36:42.0162 3576 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:36:42.0173 3576 DPS - ok
12:36:42.0201 3576 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:36:42.0207 3576 drmkaud - ok
12:36:42.0245 3576 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:36:42.0251 3576 DXGKrnl - ok
12:36:42.0294 3576 [ 237524B16AE23C3FD997662C14675D74 ] e1express C:\Windows\system32\DRIVERS\e1e6232e.sys
12:36:42.0296 3576 e1express - ok
12:36:42.0326 3576 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:36:42.0328 3576 EapHost - ok
12:36:42.0448 3576 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:36:42.0474 3576 ebdrv - ok
12:36:42.0513 3576 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:36:42.0514 3576 EFS - ok
12:36:42.0554 3576 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:36:42.0627 3576 ehRecvr - ok
12:36:42.0655 3576 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:36:42.0657 3576 ehSched - ok
12:36:42.0713 3576 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:36:42.0719 3576 elxstor - ok
12:36:42.0743 3576 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:36:42.0754 3576 ErrDev - ok
12:36:42.0785 3576 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:36:42.0789 3576 EventSystem - ok
12:36:42.0805 3576 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:36:42.0820 3576 exfat - ok
12:36:42.0845 3576 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:36:42.0848 3576 fastfat - ok
12:36:42.0894 3576 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:36:42.0915 3576 Fax - ok
12:36:42.0935 3576 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:36:42.0950 3576 fdc - ok
12:36:42.0964 3576 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:36:42.0966 3576 fdPHost - ok
12:36:42.0977 3576 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:36:42.0978 3576 FDResPub - ok
12:36:42.0991 3576 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:36:42.0992 3576 FileInfo - ok
12:36:43.0005 3576 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:36:43.0007 3576 Filetrace - ok
12:36:43.0034 3576 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:36:43.0043 3576 flpydisk - ok
12:36:43.0072 3576 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:36:43.0087 3576 FltMgr - ok
12:36:43.0130 3576 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
12:36:43.0159 3576 FontCache - ok
12:36:43.0209 3576 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:36:43.0218 3576 FontCache3.0.0.0 - ok
12:36:43.0241 3576 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:36:43.0242 3576 FsDepends - ok
12:36:43.0273 3576 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:36:43.0273 3576 Fs_Rec - ok
12:36:43.0315 3576 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:36:43.0361 3576 fvevol - ok
12:36:43.0386 3576 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:36:43.0403 3576 gagp30kx - ok
12:36:43.0431 3576 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:36:43.0443 3576 GEARAspiWDM - ok
12:36:43.0478 3576 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:36:43.0493 3576 gpsvc - ok
12:36:43.0637 3576 GPU-Z - ok
12:36:43.0653 3576 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:36:43.0665 3576 hcw85cir - ok
12:36:43.0702 3576 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:36:43.0717 3576 HdAudAddService - ok
12:36:43.0757 3576 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:36:43.0759 3576 HDAudBus - ok
12:36:43.0765 3576 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:36:43.0767 3576 HidBatt - ok
12:36:43.0785 3576 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:36:43.0791 3576 HidBth - ok
12:36:43.0806 3576 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:36:43.0807 3576 HidIr - ok
12:36:43.0829 3576 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
12:36:43.0831 3576 hidserv - ok
12:36:43.0860 3576 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:36:43.0862 3576 HidUsb - ok
12:36:43.0888 3576 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:36:43.0891 3576 hkmsvc - ok
12:36:43.0919 3576 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:36:43.0939 3576 HomeGroupListener - ok
12:36:43.0960 3576 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:36:43.0964 3576 HomeGroupProvider - ok
12:36:43.0983 3576 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:36:44.0000 3576 HpSAMD - ok
12:36:44.0043 3576 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:36:44.0069 3576 HTTP - ok
12:36:44.0090 3576 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:36:44.0091 3576 hwpolicy - ok
12:36:44.0132 3576 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:36:44.0143 3576 i8042prt - ok
12:36:44.0248 3576 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:36:44.0251 3576 IAANTMON - ok
12:36:44.0302 3576 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
12:36:44.0306 3576 iaStor - ok
12:36:44.0365 3576 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:36:44.0366 3576 IAStorDataMgrSvc - ok
12:36:44.0400 3576 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:36:44.0421 3576 iaStorV - ok
12:36:44.0547 3576 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:36:44.0549 3576 IDriverT - ok
12:36:44.0648 3576 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:36:44.0679 3576 idsvc - ok
12:36:44.0861 3576 [ 24CC43ECDEEFD4C19FBBEE4951B647F1 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
12:36:44.0915 3576 igfx - ok
12:36:44.0944 3576 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:36:44.0945 3576 iirsp - ok
12:36:44.0997 3576 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:36:45.0023 3576 IKEEXT - ok
12:36:45.0039 3576 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:36:45.0042 3576 intelide - ok
12:36:45.0067 3576 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:36:45.0068 3576 intelppm - ok
12:36:45.0095 3576 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:36:45.0098 3576 IPBusEnum - ok
12:36:45.0121 3576 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:36:45.0123 3576 IpFilterDriver - ok
12:36:45.0150 3576 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:36:45.0151 3576 IPMIDRV - ok
12:36:45.0172 3576 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:36:45.0175 3576 IPNAT - ok
12:36:45.0277 3576 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:36:45.0307 3576 iPod Service - ok
12:36:45.0334 3576 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:36:45.0335 3576 IRENUM - ok
12:36:45.0374 3576 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:36:45.0384 3576 isapnp - ok
12:36:45.0418 3576 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:36:45.0421 3576 iScsiPrt - ok
12:36:45.0444 3576 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:36:45.0445 3576 kbdclass - ok
12:36:45.0479 3576 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:36:45.0480 3576 kbdhid - ok
12:36:45.0515 3576 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:36:45.0517 3576 KeyIso - ok
12:36:45.0546 3576 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:36:45.0547 3576 KSecDD - ok
12:36:45.0583 3576 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:36:45.0586 3576 KSecPkg - ok
12:36:45.0611 3576 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:36:45.0612 3576 ksthunk - ok
12:36:45.0656 3576 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:36:45.0743 3576 KtmRm - ok
12:36:45.0780 3576 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:36:45.0811 3576 LanmanServer - ok
12:36:45.0837 3576 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:36:45.0842 3576 LanmanWorkstation - ok
12:36:45.0879 3576 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:36:45.0880 3576 lltdio - ok
12:36:45.0917 3576 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:36:45.0933 3576 lltdsvc - ok
12:36:45.0947 3576 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:36:45.0949 3576 lmhosts - ok
12:36:45.0972 3576 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:36:45.0980 3576 LSI_FC - ok
12:36:46.0001 3576 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:36:46.0003 3576 LSI_SAS - ok
12:36:46.0017 3576 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:36:46.0030 3576 LSI_SAS2 - ok
12:36:46.0046 3576 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:36:46.0061 3576 LSI_SCSI - ok
12:36:46.0083 3576 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:36:46.0085 3576 luafv - ok
12:36:46.0118 3576 lvpopf64 - ok
12:36:46.0146 3576 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
12:36:46.0163 3576 LVPr2M64 - ok
12:36:46.0181 3576 LVRS64 - ok
12:36:46.0194 3576 LVUVC64 - ok
12:36:46.0213 3576 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:36:46.0216 3576 Mcx2Svc - ok
12:36:46.0279 3576 [ DE96024E547CE8D6B336C3535D4C567F ] Media Center 16 Service C:\Program Files (x86)\J River\Media Center 16\JRService.exe
12:36:46.0369 3576 Media Center 16 Service - ok
12:36:46.0378 3576 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:36:46.0380 3576 megasas - ok
12:36:46.0402 3576 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:36:46.0415 3576 MegaSR - ok
12:36:46.0473 3576 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
12:36:46.0475 3576 Microsoft Office Groove Audit Service - ok
12:36:46.0500 3576 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:36:46.0502 3576 MMCSS - ok
12:36:46.0512 3576 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:36:46.0513 3576 Modem - ok
12:36:46.0540 3576 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:36:46.0541 3576 monitor - ok
12:36:46.0575 3576 [ 95314C3A08589471983C2C8173F23CDA ] MonitorFunction C:\Windows\system32\DRIVERS\TVMonitor.sys
12:36:46.0577 3576 MonitorFunction - ok
12:36:46.0610 3576 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:36:46.0611 3576 mouclass - ok
12:36:46.0641 3576 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:36:46.0643 3576 mouhid - ok
12:36:46.0669 3576 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:36:46.0671 3576 mountmgr - ok
12:36:46.0729 3576 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:36:46.0731 3576 MozillaMaintenance - ok
12:36:46.0776 3576 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
12:36:46.0789 3576 MpFilter - ok
12:36:46.0812 3576 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:36:46.0814 3576 mpio - ok
12:36:46.0834 3576 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:36:46.0835 3576 mpsdrv - ok
12:36:46.0878 3576 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:36:46.0884 3576 MpsSvc - ok
12:36:46.0920 3576 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:36:46.0922 3576 MRxDAV - ok
12:36:46.0941 3576 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:36:46.0955 3576 mrxsmb - ok
12:36:46.0975 3576 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:36:46.0992 3576 mrxsmb10 - ok
12:36:47.0003 3576 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:36:47.0005 3576 mrxsmb20 - ok
12:36:47.0035 3576 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:36:47.0046 3576 msahci - ok
12:36:47.0068 3576 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:36:47.0076 3576 msdsm - ok
12:36:47.0089 3576 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:36:47.0097 3576 MSDTC - ok
12:36:47.0125 3576 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:36:47.0126 3576 Msfs - ok
12:36:47.0140 3576 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:36:47.0141 3576 mshidkmdf - ok
12:36:47.0159 3576 [ BB590070D606AE6F008341FC9A7B2AD7 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
12:36:47.0167 3576 MSHUSBVideo - ok
12:36:47.0189 3576 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:36:47.0189 3576 msisadrv - ok
12:36:47.0221 3576 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:36:47.0234 3576 MSiSCSI - ok
12:36:47.0239 3576 msiserver - ok
12:36:47.0259 3576 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:36:47.0260 3576 MSKSSRV - ok
12:36:47.0316 3576 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
12:36:47.0317 3576 MsMpSvc - ok
12:36:47.0342 3576 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:36:47.0343 3576 MSPCLOCK - ok
12:36:47.0358 3576 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:36:47.0359 3576 MSPQM - ok
12:36:47.0390 3576 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:36:47.0429 3576 MsRPC - ok
12:36:47.0454 3576 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:36:47.0455 3576 mssmbios - ok
12:36:47.0465 3576 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:36:47.0474 3576 MSTEE - ok
12:36:47.0500 3576 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:36:47.0512 3576 MTConfig - ok
12:36:47.0534 3576 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:36:47.0535 3576 Mup - ok
12:36:47.0574 3576 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:36:47.0591 3576 napagent - ok
12:36:47.0633 3576 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:36:47.0656 3576 NativeWifiP - ok
12:36:47.0697 3576 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
12:36:47.0717 3576 NDIS - ok
12:36:47.0740 3576 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:36:47.0752 3576 NdisCap - ok
12:36:47.0779 3576 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:36:47.0781 3576 NdisTapi - ok
12:36:47.0808 3576 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:36:47.0810 3576 Ndisuio - ok
12:36:47.0833 3576 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:36:47.0848 3576 NdisWan - ok
12:36:47.0875 3576 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:36:47.0875 3576 NDProxy - ok
12:36:47.0910 3576 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
12:36:47.0917 3576 Netaapl - ok
12:36:47.0940 3576 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:36:47.0941 3576 NetBIOS - ok
12:36:47.0973 3576 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:36:47.0990 3576 NetBT - ok
12:36:48.0003 3576 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:36:48.0005 3576 Netlogon - ok
12:36:48.0036 3576 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:36:48.0052 3576 Netman - ok
12:36:48.0082 3576 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:36:48.0104 3576 netprofm - ok
12:36:48.0132 3576 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:36:48.0143 3576 NetTcpPortSharing - ok
12:36:48.0182 3576 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:36:48.0189 3576 nfrd960 - ok
12:36:48.0221 3576 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:36:48.0223 3576 NisDrv - ok
12:36:48.0256 3576 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
12:36:48.0274 3576 NisSrv - ok
12:36:48.0301 3576 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:36:48.0307 3576 NlaSvc - ok
12:36:48.0393 3576 [ 0543FA119CF3FD2203851FD71202FFE1 ] nlsX86cc C:\Windows\SysWOW64\NLSSRV32.EXE
12:36:48.0395 3576 nlsX86cc - ok
12:36:48.0425 3576 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:36:48.0426 3576 Npfs - ok
12:36:48.0440 3576 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:36:48.0442 3576 nsi - ok
12:36:48.0448 3576 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:36:48.0449 3576 nsiproxy - ok
12:36:48.0509 3576 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:36:48.0547 3576 Ntfs - ok
12:36:48.0571 3576 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:36:48.0572 3576 Null - ok
12:36:48.0607 3576 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:36:48.0609 3576 nvraid - ok
12:36:48.0647 3576 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:36:48.0655 3576 nvstor - ok
12:36:48.0680 3576 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:36:48.0687 3576 nv_agp - ok
12:36:48.0751 3576 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:36:48.0768 3576 odserv - ok
12:36:48.0808 3576 [ E52479B03A57DC3D4BABD9C5536C94D6 ] OEM05Afx C:\Windows\system32\Drivers\OEM05Afx.sys
12:36:48.0830 3576 OEM05Afx - ok
12:36:48.0856 3576 [ 766F689564BC30E5A91F8621CE65AD68 ] OEM05Vfx C:\Windows\system32\DRIVERS\OEM05Vfx.sys
12:36:48.0864 3576 OEM05Vfx - ok
12:36:48.0893 3576 [ 859F850A4FD021A66493D18CBA847792 ] OEM05Vid C:\Windows\system32\DRIVERS\OEM05Vid.sys
12:36:48.0907 3576 OEM05Vid - ok
12:36:48.0933 3576 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:36:48.0953 3576 ohci1394 - ok
12:36:48.0995 3576 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:36:49.0011 3576 ose - ok
12:36:49.0049 3576 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:36:49.0062 3576 p2pimsvc - ok
12:36:49.0083 3576 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:36:49.0102 3576 p2psvc - ok
12:36:49.0132 3576 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:36:49.0138 3576 Parport - ok
12:36:49.0170 3576 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:36:49.0171 3576 partmgr - ok
12:36:49.0203 3576 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:36:49.0217 3576 PcaSvc - ok
12:36:49.0232 3576 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:36:49.0235 3576 pci - ok
12:36:49.0258 3576 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:36:49.0259 3576 pciide - ok
12:36:49.0288 3576 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:36:49.0291 3576 pcmcia - ok
12:36:49.0308 3576 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:36:49.0309 3576 pcw - ok
12:36:49.0330 3576 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:36:49.0352 3576 PEAUTH - ok
12:36:49.0383 3576 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:36:49.0415 3576 PeerDistSvc - ok
12:36:49.0440 3576 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:36:49.0442 3576 PerfHost - ok
12:36:49.0509 3576 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:36:49.0534 3576 pla - ok
12:36:49.0582 3576 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:36:49.0608 3576 PlugPlay - ok
12:36:49.0647 3576 PnkBstrA - ok
12:36:49.0667 3576 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:36:49.0670 3576 PNRPAutoReg - ok
12:36:49.0682 3576 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:36:49.0685 3576 PNRPsvc - ok
12:36:49.0706 3576 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:36:49.0718 3576 PolicyAgent - ok
12:36:49.0740 3576 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:36:49.0744 3576 Power - ok
12:36:49.0785 3576 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:36:49.0787 3576 PptpMiniport - ok
12:36:49.0809 3576 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:36:49.0816 3576 Processor - ok
12:36:49.0841 3576 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:36:49.0863 3576 ProfSvc - ok
12:36:49.0875 3576 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:36:49.0876 3576 ProtectedStorage - ok
12:36:49.0918 3576 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:36:49.0931 3576 Psched - ok
12:36:49.0997 3576 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
12:36:49.0998 3576 PxHlpa64 - ok
12:36:50.0042 3576 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:36:50.0151 3576 ql2300 - ok
12:36:50.0164 3576 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:36:50.0166 3576 ql40xx - ok
12:36:50.0199 3576 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:36:50.0230 3576 QWAVE - ok
12:36:50.0243 3576 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:36:50.0245 3576 QWAVEdrv - ok
12:36:50.0260 3576 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:36:50.0271 3576 RasAcd - ok
12:36:50.0294 3576 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:36:50.0295 3576 RasAgileVpn - ok
12:36:50.0307 3576 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:36:50.0311 3576 RasAuto - ok
12:36:50.0332 3576 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:36:50.0333 3576 Rasl2tp - ok
12:36:50.0359 3576 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:36:50.0431 3576 RasMan - ok
12:36:50.0448 3576 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:36:50.0450 3576 RasPppoe - ok
12:36:50.0471 3576 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:36:50.0473 3576 RasSstp - ok
12:36:50.0510 3576 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:36:50.0525 3576 rdbss - ok
12:36:50.0536 3576 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:36:50.0537 3576 rdpbus - ok
12:36:50.0545 3576 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:36:50.0546 3576 RDPCDD - ok
12:36:50.0580 3576 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:36:50.0586 3576 RDPDR - ok
12:36:50.0617 3576 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:36:50.0618 3576 RDPENCDD - ok
12:36:50.0627 3576 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:36:50.0628 3576 RDPREFMP - ok
12:36:50.0687 3576 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:36:50.0696 3576 RdpVideoMiniport - ok
12:36:50.0725 3576 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:36:50.0742 3576 RDPWD - ok
12:36:50.0760 3576 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:36:50.0768 3576 rdyboost - ok
12:36:50.0815 3576 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:36:50.0818 3576 RemoteAccess - ok
12:36:50.0852 3576 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:36:50.0868 3576 RemoteRegistry - ok
12:36:50.0916 3576 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
12:36:50.0916 3576 RimUsb - ok
12:36:50.0946 3576 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
12:36:50.0952 3576 RimVSerPort - ok
12:36:50.0969 3576 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
12:36:50.0971 3576 ROOTMODEM - ok
12:36:50.0986 3576 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:36:50.0989 3576 RpcEptMapper - ok
12:36:51.0010 3576 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:36:51.0012 3576 RpcLocator - ok
12:36:51.0047 3576 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:36:51.0053 3576 RpcSs - ok
12:36:51.0069 3576 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:36:51.0071 3576 rspndr - ok
12:36:51.0092 3576 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
12:36:51.0093 3576 s3cap - ok
12:36:51.0105 3576 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:36:51.0107 3576 SamSs - ok
12:36:51.0142 3576 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:36:51.0144 3576 sbp2port - ok
12:36:51.0169 3576 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:36:51.0235 3576 SCardSvr - ok
12:36:51.0254 3576 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:36:51.0255 3576 scfilter - ok
12:36:51.0300 3576 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:36:51.0329 3576 Schedule - ok
12:36:51.0344 3576 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:36:51.0344 3576 SCPolicySvc - ok
12:36:51.0367 3576 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:36:51.0369 3576 SDRSVC - ok
12:36:51.0380 3576 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:36:51.0382 3576 secdrv - ok
12:36:51.0404 3576 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:36:51.0407 3576 seclogon - ok
12:36:51.0419 3576 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
12:36:51.0422 3576 SENS - ok
12:36:51.0437 3576 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:36:51.0439 3576 SensrSvc - ok
12:36:51.0461 3576 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:36:51.0463 3576 Serenum - ok
12:36:51.0473 3576 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:36:51.0483 3576 Serial - ok
12:36:51.0493 3576 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:36:51.0500 3576 sermouse - ok
12:36:51.0539 3576 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:36:51.0541 3576 SessionEnv - ok
12:36:51.0567 3576 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:36:51.0574 3576 sffdisk - ok
12:36:51.0583 3576 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:36:51.0584 3576 sffp_mmc - ok
12:36:51.0594 3576 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:36:51.0595 3576 sffp_sd - ok
12:36:51.0613 3576 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:36:51.0614 3576 sfloppy - ok
12:36:51.0657 3576 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:36:51.0674 3576 ShellHWDetection - ok
12:36:51.0702 3576 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:36:51.0712 3576 SiSRaid2 - ok
12:36:51.0727 3576 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:36:51.0729 3576 SiSRaid4 - ok
12:36:51.0756 3576 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:36:51.0758 3576 Smb - ok
12:36:51.0798 3576 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:36:51.0800 3576 SNMPTRAP - ok
12:36:51.0811 3576 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:36:51.0812 3576 spldr - ok
12:36:51.0844 3576 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:36:51.0865 3576 Spooler - ok
12:36:51.0949 3576 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:36:52.0019 3576 sppsvc - ok
12:36:52.0036 3576 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:36:52.0039 3576 sppuinotify - ok
12:36:52.0066 3576 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:36:52.0079 3576 srv - ok
12:36:52.0095 3576 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:36:52.0111 3576 srv2 - ok
12:36:52.0126 3576 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:36:52.0132 3576 srvnet - ok
12:36:52.0166 3576 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:36:52.0174 3576 SSDPSRV - ok
12:36:52.0179 3576 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:36:52.0182 3576 SstpSvc - ok
12:36:52.0202 3576 Steam Client Service - ok
12:36:52.0215 3576 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:36:52.0228 3576 stexstor - ok
12:36:52.0252 3576 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
12:36:52.0254 3576 StillCam - ok
12:36:52.0301 3576 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:36:52.0322 3576 stisvc - ok
12:36:52.0344 3576 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
12:36:52.0345 3576 storflt - ok
12:36:52.0368 3576 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
12:36:52.0376 3576 storvsc - ok
12:36:52.0395 3576 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
12:36:52.0396 3576 swenum - ok
12:36:52.0525 3576 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:36:52.0624 3576 SwitchBoard - ok
12:36:52.0646 3576 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:36:52.0659 3576 swprv - ok
12:36:52.0689 3576 Synth3dVsc - ok
12:36:52.0748 3576 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:36:52.0788 3576 SysMain - ok
12:36:52.0818 3576 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:36:52.0821 3576 TabletInputService - ok
12:36:52.0855 3576 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:36:52.0866 3576 TapiSrv - ok
12:36:52.0877 3576 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:36:52.0880 3576 TBS - ok
12:36:52.0952 3576 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:36:52.0965 3576 Tcpip - ok
12:36:53.0000 3576 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:36:53.0011 3576 TCPIP6 - ok
12:36:53.0044 3576 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:36:53.0045 3576 tcpipreg - ok
12:36:53.0061 3576 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:36:53.0072 3576 TDPIPE - ok
12:36:53.0105 3576 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:36:53.0106 3576 TDTCP - ok
12:36:53.0129 3576 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:36:53.0130 3576 tdx - ok
12:36:53.0253 3576 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
12:36:53.0276 3576 TeamViewer7 - ok
12:36:53.0300 3576 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:36:53.0301 3576 TermDD - ok
12:36:53.0328 3576 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:36:53.0378 3576 TermService - ok
12:36:53.0399 3576 [ 9201BE2BAB8A9FF8E20D8439AE3BB04D ] Themes C:\Windows\system32\themeservice.dll
12:36:53.0401 3576 Themes - ok
12:36:53.0424 3576 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:36:53.0426 3576 THREADORDER - ok
12:36:53.0457 3576 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:36:53.0459 3576 TrkWks - ok
12:36:53.0491 3576 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:36:53.0499 3576 TrustedInstaller - ok
12:36:53.0521 3576 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:36:53.0522 3576 tssecsrv - ok
12:36:53.0541 3576 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:36:53.0559 3576 TsUsbFlt - ok
12:36:53.0578 3576 tsusbhub - ok
12:36:53.0613 3576 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:36:53.0615 3576 tunnel - ok
12:36:53.0629 3576 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:36:53.0631 3576 uagp35 - ok
12:36:53.0729 3576 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:36:53.0744 3576 udfs - ok
12:36:53.0769 3576 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:36:53.0773 3576 UI0Detect - ok
12:36:53.0796 3576 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:36:53.0798 3576 uliagpkx - ok
12:36:53.0825 3576 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:36:53.0839 3576 umbus - ok
12:36:53.0865 3576 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:36:53.0866 3576 UmPass - ok
12:36:53.0899 3576 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
12:36:53.0944 3576 UmRdpService - ok
12:36:53.0966 3576 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:36:53.0979 3576 upnphost - ok
12:36:54.0010 3576 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
12:36:54.0012 3576 USBAAPL64 - ok
12:36:54.0047 3576 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:36:54.0054 3576 usbaudio - ok
12:36:54.0083 3576 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:36:54.0085 3576 usbccgp - ok
12:36:54.0112 3576 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:36:54.0124 3576 usbcir - ok
12:36:54.0144 3576 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:36:54.0145 3576 usbehci - ok
12:36:54.0164 3576 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:36:54.0181 3576 usbhub - ok
12:36:54.0201 3576 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:36:54.0220 3576 usbohci - ok
12:36:54.0245 3576 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:36:54.0247 3576 usbprint - ok
12:36:54.0277 3576 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:36:54.0278 3576 usbscan - ok
12:36:54.0314 3576 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:36:54.0316 3576 USBSTOR - ok
12:36:54.0347 3576 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:36:54.0349 3576 usbuhci - ok
12:36:54.0387 3576 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
12:36:54.0418 3576 usbvideo - ok
12:36:54.0439 3576 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:36:54.0442 3576 UxSms - ok
12:36:54.0456 3576 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:36:54.0458 3576 VaultSvc - ok
12:36:54.0482 3576 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:36:54.0482 3576 vdrvroot - ok
12:36:54.0501 3576 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:36:54.0523 3576 vds - ok
12:36:54.0534 3576 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:36:54.0542 3576 vga - ok
12:36:54.0566 3576 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:36:54.0568 3576 VgaSave - ok
12:36:54.0572 3576 VGPU - ok
12:36:54.0607 3576 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:36:54.0610 3576 vhdmp - ok
12:36:54.0633 3576 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:36:54.0634 3576 viaide - ok
12:36:54.0656 3576 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
12:36:54.0666 3576 vmbus - ok
12:36:54.0680 3576 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
12:36:54.0685 3576 VMBusHID - ok
12:36:54.0700 3576 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:36:54.0702 3576 volmgr - ok
12:36:54.0739 3576 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:36:54.0756 3576 volmgrx - ok
12:36:54.0776 3576 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:36:54.0787 3576 volsnap - ok
12:36:54.0822 3576 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:36:54.0824 3576 vsmraid - ok
12:36:54.0871 3576 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:36:54.0882 3576 VSS - ok
12:36:54.0895 3576 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:36:54.0897 3576 vwifibus - ok
12:36:54.0923 3576 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:36:54.0936 3576 W32Time - ok
12:36:54.0960 3576 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:36:54.0967 3576 WacomPen - ok
12:36:54.0997 3576 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:36:54.0999 3576 WANARP - ok
12:36:55.0007 3576 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:36:55.0008 3576 Wanarpv6 - ok
12:36:55.0094 3576 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:36:55.0107 3576 WatAdminSvc - ok
12:36:55.0166 3576 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:36:55.0208 3576 wbengine - ok
12:36:55.0227 3576 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:36:55.0242 3576 WbioSrvc - ok
12:36:55.0272 3576 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:36:55.0287 3576 wcncsvc - ok
12:36:55.0321 3576 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:36:55.0324 3576 WcsPlugInService - ok
12:36:55.0342 3576 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:36:55.0351 3576 Wd - ok
12:36:55.0381 3576 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:36:55.0398 3576 Wdf01000 - ok
12:36:55.0410 3576 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:36:55.0414 3576 WdiServiceHost - ok
12:36:55.0419 3576 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:36:55.0422 3576 WdiSystemHost - ok
12:36:55.0446 3576 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:36:55.0457 3576 WebClient - ok
12:36:55.0506 3576 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:36:55.0514 3576 Wecsvc - ok
12:36:55.0525 3576 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:36:55.0528 3576 wercplsupport - ok
12:36:55.0546 3576 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:36:55.0548 3576 WerSvc - ok
12:36:55.0564 3576 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:36:55.0565 3576 WfpLwf - ok
12:36:55.0581 3576 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:36:55.0586 3576 WIMMount - ok
12:36:55.0591 3576 WinHttpAutoProxySvc - ok
12:36:55.0633 3576 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:36:55.0634 3576 Winmgmt - ok
12:36:55.0682 3576 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:36:55.0769 3576 WinRM - ok
12:36:55.0802 3576 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:36:55.0813 3576 WinUsb - ok
12:36:55.0844 3576 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:36:55.0869 3576 Wlansvc - ok
12:36:55.0880 3576 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:36:55.0891 3576 WmiAcpi - ok
12:36:55.0922 3576 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:36:55.0938 3576 wmiApSrv - ok
12:36:55.0972 3576 WMPNetworkSvc - ok
12:36:55.0989 3576 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:36:55.0991 3576 WPCSvc - ok
12:36:56.0001 3576 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:36:56.0005 3576 WPDBusEnum - ok
12:36:56.0014 3576 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:36:56.0015 3576 ws2ifsl - ok
12:36:56.0045 3576 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
12:36:56.0056 3576 WSDPrintDevice - ok
12:36:56.0061 3576 WSearch - ok
12:36:56.0079 3576 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:36:56.0081 3576 WudfPf - ok
12:36:56.0114 3576 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:36:56.0117 3576 wudfsvc - ok
12:36:56.0139 3576 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:36:56.0152 3576 WwanSvc - ok
12:36:56.0169 3576 ================ Scan global ===============================
12:36:56.0191 3576 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:36:56.0218 3576 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:36:56.0238 3576 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:36:56.0261 3576 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:36:56.0295 3576 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:36:56.0309 3576 [Global] - ok
12:36:56.0311 3576 ================ Scan MBR ==================================
12:36:56.0321 3576 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:36:56.0879 3576 \Device\Harddisk0\DR0 - ok
12:36:56.0883 3576 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
12:36:57.0234 3576 \Device\Harddisk1\DR1 - ok
12:36:57.0235 3576 ================ Scan VBR ==================================
12:36:57.0305 3576 [ 0D2180597FE20D0619F8F7E515459EBA ] \Device\Harddisk0\DR0\Partition1
12:36:57.0307 3576 \Device\Harddisk0\DR0\Partition1 - ok
12:36:57.0316 3576 [ F6172D85FEBD436DA1917A8590394BD8 ] \Device\Harddisk0\DR0\Partition2
12:36:57.0317 3576 \Device\Harddisk0\DR0\Partition2 - ok
12:36:57.0321 3576 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
12:36:57.0321 3576 \Device\Harddisk1\DR1\Partition1 - ok
12:36:57.0327 3576 [ 6FE5E7BAD73C8BF392EB55C0CC7924CD ] \Device\Harddisk1\DR1\Partition2
12:36:57.0329 3576 \Device\Harddisk1\DR1\Partition2 - ok
12:36:57.0330 3576 ============================================================
12:36:57.0330 3576 Scan finished
12:36:57.0330 3576 ============================================================
12:36:57.0343 3936 Detected object count: 0
12:36:57.0344 3936 Actual detected object count: 0
12:37:41.0106 1372 Deinitialize success


Results From aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-24 12:38:47
-----------------------------
12:38:47.592 OS Version: Windows x64 6.1.7601 Service Pack 1
12:38:47.592 Number of processors: 4 586 0xF0B
12:38:47.593 ComputerName: PETER-PC UserName: Peter
12:38:49.061 Initialize success
12:39:45.805 AVAST engine defs: 12082401
12:40:19.676 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:40:19.679 Disk 0 Vendor: Intel___ 1.0. Size: 476937MB BusType: 8
12:40:19.682 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
12:40:19.684 Disk 1 Vendor: Intel___ 1.0. Size: 3815453MB BusType: 8
12:40:19.690 Disk 0 MBR read successfully
12:40:19.693 Disk 0 MBR scan
12:40:19.766 Disk 0 Windows 7 default MBR code
12:40:19.776 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:40:19.812 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476835 MB offset 206848
12:40:19.876 Disk 0 scanning C:\Windows\system32\drivers
12:40:32.959 Service scanning
12:41:04.277 Modules scanning
12:41:04.285 Disk 0 trace - called modules:
12:41:04.306 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:41:04.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80085fd060]
12:41:04.318 3 CLASSPNP.SYS[fffff88001dc743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8007f39050]
12:41:05.270 AVAST engine scan C:\Windows
12:41:08.488 AVAST engine scan C:\Windows\system32
12:45:31.006 AVAST engine scan C:\Windows\system32\drivers
12:45:46.385 AVAST engine scan C:\Users\Peter
12:50:27.603 Disk 0 MBR has been saved successfully to "C:\Users\Peter\Desktop\MBR.dat"
12:50:27.659 The log file has been saved successfully to "C:\Users\Peter\Desktop\aswMBR.txt"

Results From ESET online scanner:

C:\Users\Peter\AppData\Local\{25B7906A-E8C2-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
C:\Users\Peter\Documents\Dropbox\Sutton\Mods\downloadmanager_Setup.exe a variant of Win32/Adware.iBryte.C application cleaned by deleting - quarantined
C:\Users\Peter\Documents\Dropbox\Sutton\Mods\etype2_V_Setup.exe a variant of Win32/InstallBrain application cleaned by deleting - quarantined
C:\Windows\Installer\{4e38b159-6035-3fca-c45e-6bedd88f081f}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
D:\Software\Antivirus & Antispyware\Norton 2011\Trial Reset\Trial Reset BackUp\1BOX_NTR2011.exe Win32/RiskWare.HackAV.HF application cleaned by deleting - quarantined
D:\Software\Converters\ImTOO 2009\iphone-ringtone-maker-2.1.1.Build.0120\iphone-ringtone-maker.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
D:\Software\Converters\ImTOO_MP4_Video_Converter_6.0.14.1217\mp4-video-converter6.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
D:\Software\Drop Box\setup(ripplex).exe Win32/Induc virus cleaned by deleting - quarantined
D:\Software\Screensavers\setup(ripplex).exe Win32/Induc virus cleaned by deleting - quarantined
D:\Sutton\Mods\downloadmanager_Setup.exe a variant of Win32/Adware.iBryte.C application cleaned by deleting - quarantined
D:\Sutton\Mods\etype2_V_Setup.exe a variant of Win32/InstallBrain application cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:13 AM

Posted 24 August 2012 - 08:48 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

post the generated log

#5 out2late

out2late
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:13 AM

Posted 24 August 2012 - 11:18 PM

Thank you again...

Results From Malwarebytes Anti-Malware:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.25.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Peter :: PETER-PC [administrator]

8/24/2012 10:03:29 PM
mbam-log-2012-08-24 (22-03-29).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 443364
Time elapsed: 1 hour(s), 22 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Results From MiniToolBox:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Peter (administrator) on 24-08-2012 at 23:58:46
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.gopher", ""
"network.proxy.gopher_port", 0
"network.proxy.no_proxies_on", "plimus.com,www.plimus.com,regnow.com,www.regnow.com,"
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
# Any other entries you had go here (new line no # no space);
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com

activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-

2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com

ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net

========================= IP Configuration: ================================

Intel® 82566DC-2 Gigabit Network Connection = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Peter-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82566DC-2 Gigabit Network Connection
Physical Address. . . . . . . . . : 00-1C-C0-2B-9D-50
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::71bf:f1eb:e1a8:3b2a%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.114(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, August 24, 2012 11:43:03 PM
Lease Expires . . . . . . . . . . : Saturday, August 25, 2012 11:43:03 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234888384
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-3B-CF-17-00-1C-C0-2B-9D-50
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{BF1B9B9A-04E2-4212-B066-4723EEBACF4C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: Cisco22116
Address: 192.168.1.1

Name: google.com
Addresses: 2001:4860:4008:802::1005
74.125.226.66
74.125.226.64
74.125.226.70
74.125.226.69
74.125.226.71
74.125.226.72
74.125.226.67
74.125.226.78
74.125.226.65
74.125.226.73
74.125.226.68


Pinging google.com [74.125.226.68] with 32 bytes of data:
Reply from 74.125.226.68: bytes=32 time=24ms TTL=56
Reply from 74.125.226.68: bytes=32 time=25ms TTL=56

Ping statistics for 74.125.226.68:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 24ms, Maximum = 25ms, Average = 24ms
Server: Cisco22116
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.138.253.109
72.30.38.140
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=108ms TTL=49
Reply from 98.139.183.24: bytes=32 time=57ms TTL=49

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 57ms, Maximum = 108ms, Average = 82ms
Server: Cisco22116
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...00 1c c0 2b 9d 50 ......Intel® 82566DC-2 Gigabit Network Connection
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.114 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.114 266
192.168.1.114 255.255.255.255 On-link 192.168.1.114 266
192.168.1.255 255.255.255.255 On-link 192.168.1.114 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.114 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.114 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 266 fe80::/64 On-link
10 266 fe80::71bf:f1eb:e1a8:3b2a/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/24/2012 11:57:35 PM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
This operation returned because the timeout period expired. (HRESULT : 0x800705b4)

(0x800705b4)

Error: (08/24/2012 11:53:25 PM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
This operation returned because the timeout period expired. (HRESULT : 0x800705b4)

(0x800705b4)

Error: (08/24/2012 11:49:19 PM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
This operation returned because the timeout period expired. (HRESULT : 0x800705b4)

(0x800705b4)

Error: (08/24/2012 11:42:23 PM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
This operation returned because the timeout period expired. (HRESULT : 0x800705b4)

(0x800705b4)

Error: (08/24/2012 11:38:11 PM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
This operation returned because the timeout period expired. (HRESULT : 0x800705b4)

(0x800705b4)

Error: (08/24/2012 11:33:59 PM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
This operation returned because the timeout period expired. (HRESULT : 0x800705b4)

(0x800705b4)

Error: (08/24/2012 11:29:47 PM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
This operation returned because the timeout period expired. (HRESULT : 0x800705b4)

(0x800705b4)

Error: (08/24/2012 11:25:26 PM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
This operation returned because the timeout period expired. (HRESULT : 0x800705b4)

(0x800705b4)

Error: (08/24/2012 11:21:15 PM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
This operation returned because the timeout period expired. (HRESULT : 0x800705b4)

(0x800705b4)

Error: (08/24/2012 11:16:54 PM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
This operation returned because the timeout period expired. (HRESULT : 0x800705b4)

(0x800705b4)


System errors:
=============
Error: (08/24/2012 11:55:57 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (08/24/2012 11:55:57 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/24/2012 11:43:08 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/24/2012 11:43:06 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.

Error: (08/24/2012 08:20:17 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/24/2012 08:20:17 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (08/24/2012 08:19:59 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/24/2012 08:19:56 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.

Error: (08/24/2012 08:18:46 PM) (Source: Service Control Manager) (User: )
Description: The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken

in 120000 milliseconds: Restart the service.

Error: (08/24/2012 08:18:46 PM) (Source: Service Control Manager) (User: )
Description: The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds:

Restart the service.


Microsoft Office Sessions:
=========================
Error: (06/21/2012 05:46:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 26 seconds with 0

seconds of active time. This session ended with a crash.

Error: (12/11/2011 11:21:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 43114 seconds with

420 seconds of active time. This session ended with a crash.

Error: (11/14/2011 10:38:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 145 seconds with

120 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 3.1.3)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.2)
Adobe AIR (Version: 2.6.0.19140)
Adobe Community Help (Version: 3.5.23)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Photoshop CS5.1 (Version: 12.1)
Adobe Photoshop Elements 10 (Version: 10.0)
Adobe Photoshop.com Inspiration Browser (Version: 3.07)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
AMD Accelerated Video Transcoding (Version: 2.00.0002)
AMD APP SDK Runtime (Version: 10.0.938.1)
AMD Catalyst Install Manager (Version: 8.0.881.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.70405.2224)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
AVS Audio Converter version 6.1
Bonjour (Version: 3.0.0.10)
Bulletstorm (Version: 1.0.0000.130)
BulletStorm (Version: 1.0.0005.130)
C-Media PCI Audio Device
Call of Duty: Modern Warfare 3 Brady Guide
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.0405.2205.37728)
Catalyst Control Center Graphics Previews Common (Version: 2012.0405.2205.37728)
Catalyst Control Center Localization All (Version: 2012.0405.2205.37728)
ccc-utility64 (Version: 2012.0405.2205.37728)
CCC Help Chinese Standard (Version: 2012.0405.2204.37728)
CCC Help Chinese Traditional (Version: 2012.0405.2204.37728)
CCC Help Czech (Version: 2012.0405.2204.37728)
CCC Help Danish (Version: 2012.0405.2204.37728)
CCC Help Dutch (Version: 2012.0405.2204.37728)
CCC Help English (Version: 2012.0405.2204.37728)
CCC Help Finnish (Version: 2012.0405.2204.37728)
CCC Help French (Version: 2012.0405.2204.37728)
CCC Help German (Version: 2012.0405.2204.37728)
CCC Help Greek (Version: 2012.0405.2204.37728)
CCC Help Hungarian (Version: 2012.0405.2204.37728)
CCC Help Italian (Version: 2012.0405.2204.37728)
CCC Help Japanese (Version: 2012.0405.2204.37728)
CCC Help Korean (Version: 2012.0405.2204.37728)
CCC Help Norwegian (Version: 2012.0405.2204.37728)
CCC Help Polish (Version: 2012.0405.2204.37728)
CCC Help Portuguese (Version: 2012.0405.2204.37728)
CCC Help Russian (Version: 2012.0405.2204.37728)
CCC Help Spanish (Version: 2012.0405.2204.37728)
CCC Help Swedish (Version: 2012.0405.2204.37728)
CCC Help Thai (Version: 2012.0405.2204.37728)
CCC Help Turkish (Version: 2012.0405.2204.37728)
CCleaner (Version: 3.21)
Cisco Connect (Version: 1.4.12100.0)
Click'N Design 3D (V5) (Version: v5.1.4)
CopyTrans Suite
Crysis 2 Maximum Edition
Deus Ex: Human Revolution
Direct Show Ogg Vorbis Filter (remove only)
Dr.Tag v3.0.1 (Version: 3.0.1)
Dropbox (Version: 1.4.7)
Elements 10 Organizer (Version: 10.0)
ESET Online Scanner v3
FileBot (Version: 2.64)
Haali Media Splitter
HandBrake 0.9.6 (Version: 0.9.6)
HB BatchEncoder (Version: 2.3.0)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
Hide IP NG 1.6
HP Officejet Pro 8500 A910 Basic Device Software (Version: 22.50.231.0)
HP Product Detection (Version: 11.14.0001)
HP Update (Version: 5.003.001.001)
Image Resizer for Windows (64 bit) (Version: 3.0.4442.6002)
Image Resizer for Windows (Version: 3.0.4442.6002)
ImTOO iPhone Ringtone Maker (Version: 2.1.1.0120)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel® Network Connections 15.3.68.0 (Version: 15.3.68.0)
Intel® Rapid Storage Technology (Version: 10.1.0.1008)
Intel® Matrix Storage Manager
IrfanView (remove only) (Version: 4.30)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 21 (64-bit) (Version: 6.0.210)
Java™ 6 Update 26 (Version: 6.0.260)
JDownloader 0.9 (Version: 0.9)
LAME v3.99.3 (for Windows)
Magic DVD Ripper V5.5.0
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Mass Effect™ 3 Demo (Version: 1.0.0.0)
Matroska Pack
Media Center 16 (Version: 16)
Media Player Classic - Home Cinema v1.5.0.2827 x64 (Version: 1.5.0.2827)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Monitor Webcam (SP2208WFP) Driver (1.00.08.0720)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MP3 Splitter & Joiner Pro 5.00
Mp3tag v2.52 (Version: v2.52)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Nero Burning ROM 10 (Version: 10.2.11000.12.100)
Nero Burning ROM 10 (Version: 10.5.10300)
Nero BurningROM 10 Help (CHM) (Version: 10.5.10100)
Nero BurnRights 10 (Version: 4.2.10300.0.102)
Nero BurnRights 10 Help (CHM) (Version: 10.5.10000)
Nero Control Center 10 (Version: 10.2.10600.0.6)
Nero ControlCenter 10 Help (CHM) (Version: 10.5.10000)
Nero Core Components 10 (Version: 2.0.17400.8.2)
NVIDIA PhysX (Version: 9.10.0513)
Origin (Version: 8.5.0.4554)
PDF Settings CS5 (Version: 10.0)
Plants vs. Zombies: Game of the Year
PSE10 STI Installer (Version: 10.0)
QuickTime (Version: 7.60.92.0)
Replay Media Catcher 4 (4.4.3) (Version: 4.4.3)
RSH Home Networking Wizard (Version: 4059)
Serious Sam 3 Bonus Content
Serious Sam 3: BFE
Serious Sam Classic: The First Encounter
Serious Sam Classic: The Second Encounter
SnagIt 9 (Version: 9.0.0)
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
System Requirements Lab for Intel (Version: 4.5.3.0)
TeamViewer 7 (Version: 7.0.13989)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Winamp (Version: 5.621 )
WinRAR 4.00 (64-bit) (Version: 4.00.0)

========================= Memory info: ===================================

Percentage of memory in use: 18%
Total physical RAM: 8125.26 MB
Available physical RAM: 6615.72 MB
Total Pagefile: 16248.71 MB
Available Pagefile: 14696.84 MB
Total Virtual: 4095.88 MB
Available Virtual: 3962.66 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:290.53 GB) NTFS
2 Drive d: (Storage) (Fixed) (Total:3725.9 GB) (Free:2627.33 GB) NTFS

========================= Users: ========================================

User accounts for \\PETER-PC

Administrator Guest Peter


**** End of log ****


Results From FSS:

Farbar Service Scanner Version: 06-08-2012
Ran by Peter (administrator) on 25-08-2012 at 00:04:42
Running from "C:\Users\Peter\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


Results From AdwCleaner:

# AdwCleaner v1.801 - Logfile created 08/25/2012 at 00:05:57
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Peter - PETER-PC
# Boot Mode : Normal
# Running from : C:\Users\Peter\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Freeze.com

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\8n1j8cpp.default\prefs.js

C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\8n1j8cpp.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1878 octets] - [25/08/2012 00:05:57]

########## EOF - C:\AdwCleaner[S1].txt - [2006 octets] ##########

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:13 AM

Posted 24 August 2012 - 11:40 PM

Download

wscsvc
defender
wuauserv
BITS

Launch them ,click YES when you get UAC prompt

restart the PC


Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
reset file permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache
Repair hosts


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the FSS log

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#7 out2late

out2late
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:13 AM

Posted 25 August 2012 - 12:43 AM

Results From FSS:

Farbar Service Scanner Version: 06-08-2012
Ran by Peter (administrator) on 25-08-2012 at 01:34:15
Running from "C:\Users\Peter\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


Results From RKILL:

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/25/2012 01:38:41 AM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Peter\Desktop\rkill\rkill-08-25-2012-01-38-44.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 [ZA Reg Hijack]
* C:\Users\Peter\AppData\Local\{4e38b159-6035-3fca-c45e-6bedd88f081f}\ [ZA Dir]
* C:\Users\Peter\AppData\Local\{4e38b159-6035-3fca-c45e-6bedd88f081f}\@ [ZA File]
* C:\Users\Peter\AppData\Local\{4e38b159-6035-3fca-c45e-6bedd88f081f}\L\ [ZA Dir]
* C:\Users\Peter\AppData\Local\{4e38b159-6035-3fca-c45e-6bedd88f081f}\U\ [ZA Dir]
* C:\Windows\installer\{4e38b159-6035-3fca-c45e-6bedd88f081f}\ [ZA Dir]
* C:\Windows\installer\{4e38b159-6035-3fca-c45e-6bedd88f081f}\@ [ZA File]
* C:\Windows\installer\{4e38b159-6035-3fca-c45e-6bedd88f081f}\L\ [ZA Dir]
* C:\Windows\installer\{4e38b159-6035-3fca-c45e-6bedd88f081f}\L\00000004.@ [ZA File]
* C:\Windows\installer\{4e38b159-6035-3fca-c45e-6bedd88f081f}\L\201d3dde [ZA File]
* C:\Windows\installer\{4e38b159-6035-3fca-c45e-6bedd88f081f}\U\ [ZA Dir]

Checking Windows Service Integrity:

* Background Intelligent Transfer Service (BITS) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

* iphlpsvc [Missing ImagePath]

Searching for Missing Digital Signatures:

* C:\Windows\System32\UxTheme.dll [NoSig]
+-> C:\Windows\SysWOW64\uxtheme.dll : 245,760 : 07/13/2009 09:11 PM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9\uxtheme.dll : 332,288 : 07/13/2009 09:41 PM : d29e998e8277666982b4f0303bf4e7af [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_0c2e36cd54a163b4\uxtheme.dll : 245,760 : 07/13/2009 09:11 PM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]

Program finished at: 08/25/2012 01:40:46 AM
Execution time: 0 hours(s), 2 minute(s), and 4 seconds(s)

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:13 AM

Posted 25 August 2012 - 12:47 AM

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Users\Peter\AppData\Local\{4e38b159-6035-3fca-c45e-6bedd88f081f}
C:\Windows\installer\{4e38b159-6035-3fca-c45e-6bedd88f081f}

delete the folders

Press Windows+R key and type

notepad and click ok

Copy this script
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
  65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"

Click on FILE-SAVE AS

Filename:fix.reg
Save as :All files

Launch the FIX.REG

Click YES when you receive a prompt

Run RKILL again and post the new log

#9 out2late

out2late
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:13 AM

Posted 25 August 2012 - 08:11 AM

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/25/2012 09:11:33 AM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* iphlpsvc [Missing ImagePath]

Searching for Missing Digital Signatures:

* C:\Windows\System32\UxTheme.dll [NoSig]
+-> C:\Windows\SysWOW64\uxtheme.dll : 245,760 : 07/13/2009 09:11 PM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_01d98c7b2040a1b9\uxtheme.dll : 332,288 : 07/13/2009 09:41 PM : d29e998e8277666982b4f0303bf4e7af [Pos Repl]
+-> C:\Windows\winsxs\wow64_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_0c2e36cd54a163b4\uxtheme.dll : 245,760 : 07/13/2009 09:11 PM : 43964fa89ccf97ba6be34d69455ac65f [Pos Repl]

Program finished at: 08/25/2012 09:11:43 AM
Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s)

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:13 AM

Posted 25 August 2012 - 08:18 AM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#11 out2late

out2late
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:13 AM

Posted 25 August 2012 - 12:21 PM

Thank you for all your help. I really appreciate it.

Can you recommend protection software?

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:13 AM

Posted 25 August 2012 - 12:52 PM

Microsoft security essentials

http://windows.microsoft.com/en-US/windows/products/security-essentials




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users