Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Zero Access infection


  • Please log in to reply
11 replies to this topic

#1 Admin13

Admin13

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:20 PM

Posted 29 August 2012 - 12:07 AM

I am running win 7-64, Browser is IE 8. Family desktop. I use MSE for real time virus and malware protection, Also Spybot Resident SD helper and Tea Timer.
I use various programs to scan for malware.
Powered up computer Monday morning 8/20 to be greeted by a BSOD. Never had this before on this computer. My wife then informs me that this same thing occured two days earlier when the kids were using it. No details as to what led up to it. I rebooted and was having problems with the keyboard not working so I rebooted in safe mode and ran a Malwarebytes scan. It came up with 1 file detected -Trojan.Dropper.BCminer. I let the software clean it. I checked my MSE and found on 8/17 from about 5:20pm to 12:20am on 8/18 it had found and quarantined multiple trojans, over 300. Trojan:Win64/Sirefef.AD, TrojanDropper:Win32/Sirefef.gen!A, Trojan:Win64/Sirefef, Trojan:Win32/Sirefef.AN, Trojan:Win64/Sirefef.AA, Trojan:Win64/Sirefef.W. The last 4 listed would repeat and be quaratined over a 7 hour period until the computer was shut down. After this discovery on Monday morning 8/20 I decided to disconnect from the internet and shut it down until I had time to investigate further. I did some reasearch over the next week and some additional scans booting up in in normal mode. I did find where this was likely related to the Zero Access virus. I had read where ZA could have hidden code that allowed it to execute instructions even after you think your scanner has removed it. I then ran across the Rkill program recommendation on another site and thought this would show me if there were and malicious processes trying to run. It did not find any bad processes running but did indicate an alert "ZEROACCESS Rootkit symptoms found and listed a specific registry entry. It also indicated that some windows services were either not running, missing or had the incorrect path. My last MBAM, MSE, Malwarebyte & Super Antispyware scans have come up clean but I have not connected to the internet except to get the latest updates for the virus scanners.

I need some assistance to help determine what might be left hiding and how to clean up this system,
Thanks

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:20 PM

Posted 29 August 2012 - 08:22 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Admin13

Admin13
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:20 PM

Posted 29 August 2012 - 11:45 AM

narenxp thanks for the response.
Do I need to disable any of my current security programs before running any of the scans (MSE or Spybot S&D resident HD helper or Tea Timer)

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:20 PM

Posted 29 August 2012 - 12:55 PM

Yes,that should be better

#5 Admin13

Admin13
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:20 PM

Posted 29 August 2012 - 10:24 PM

Here are the Logs. First TDSSKiller.2.8.8.0_29.08.2012_21.31.13_log.txt followed by aswMBR.txt.
Also ran ESET... No Threats detected to post.

I also included the RKILL log that I ran just prior to posting in this forum. It shows * ALERT: ZEROACCESS rootkit symptoms found!
* HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 [ZA Reg Hijack]
as well as missing windows services and an incorrect Imagepath for atapi.sys



21:31:13.0163 2936 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
21:31:13.0163 2936 ============================================================
21:31:13.0163 2936 Current date / time: 2012/08/29 21:31:13.0163
21:31:13.0163 2936 SystemInfo:
21:31:13.0163 2936
21:31:13.0163 2936 OS Version: 6.1.7601 ServicePack: 1.0
21:31:13.0163 2936 Product type: Workstation
21:31:13.0163 2936 ComputerName: DAVE-PC
21:31:13.0163 2936 UserName: Dave
21:31:13.0163 2936 Windows directory: C:\Windows
21:31:13.0163 2936 System windows directory: C:\Windows
21:31:13.0163 2936 Running under WOW64
21:31:13.0163 2936 Processor architecture: Intel x64
21:31:13.0163 2936 Number of processors: 8
21:31:13.0163 2936 Page size: 0x1000
21:31:13.0163 2936 Boot type: Normal boot
21:31:13.0163 2936 ============================================================
21:31:13.0397 2936 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:31:13.0397 2936 ============================================================
21:31:13.0397 2936 \Device\Harddisk0\DR0:
21:31:13.0397 2936 MBR partitions:
21:31:13.0397 2936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x143F000
21:31:13.0397 2936 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1453000, BlocksNum 0x732B3000
21:31:13.0397 2936 ============================================================
21:31:13.0428 2936 C: <-> \Device\Harddisk0\DR0\Partition2
21:31:13.0428 2936 ============================================================
21:31:13.0428 2936 Initialize success
21:31:13.0428 2936 ============================================================
21:31:21.0509 2252 ============================================================
21:31:21.0509 2252 Scan started
21:31:21.0509 2252 Mode: Manual; TDLFS;
21:31:21.0509 2252 ============================================================
21:31:21.0711 2252 ================ Scan system memory ========================
21:31:21.0711 2252 System memory - ok
21:31:21.0711 2252 ================ Scan services =============================
21:31:21.0805 2252 [ 7D9D615201A483D6FA99491C2E655A5A ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
21:31:21.0805 2252 !SASCORE - ok
21:31:21.0930 2252 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:31:21.0930 2252 1394ohci - ok
21:31:21.0961 2252 A2DDA - ok
21:31:22.0023 2252 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:31:22.0023 2252 ACPI - ok
21:31:22.0055 2252 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:31:22.0055 2252 AcpiPmi - ok
21:31:22.0164 2252 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:31:22.0164 2252 AdobeFlashPlayerUpdateSvc - ok
21:31:22.0211 2252 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:31:22.0211 2252 adp94xx - ok
21:31:22.0226 2252 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:31:22.0226 2252 adpahci - ok
21:31:22.0257 2252 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:31:22.0257 2252 adpu320 - ok
21:31:22.0273 2252 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:31:22.0289 2252 AeLookupSvc - ok
21:31:22.0320 2252 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:31:22.0335 2252 AFD - ok
21:31:22.0367 2252 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:31:22.0367 2252 agp440 - ok
21:31:22.0382 2252 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:31:22.0382 2252 ALG - ok
21:31:22.0413 2252 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:31:22.0413 2252 aliide - ok
21:31:22.0429 2252 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:31:22.0429 2252 amdide - ok
21:31:22.0445 2252 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:31:22.0445 2252 AmdK8 - ok
21:31:22.0476 2252 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:31:22.0476 2252 AmdPPM - ok
21:31:22.0523 2252 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:31:22.0523 2252 amdsata - ok
21:31:22.0538 2252 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:31:22.0538 2252 amdsbs - ok
21:31:22.0569 2252 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:31:22.0569 2252 amdxata - ok
21:31:22.0632 2252 [ AF209332E301E198A3CA3B4B7A7083AB ] APCPBEAgent C:\PROGRA~2\APC\POWERC~1\agent\pbeagent.exe
21:31:22.0632 2252 APCPBEAgent - ok
21:31:22.0663 2252 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:31:22.0663 2252 AppID - ok
21:31:22.0694 2252 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:31:22.0694 2252 AppIDSvc - ok
21:31:22.0741 2252 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:31:22.0741 2252 Appinfo - ok
21:31:22.0835 2252 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:31:22.0835 2252 Apple Mobile Device - ok
21:31:22.0881 2252 [ 0EEFF7103E4F3E783F3D2B870AF67F1C ] appliand C:\Windows\system32\DRIVERS\appliand.sys
21:31:22.0881 2252 appliand - ok
21:31:22.0881 2252 [ 0EEFF7103E4F3E783F3D2B870AF67F1C ] appliandMP C:\Windows\system32\DRIVERS\appliand.sys
21:31:22.0881 2252 appliandMP - ok
21:31:22.0897 2252 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:31:22.0897 2252 arc - ok
21:31:22.0913 2252 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:31:22.0913 2252 arcsas - ok
21:31:22.0928 2252 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:31:22.0928 2252 AsyncMac - ok
21:31:22.0944 2252 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:31:22.0944 2252 atapi - ok
21:31:22.0991 2252 [ E0FABC10635C670BD7D89FD214A405D7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
21:31:23.0006 2252 athr - ok
21:31:23.0053 2252 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:31:23.0053 2252 AudioEndpointBuilder - ok
21:31:23.0053 2252 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:31:23.0069 2252 AudioSrv - ok
21:31:23.0100 2252 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:31:23.0100 2252 AxInstSV - ok
21:31:23.0147 2252 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:31:23.0147 2252 b06bdrv - ok
21:31:23.0162 2252 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:31:23.0162 2252 b57nd60a - ok
21:31:23.0225 2252 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:31:23.0225 2252 BDESVC - ok
21:31:23.0256 2252 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:31:23.0256 2252 Beep - ok
21:31:23.0303 2252 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:31:23.0318 2252 BFE - ok
21:31:23.0334 2252 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:31:23.0349 2252 BITS - ok
21:31:23.0365 2252 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:31:23.0365 2252 blbdrive - ok
21:31:23.0427 2252 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:31:23.0427 2252 Bonjour Service - ok
21:31:23.0474 2252 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:31:23.0474 2252 bowser - ok
21:31:23.0490 2252 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:31:23.0490 2252 BrFiltLo - ok
21:31:23.0505 2252 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:31:23.0505 2252 BrFiltUp - ok
21:31:23.0537 2252 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:31:23.0537 2252 Browser - ok
21:31:23.0552 2252 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:31:23.0552 2252 Brserid - ok
21:31:23.0583 2252 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:31:23.0583 2252 BrSerWdm - ok
21:31:23.0583 2252 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:31:23.0583 2252 BrUsbMdm - ok
21:31:23.0599 2252 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:31:23.0599 2252 BrUsbSer - ok
21:31:23.0599 2252 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:31:23.0599 2252 BTHMODEM - ok
21:31:23.0630 2252 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:31:23.0630 2252 bthserv - ok
21:31:23.0677 2252 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:31:23.0677 2252 cdfs - ok
21:31:23.0724 2252 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:31:23.0724 2252 cdrom - ok
21:31:23.0739 2252 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:31:23.0739 2252 CertPropSvc - ok
21:31:23.0771 2252 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:31:23.0771 2252 circlass - ok
21:31:23.0802 2252 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:31:23.0802 2252 CLFS - ok
21:31:23.0864 2252 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:31:23.0864 2252 clr_optimization_v2.0.50727_32 - ok
21:31:23.0911 2252 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:31:23.0911 2252 clr_optimization_v2.0.50727_64 - ok
21:31:23.0973 2252 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:31:23.0973 2252 clr_optimization_v4.0.30319_32 - ok
21:31:24.0036 2252 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:31:24.0036 2252 clr_optimization_v4.0.30319_64 - ok
21:31:24.0083 2252 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:31:24.0083 2252 CmBatt - ok
21:31:24.0114 2252 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:31:24.0114 2252 cmdide - ok
21:31:24.0145 2252 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:31:24.0145 2252 CNG - ok
21:31:24.0176 2252 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:31:24.0176 2252 Compbatt - ok
21:31:24.0223 2252 [ 59D203C3F46F3CA536ECAC0E084CD887 ] CompFilter64 C:\Windows\system32\DRIVERS\lvbflt64.sys
21:31:24.0223 2252 CompFilter64 - ok
21:31:24.0270 2252 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:31:24.0270 2252 CompositeBus - ok
21:31:24.0285 2252 COMSysApp - ok
21:31:24.0301 2252 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:31:24.0301 2252 crcdisk - ok
21:31:24.0348 2252 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
21:31:24.0348 2252 Creative ALchemy AL6 Licensing Service - ok
21:31:24.0363 2252 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
21:31:24.0363 2252 Creative Audio Engine Licensing Service - ok
21:31:24.0410 2252 [ D03466C36EF0E5C7694FF38B45271D9D ] Creative Media Toolbox 6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
21:31:24.0410 2252 Creative Media Toolbox 6 Licensing Service - ok
21:31:24.0457 2252 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:31:24.0457 2252 CryptSvc - ok
21:31:24.0488 2252 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
21:31:24.0488 2252 CTAudSvcService - ok
21:31:24.0535 2252 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:31:24.0535 2252 DcomLaunch - ok
21:31:24.0582 2252 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:31:24.0582 2252 defragsvc - ok
21:31:24.0613 2252 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:31:24.0613 2252 DfsC - ok
21:31:24.0629 2252 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:31:24.0629 2252 Dhcp - ok
21:31:24.0660 2252 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:31:24.0660 2252 discache - ok
21:31:24.0675 2252 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:31:24.0675 2252 Disk - ok
21:31:24.0722 2252 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:31:24.0738 2252 Dnscache - ok
21:31:24.0800 2252 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
21:31:24.0800 2252 DockLoginService - ok
21:31:24.0831 2252 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:31:24.0831 2252 dot3svc - ok
21:31:24.0863 2252 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:31:24.0863 2252 DPS - ok
21:31:24.0878 2252 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:31:24.0894 2252 drmkaud - ok
21:31:24.0925 2252 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:31:24.0925 2252 DXGKrnl - ok
21:31:24.0956 2252 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:31:24.0956 2252 EapHost - ok
21:31:25.0019 2252 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:31:25.0019 2252 ebdrv - ok
21:31:25.0034 2252 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:31:25.0034 2252 EFS - ok
21:31:25.0081 2252 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:31:25.0081 2252 ehRecvr - ok
21:31:25.0112 2252 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:31:25.0112 2252 ehSched - ok
21:31:25.0128 2252 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:31:25.0143 2252 elxstor - ok
21:31:25.0159 2252 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:31:25.0159 2252 ErrDev - ok
21:31:25.0190 2252 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:31:25.0190 2252 EventSystem - ok
21:31:25.0206 2252 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:31:25.0206 2252 exfat - ok
21:31:25.0221 2252 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:31:25.0221 2252 fastfat - ok
21:31:25.0268 2252 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:31:25.0268 2252 Fax - ok
21:31:25.0284 2252 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:31:25.0284 2252 fdc - ok
21:31:25.0299 2252 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:31:25.0299 2252 fdPHost - ok
21:31:25.0299 2252 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:31:25.0299 2252 FDResPub - ok
21:31:25.0331 2252 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:31:25.0331 2252 FileInfo - ok
21:31:25.0346 2252 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:31:25.0346 2252 Filetrace - ok
21:31:25.0393 2252 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:31:25.0393 2252 FLEXnet Licensing Service - ok
21:31:25.0409 2252 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:31:25.0409 2252 flpydisk - ok
21:31:25.0440 2252 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:31:25.0440 2252 FltMgr - ok
21:31:25.0487 2252 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:31:25.0487 2252 FontCache - ok
21:31:25.0533 2252 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:31:25.0533 2252 FontCache3.0.0.0 - ok
21:31:25.0565 2252 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:31:25.0565 2252 FsDepends - ok
21:31:25.0596 2252 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:31:25.0596 2252 Fs_Rec - ok
21:31:25.0627 2252 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:31:25.0627 2252 fvevol - ok
21:31:25.0658 2252 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:31:25.0658 2252 gagp30kx - ok
21:31:25.0705 2252 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:31:25.0705 2252 GEARAspiWDM - ok
21:31:25.0721 2252 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
21:31:25.0721 2252 GoToAssist - ok
21:31:25.0767 2252 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:31:25.0783 2252 gpsvc - ok
21:31:25.0892 2252 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:31:25.0892 2252 gupdate - ok
21:31:25.0923 2252 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:31:25.0923 2252 gupdatem - ok
21:31:25.0970 2252 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:31:25.0970 2252 gusvc - ok
21:31:25.0986 2252 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:31:25.0986 2252 hcw85cir - ok
21:31:26.0017 2252 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:31:26.0033 2252 HdAudAddService - ok
21:31:26.0079 2252 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:31:26.0079 2252 HDAudBus - ok
21:31:26.0095 2252 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:31:26.0095 2252 HidBatt - ok
21:31:26.0111 2252 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:31:26.0111 2252 HidBth - ok
21:31:26.0126 2252 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:31:26.0126 2252 HidIr - ok
21:31:26.0142 2252 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:31:26.0142 2252 hidserv - ok
21:31:26.0189 2252 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:31:26.0189 2252 HidUsb - ok
21:31:26.0220 2252 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:31:26.0220 2252 hkmsvc - ok
21:31:26.0267 2252 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:31:26.0267 2252 HomeGroupListener - ok
21:31:26.0313 2252 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:31:26.0313 2252 HomeGroupProvider - ok
21:31:26.0345 2252 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:31:26.0345 2252 HpSAMD - ok
21:31:26.0423 2252 HPSLPSVC - ok
21:31:26.0454 2252 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:31:26.0454 2252 HTTP - ok
21:31:26.0485 2252 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:31:26.0485 2252 hwpolicy - ok
21:31:26.0532 2252 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:31:26.0532 2252 i8042prt - ok
21:31:26.0594 2252 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:31:26.0594 2252 IAANTMON - ok
21:31:26.0641 2252 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:31:26.0641 2252 iaStor - ok
21:31:26.0688 2252 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:31:26.0688 2252 iaStorV - ok
21:31:26.0750 2252 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:31:26.0750 2252 IDriverT - ok
21:31:26.0797 2252 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:31:26.0797 2252 idsvc - ok
21:31:26.0828 2252 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:31:26.0828 2252 iirsp - ok
21:31:26.0875 2252 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:31:26.0875 2252 IKEEXT - ok
21:31:26.0922 2252 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:31:26.0922 2252 intelide - ok
21:31:26.0937 2252 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:31:26.0937 2252 intelppm - ok
21:31:26.0984 2252 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:31:26.0984 2252 IPBusEnum - ok
21:31:27.0015 2252 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:31:27.0015 2252 IpFilterDriver - ok
21:31:27.0047 2252 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:31:27.0047 2252 iphlpsvc - ok
21:31:27.0078 2252 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:31:27.0078 2252 IPMIDRV - ok
21:31:27.0093 2252 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:31:27.0093 2252 IPNAT - ok
21:31:27.0156 2252 [ 755E4BA6DCE627A2683BB7640553C8D6 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:31:27.0156 2252 iPod Service - ok
21:31:27.0187 2252 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:31:27.0187 2252 IRENUM - ok
21:31:27.0203 2252 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:31:27.0203 2252 isapnp - ok
21:31:27.0234 2252 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:31:27.0234 2252 iScsiPrt - ok
21:31:27.0249 2252 [ 71235F7BAA7E5E79D38157DF7A0F806A ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
21:31:27.0249 2252 JRAID - ok
21:31:27.0281 2252 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:31:27.0281 2252 kbdclass - ok
21:31:27.0327 2252 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:31:27.0327 2252 kbdhid - ok
21:31:27.0343 2252 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:31:27.0343 2252 KeyIso - ok
21:31:27.0374 2252 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:31:27.0374 2252 KSecDD - ok
21:31:27.0390 2252 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:31:27.0390 2252 KSecPkg - ok
21:31:27.0390 2252 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:31:27.0390 2252 ksthunk - ok
21:31:27.0421 2252 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:31:27.0421 2252 KtmRm - ok
21:31:27.0452 2252 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:31:27.0452 2252 LanmanServer - ok
21:31:27.0483 2252 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:31:27.0483 2252 LanmanWorkstation - ok
21:31:27.0499 2252 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:31:27.0499 2252 lltdio - ok
21:31:27.0530 2252 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:31:27.0530 2252 lltdsvc - ok
21:31:27.0546 2252 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:31:27.0546 2252 lmhosts - ok
21:31:27.0561 2252 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:31:27.0561 2252 LSI_FC - ok
21:31:27.0577 2252 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:31:27.0577 2252 LSI_SAS - ok
21:31:27.0577 2252 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:31:27.0577 2252 LSI_SAS2 - ok
21:31:27.0593 2252 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:31:27.0593 2252 LSI_SCSI - ok
21:31:27.0608 2252 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:31:27.0608 2252 luafv - ok
21:31:27.0655 2252 [ B3944D06EB4B64D57BD7E5FE89415F58 ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:31:27.0655 2252 LVPr2M64 - ok
21:31:27.0671 2252 [ B3944D06EB4B64D57BD7E5FE89415F58 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:31:27.0671 2252 LVPr2Mon - ok
21:31:27.0717 2252 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
21:31:27.0717 2252 LVRS64 - ok
21:31:27.0811 2252 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
21:31:27.0842 2252 LVUVC64 - ok
21:31:27.0873 2252 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:31:27.0873 2252 Mcx2Svc - ok
21:31:27.0889 2252 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:31:27.0889 2252 megasas - ok
21:31:27.0905 2252 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:31:27.0905 2252 MegaSR - ok
21:31:27.0905 2252 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:31:27.0905 2252 MMCSS - ok
21:31:27.0920 2252 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:31:27.0920 2252 Modem - ok
21:31:27.0951 2252 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:31:27.0951 2252 monitor - ok
21:31:27.0983 2252 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:31:27.0983 2252 mouclass - ok
21:31:28.0014 2252 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:31:28.0014 2252 mouhid - ok
21:31:28.0045 2252 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:31:28.0045 2252 mountmgr - ok
21:31:28.0107 2252 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
21:31:28.0107 2252 MpFilter - ok
21:31:28.0154 2252 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:31:28.0154 2252 mpio - ok
21:31:28.0185 2252 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:31:28.0185 2252 mpsdrv - ok
21:31:28.0217 2252 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:31:28.0232 2252 MpsSvc - ok
21:31:28.0263 2252 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:31:28.0263 2252 MRxDAV - ok
21:31:28.0295 2252 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:31:28.0295 2252 mrxsmb - ok
21:31:28.0326 2252 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:31:28.0326 2252 mrxsmb10 - ok
21:31:28.0341 2252 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:31:28.0357 2252 mrxsmb20 - ok
21:31:28.0373 2252 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:31:28.0373 2252 msahci - ok
21:31:28.0388 2252 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:31:28.0388 2252 msdsm - ok
21:31:28.0404 2252 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:31:28.0404 2252 MSDTC - ok
21:31:28.0419 2252 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:31:28.0419 2252 Msfs - ok
21:31:28.0451 2252 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:31:28.0451 2252 mshidkmdf - ok
21:31:28.0466 2252 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:31:28.0466 2252 msisadrv - ok
21:31:28.0497 2252 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:31:28.0497 2252 MSiSCSI - ok
21:31:28.0497 2252 msiserver - ok
21:31:28.0513 2252 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:31:28.0513 2252 MSKSSRV - ok
21:31:28.0560 2252 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:31:28.0560 2252 MsMpSvc - ok
21:31:28.0575 2252 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:31:28.0575 2252 MSPCLOCK - ok
21:31:28.0591 2252 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:31:28.0591 2252 MSPQM - ok
21:31:28.0622 2252 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:31:28.0622 2252 MsRPC - ok
21:31:28.0638 2252 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:31:28.0638 2252 mssmbios - ok
21:31:28.0653 2252 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:31:28.0653 2252 MSTEE - ok
21:31:28.0653 2252 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:31:28.0653 2252 MTConfig - ok
21:31:28.0669 2252 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:31:28.0669 2252 Mup - ok
21:31:28.0716 2252 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:31:28.0716 2252 napagent - ok
21:31:28.0731 2252 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:31:28.0747 2252 NativeWifiP - ok
21:31:28.0778 2252 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
21:31:28.0778 2252 NDIS - ok
21:31:28.0794 2252 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:31:28.0794 2252 NdisCap - ok
21:31:28.0809 2252 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:31:28.0809 2252 NdisTapi - ok
21:31:28.0841 2252 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:31:28.0841 2252 Ndisuio - ok
21:31:28.0872 2252 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:31:28.0872 2252 NdisWan - ok
21:31:28.0903 2252 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:31:28.0903 2252 NDProxy - ok
21:31:28.0903 2252 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:31:28.0903 2252 NetBIOS - ok
21:31:28.0919 2252 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:31:28.0919 2252 NetBT - ok
21:31:28.0934 2252 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:31:28.0934 2252 Netlogon - ok
21:31:28.0965 2252 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:31:28.0981 2252 Netman - ok
21:31:28.0997 2252 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:31:28.0997 2252 netprofm - ok
21:31:29.0028 2252 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:31:29.0028 2252 NetTcpPortSharing - ok
21:31:29.0043 2252 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:31:29.0043 2252 nfrd960 - ok
21:31:29.0090 2252 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:31:29.0090 2252 NisDrv - ok
21:31:29.0137 2252 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
21:31:29.0137 2252 NisSrv - ok
21:31:29.0168 2252 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:31:29.0184 2252 NlaSvc - ok
21:31:29.0215 2252 [ 3CEEE0BE85D24D911B9C02714817774C ] NPF C:\Windows\system32\drivers\npf.sys
21:31:29.0215 2252 NPF - ok
21:31:29.0215 2252 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:31:29.0231 2252 Npfs - ok
21:31:29.0246 2252 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:31:29.0246 2252 nsi - ok
21:31:29.0246 2252 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:31:29.0262 2252 nsiproxy - ok
21:31:29.0309 2252 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:31:29.0309 2252 Ntfs - ok
21:31:29.0324 2252 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:31:29.0324 2252 Null - ok
21:31:29.0371 2252 [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
21:31:29.0371 2252 NVHDA - ok
21:31:29.0574 2252 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:31:29.0636 2252 nvlddmkm - ok
21:31:29.0667 2252 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:31:29.0667 2252 nvraid - ok
21:31:29.0699 2252 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:31:29.0699 2252 nvstor - ok
21:31:29.0730 2252 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe
21:31:29.0745 2252 nvsvc - ok
21:31:29.0808 2252 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:31:29.0808 2252 nvUpdatusService - ok
21:31:29.0855 2252 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:31:29.0855 2252 nv_agp - ok
21:31:29.0917 2252 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:31:29.0933 2252 odserv - ok
21:31:29.0964 2252 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:31:29.0964 2252 ohci1394 - ok
21:31:29.0995 2252 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:31:29.0995 2252 ose - ok
21:31:30.0026 2252 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:31:30.0042 2252 p2pimsvc - ok
21:31:30.0057 2252 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:31:30.0057 2252 p2psvc - ok
21:31:30.0089 2252 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:31:30.0089 2252 Parport - ok
21:31:30.0104 2252 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:31:30.0104 2252 partmgr - ok
21:31:30.0120 2252 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:31:30.0135 2252 PcaSvc - ok
21:31:30.0167 2252 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:31:30.0167 2252 pci - ok
21:31:30.0213 2252 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:31:30.0213 2252 pciide - ok
21:31:30.0229 2252 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:31:30.0245 2252 pcmcia - ok
21:31:30.0245 2252 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:31:30.0245 2252 pcw - ok
21:31:30.0260 2252 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:31:30.0276 2252 PEAUTH - ok
21:31:30.0323 2252 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:31:30.0323 2252 PerfHost - ok
21:31:30.0385 2252 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:31:30.0385 2252 pla - ok
21:31:30.0447 2252 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:31:30.0447 2252 PlugPlay - ok
21:31:30.0463 2252 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:31:30.0463 2252 PNRPAutoReg - ok
21:31:30.0463 2252 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:31:30.0463 2252 PNRPsvc - ok
21:31:30.0479 2252 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:31:30.0494 2252 PolicyAgent - ok
21:31:30.0525 2252 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:31:30.0525 2252 Power - ok
21:31:30.0557 2252 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:31:30.0557 2252 PptpMiniport - ok
21:31:30.0572 2252 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:31:30.0572 2252 Processor - ok
21:31:30.0603 2252 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:31:30.0603 2252 ProfSvc - ok
21:31:30.0603 2252 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:31:30.0603 2252 ProtectedStorage - ok
21:31:30.0650 2252 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:31:30.0650 2252 Psched - ok
21:31:30.0697 2252 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
21:31:30.0697 2252 PxHlpa64 - ok
21:31:30.0744 2252 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:31:30.0759 2252 ql2300 - ok
21:31:30.0759 2252 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:31:30.0759 2252 ql40xx - ok
21:31:30.0775 2252 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:31:30.0775 2252 QWAVE - ok
21:31:30.0791 2252 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:31:30.0791 2252 QWAVEdrv - ok
21:31:30.0791 2252 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:31:30.0791 2252 RasAcd - ok
21:31:30.0806 2252 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:31:30.0822 2252 RasAgileVpn - ok
21:31:30.0837 2252 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:31:30.0837 2252 RasAuto - ok
21:31:30.0869 2252 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:31:30.0884 2252 Rasl2tp - ok
21:31:30.0915 2252 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:31:30.0915 2252 RasMan - ok
21:31:30.0931 2252 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:31:30.0931 2252 RasPppoe - ok
21:31:30.0947 2252 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:31:30.0947 2252 RasSstp - ok
21:31:30.0993 2252 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:31:30.0993 2252 rdbss - ok
21:31:30.0993 2252 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:31:30.0993 2252 rdpbus - ok
21:31:31.0009 2252 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:31:31.0009 2252 RDPCDD - ok
21:31:31.0040 2252 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:31:31.0040 2252 RDPENCDD - ok
21:31:31.0056 2252 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:31:31.0056 2252 RDPREFMP - ok
21:31:31.0087 2252 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:31:31.0087 2252 RDPWD - ok
21:31:31.0118 2252 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:31:31.0134 2252 rdyboost - ok
21:31:31.0149 2252 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:31:31.0149 2252 RemoteAccess - ok
21:31:31.0181 2252 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:31:31.0181 2252 RemoteRegistry - ok
21:31:31.0274 2252 [ E0BEF062C8950B698E3D79DF432AD250 ] RoxLiveShare10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
21:31:31.0274 2252 RoxLiveShare10 - ok
21:31:31.0321 2252 [ 8475CEF8C9C7DE0918C61235ED06606A ] RoxMediaDB10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
21:31:31.0321 2252 RoxMediaDB10 - ok
21:31:31.0337 2252 [ 5AB029B4CF15E5FD7BBA73694856C477 ] RoxWatch10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
21:31:31.0337 2252 RoxWatch10 - ok
21:31:31.0368 2252 [ E51A8D02B4BD33EBA1F7A5B76C3766ED ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
21:31:31.0368 2252 rpcapd - ok
21:31:31.0383 2252 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:31:31.0383 2252 RpcEptMapper - ok
21:31:31.0399 2252 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:31:31.0399 2252 RpcLocator - ok
21:31:31.0430 2252 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:31:31.0430 2252 RpcSs - ok
21:31:31.0461 2252 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:31:31.0461 2252 rspndr - ok
21:31:31.0493 2252 [ 2DB8116D52B19216812C4E6D5D837810 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
21:31:31.0493 2252 RSUSBSTOR - ok
21:31:31.0524 2252 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:31:31.0524 2252 RTL8167 - ok
21:31:31.0555 2252 SABProcEnum - ok
21:31:31.0555 2252 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:31:31.0571 2252 SamSs - ok
21:31:31.0617 2252 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
21:31:31.0617 2252 SASDIFSV - ok
21:31:31.0633 2252 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
21:31:31.0633 2252 SASKUTIL - ok
21:31:31.0664 2252 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:31:31.0664 2252 sbp2port - ok
21:31:31.0742 2252 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
21:31:31.0742 2252 SBSDWSCService - ok
21:31:31.0773 2252 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:31:31.0773 2252 SCardSvr - ok
21:31:31.0789 2252 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:31:31.0789 2252 scfilter - ok
21:31:31.0820 2252 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:31:31.0836 2252 Schedule - ok
21:31:31.0867 2252 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:31:31.0867 2252 SCPolicySvc - ok
21:31:31.0898 2252 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:31:31.0898 2252 SDRSVC - ok
21:31:31.0945 2252 SeaPort - ok
21:31:31.0976 2252 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:31:31.0976 2252 secdrv - ok
21:31:32.0007 2252 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:31:32.0007 2252 seclogon - ok
21:31:32.0007 2252 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:31:32.0023 2252 SENS - ok
21:31:32.0039 2252 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:31:32.0039 2252 SensrSvc - ok
21:31:32.0054 2252 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:31:32.0054 2252 Serenum - ok
21:31:32.0070 2252 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:31:32.0070 2252 Serial - ok
21:31:32.0117 2252 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:31:32.0117 2252 sermouse - ok
21:31:32.0163 2252 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:31:32.0163 2252 SessionEnv - ok
21:31:32.0195 2252 SessionLauncher - ok
21:31:32.0226 2252 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:31:32.0226 2252 sffdisk - ok
21:31:32.0257 2252 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:31:32.0257 2252 sffp_mmc - ok
21:31:32.0273 2252 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:31:32.0273 2252 sffp_sd - ok
21:31:32.0288 2252 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:31:32.0288 2252 sfloppy - ok
21:31:32.0335 2252 [ 7F475425582163602EF1589C0071E521 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
21:31:32.0335 2252 SftService - ok
21:31:32.0366 2252 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:31:32.0382 2252 SharedAccess - ok
21:31:32.0413 2252 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:31:32.0413 2252 ShellHWDetection - ok
21:31:32.0429 2252 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:31:32.0429 2252 SiSRaid2 - ok
21:31:32.0444 2252 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:31:32.0444 2252 SiSRaid4 - ok
21:31:32.0444 2252 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:31:32.0444 2252 Smb - ok
21:31:32.0491 2252 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:31:32.0491 2252 SNMPTRAP - ok
21:31:32.0491 2252 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:31:32.0491 2252 spldr - ok
21:31:32.0522 2252 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:31:32.0538 2252 Spooler - ok
21:31:32.0600 2252 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:31:32.0616 2252 sppsvc - ok
21:31:32.0631 2252 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:31:32.0631 2252 sppuinotify - ok
21:31:32.0663 2252 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:31:32.0663 2252 srv - ok
21:31:32.0709 2252 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:31:32.0709 2252 srv2 - ok
21:31:32.0725 2252 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:31:32.0725 2252 srvnet - ok
21:31:32.0741 2252 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:31:32.0756 2252 SSDPSRV - ok
21:31:32.0756 2252 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:31:32.0756 2252 SstpSvc - ok
21:31:32.0803 2252 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:31:32.0819 2252 Stereo Service - ok
21:31:32.0819 2252 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:31:32.0834 2252 stexstor - ok
21:31:32.0865 2252 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:31:32.0865 2252 stisvc - ok
21:31:32.0912 2252 [ 5889618EEBD7D2FF13C30D73FCFF8CD0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
21:31:32.0912 2252 stllssvr - ok
21:31:32.0943 2252 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:31:32.0943 2252 swenum - ok
21:31:32.0959 2252 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:31:32.0959 2252 swprv - ok
21:31:33.0021 2252 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:31:33.0037 2252 SysMain - ok
21:31:33.0084 2252 [ 6B153E518DBE6EF59191152E1ECF7ED4 ] t3 C:\Windows\system32\drivers\t3.sys
21:31:33.0084 2252 t3 - ok
21:31:33.0115 2252 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:31:33.0115 2252 TabletInputService - ok
21:31:33.0131 2252 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:31:33.0131 2252 TapiSrv - ok
21:31:33.0146 2252 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:31:33.0146 2252 TBS - ok
21:31:33.0193 2252 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:31:33.0209 2252 Tcpip - ok
21:31:33.0240 2252 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:31:33.0255 2252 TCPIP6 - ok
21:31:33.0287 2252 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:31:33.0287 2252 tcpipreg - ok
21:31:33.0302 2252 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:31:33.0302 2252 TDPIPE - ok
21:31:33.0333 2252 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:31:33.0333 2252 TDTCP - ok
21:31:33.0380 2252 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:31:33.0380 2252 tdx - ok
21:31:33.0396 2252 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:31:33.0396 2252 TermDD - ok
21:31:33.0443 2252 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:31:33.0443 2252 TermService - ok
21:31:33.0458 2252 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:31:33.0458 2252 Themes - ok
21:31:33.0489 2252 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:31:33.0489 2252 THREADORDER - ok
21:31:33.0521 2252 [ 519CB7D7F697F4BA47DE05845C20F158 ] TlntSvr C:\Windows\System32\tlntsvr.exe
21:31:33.0521 2252 TlntSvr - ok
21:31:33.0536 2252 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:31:33.0552 2252 TrkWks - ok
21:31:33.0583 2252 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:31:33.0583 2252 TrustedInstaller - ok
21:31:33.0614 2252 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:31:33.0614 2252 tssecsrv - ok
21:31:33.0645 2252 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:31:33.0645 2252 TsUsbFlt - ok
21:31:33.0692 2252 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:31:33.0692 2252 tunnel - ok
21:31:33.0708 2252 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:31:33.0708 2252 uagp35 - ok
21:31:33.0755 2252 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:31:33.0755 2252 udfs - ok
21:31:33.0770 2252 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:31:33.0786 2252 UI0Detect - ok
21:31:33.0786 2252 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:31:33.0801 2252 uliagpkx - ok
21:31:33.0833 2252 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:31:33.0833 2252 umbus - ok
21:31:33.0864 2252 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:31:33.0864 2252 UmPass - ok
21:31:33.0942 2252 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
21:31:33.0942 2252 UMVPFSrv - ok
21:31:33.0957 2252 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:31:33.0957 2252 upnphost - ok
21:31:33.0989 2252 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:31:34.0004 2252 USBAAPL64 - ok
21:31:34.0051 2252 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:31:34.0051 2252 usbaudio - ok
21:31:34.0082 2252 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:31:34.0082 2252 usbccgp - ok
21:31:34.0129 2252 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:31:34.0129 2252 usbcir - ok
21:31:34.0145 2252 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:31:34.0145 2252 usbehci - ok
21:31:34.0191 2252 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:31:34.0191 2252 usbhub - ok
21:31:34.0191 2252 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:31:34.0191 2252 usbohci - ok
21:31:34.0207 2252 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:31:34.0207 2252 usbprint - ok
21:31:34.0238 2252 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:31:34.0238 2252 USBSTOR - ok
21:31:34.0254 2252 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:31:34.0254 2252 usbuhci - ok
21:31:34.0301 2252 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:31:34.0301 2252 usbvideo - ok
21:31:34.0316 2252 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:31:34.0316 2252 UxSms - ok
21:31:34.0332 2252 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:31:34.0332 2252 VaultSvc - ok
21:31:34.0347 2252 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:31:34.0347 2252 vdrvroot - ok
21:31:34.0363 2252 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:31:34.0379 2252 vds - ok
21:31:34.0394 2252 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:31:34.0394 2252 vga - ok
21:31:34.0410 2252 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:31:34.0410 2252 VgaSave - ok
21:31:34.0441 2252 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:31:34.0441 2252 vhdmp - ok
21:31:34.0472 2252 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:31:34.0472 2252 viaide - ok
21:31:34.0519 2252 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:31:34.0519 2252 volmgr - ok
21:31:34.0550 2252 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:31:34.0566 2252 volmgrx - ok
21:31:34.0566 2252 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:31:34.0566 2252 volsnap - ok
21:31:34.0613 2252 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:31:34.0613 2252 vsmraid - ok
21:31:34.0659 2252 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:31:34.0675 2252 VSS - ok
21:31:34.0675 2252 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:31:34.0675 2252 vwifibus - ok
21:31:34.0691 2252 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:31:34.0691 2252 vwififlt - ok
21:31:34.0722 2252 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:31:34.0722 2252 W32Time - ok
21:31:34.0737 2252 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:31:34.0737 2252 WacomPen - ok
21:31:34.0769 2252 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:31:34.0769 2252 WANARP - ok
21:31:34.0769 2252 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:31:34.0769 2252 Wanarpv6 - ok
21:31:34.0831 2252 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:31:34.0847 2252 WatAdminSvc - ok
21:31:34.0893 2252 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:31:34.0909 2252 wbengine - ok
21:31:34.0925 2252 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:31:34.0925 2252 WbioSrvc - ok
21:31:34.0956 2252 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:31:34.0956 2252 wcncsvc - ok
21:31:34.0971 2252 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:31:34.0971 2252 WcsPlugInService - ok
21:31:34.0987 2252 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:31:34.0987 2252 Wd - ok
21:31:35.0003 2252 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:31:35.0018 2252 Wdf01000 - ok
21:31:35.0018 2252 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:31:35.0018 2252 WdiServiceHost - ok
21:31:35.0034 2252 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:31:35.0034 2252 WdiSystemHost - ok
21:31:35.0065 2252 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:31:35.0065 2252 WebClient - ok
21:31:35.0081 2252 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:31:35.0096 2252 Wecsvc - ok
21:31:35.0096 2252 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:31:35.0096 2252 wercplsupport - ok
21:31:35.0127 2252 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:31:35.0127 2252 WerSvc - ok
21:31:35.0143 2252 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:31:35.0143 2252 WfpLwf - ok
21:31:35.0174 2252 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
21:31:35.0174 2252 WimFltr - ok
21:31:35.0174 2252 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:31:35.0174 2252 WIMMount - ok
21:31:35.0190 2252 WinDefend - ok
21:31:35.0190 2252 WinHttpAutoProxySvc - ok
21:31:35.0221 2252 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:31:35.0221 2252 Winmgmt - ok
21:31:35.0268 2252 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:31:35.0283 2252 WinRM - ok
21:31:35.0315 2252 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:31:35.0315 2252 WinUsb - ok
21:31:35.0346 2252 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:31:35.0361 2252 Wlansvc - ok
21:31:35.0393 2252 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:31:35.0408 2252 WmiAcpi - ok
21:31:35.0424 2252 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:31:35.0424 2252 wmiApSrv - ok
21:31:35.0439 2252 WMPNetworkSvc - ok
21:31:35.0471 2252 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:31:35.0471 2252 WPCSvc - ok
21:31:35.0471 2252 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:31:35.0471 2252 WPDBusEnum - ok
21:31:35.0486 2252 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:31:35.0486 2252 ws2ifsl - ok
21:31:35.0502 2252 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:31:35.0502 2252 wscsvc - ok
21:31:35.0502 2252 WSearch - ok
21:31:35.0564 2252 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:31:35.0580 2252 wuauserv - ok
21:31:35.0580 2252 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:31:35.0580 2252 WudfPf - ok
21:31:35.0627 2252 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:31:35.0627 2252 WUDFRd - ok
21:31:35.0658 2252 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:31:35.0658 2252 wudfsvc - ok
21:31:35.0673 2252 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:31:35.0673 2252 WwanSvc - ok
21:31:35.0689 2252 ================ Scan global ===============================
21:31:35.0705 2252 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:31:35.0751 2252 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:31:35.0751 2252 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:31:35.0783 2252 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:31:35.0814 2252 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:31:35.0814 2252 [Global] - ok
21:31:35.0814 2252 ================ Scan MBR ==================================
21:31:35.0829 2252 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
21:31:36.0017 2252 \Device\Harddisk0\DR0 - ok
21:31:36.0017 2252 ================ Scan VBR ==================================
21:31:36.0017 2252 [ 974EC0245A3C8483C087C9575C019DCF ] \Device\Harddisk0\DR0\Partition1
21:31:36.0017 2252 \Device\Harddisk0\DR0\Partition1 - ok
21:31:36.0017 2252 [ 027F6250C6D3BB4725CC1B8CAC225526 ] \Device\Harddisk0\DR0\Partition2
21:31:36.0032 2252 \Device\Harddisk0\DR0\Partition2 - ok
21:31:36.0032 2252 ============================================================
21:31:36.0032 2252 Scan finished
21:31:36.0032 2252 ============================================================
21:31:36.0032 3320 Detected object count: 0
21:31:36.0032 3320 Actual detected object count: 0
21:31:38.0513 4644 Deinitialize success


aswMBR
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-29 21:48:00
-----------------------------
21:48:00.678 OS Version: Windows x64 6.1.7601 Service Pack 1
21:48:00.678 Number of processors: 8 586 0x1A05
21:48:00.678 ComputerName: DAVE-PC UserName: Dave
21:48:01.676 Initialize success
21:48:06.731 AVAST engine defs: 12082901
21:48:54.502 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:48:54.502 Disk 0 Vendor: SAMSUNG_ 1AJ1 Size: 953869MB BusType: 3
21:48:54.517 Disk 0 MBR read successfully
21:48:54.517 Disk 0 MBR scan
21:48:54.533 Disk 0 Windows VISTA default MBR code
21:48:54.533 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:48:54.564 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10366 MB offset 81920
21:48:54.595 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 943462 MB offset 21311488
21:48:54.626 Disk 0 scanning C:\Windows\system32\drivers
21:49:04.829 Service scanning
21:49:21.474 Modules scanning
21:49:21.490 Disk 0 trace - called modules:
21:49:21.505 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:49:21.505 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800ae06790]
21:49:21.505 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800ab85050]
21:49:22.348 AVAST engine scan C:\Windows
21:49:26.170 AVAST engine scan C:\Windows\system32
21:51:23.685 AVAST engine scan C:\Windows\system32\drivers
21:51:33.653 AVAST engine scan C:\Users\Dave
22:02:21.819 AVAST engine scan C:\ProgramData
22:05:18.193 Scan finished successfully
22:07:13.446 Disk 0 MBR has been saved successfully to "C:\Users\Dave\Desktop\MBR.dat"
22:07:13.446 The log file has been saved successfully to "C:\Users\Dave\Desktop\aswMBR.txt"


RKILL
Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/26/2012 05:28:23 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 [ZA Reg Hijack]

Checking Windows Service Integrity:

* Background Intelligent Transfer Service (BITS) is not Running.
Startup Type set to: Manual

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

* AppMgmt [Missing Service]
* CscService [Missing Service]
* PeerDistSvc [Missing Service]
* UmRdpService [Missing Service]

* atapi => \SystemRoot\system32\drivers\atapi.sys [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/26/2012 05:28:34 PM
Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:20 PM

Posted 29 August 2012 - 10:27 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#7 Admin13

Admin13
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:20 PM

Posted 30 August 2012 - 07:09 PM

MBAM SCAN RESULTS: No threats found. Log below

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.30.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Dave :: DAVE-PC [administrator]

8/30/2012 6:29:30 PM
mbam-log-2012-08-30 (18-29-30).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 422486
Time elapsed: 46 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


MiniToolBox Results below

MiniToolBox by Farbar Version: 23-07-2012
Ran by Dave (administrator) on 30-08-2012 at 19:32:17
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

There are 15256 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
DW1525 (802.11n) WLAN PCIe Card = Wireless Network Connection (Hardware not present)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Dave-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : d-pcomm.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : d-pcomm.com
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : A4-BA-DB-02-F6-D4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : fd4d:d64a:f597:0:f4ae:6774:f211:dfad(Preferred)
Temporary IPv6 Address. . . . . . : fd4d:d64a:f597:0:1182:f8bb:fb47:343e(Preferred)
Link-local IPv6 Address . . . . . : fe80::f4ae:6774:f211:dfad%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.144(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, August 30, 2012 6:23:18 PM
Lease Expires . . . . . . . . . . : Friday, August 31, 2012 6:23:18 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 245676763
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-F1-C2-33-A4-BA-DB-02-F6-D4
DNS Servers . . . . . . . . . . . : 97.107.80.10
97.107.80.11
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:20a8:28df:9e94:a9ac(Preferred)
Link-local IPv6 Address . . . . . : fe80::20a8:28df:9e94:a9ac%12(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.d-pcomm.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {4E83685C-9DF3-42C0-91C5-51023D9F19F7}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : d-pcomm.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: ns1.cass.net
Address: 97.107.80.10

Name: google.com
Addresses: 2607:f8b0:4009:803::1007
74.125.225.130
74.125.225.131
74.125.225.132
74.125.225.133
74.125.225.134
74.125.225.135
74.125.225.136
74.125.225.137
74.125.225.142
74.125.225.128
74.125.225.129


Pinging google.com [74.125.225.36] with 32 bytes of data:
Reply from 74.125.225.36: bytes=32 time=23ms TTL=53
Reply from 74.125.225.36: bytes=32 time=24ms TTL=53

Ping statistics for 74.125.225.36:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 23ms, Maximum = 24ms, Average = 23ms
Server: ns1.cass.net
Address: 97.107.80.10

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=90ms TTL=46
Reply from 98.138.253.109: bytes=32 time=118ms TTL=46

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 90ms, Maximum = 118ms, Average = 104ms
Server: ns1.cass.net
Address: 97.107.80.10

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...a4 ba db 02 f6 d4 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.144 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.144 266
192.168.1.144 255.255.255.255 On-link 192.168.1.144 266
192.168.1.255 255.255.255.255 On-link 192.168.1.144 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.144 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.144 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:9d38:953c:20a8:28df:9e94:a9ac/128
On-link
10 18 fd4d:d64a:f597::/64 On-link
10 266 fd4d:d64a:f597:0:1182:f8bb:fb47:343e/128
On-link
10 266 fd4d:d64a:f597:0:f4ae:6774:f211:dfad/128
On-link
10 266 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::20a8:28df:9e94:a9ac/128
On-link
10 266 fe80::f4ae:6774:f211:dfad/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
10 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/30/2012 06:27:55 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/30/2012 05:04:09 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/30/2012 04:57:09 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/30/2012 00:32:41 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/30/2012 00:32:33 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (08/30/2012 00:32:03 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (08/30/2012 00:31:41 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (08/30/2012 00:31:09 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/29/2012 10:09:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/29/2012 10:09:58 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (08/30/2012 06:25:33 PM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (08/30/2012 06:23:22 PM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (08/30/2012 04:36:16 PM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (08/30/2012 04:34:09 PM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (08/30/2012 06:43:33 AM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (08/30/2012 06:41:26 AM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (08/29/2012 09:12:38 PM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (08/29/2012 09:10:24 PM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (08/28/2012 07:46:02 PM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (08/28/2012 07:43:53 PM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (04/27/2012 06:18:17 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 773 seconds with 60 seconds of active time. This session ended with a crash.

Error: (12/12/2011 08:25:11 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 17 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/01/2011 00:36:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 32 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/09/2011 08:58:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 952 seconds with 540 seconds of active time. This session ended with a crash.

Error: (04/29/2011 07:55:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3119 seconds with 300 seconds of active time. This session ended with a crash.

Error: (04/08/2011 10:42:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 188 seconds with 180 seconds of active time. This session ended with a crash.

Error: (04/07/2011 10:00:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1204 seconds with 720 seconds of active time. This session ended with a crash.

Error: (01/29/2011 08:22:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9563 seconds with 780 seconds of active time. This session ended with a crash.

Error: (06/29/2010 09:00:57 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4828 seconds with 1140 seconds of active time. This session ended with a crash.

Error: (03/30/2010 07:01:56 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 28 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe Acrobat 9 Standard - English, Français, Deutsch (Version: 9.5.2)
Adobe Acrobat 9.5.2 - CPSID_83708
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Amazon MP3 Downloader 1.0.12 (Version: 1.0.12)
APC PowerChute Business Edition Agent (Version: 8.5.1.601)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Applian Director (Version: 2.01)
Applian Director (Version: 2.1)
Banctec Service Agreement (Version: 2.0.0)
Bonjour (Version: 3.0.0.10)
CameraHelperMsi (Version: 13.30.1395.0)
Creative ALchemy (Version: 1.41)
Creative Audio Control Panel (Version: 3.00)
Creative Diagnostics (Version: 5.11)
Creative Media Toolbox 6 (Shared Components) (Version: 2.80.12)
Creative Media Toolbox 6 (Version: 6.02)
Creative MediaSource 5 (Version: 5.26)
Creative Software AutoUpdate (Version: 1.40)
Creative Sound Blaster Properties x64 Edition
Creative WaveStudio 7 (Version: 7.12)
Dell DataSafe Local Backup - Support Software (Version: 2.31)
Dell DataSafe Local Backup (Version: 9.3.44)
Dell DataSafe Online (Version: 1.2.0009)
Dell Dock (Version: 2.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Version: 3.2.6032.47)
DirectXInstallService (Version: 9.0.2)
EMCGadgets64 (Version: 1.1.501)
erLT (Version: 1.20.138.34)
ESET Online Scanner v3
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
GCalc 3
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.115)
GoToAssist 8.0.0.514
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HitmanPro 3.6 (Version: 3.6.0.146)
Host OpenAL (Version: 1.00)
HP Product Detection (Version: 11.14.0001)
iCloud (Version: 1.1.0.40)
Intel® Matrix Storage Manager
Internet TV for Windows Media Center (Version: 4.2.2.0)
iTunes (Version: 10.6.0.40)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 14 (64-bit) (Version: 6.0.140)
Java™ 6 Update 29 (Version: 6.0.290)
Juniper Networks Host Checker (Version: 7.0.0.16499)
Juniper Networks Setup Client (Version: 2.2.2.8317)
Junk Mail filter update (Version: 14.0.8089.726)
LEGO Digital Designer (Version: 1.6.680)
Logitech Webcam Software (Version: 2.30)
LWS Facebook (Version: 13.30.1346.0)
LWS Gallery (Version: 13.30.1379.0)
LWS Help_main (Version: 13.30.1396.0)
LWS Launcher (Version: 13.30.1379.0)
LWS Motion Detection (Version: 13.30.1395.0)
LWS Pictures And Video (Version: 13.30.1395.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.30.1379.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.30.1346.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Media Player Utilities 5.22 (Version: 5.22)
MediaMonkey 3.2 (Version: 3.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Small Business 2007 (Version: 12.0.6612.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visio Viewer 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA 3D Vision Controller Driver 301.42 (Version: 301.42)
NVIDIA 3D Vision Driver 301.42 (Version: 301.42)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA HD Audio Driver 1.3.16.0 (Version: 1.3.16.0)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0142)
NVIDIA Update 1.8.15 (Version: 1.8.15)
NVIDIA Update Components (Version: 1.8.15)
Plants vs. Zombies
PowerDVD DX (Version: 8.3.5424)
QuickTime (Version: 7.71.80.42)
QuickTime Alternative 3.2.2 (Version: 3.2.2)
Replay AV 8 (Version: 8.83B)
Replay Converter 4 (Version: 4.20)
Replay Media Catcher 4 (4.3.2) (Version: 4.3.2)
Replay Media Splitter 1.10.1106.26 (Version: 1.10.1106.26)
Replay Music (Version: 4.40B)
Replay Telecorder for Skype 1.2.0.8 (Version: 1.2.0.8)
Replay Video Capture 5 (Version: 5.4.2)
Roxio Activation Module (Version: 1.0)
Roxio CinePlayer Decoder Pack (Version: 4.3.0)
Roxio Creator Audio (Version: 3.8.0)
Roxio Creator Copy (Version: 3.8.0)
Roxio Creator Data (Version: 3.8.0)
Roxio Creator Premier (Version: 10.3)
Roxio Creator Premier (Version: 3.8.0)
Roxio Creator Premier 10 (Version: 10.3.345)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio Update Manager (Version: 6.0.0)
Safari (Version: 5.34.52.7)
Skype Toolbars (Version: 5.5.7896)
Skype™ 5.3 (Version: 5.3.120)
Sophos Virus Removal Tool (Version: 2.1)
Sound Blaster X-Fi (Version: 1.0)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 5.0.1108)
System Requirements Lab
Unity Web Player (Version: )
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VD64Inst (Version: 1.00.0000)
Video Padlock (Version: 1.14)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Toolbar (Version: 14.0.8064.206)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Media Center Add-in for Flash (Version: 4.1.2.0)
WinPcap 4.0.2 (Version: 4.0.0.1040)
Yahoo! Detect
YouSendIt Express (Version: 1.5.1)
YouSendIt Express (Version: 2.10.2)

========================= Memory info: ===================================

Percentage of memory in use: 21%
Total physical RAM: 12278.99 MB
Available physical RAM: 9666.66 MB
Total Pagefile: 24556.17 MB
Available Pagefile: 22068.18 MB
Total Virtual: 4095.88 MB
Available Virtual: 3965.05 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:921.35 GB) (Free:681.79 GB) NTFS

========================= Users: ========================================

User accounts for \\DAVE-PC

Administrator Dave Guest
UpdatusUser


**** End of log ****


FSS Log below

Farbar Service Scanner Version: 06-08-2012
Ran by Dave (administrator) on 30-08-2012 at 19:41:40
Running from "C:\Users\Dave\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


Adware Cleaner Log below

# AdwCleaner v2.000 - Logfile created 08/30/2012 at 19:43:57
# Updated 30/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Dave - DAVE-PC
# Boot Mode : Normal
# Running from : C:\Users\Dave\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-4079057742-1074502724-3249906175-1007\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

*************************

AdwCleaner[S1].txt - [2356 octets] - [30/08/2012 19:43:57]

########## EOF - C:\AdwCleaner[S1].txt - [2416 octets] ##########

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:20 PM

Posted 30 August 2012 - 08:58 PM

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

Any current issues?

#9 Admin13

Admin13
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:20 PM

Posted 30 August 2012 - 10:45 PM

I have not experienced any problems since just prior to starting this post. However I have not let anyone else use the computer or go online. I have limited my online use to downloading updates for thes different scanners and downloading email periodically.

RKILL LOG BELOW

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/30/2012 11:33:14 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 [ZA Reg Hijack]

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* AppMgmt [Missing Service]
* CscService [Missing Service]
* PeerDistSvc [Missing Service]
* UmRdpService [Missing Service]

* atapi => \SystemRoot\system32\drivers\atapi.sys [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/30/2012 11:33:25 PM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:20 PM

Posted 30 August 2012 - 11:07 PM

Press Windows+R key and type

notepad and click ok

Copy this script
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
  65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"

Click on FILE-SAVE AS

Filename:fix.reg
Save as :All files

Launch the FIX.REG

Click YES when you receive a prompt

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#11 Admin13

Admin13
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:20 PM

Posted 02 September 2012 - 05:40 PM

narenxp
Thank you for your guidance.
I have followed your last instructions creating and launching fix.reg and that removed the registry key noted.
I then ran TCF and it finished without any problem. I updated the flash player and Java

After some more research regarding the missing services listed in the Rkill log I understand that these are not part of Win 7 Home Pemium.
The only thing I have a question about is this line:
* atapi => \SystemRoot\system32\drivers\atapi.sys [Incorrect ImagePath]
I could not find much about this other than it seems to show up in many of the Rkill logs submitted to BC. Do you have any information on this? Just curious.

Thanks again for your time and service.
Dave from Michigan

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:20 PM

Posted 02 September 2012 - 09:58 PM

atapi => \SystemRoot\system32\drivers\atapi.sys [Incorrect ImagePath]
I could not find much about this other than it seems to show up in many of the Rkill logs submitted to BC. Do you have any information on this? Just curious.


You can ignore it.This is a valid entry.

safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users