Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:DOS/Alureon.A rootkit.bookt.pihar.c


  • This topic is locked This topic is locked
138 replies to this topic

#1 opticalwreck

opticalwreck

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 31 August 2012 - 02:39 PM

Hello all,

Thanks in advance for your time. The first problem was that my computer was rebooting a couple times and then finally wouldn't post giving a 23 DOS beep code. I think this was an issue with my ram timings and I ended up setting them to auto instead of manual. After finally posting, Vista found a Trojan:DOS/Alureon.A and said it was partially removed. I ran a couple tools (realized I should have posted here first.) and TDSSKiller seemed to clean the rest. The issue now is my wireless internet only connects 'local only' so I can't get online and my computer runs at 50% usage when the netgear wnda3100v2 n600 wireless usb is connected. My other computer is also wireless and has no problem getting online, so it doesn't seem to be an ISP or router issue. I'm guessing I'm actually still infected somewhere...here are my logs. The GMER options except 'Services', 'Registry' and 'Files' were all grayed out and when I scan it says 'GMER hasn't found any system modification' so I don't have a log to post. I tried running GMER in safe mode and the options are still grayed. Any help would be appreciated. Thank You.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by devatas at 14:10:07 on 2012-08-31
MicrosoftĂ Windows Vista˘ Ultimate 6.0.6002.2.1252.1.1033.18.8189.6791 [GMT -4:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hdsp32.exe
C:\Windows\System32\hdspmix.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - C:\Windows\SysWOW64\dvmurl.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\devatas\AppData\Roaming\Mozilla\Firefox\Profiles\dkh94l8j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
============= SERVICES / DRIVERS ===============
.
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
R3 hdsp;RME Hammerfall Audio Device;C:\Windows\system32\drivers\hdsp_64.sys --> C:\Windows\system32\drivers\hdsp_64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 gbxavs_x64;gbxavs_x64;C:\Windows\system32\Drivers\gbxavs_x64.sys --> C:\Windows\system32\Drivers\gbxavs_x64.sys [?]
S3 gbxusb_x64;gbxusb_x64;C:\Windows\system32\Drivers\gbxusb_x64.sys --> C:\Windows\system32\Drivers\gbxusb_x64.sys [?]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2009-3-25 30528]
S3 LtcyCfgWDM;PCI Latency Tool Driver Service;C:\Windows\system32\DRIVERS\LtcyCfgWDM.sys --> C:\Windows\system32\DRIVERS\LtcyCfgWDM.sys [?]
S3 MADFUMS;Service for M-Audio MIDISPORT Anniversary DFU;C:\Windows\system32\DRIVERS\madfums.sys --> C:\Windows\system32\DRIVERS\madfums.sys [?]
S3 MAUSBMS;Service for M-Audio MIDISPORT Anniversary Edition;C:\Windows\system32\DRIVERS\mausbms.sys --> C:\Windows\system32\DRIVERS\mausbms.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-10 113120]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 rspLLL;rspLLL;C:\Windows\system32\DRIVERS\rspLLL64.sys --> C:\Windows\system32\DRIVERS\rspLLL64.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;C:\Windows\system32\DRIVERS\WUSB54GCv3.sys --> C:\Windows\system32\DRIVERS\WUSB54GCv3.sys [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S4 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-8-30 913792]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S4 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-3-13 86224]
S4 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-3-13 110032]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-3 89920]
S4 WSWNDA3100;WSWNDA3100;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2012-8-31 303360]
S4 WSWNDA3100v2;WSWNDA3100v2;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2012-8-31 303360]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-08-31 17:49:19 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-31 17:45:57 -------- d-----w- C:\Users\devatas\AppData\Local\temp
2012-08-31 14:48:21 25312 ----a-r- C:\Windows\System32\drivers\SCMNdisP.sys
2012-08-31 14:47:51 1229568 ----a-w- C:\Windows\System32\drivers\bcmwlhigh664.sys
2012-08-31 14:47:50 47632 ----a-w- C:\Windows\System32\drivers\npf.sys
2012-08-31 14:47:48 -------- d-----w- C:\Program Files (x86)\NETGEAR
2012-08-31 03:27:44 -------- d-----w- C:\Program Files\HitmanPro
2012-08-30 17:52:28 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2012-08-30 16:21:53 24960 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2012-08-30 11:46:59 -------- d-----w- C:\Program Files (x86)\IObit
2012-08-30 10:18:41 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3D07A48E-1B35-48F8-BE73-89910911153C}\offreg.dll
2012-08-30 10:15:45 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3D07A48E-1B35-48F8-BE73-89910911153C}\mpengine.dll
2012-08-29 20:11:25 -------- d-----w- C:\$RECYCLE(488).BIN
2012-08-29 20:07:38 -------- d-----w- C:\Users\devatas\AppData\Local\Temp(565)
2012-08-29 19:50:52 98816 ----a-w- C:\Windows\sed.exe
2012-08-29 19:50:52 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-29 19:50:52 256000 ----a-w- C:\Windows\PEV.exe
2012-08-29 19:50:52 208896 ----a-w- C:\Windows\MBR.exe
2012-08-29 18:10:34 -------- d-----w- C:\Users\devatas\AppData\Roaming\Malwarebytes
2012-08-29 18:10:25 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-29 18:10:25 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-29 18:10:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-29 18:08:01 -------- d-----w- C:\ProgramData\HitmanPro
2012-08-29 18:03:45 -------- d-----w- C:\MGtools
2012-08-29 16:46:31 -------- d-----w- C:\TDSSKiller_Quarantine
.
==================== Find3M ====================
.
2012-08-29 13:59:11 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-29 13:59:11 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-21 19:22:02 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-21 19:22:02 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-06 17:53:27 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-07-04 14:33:06 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-06-28 03:28:35 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-28 03:21:17 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-28 03:20:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-28 03:16:25 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-28 03:12:35 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-28 00:27:12 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-28 00:19:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-28 00:18:16 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-28 00:12:08 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-28 00:07:44 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 19:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
.
============= FINISH: 14:10:18.90 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:14 AM

Posted 03 September 2012 - 09:37 AM

Greetings opticalwreck and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. :thumbup2: If you prefer I call you something other than your screen name I would be pleased to do so.

I would like to see the TDSSKiller and Combofix logs which were produced prior to posting. We need a fresh DDS log and another program run as well. GMER is not compatible with 64 bit systems. Please consider and perform the following.


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps are a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.

===================================================


Helping me Help You

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.


===================================================


Additional Information

  • If you have since resolved the original problem you were having, I would appreciate you letting me know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and I will guide you.
    • Explain as best you can what happens with your computer, i.e. it beeps three times, the the black screen starts then goes blank, etc
  • Please tell me if you have your original Windows CD/DVD available.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.

===================================================


Create DDS.txt and Attach.txt

I need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

    DDS.com
    DDS.pif

  • Double click on the Posted Image icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Please copy and paste the contents of both results in your post.
  • Close the program window, and delete the program from your desktop.
You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


===================================================


Posting Previous TDSSKiller log

--------------------

  • Using Windows Explorer navigate to the root directory (normally c:\)
  • Locate the TDSSKiller log which will be named similar to:

    TDSSKiller_version_date_time_log.txt
  • Copy and paste the contents of that document in your reply

===================================================


Obtaining Current ComboFix.txt

--------------------

Please copy and paste the contents of the following file in your reply.

C:\ComboFix.txt


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • DDS.txt
  • Attach.txt
  • TDSSKiller log
  • Combofix.txt
  • FSS.txt

Edited by Oh My, 03 September 2012 - 10:04 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 opticalwreck

opticalwreck
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 05 September 2012 - 01:57 PM

Here are the logs...thanks.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by devatas at 14:44:28 on 2012-09-05
MicrosoftĂ Windows Vista˘ Ultimate 6.0.6002.2.1252.1.1033.18.8189.6908 [GMT -4:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hdsp32.exe
C:\Windows\System32\hdspmix.exe
C:\Windows\system32\WLANExt.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - C:\Windows\SysWOW64\dvmurl.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\devatas\AppData\Roaming\Mozilla\Firefox\Profiles\dkh94l8j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
============= SERVICES / DRIVERS ===============
.
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
R3 hdsp;RME Hammerfall Audio Device;C:\Windows\system32\drivers\hdsp_64.sys --> C:\Windows\system32\drivers\hdsp_64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 gbxavs_x64;gbxavs_x64;C:\Windows\system32\Drivers\gbxavs_x64.sys --> C:\Windows\system32\Drivers\gbxavs_x64.sys [?]
S3 gbxusb_x64;gbxusb_x64;C:\Windows\system32\Drivers\gbxusb_x64.sys --> C:\Windows\system32\Drivers\gbxusb_x64.sys [?]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2009-3-25 30528]
S3 LtcyCfgWDM;PCI Latency Tool Driver Service;C:\Windows\system32\DRIVERS\LtcyCfgWDM.sys --> C:\Windows\system32\DRIVERS\LtcyCfgWDM.sys [?]
S3 MADFUMS;Service for M-Audio MIDISPORT Anniversary DFU;C:\Windows\system32\DRIVERS\madfums.sys --> C:\Windows\system32\DRIVERS\madfums.sys [?]
S3 MAUSBMS;Service for M-Audio MIDISPORT Anniversary Edition;C:\Windows\system32\DRIVERS\mausbms.sys --> C:\Windows\system32\DRIVERS\mausbms.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-10 113120]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 rspLLL;rspLLL;C:\Windows\system32\DRIVERS\rspLLL64.sys --> C:\Windows\system32\DRIVERS\rspLLL64.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;C:\Windows\system32\DRIVERS\WUSB54GCv3.sys --> C:\Windows\system32\DRIVERS\WUSB54GCv3.sys [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S4 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-8-30 913792]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S4 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-3-13 86224]
S4 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-3-13 110032]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-3 89920]
S4 WSWNDA3100;WSWNDA3100;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2012-8-31 303360]
S4 WSWNDA3100v2;WSWNDA3100v2;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2012-8-31 303360]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-08-31 17:49:19 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-31 17:45:57 -------- d-----w- C:\Users\devatas\AppData\Local\temp
2012-08-31 14:48:21 25312 ----a-r- C:\Windows\System32\drivers\SCMNdisP.sys
2012-08-31 14:47:51 1229568 ----a-w- C:\Windows\System32\drivers\bcmwlhigh664.sys
2012-08-31 14:47:50 47632 ----a-w- C:\Windows\System32\drivers\npf.sys
2012-08-31 14:47:48 -------- d-----w- C:\Program Files (x86)\NETGEAR
2012-08-31 03:27:44 -------- d-----w- C:\Program Files\HitmanPro
2012-08-30 17:52:28 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2012-08-30 16:21:53 24960 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2012-08-30 11:46:59 -------- d-----w- C:\Program Files (x86)\IObit
2012-08-30 10:18:41 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3D07A48E-1B35-48F8-BE73-89910911153C}\offreg.dll
2012-08-30 10:15:45 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3D07A48E-1B35-48F8-BE73-89910911153C}\mpengine.dll
2012-08-29 20:11:25 -------- d-----w- C:\$RECYCLE(488).BIN
2012-08-29 20:07:38 -------- d-----w- C:\Users\devatas\AppData\Local\Temp(565)
2012-08-29 19:50:52 98816 ----a-w- C:\Windows\sed.exe
2012-08-29 19:50:52 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-29 19:50:52 256000 ----a-w- C:\Windows\PEV.exe
2012-08-29 19:50:52 208896 ----a-w- C:\Windows\MBR.exe
2012-08-29 18:10:34 -------- d-----w- C:\Users\devatas\AppData\Roaming\Malwarebytes
2012-08-29 18:10:25 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-29 18:10:25 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-29 18:10:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-29 18:08:01 -------- d-----w- C:\ProgramData\HitmanPro
2012-08-29 18:03:45 -------- d-----w- C:\MGtools
2012-08-29 16:46:31 -------- d-----w- C:\TDSSKiller_Quarantine
.
==================== Find3M ====================
.
2012-08-29 13:59:11 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-29 13:59:11 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-21 19:22:02 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-21 19:22:02 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-06 17:53:27 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-07-04 14:33:06 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-06-28 03:28:35 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-28 03:21:17 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-28 03:20:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-28 03:16:25 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-28 03:12:35 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-28 00:27:12 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-28 00:19:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-28 00:18:16 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-28 00:12:08 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-28 00:07:44 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 14:44:40.74 ===============






.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
MicrosoftĂ Windows Vista˘ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 1/1/2008 4:33:12 AM
System Uptime: 9/5/2012 2:27:27 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | EP45-UD3P
Processor: Intel® Core™2 Duo CPU E8600 @ 3.33GHz | Socket 775 | 3334/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 98 GiB total, 12.027 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 391 GiB total, 40.179 GiB free.
F: is FIXED (NTFS) - 443 GiB total, 26.499 GiB free.
G: is FIXED (NTFS) - 932 GiB total, 2.257 GiB free.
H: is FIXED (NTFS) - 2795 GiB total, 1879.147 GiB free.
I: is FIXED (FAT32) - 466 GiB total, 50.283 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Canon MP620 ser Network
Device ID: ROOT\CANON_IJ_NETWORK\0000
Manufacturer: Canon
Name: Canon MP620 ser Network
PNP Device ID: ROOT\CANON_IJ_NETWORK\0000
Service: StillCam
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: PCI Latency Tool Driver
Device ID: ROOT\LTCYCFG_DRV\0000
Manufacturer: Szymon Modzelewski
Name: PCI Latency Tool Driver
PNP Device ID: ROOT\LTCYCFG_DRV\0000
Service: LtcyCfgWDM
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: PCI Latency Tool Driver
Device ID: ROOT\LTCYCFG_DRV\0001
Manufacturer: Szymon Modzelewski
Name: PCI Latency Tool Driver
PNP Device ID: ROOT\LTCYCFG_DRV\0001
Service: LtcyCfgWDM
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: PCI Latency Tool Driver
Device ID: ROOT\LTCYCFG_DRV\0002
Manufacturer: Szymon Modzelewski
Name: PCI Latency Tool Driver
PNP Device ID: ROOT\LTCYCFG_DRV\0002
Service: LtcyCfgWDM
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: PCI Latency Tool Driver
Device ID: ROOT\LTCYCFG_DRV\0003
Manufacturer: Szymon Modzelewski
Name: PCI Latency Tool Driver
PNP Device ID: ROOT\LTCYCFG_DRV\0003
Service: LtcyCfgWDM
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
ÁTorrent
7-Zip 9.21beta
Ableton Live 8
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Advanced SystemCare 5
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Software Update
ATI HYDRAVISION
Avira Free Antivirus
Beatport Downloader
BeatportDownloader
Browser Configuration Utility
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 2.0
Canon MP620 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDBurnerXP
Data Lifeguard Diagnostic for Windows
Driver Sweeper version 3.2.0
DVD Shrink 3.2
FileZilla Client 3.5.3
FileZilla Server (remove only)
Google Chrome
Google Talk Plugin
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HydraVision
ImageMixer 3 SE Ver.3
IsoBuster 2.8.5
K-Lite Codec Pack 6.4.0 (Full)
KORG USB-MIDI Driver Tools for Windows
Live 8.0.1
Live 8.0.8
Live 8.1.1
Live 8.1.5
Live 8.2.1
Live 8.2.2
Live 8.2.5
Live 8.2.8
Malwarebytes Anti-Malware version 1.62.0.1300
Melodyne editor
Melodyne plugin
Melodyne singletrack
Memorex exPressit Label Design Studio
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MidiSport USB
Mixed In Key 4
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
Muon Tau Bassline VSTi
Native Instruments - Kore 2 Controller
Native Instruments Abbey Road 60s Drums
Native Instruments Absynth 5
Native Instruments Battery 3
Native Instruments Battery Library Importer for Maschine
Native Instruments Berlin Concert Grand
Native Instruments Controller Editor
Native Instruments Deep Freq
Native Instruments FM8
Native Instruments Guitar Rig 5
Native Instruments Guitar Rig Mobile I/O
Native Instruments Guitar Rig Pro Library for Maschine
Native Instruments Guitar Rig Session I/O
Native Instruments Hardware Controller Support
Native Instruments Komplete 8
Native Instruments Kontakt 2
Native Instruments Kontakt 5
Native Instruments Kontakt Factory Library
Native Instruments Kore
Native Instruments Kore 2
Native Instruments Kore Controller
Native Instruments Kore Controller Driver
Native Instruments Maschine
Native Instruments Maschine Controller
Native Instruments Maschine Factory Content
Native Instruments Maschine Factory Content 1.5
Native Instruments Maschine Mikro
Native Instruments Massive
Native Instruments New York Concert Grand
Native Instruments Paranormal Spectrums
Native Instruments Rammfire
Native Instruments Reaktor 5
Native Instruments Reaktor Prism
Native Instruments Reaktor Spark R2
Native Instruments Reflektor
Native Instruments Rig Kontrol 3
Native Instruments Scarbee MM-Bass
Native Instruments Scarbee Vintage Keys
Native Instruments Service Center
Native Instruments Sonic Fiction
Native Instruments Studio Drummer
Native Instruments Synthetic Drums Reloaded
Native Instruments The Finger R2
Native Instruments Traktors 12
Native Instruments Transient Master
Native Instruments Upright Piano
Native Instruments Vienna Concert Grand
Native Instruments Vintage Organs
Native Instruments West Africa
NETGEAR WNDA3100v2 wireless USB 2.0 adapter
Ohm Force - Mobilohm VST2
Ohm Force - Ohmicide VST
Ohm Force - Quad Frohmage VST2
OhmForce Frohmage VST2
OhmForce Hematohm VST2
OhmForce Ohmboyz VST2
OhmForce Ohmygod VST2
OhmForce Predatohm VST2
PC Wizard 2012.2.0
PFConfig 1.0.296
Platinum Notes 2.0
PoiZone
Portforward Static IP Address 1.0.44
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
RME DIGICheck
Safari
SeaTools for Windows
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Series II MIDI
SHOUTcast DNAS (remove only)
SHOUTcast Source DSP 1.9.1 (remove only)
SoulSeek 157 NS 13e
Spotify
Toxic Biohazard
Tweaking.com - Advanced System Tweaker
TweakNow PowerPack 2012
TweakNow RegCleaner 2012
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Waves Diamond Bundle v5.2
Waves L3 v5.2
Waves Mercury Bundle
WebEx Support Manager for Internet Explorer
Winamp
Winamp Detector Plug-in
Windows Media Player Firefox Plugin
YouTube Downloader 3.4
.
==== Event Viewer Messages From Past Week ========
.
9/5/2012 2:34:15 PM, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
9/5/2012 2:31:15 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/5/2012 2:29:28 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/5/2012 2:29:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep iaStor
9/5/2012 2:29:28 PM, Error: Service Control Manager [7023] - The Pml Driver HPZ12 service terminated with the following error: The specified module could not be found.
9/5/2012 2:29:28 PM, Error: Service Control Manager [7023] - The Net Driver HPZ12 service terminated with the following error: The specified module could not be found.
9/5/2012 2:29:28 PM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The support for the specified socket type does not exist in this address family.
9/5/2012 2:29:28 PM, Error: Service Control Manager [7023] - The IKE and AuthIP IPsec Keying Modules service terminated with the following error: Load failed
9/5/2012 2:29:28 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The operation completed successfully.
8/31/2012 2:41:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb avkmgr Beep iaStor spldr Wanarpv6
8/31/2012 2:41:53 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/31/2012 2:41:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/31/2012 2:41:13 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
8/31/2012 2:41:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/31/2012 10:48:25 AM, Error: Service Control Manager [7030] - The WSWNDA3100v2 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/31/2012 10:32:21 AM, Error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).
8/31/2012 1:44:16 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
8/31/2012 1:41:20 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/31/2012 1:40:57 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/30/2012 9:28:15 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
8/30/2012 9:28:00 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
8/30/2012 8:48:24 AM, Error: EventLog [6008] - The previous system shutdown at 8:45:03 AM on 8/30/2012 was unexpected.
8/30/2012 8:17:02 AM, Error: EventLog [6008] - The previous system shutdown at 8:14:51 AM on 8/30/2012 was unexpected.
8/30/2012 7:47:04 AM, Error: Service Control Manager [7030] - The Advanced SystemCare Service 5 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/30/2012 7:32:51 AM, Error: EventLog [6008] - The previous system shutdown at 7:30:53 AM on 8/30/2012 was unexpected.
8/30/2012 7:21:59 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr Beep CSC DfsC iaStor NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
8/30/2012 7:21:59 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/30/2012 7:21:59 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
8/30/2012 7:21:59 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/30/2012 7:21:59 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/30/2012 7:21:59 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/30/2012 7:21:59 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
8/30/2012 7:21:59 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/30/2012 7:21:59 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/30/2012 7:21:59 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/30/2012 7:21:59 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
8/30/2012 7:21:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/30/2012 7:21:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/30/2012 7:20:53 AM, Error: EventLog [6008] - The previous system shutdown at 7:19:13 AM on 8/30/2012 was unexpected.
8/30/2012 6:56:13 AM, Error: EventLog [6008] - The previous system shutdown at 6:54:01 AM on 8/30/2012 was unexpected.
8/30/2012 6:26:01 AM, Error: EventLog [6008] - The previous system shutdown at 6:24:02 AM on 8/30/2012 was unexpected.
8/30/2012 6:15:44 AM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.131.1307.0 Loading engine version: 1.1.8601.0
8/30/2012 6:09:00 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor
8/30/2012 6:08:55 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/30/2012 6:07:55 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Canon MP620 series Printer with shared resource name Canon MP620 series Printer. Error 2114. The printer cannot be used by others on the network.
8/30/2012 6:07:43 AM, Error: EventLog [6008] - The previous system shutdown at 6:05:31 AM on 8/30/2012 was unexpected.
8/30/2012 6:04:45 AM, Error: Service Control Manager [7024] - The Avira Realtime Protection service terminated with service-specific error 306 (0x132).
8/30/2012 6:04:34 AM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.131.1307.0 Loading engine version: 1.1.8502.0
8/30/2012 6:03:10 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
8/30/2012 5:57:06 PM, Error: PlugPlayManager [10] - Error writing to server side install pipe
8/30/2012 5:29:25 PM, Error: Service Control Manager [7023] - The Diagnostic Service Host service terminated with the following error: The requested control is not valid for this service.
8/30/2012 2:00:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
8/30/2012 2:00:52 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/30/2012 12:22:59 PM, Error: EventLog [6008] - The previous system shutdown at 12:21:48 PM on 8/30/2012 was unexpected.
8/30/2012 12:01:02 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): 'COMPONENTS' was corrupted and it has been recovered. Some data might have been lost.
8/30/2012 11:59:50 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\COMPONENTS' was corrupted and it has been recovered. Some data might have been lost.
8/30/2012 11:53:35 AM, Error: EventLog [6008] - The previous system shutdown at 11:50:27 AM on 8/30/2012 was unexpected.
8/30/2012 1:58:09 PM, Error: EventLog [6008] - The previous system shutdown at 1:54:59 PM on 8/30/2012 was unexpected.
8/29/2012 5:01:05 PM, Error: EventLog [6008] - The previous system shutdown at 4:58:42 PM on 8/29/2012 was unexpected.
8/29/2012 4:45:42 PM, Error: EventLog [6008] - The previous system shutdown at 4:43:00 PM on 8/29/2012 was unexpected.
8/29/2012 4:26:30 PM, Error: EventLog [6008] - The previous system shutdown at 4:17:55 PM on 8/29/2012 was unexpected.
8/29/2012 3:26:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr CSC DfsC iaStor NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
8/29/2012 3:26:00 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/29/2012 3:26:00 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/29/2012 3:24:59 PM, Error: EventLog [6008] - The previous system shutdown at 3:23:06 PM on 8/29/2012 was unexpected.
8/29/2012 3:22:13 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\devatas\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost.
8/29/2012 3:22:06 PM, Error: EventLog [6008] - The previous system shutdown at 3:19:30 PM on 8/29/2012 was unexpected.
8/29/2012 2:33:29 PM, Error: EventLog [6008] - The previous system shutdown at 2:31:24 PM on 8/29/2012 was unexpected.
8/29/2012 2:21:35 PM, Error: EventLog [6008] - The previous system shutdown at 2:19:40 PM on 8/29/2012 was unexpected.
8/29/2012 2:13:39 PM, Error: EventLog [6008] - The previous system shutdown at 2:11:00 PM on 8/29/2012 was unexpected.
8/29/2012 2:01:00 PM, Error: EventLog [6008] - The previous system shutdown at 1:59:03 PM on 8/29/2012 was unexpected.
8/29/2012 12:56:43 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\RegBack\SYSTEM' was corrupted and it has been recovered. Some data might have been lost.
8/29/2012 12:19:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/29/2012 12:15:32 PM, Error: EventLog [6008] - The previous system shutdown at 12:12:26 PM on 8/29/2012 was unexpected.
8/29/2012 11:50:26 AM, Error: EventLog [6008] - The previous system shutdown at 11:47:12 AM on 8/29/2012 was unexpected.
8/29/2012 11:38:12 AM, Error: EventLog [6008] - The previous system shutdown at 10:17:42 AM on 8/29/2012 was unexpected.
8/29/2012 10:13:42 AM, Error: EventLog [6008] - The previous system shutdown at 10:10:30 AM on 8/29/2012 was unexpected.
8/29/2012 10:08:29 AM, Error: EventLog [6008] - The previous system shutdown at 10:07:00 AM on 8/29/2012 was unexpected.
8/29/2012 10:06:00 AM, Error: EventLog [6008] - The previous system shutdown at 10:03:23 AM on 8/29/2012 was unexpected.
8/29/2012 1:49:03 PM, Error: EventLog [6008] - The previous system shutdown at 1:46:50 PM on 8/29/2012 was unexpected.
8/29/2012 1:30:50 PM, Error: EventLog [6008] - The previous system shutdown at 1:27:59 PM on 8/29/2012 was unexpected.
8/29/2012 1:26:59 PM, Error: EventLog [6008] - The previous system shutdown at 1:25:00 PM on 8/29/2012 was unexpected.
8/29/2012 1:17:59 PM, Error: EventLog [6008] - The previous system shutdown at 1:16:03 PM on 8/29/2012 was unexpected.
.
==== End Of File ===========================





14:38:31.0964 2772 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
14:38:31.0980 2772 ============================================================
14:38:31.0980 2772 Current date / time: 2012/08/30 14:38:31.0980
14:38:31.0980 2772 SystemInfo:
14:38:31.0980 2772
14:38:31.0980 2772 OS Version: 6.0.6002 ServicePack: 2.0
14:38:31.0980 2772 Product type: Workstation
14:38:31.0980 2772 ComputerName: STUDIO-PC
14:38:31.0980 2772 UserName: devatas
14:38:31.0980 2772 Windows directory: C:\Windows
14:38:31.0980 2772 System windows directory: C:\Windows
14:38:31.0980 2772 Running under WOW64
14:38:31.0980 2772 Processor architecture: Intel x64
14:38:31.0980 2772 Number of processors: 2
14:38:31.0980 2772 Page size: 0x1000
14:38:31.0980 2772 Boot type: Normal boot
14:38:31.0980 2772 ============================================================
14:38:32.0666 2772 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:38:32.0666 2772 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:38:32.0666 2772 Drive \Device\Harddisk2\DR2 - Size: 0x3C780000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:38:32.0666 2772 ============================================================
14:38:32.0666 2772 \Device\Harddisk0\DR0:
14:38:32.0666 2772 MBR partitions:
14:38:32.0666 2772 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC350000
14:38:32.0666 2772 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x30D40000
14:38:32.0666 2772 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3D090800, BlocksNum 0x37675000
14:38:32.0666 2772 \Device\Harddisk1\DR1:
14:38:32.0666 2772 MBR partitions:
14:38:32.0666 2772 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
14:38:32.0666 2772 \Device\Harddisk2\DR2:
14:38:32.0666 2772 MBR partitions:
14:38:32.0666 2772 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1E3BE0
14:38:32.0666 2772 ============================================================
14:38:32.0697 2772 C: <-> \Device\Harddisk0\DR0\Partition1
14:38:32.0713 2772 E: <-> \Device\Harddisk0\DR0\Partition2
14:38:32.0728 2772 F: <-> \Device\Harddisk0\DR0\Partition3
14:38:33.0228 2772 G: <-> \Device\Harddisk1\DR1\Partition1
14:38:33.0228 2772 ============================================================
14:38:33.0228 2772 Initialize success
14:38:33.0228 2772 ============================================================
14:38:34.0179 2776 ============================================================
14:38:34.0179 2776 Scan started
14:38:34.0179 2776 Mode: Manual;
14:38:34.0179 2776 ============================================================
14:38:34.0663 2776 ================ Scan system memory ========================
14:38:34.0663 2776 System memory - ok
14:38:34.0678 2776 ================ Scan services =============================
14:38:35.0162 2776 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
14:38:35.0162 2776 ACPI - ok
14:38:35.0224 2776 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:38:35.0224 2776 AdobeARMservice - ok
14:38:35.0240 2776 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:38:35.0240 2776 adp94xx - ok
14:38:35.0271 2776 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:38:35.0271 2776 adpahci - ok
14:38:35.0287 2776 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
14:38:35.0287 2776 adpu160m - ok
14:38:35.0302 2776 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:38:35.0302 2776 adpu320 - ok
14:38:35.0380 2776 [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
14:38:35.0380 2776 AdvancedSystemCareService5 - ok
14:38:35.0396 2776 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:38:35.0396 2776 AeLookupSvc - ok
14:38:35.0427 2776 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
14:38:35.0427 2776 AFD - ok
14:38:35.0443 2776 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:38:35.0443 2776 agp440 - ok
14:38:35.0443 2776 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:38:35.0458 2776 aic78xx - ok
14:38:35.0458 2776 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
14:38:35.0458 2776 ALG - ok
14:38:35.0474 2776 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
14:38:35.0474 2776 aliide - ok
14:38:35.0505 2776 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:38:35.0505 2776 AMD External Events Utility - ok
14:38:35.0505 2776 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
14:38:35.0505 2776 amdide - ok
14:38:35.0521 2776 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:38:35.0521 2776 AmdK8 - ok
14:38:35.0692 2776 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:38:35.0739 2776 amdkmdag - ok
14:38:35.0755 2776 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
14:38:35.0755 2776 amdkmdap - ok
14:38:35.0802 2776 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:38:35.0802 2776 AntiVirSchedulerService - ok
14:38:35.0802 2776 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:38:35.0802 2776 AntiVirService - ok
14:38:35.0817 2776 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
14:38:35.0817 2776 Appinfo - ok
14:38:35.0848 2776 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:38:35.0848 2776 Apple Mobile Device - ok
14:38:35.0864 2776 [ 3DA98C07B18A676180FE7EED924D1673 ] AppMgmt C:\Windows\System32\appmgmts.dll
14:38:35.0864 2776 AppMgmt - ok
14:38:35.0864 2776 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
14:38:35.0864 2776 arc - ok
14:38:35.0880 2776 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:38:35.0880 2776 arcsas - ok
14:38:35.0942 2776 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:38:35.0942 2776 aspnet_state - ok
14:38:35.0958 2776 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:38:35.0958 2776 AsyncMac - ok
14:38:35.0973 2776 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
14:38:35.0973 2776 atapi - ok
14:38:35.0989 2776 atidgllk - ok
14:38:36.0145 2776 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:38:36.0207 2776 atikmdag - ok
14:38:36.0223 2776 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:38:36.0223 2776 AudioEndpointBuilder - ok
14:38:36.0223 2776 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:38:36.0223 2776 AudioSrv - ok
14:38:36.0238 2776 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:38:36.0238 2776 avgntflt - ok
14:38:36.0254 2776 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:38:36.0254 2776 avipbb - ok
14:38:36.0285 2776 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
14:38:36.0285 2776 avkmgr - ok
14:38:36.0316 2776 [ 8B392AFC3634AF2F510B4D53F00AD53A ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
14:38:36.0316 2776 BCMH43XX - ok
14:38:36.0316 2776 Beep - ok
14:38:36.0379 2776 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
14:38:36.0379 2776 BFE - ok
14:38:36.0410 2776 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll
14:38:36.0426 2776 BITS - ok
14:38:36.0426 2776 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
14:38:36.0426 2776 blbdrive - ok
14:38:36.0441 2776 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:38:36.0457 2776 Bonjour Service - ok
14:38:36.0457 2776 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:38:36.0457 2776 bowser - ok
14:38:36.0472 2776 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
14:38:36.0472 2776 BrFiltLo - ok
14:38:36.0488 2776 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
14:38:36.0488 2776 BrFiltUp - ok
14:38:36.0488 2776 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
14:38:36.0488 2776 Browser - ok
14:38:36.0504 2776 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
14:38:36.0504 2776 Brserid - ok
14:38:36.0519 2776 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
14:38:36.0519 2776 BrSerWdm - ok
14:38:36.0519 2776 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
14:38:36.0519 2776 BrUsbMdm - ok
14:38:36.0535 2776 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
14:38:36.0535 2776 BrUsbSer - ok
14:38:36.0535 2776 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:38:36.0535 2776 BTHMODEM - ok
14:38:36.0550 2776 catchme - ok
14:38:36.0566 2776 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:38:36.0566 2776 cdfs - ok
14:38:36.0582 2776 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:38:36.0582 2776 cdrom - ok
14:38:36.0613 2776 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
14:38:36.0613 2776 CertPropSvc - ok
14:38:36.0613 2776 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
14:38:36.0613 2776 circlass - ok
14:38:36.0628 2776 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
14:38:36.0628 2776 CLFS - ok
14:38:36.0675 2776 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:38:36.0675 2776 clr_optimization_v2.0.50727_32 - ok
14:38:36.0769 2776 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:38:36.0769 2776 clr_optimization_v2.0.50727_64 - ok
14:38:36.0800 2776 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:38:36.0800 2776 clr_optimization_v4.0.30319_32 - ok
14:38:36.0800 2776 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:38:36.0800 2776 clr_optimization_v4.0.30319_64 - ok
14:38:36.0816 2776 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:38:36.0816 2776 cmdide - ok
14:38:36.0831 2776 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:38:36.0831 2776 Compbatt - ok
14:38:36.0831 2776 COMSysApp - ok
14:38:36.0847 2776 [ 75DBD5DB9892D7451D0429BEC1AABE1A ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
14:38:36.0847 2776 cpuz135 - ok
14:38:36.0847 2776 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:38:36.0847 2776 crcdisk - ok
14:38:36.0878 2776 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:38:36.0878 2776 CryptSvc - ok
14:38:36.0894 2776 [ F60F50C8ED3FCBE358430B95FE27D09C ] CSC C:\Windows\system32\drivers\csc.sys
14:38:36.0894 2776 CSC - ok
14:38:36.0909 2776 [ 1B5F256D31836ED2BA60B3A6C800200C ] CscService C:\Windows\System32\cscsvc.dll
14:38:36.0925 2776 CscService - ok
14:38:37.0018 2776 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
14:38:37.0034 2776 DcomLaunch - ok
14:38:37.0050 2776 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:38:37.0050 2776 DfsC - ok
14:38:37.0096 2776 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
14:38:37.0112 2776 Dhcp - ok
14:38:37.0128 2776 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
14:38:37.0128 2776 disk - ok
14:38:37.0159 2776 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:38:37.0159 2776 Dnscache - ok
14:38:37.0190 2776 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
14:38:37.0190 2776 dot3svc - ok
14:38:37.0206 2776 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
14:38:37.0206 2776 DPS - ok
14:38:37.0221 2776 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:38:37.0221 2776 drmkaud - ok
14:38:37.0252 2776 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:38:37.0268 2776 DXGKrnl - ok
14:38:37.0268 2776 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
14:38:37.0268 2776 E1G60 - ok
14:38:37.0284 2776 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
14:38:37.0299 2776 EapHost - ok
14:38:37.0315 2776 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
14:38:37.0315 2776 Ecache - ok
14:38:37.0362 2776 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:38:37.0362 2776 ehRecvr - ok
14:38:37.0377 2776 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
14:38:37.0377 2776 ehSched - ok
14:38:37.0408 2776 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
14:38:37.0408 2776 ehstart - ok
14:38:37.0424 2776 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:38:37.0440 2776 elxstor - ok
14:38:37.0455 2776 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
14:38:37.0455 2776 EMDMgmt - ok
14:38:37.0471 2776 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:38:37.0471 2776 ErrDev - ok
14:38:37.0502 2776 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
14:38:37.0502 2776 EventSystem - ok
14:38:37.0518 2776 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
14:38:37.0518 2776 exfat - ok
14:38:37.0533 2776 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:38:37.0533 2776 fastfat - ok
14:38:37.0549 2776 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:38:37.0549 2776 fdc - ok
14:38:37.0564 2776 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
14:38:37.0564 2776 fdPHost - ok
14:38:37.0564 2776 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
14:38:37.0564 2776 FDResPub - ok
14:38:37.0596 2776 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:38:37.0596 2776 FileInfo - ok
14:38:37.0611 2776 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:38:37.0611 2776 Filetrace - ok
14:38:37.0658 2776 [ CFC890FF6797C6C4E4C4B9AD2258AF73 ] FileZilla Server C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
14:38:37.0658 2776 FileZilla Server - ok
14:38:37.0689 2776 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:38:37.0689 2776 flpydisk - ok
14:38:37.0689 2776 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:38:37.0689 2776 FltMgr - ok
14:38:37.0720 2776 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
14:38:37.0736 2776 FontCache - ok
14:38:37.0767 2776 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:38:37.0767 2776 FontCache3.0.0.0 - ok
14:38:37.0783 2776 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:38:37.0783 2776 Fs_Rec - ok
14:38:37.0783 2776 [ 849E38DB7D829962D0233A0A252B60C3 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:38:37.0783 2776 fvevol - ok
14:38:37.0798 2776 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:38:37.0798 2776 gagp30kx - ok
14:38:37.0798 2776 gbxavs - ok
14:38:37.0814 2776 [ 9D1C81C396F05541E190EB734D16E098 ] gbxavs_x64 C:\Windows\system32\Drivers\gbxavs_x64.sys
14:38:37.0814 2776 gbxavs_x64 - ok
14:38:37.0814 2776 gbxusb_svc - ok
14:38:37.0845 2776 [ 22532D7B602FBE4AC20394A9E227B7CC ] gbxusb_x64 C:\Windows\system32\Drivers\gbxusb_x64.sys
14:38:37.0845 2776 gbxusb_x64 - ok
14:38:37.0861 2776 [ 6275303610285B57361F03A375062FBA ] gdrv C:\Windows\gdrv.sys
14:38:37.0861 2776 gdrv - ok
14:38:37.0876 2776 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:38:37.0876 2776 GEARAspiWDM - ok
14:38:37.0908 2776 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
14:38:37.0908 2776 gpsvc - ok
14:38:37.0908 2776 [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64 C:\Windows\GVTDrv64.sys
14:38:37.0908 2776 GVTDrv64 - ok
14:38:37.0939 2776 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:38:37.0939 2776 HdAudAddService - ok
14:38:37.0954 2776 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:38:37.0954 2776 HDAudBus - ok
14:38:37.0986 2776 [ C6B4F400C094D098B921AE62662919BF ] hdsp C:\Windows\system32\drivers\hdsp_64.sys
14:38:37.0986 2776 hdsp - ok
14:38:38.0001 2776 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:38:38.0001 2776 HidBth - ok
14:38:38.0017 2776 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
14:38:38.0017 2776 HidIr - ok
14:38:38.0048 2776 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
14:38:38.0048 2776 hidserv - ok
14:38:38.0064 2776 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:38:38.0064 2776 HidUsb - ok
14:38:38.0079 2776 [ 44F92C1F913E582BEF9CAC66443C6230 ] hitmanpro36 C:\Windows\system32\drivers\hitmanpro36.sys
14:38:38.0079 2776 hitmanpro36 - ok
14:38:38.0095 2776 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
14:38:38.0095 2776 hkmsvc - ok
14:38:38.0110 2776 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
14:38:38.0110 2776 HpCISSs - ok
14:38:38.0142 2776 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:38:38.0142 2776 HTTP - ok
14:38:38.0157 2776 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
14:38:38.0157 2776 i2omp - ok
14:38:38.0173 2776 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:38:38.0173 2776 i8042prt - ok
14:38:38.0188 2776 iaStor - ok
14:38:38.0204 2776 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
14:38:38.0204 2776 iaStorV - ok
14:38:38.0220 2776 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:38:38.0220 2776 IDriverT - ok
14:38:38.0266 2776 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:38:38.0266 2776 idsvc - ok
14:38:38.0282 2776 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:38:38.0282 2776 iirsp - ok
14:38:38.0298 2776 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
14:38:38.0298 2776 IKEEXT - ok
14:38:38.0313 2776 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
14:38:38.0313 2776 intelide - ok
14:38:38.0313 2776 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:38:38.0313 2776 intelppm - ok
14:38:38.0344 2776 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:38:38.0344 2776 IPBusEnum - ok
14:38:38.0360 2776 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:38:38.0360 2776 IpFilterDriver - ok
14:38:38.0376 2776 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:38:38.0376 2776 iphlpsvc - ok
14:38:38.0391 2776 IpInIp - ok
14:38:38.0391 2776 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
14:38:38.0391 2776 IPMIDRV - ok
14:38:38.0407 2776 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
14:38:38.0407 2776 IPNAT - ok
14:38:38.0438 2776 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:38:38.0454 2776 iPod Service - ok
14:38:38.0469 2776 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:38:38.0485 2776 IRENUM - ok
14:38:38.0485 2776 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:38:38.0485 2776 isapnp - ok
14:38:38.0516 2776 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:38:38.0516 2776 iScsiPrt - ok
14:38:38.0532 2776 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
14:38:38.0532 2776 iteatapi - ok
14:38:38.0532 2776 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
14:38:38.0547 2776 iteraid - ok
14:38:38.0547 2776 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:38:38.0547 2776 kbdclass - ok
14:38:38.0563 2776 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:38:38.0563 2776 kbdhid - ok
14:38:38.0578 2776 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
14:38:38.0578 2776 KeyIso - ok
14:38:38.0578 2776 koreavs_x64 - ok
14:38:38.0578 2776 koreusb_x64 - ok
14:38:38.0610 2776 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:38:38.0610 2776 KSecDD - ok
14:38:38.0625 2776 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:38:38.0625 2776 ksthunk - ok
14:38:38.0656 2776 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
14:38:38.0656 2776 KtmRm - ok
14:38:38.0672 2776 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:38:38.0672 2776 LanmanServer - ok
14:38:38.0703 2776 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:38:38.0703 2776 LanmanWorkstation - ok
14:38:38.0703 2776 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:38:38.0703 2776 lltdio - ok
14:38:38.0734 2776 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:38:38.0734 2776 lltdsvc - ok
14:38:38.0750 2776 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:38:38.0750 2776 lmhosts - ok
14:38:38.0766 2776 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:38:38.0766 2776 LSI_FC - ok
14:38:38.0781 2776 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:38:38.0781 2776 LSI_SAS - ok
14:38:38.0797 2776 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:38:38.0797 2776 LSI_SCSI - ok
14:38:38.0812 2776 [ 4C7B3C42082BAD188F4E41BC54401D66 ] LtcyCfgWDM C:\Windows\system32\DRIVERS\LtcyCfgWDM.sys
14:38:38.0812 2776 LtcyCfgWDM - ok
14:38:38.0812 2776 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
14:38:38.0812 2776 luafv - ok
14:38:38.0828 2776 [ 98ECA9EAD93E7AB3F6493732A43DFBE9 ] MADFUMS C:\Windows\system32\DRIVERS\madfums.sys
14:38:38.0828 2776 MADFUMS - ok
14:38:38.0859 2776 [ EFAD1FFB1298A702C6A8B7BD3A4E6700 ] MAUSBMS C:\Windows\system32\DRIVERS\mausbms.sys
14:38:38.0859 2776 MAUSBMS - ok
14:38:38.0875 2776 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:38:38.0875 2776 Mcx2Svc - ok
14:38:38.0890 2776 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
14:38:38.0890 2776 megasas - ok
14:38:38.0906 2776 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
14:38:38.0906 2776 MegaSR - ok
14:38:38.0922 2776 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
14:38:38.0922 2776 MMCSS - ok
14:38:38.0937 2776 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
14:38:38.0937 2776 Modem - ok
14:38:38.0937 2776 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:38:38.0937 2776 monitor - ok
14:38:38.0968 2776 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:38:38.0968 2776 mouclass - ok
14:38:38.0984 2776 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\drivers\mouhid.sys
14:38:38.0984 2776 mouhid - ok
14:38:38.0984 2776 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
14:38:38.0984 2776 MountMgr - ok
14:38:39.0015 2776 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:38:39.0015 2776 MozillaMaintenance - ok
14:38:39.0031 2776 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
14:38:39.0031 2776 mpio - ok
14:38:39.0046 2776 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:38:39.0046 2776 mpsdrv - ok
14:38:39.0062 2776 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
14:38:39.0062 2776 MpsSvc - ok
14:38:39.0078 2776 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
14:38:39.0078 2776 Mraid35x - ok
14:38:39.0093 2776 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:38:39.0093 2776 MRxDAV - ok
14:38:39.0124 2776 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:38:39.0124 2776 mrxsmb - ok
14:38:39.0140 2776 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:38:39.0140 2776 mrxsmb10 - ok
14:38:39.0140 2776 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:38:39.0140 2776 mrxsmb20 - ok
14:38:39.0156 2776 [ AA459F2AB3AB603C357FF117CAE3D818 ] msahci C:\Windows\system32\drivers\msahci.sys
14:38:39.0156 2776 msahci - ok
14:38:39.0171 2776 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:38:39.0171 2776 msdsm - ok
14:38:39.0187 2776 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
14:38:39.0187 2776 MSDTC - ok
14:38:39.0187 2776 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:38:39.0187 2776 Msfs - ok
14:38:39.0202 2776 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:38:39.0202 2776 msisadrv - ok
14:38:39.0218 2776 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:38:39.0234 2776 MSiSCSI - ok
14:38:39.0234 2776 msiserver - ok
14:38:39.0234 2776 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:38:39.0234 2776 MSKSSRV - ok
14:38:39.0249 2776 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:38:39.0249 2776 MSPCLOCK - ok
14:38:39.0249 2776 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:38:39.0249 2776 MSPQM - ok
14:38:39.0265 2776 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:38:39.0265 2776 MsRPC - ok
14:38:39.0280 2776 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:38:39.0280 2776 mssmbios - ok
14:38:39.0296 2776 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:38:39.0296 2776 MSTEE - ok
14:38:39.0296 2776 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
14:38:39.0296 2776 Mup - ok
14:38:39.0312 2776 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
14:38:39.0312 2776 napagent - ok
14:38:39.0327 2776 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:38:39.0327 2776 NativeWifiP - ok
14:38:39.0358 2776 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:38:39.0358 2776 NDIS - ok
14:38:39.0374 2776 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:38:39.0374 2776 NdisTapi - ok
14:38:39.0390 2776 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:38:39.0390 2776 Ndisuio - ok
14:38:39.0405 2776 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:38:39.0405 2776 NdisWan - ok
14:38:39.0405 2776 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:38:39.0405 2776 NDProxy - ok
14:38:39.0405 2776 Net Driver HPZ12 - ok
14:38:39.0421 2776 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:38:39.0421 2776 NetBIOS - ok
14:38:39.0436 2776 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
14:38:39.0436 2776 netbt - ok
14:38:39.0452 2776 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
14:38:39.0452 2776 Netlogon - ok
14:38:39.0468 2776 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
14:38:39.0483 2776 Netman - ok
14:38:39.0499 2776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:38:39.0499 2776 NetMsmqActivator - ok
14:38:39.0499 2776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:38:39.0499 2776 NetPipeActivator - ok
14:38:39.0514 2776 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
14:38:39.0514 2776 netprofm - ok
14:38:39.0514 2776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:38:39.0514 2776 NetTcpActivator - ok
14:38:39.0530 2776 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:38:39.0530 2776 NetTcpPortSharing - ok
14:38:39.0546 2776 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:38:39.0546 2776 nfrd960 - ok
14:38:39.0561 2776 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
14:38:39.0561 2776 NlaSvc - ok
14:38:39.0592 2776 [ FD306FBCCE7ADB1077B709742E7148E9 ] NMSAccessU C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
14:38:39.0592 2776 NMSAccessU - ok
14:38:39.0592 2776 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:38:39.0592 2776 Npfs - ok
14:38:39.0608 2776 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
14:38:39.0608 2776 nsi - ok
14:38:39.0608 2776 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:38:39.0608 2776 nsiproxy - ok
14:38:39.0639 2776 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:38:39.0655 2776 Ntfs - ok
14:38:39.0655 2776 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
14:38:39.0655 2776 Null - ok
14:38:39.0655 2776 NVHDA - ok
14:38:39.0670 2776 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:38:39.0670 2776 nvraid - ok
14:38:39.0686 2776 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:38:39.0686 2776 nvstor - ok
14:38:39.0686 2776 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:38:39.0686 2776 nv_agp - ok
14:38:39.0702 2776 NwlnkFlt - ok
14:38:39.0702 2776 NwlnkFwd - ok
14:38:39.0717 2776 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
14:38:39.0717 2776 ohci1394 - ok
14:38:39.0733 2776 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
14:38:39.0733 2776 p2pimsvc - ok
14:38:39.0748 2776 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
14:38:39.0748 2776 p2psvc - ok
14:38:39.0780 2776 [ 4C6A7FD04DDF4DB88791048382E3EDB1 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:38:39.0780 2776 Parport - ok
14:38:39.0811 2776 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:38:39.0811 2776 partmgr - ok
14:38:39.0811 2776 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
14:38:39.0811 2776 PcaSvc - ok
14:38:39.0842 2776 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
14:38:39.0842 2776 pci - ok
14:38:39.0842 2776 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
14:38:39.0842 2776 pciide - ok
14:38:39.0858 2776 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:38:39.0858 2776 pcmcia - ok
14:38:39.0873 2776 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:38:39.0873 2776 PEAUTH - ok
14:38:39.0936 2776 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:38:39.0936 2776 PerfHost - ok
14:38:39.0967 2776 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
14:38:39.0982 2776 pla - ok
14:38:39.0998 2776 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:38:39.0998 2776 PlugPlay - ok
14:38:39.0998 2776 Pml Driver HPZ12 - ok
14:38:40.0014 2776 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
14:38:40.0029 2776 PNRPAutoReg - ok
14:38:40.0029 2776 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
14:38:40.0045 2776 PNRPsvc - ok
14:38:40.0076 2776 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:38:40.0092 2776 PolicyAgent - ok
14:38:40.0092 2776 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:38:40.0092 2776 PptpMiniport - ok
14:38:40.0107 2776 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
14:38:40.0107 2776 Processor - ok
14:38:40.0123 2776 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
14:38:40.0123 2776 ProfSvc - ok
14:38:40.0138 2776 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
14:38:40.0138 2776 ProtectedStorage - ok
14:38:40.0154 2776 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
14:38:40.0154 2776 PSched - ok
14:38:40.0185 2776 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:38:40.0185 2776 ql2300 - ok
14:38:40.0201 2776 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:38:40.0201 2776 ql40xx - ok
14:38:40.0201 2776 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
14:38:40.0201 2776 QWAVE - ok
14:38:40.0201 2776 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:38:40.0201 2776 QWAVEdrv - ok
14:38:40.0372 2776 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
14:38:40.0404 2776 R300 - ok
14:38:40.0419 2776 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:38:40.0419 2776 RasAcd - ok
14:38:40.0435 2776 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
14:38:40.0435 2776 RasAuto - ok
14:38:40.0450 2776 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:38:40.0450 2776 Rasl2tp - ok
14:38:40.0466 2776 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
14:38:40.0466 2776 RasMan - ok
14:38:40.0497 2776 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:38:40.0497 2776 RasPppoe - ok
14:38:40.0513 2776 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:38:40.0513 2776 RasSstp - ok
14:38:40.0528 2776 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:38:40.0528 2776 rdbss - ok
14:38:40.0528 2776 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:38:40.0528 2776 RDPCDD - ok
14:38:40.0544 2776 [ AE23E79B13FEB62939E2CA1189E71735 ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
14:38:40.0544 2776 rdpdr - ok
14:38:40.0544 2776 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:38:40.0544 2776 RDPENCDD - ok
14:38:40.0591 2776 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:38:40.0591 2776 RDPWD - ok
14:38:40.0622 2776 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:38:40.0622 2776 RemoteAccess - ok
14:38:40.0653 2776 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:38:40.0653 2776 RemoteRegistry - ok
14:38:40.0684 2776 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
14:38:40.0684 2776 RpcLocator - ok
14:38:40.0747 2776 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
14:38:40.0747 2776 RpcSs - ok
14:38:40.0778 2776 [ 079494F9D4BE82BCC68E0792DC4C3F86 ] rspLLL C:\Windows\system32\DRIVERS\rspLLL64.sys
14:38:40.0778 2776 rspLLL - ok
14:38:40.0794 2776 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:38:40.0794 2776 rspndr - ok
14:38:40.0809 2776 [ FAEEED5A8949E6BA611A7B738AD28CEE ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
14:38:40.0809 2776 RTL8169 - ok
14:38:40.0825 2776 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
14:38:40.0825 2776 SamSs - ok
14:38:40.0856 2776 [ 8C8862DC7417D89B375492C981C491F7 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
14:38:40.0856 2776 sbp2port - ok
14:38:40.0872 2776 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:38:40.0872 2776 SCardSvr - ok
14:38:40.0903 2776 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
14:38:40.0903 2776 Schedule - ok
14:38:40.0918 2776 [ 6011CDF54BB6F4C69F38FACCDAD73D7E ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys
14:38:40.0918 2776 SCMNdisP - ok
14:38:40.0934 2776 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:38:40.0934 2776 SCPolicySvc - ok
14:38:40.0965 2776 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:38:40.0965 2776 SDRSVC - ok
14:38:40.0965 2776 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:38:40.0965 2776 secdrv - ok
14:38:40.0996 2776 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
14:38:40.0996 2776 seclogon - ok
14:38:41.0043 2776 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
14:38:41.0043 2776 SENS - ok
14:38:41.0074 2776 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:38:41.0074 2776 Serenum - ok
14:38:41.0074 2776 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:38:41.0074 2776 Serial - ok
14:38:41.0090 2776 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:38:41.0090 2776 sermouse - ok
14:38:41.0121 2776 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
14:38:41.0121 2776 SessionEnv - ok
14:38:41.0137 2776 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:38:41.0137 2776 sffdisk - ok
14:38:41.0152 2776 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:38:41.0152 2776 sffp_mmc - ok
14:38:41.0184 2776 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:38:41.0184 2776 sffp_sd - ok
14:38:41.0199 2776 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:38:41.0199 2776 sfloppy - ok
14:38:41.0230 2776 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:38:41.0230 2776 SharedAccess - ok
14:38:41.0277 2776 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:38:41.0277 2776 ShellHWDetection - ok
14:38:41.0293 2776 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
14:38:41.0293 2776 SiSRaid2 - ok
14:38:41.0308 2776 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:38:41.0308 2776 SiSRaid4 - ok
14:38:41.0371 2776 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
14:38:41.0371 2776 slsvc - ok
14:38:41.0402 2776 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
14:38:41.0402 2776 SLUINotify - ok
14:38:41.0433 2776 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:38:41.0433 2776 Smb - ok
14:38:41.0464 2776 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:38:41.0464 2776 SNMPTRAP - ok
14:38:41.0480 2776 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
14:38:41.0480 2776 spldr - ok
14:38:41.0496 2776 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
14:38:41.0511 2776 Spooler - ok
14:38:41.0527 2776 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
14:38:41.0527 2776 srv - ok
14:38:41.0574 2776 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:38:41.0574 2776 srv2 - ok
14:38:41.0589 2776 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:38:41.0589 2776 srvnet - ok
14:38:41.0620 2776 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:38:41.0620 2776 SSDPSRV - ok
14:38:41.0636 2776 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:38:41.0636 2776 SstpSvc - ok
14:38:41.0667 2776 [ 14B4DB4381E4A55F570D8BB699B791D6 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
14:38:41.0667 2776 StillCam - ok
14:38:41.0683 2776 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
14:38:41.0683 2776 stisvc - ok
14:38:41.0698 2776 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:38:41.0698 2776 swenum - ok
14:38:41.0730 2776 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
14:38:41.0730 2776 swprv - ok
14:38:41.0730 2776 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
14:38:41.0730 2776 Symc8xx - ok
14:38:41.0745 2776 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
14:38:41.0745 2776 Sym_hi - ok
14:38:41.0745 2776 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
14:38:41.0745 2776 Sym_u3 - ok
14:38:41.0776 2776 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
14:38:41.0776 2776 SysMain - ok
14:38:41.0792 2776 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:38:41.0792 2776 TabletInputService - ok
14:38:41.0808 2776 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:38:41.0808 2776 TapiSrv - ok
14:38:41.0823 2776 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
14:38:41.0823 2776 TBS - ok
14:38:41.0854 2776 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:38:41.0854 2776 Tcpip - ok
14:38:41.0886 2776 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
14:38:41.0901 2776 Tcpip6 - ok
14:38:41.0917 2776 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:38:41.0917 2776 tcpipreg - ok
14:38:41.0932 2776 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:38:41.0932 2776 TDPIPE - ok
14:38:41.0932 2776 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:38:41.0932 2776 TDTCP - ok
14:38:41.0964 2776 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:38:41.0964 2776 tdx - ok
14:38:41.0979 2776 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:38:41.0979 2776 TermDD - ok
14:38:41.0995 2776 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
14:38:41.0995 2776 TermService - ok
14:38:42.0010 2776 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
14:38:42.0010 2776 Themes - ok
14:38:42.0026 2776 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
14:38:42.0026 2776 THREADORDER - ok
14:38:42.0042 2776 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
14:38:42.0042 2776 TrkWks - ok
14:38:42.0073 2776 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:38:42.0073 2776 TrustedInstaller - ok
14:38:42.0088 2776 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:38:42.0088 2776 tssecsrv - ok
14:38:42.0104 2776 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
14:38:42.0104 2776 tunmp - ok
14:38:42.0120 2776 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:38:42.0120 2776 tunnel - ok
14:38:42.0135 2776 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:38:42.0135 2776 uagp35 - ok
14:38:42.0151 2776 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:38:42.0151 2776 udfs - ok
14:38:42.0151 2776 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:38:42.0151 2776 UI0Detect - ok
14:38:42.0166 2776 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:38:42.0166 2776 uliagpkx - ok
14:38:42.0182 2776 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
14:38:42.0182 2776 uliahci - ok
14:38:42.0198 2776 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
14:38:42.0198 2776 UlSata - ok
14:38:42.0213 2776 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
14:38:42.0213 2776 ulsata2 - ok
14:38:42.0229 2776 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:38:42.0229 2776 umbus - ok
14:38:42.0244 2776 [ DC5E34F189B827199B9CC8481C648269 ] UmRdpService C:\Windows\System32\umrdp.dll
14:38:42.0244 2776 UmRdpService - ok
14:38:42.0260 2776 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
14:38:42.0260 2776 upnphost - ok
14:38:42.0291 2776 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:38:42.0291 2776 USBAAPL64 - ok
14:38:42.0307 2776 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:38:42.0307 2776 usbaudio - ok
14:38:42.0322 2776 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:38:42.0322 2776 usbccgp - ok
14:38:42.0338 2776 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:38:42.0338 2776 usbcir - ok
14:38:42.0354 2776 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:38:42.0354 2776 usbehci - ok
14:38:42.0369 2776 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:38:42.0369 2776 usbhub - ok
14:38:42.0369 2776 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:38:42.0369 2776 usbohci - ok
14:38:42.0385 2776 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:38:42.0385 2776 usbprint - ok
14:38:42.0385 2776 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:38:42.0385 2776 usbscan - ok
14:38:42.0400 2776 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:38:42.0400 2776 USBSTOR - ok
14:38:42.0416 2776 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:38:42.0416 2776 usbuhci - ok
14:38:42.0416 2776 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
14:38:42.0432 2776 UxSms - ok
14:38:42.0447 2776 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
14:38:42.0447 2776 vds - ok
14:38:42.0463 2776 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:38:42.0463 2776 vga - ok
14:38:42.0478 2776 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:38:42.0478 2776 VgaSave - ok
14:38:42.0478 2776 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
14:38:42.0478 2776 viaide - ok
14:38:42.0494 2776 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:38:42.0494 2776 volmgr - ok
14:38:42.0510 2776 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:38:42.0510 2776 volmgrx - ok
14:38:42.0525 2776 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:38:42.0525 2776 volsnap - ok
14:38:42.0541 2776 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:38:42.0541 2776 vsmraid - ok
14:38:42.0588 2776 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
14:38:42.0588 2776 VSS - ok
14:38:42.0666 2776 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
14:38:42.0666 2776 W32Time - ok
14:38:42.0681 2776 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:38:42.0681 2776 WacomPen - ok
14:38:42.0712 2776 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
14:38:42.0712 2776 Wanarp - ok
14:38:42.0712 2776 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:38:42.0712 2776 Wanarpv6 - ok
14:38:42.0853 2776 [ 48EEE289DF9E4989128B2283F3EEACC6 ] wbengine C:\Windows\system32\wbengine.exe
14:38:42.0868 2776 wbengine - ok
14:38:42.0915 2776 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:38:42.0915 2776 wcncsvc - ok
14:38:42.0915 2776 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:38:42.0931 2776 WcsPlugInService - ok
14:38:42.0931 2776 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
14:38:42.0931 2776 Wd - ok
14:38:42.0962 2776 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
14:38:42.0962 2776 WDC_SAM - ok
14:38:43.0009 2776 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:38:43.0009 2776 Wdf01000 - ok
14:38:43.0024 2776 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:38:43.0024 2776 WdiServiceHost - ok
14:38:43.0024 2776 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:38:43.0024 2776 WdiSystemHost - ok
14:38:43.0024 2776 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
14:38:43.0040 2776 WebClient - ok
14:38:43.0071 2776 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:38:43.0071 2776 Wecsvc - ok
14:38:43.0087 2776 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:38:43.0087 2776 wercplsupport - ok
14:38:43.0102 2776 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
14:38:43.0102 2776 WerSvc - ok
14:38:43.0118 2776 WinDefend - ok
14:38:43.0118 2776 WinHttpAutoProxySvc - ok
14:38:43.0243 2776 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:38:43.0243 2776 Winmgmt - ok
14:38:43.0524 2776 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
14:38:43.0524 2776 WinRM - ok
14:38:43.0555 2776 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:38:43.0570 2776 Wlansvc - ok
14:38:43.0570 2776 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:38:43.0570 2776 WmiAcpi - ok
14:38:43.0586 2776 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:38:43.0586 2776 wmiApSrv - ok
14:38:43.0586 2776 WMPNetworkSvc - ok
14:38:43.0633 2776 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:38:43.0633 2776 WPCSvc - ok
14:38:43.0648 2776 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:38:43.0648 2776 WPDBusEnum - ok
14:38:43.0680 2776 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
14:38:43.0680 2776 WpdUsb - ok
14:38:43.0820 2776 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:38:43.0836 2776 WPFFontCache_v0400 - ok
14:38:43.0836 2776 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:38:43.0836 2776 ws2ifsl - ok
14:38:43.0867 2776 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
14:38:43.0867 2776 wscsvc - ok
14:38:43.0882 2776 [ DE5F5212AB34221DD1618B5FEFE8DB6C ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
14:38:43.0882 2776 WSDPrintDevice - ok
14:38:43.0882 2776 WSearch - ok
14:38:43.0914 2776 [ A2C4DC335656FB7A5A3AC076282534CB ] WSWNDA3100 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
14:38:43.0914 2776 WSWNDA3100 - ok
14:38:43.0960 2776 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:38:43.0976 2776 wuauserv - ok
14:38:43.0992 2776 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:38:43.0992 2776 WUDFRd - ok
14:38:44.0007 2776 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:38:44.0007 2776 wudfsvc - ok
14:38:44.0023 2776 [ C088056DFBA2B3A6955EA596EE5CC507 ] WUSB54GCv3 C:\Windows\system32\DRIVERS\WUSB54GCv3.sys
14:38:44.0023 2776 WUSB54GCv3 - ok
14:38:44.0054 2776 ================ Scan global ===============================
14:38:44.0085 2776 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
14:38:44.0116 2776 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
14:38:44.0116 2776 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
14:38:44.0148 2776 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
14:38:44.0148 2776 [Global] - ok
14:38:44.0148 2776 ================ Scan MBR ==================================
14:38:44.0148 2776 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:38:44.0350 2776 \Device\Harddisk0\DR0 - ok
14:38:44.0350 2776 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
14:38:44.0366 2776 \Device\Harddisk1\DR1 - ok
14:38:44.0366 2776 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
14:38:44.0382 2776 \Device\Harddisk2\DR2 - ok
14:38:44.0382 2776 ================ Scan VBR ==================================
14:38:44.0382 2776 [ 9D78B61A0F6DA08D9288C3C52F70B642 ] \Device\Harddisk0\DR0\Partition1
14:38:44.0382 2776 \Device\Harddisk0\DR0\Partition1 - ok
14:38:44.0397 2776 [ 3B036E39B562FF9BF1C831F9093CEF17 ] \Device\Harddisk0\DR0\Partition2
14:38:44.0397 2776 \Device\Harddisk0\DR0\Partition2 - ok
14:38:44.0413 2776 [ 8CB3E23A6FDFE86532A7F15537B5BF67 ] \Device\Harddisk0\DR0\Partition3
14:38:44.0413 2776 \Device\Harddisk0\DR0\Partition3 - ok
14:38:44.0413 2776 [ 1B8CE0CB73F6F2F8AF3D33812E1F3F71 ] \Device\Harddisk1\DR1\Partition1
14:38:44.0413 2776 \Device\Harddisk1\DR1\Partition1 - ok
14:38:44.0413 2776 [ C5318DD5D96AD4CBBE430F09D9400D03 ] \Device\Harddisk2\DR2\Partition1
14:38:44.0428 2776 \Device\Harddisk2\DR2\Partition1 - ok
14:38:44.0428 2776 ============================================================
14:38:44.0428 2776 Scan finished
14:38:44.0428 2776 ============================================================
14:38:44.0428 2612 Detected object count: 0
14:38:44.0428 2612 Actual detected object count: 0
14:40:53.0097 2384 Deinitialize success





ComboFix 12-08-28.03 - devatas 08/31/2012 13:37:28.1.2 - x64
MicrosoftĂ Windows Vista˘ Ultimate 6.0.6002.2.1252.1.1033.18.8189.6855 [GMT -4:00]
Running from: c:\users\devatas\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-31 )))))))))))))))))))))))))))))))
.
.
2012-08-31 17:41 . 2012-08-31 17:43 -------- d-----w- c:\users\devatas\AppData\Local\temp
2012-08-31 17:41 . 2012-08-31 17:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-31 14:48 . 2007-01-19 22:24 25312 ----a-r- c:\windows\system32\drivers\SCMNdisP.sys
2012-08-31 14:47 . 2011-12-12 21:37 1229568 ----a-w- c:\windows\system32\drivers\bcmwlhigh664.sys
2012-08-31 14:47 . 2010-02-03 15:20 47632 ----a-w- c:\windows\system32\drivers\npf.sys
2012-08-31 14:47 . 2012-08-31 14:47 -------- d-----w- c:\program files (x86)\NETGEAR
2012-08-31 03:27 . 2012-08-31 03:27 -------- d-----w- c:\program files\HitmanPro
2012-08-30 17:52 . 2012-08-30 17:52 -------- d-----w- c:\program files (x86)\Tweaking.com
2012-08-30 16:21 . 2012-07-23 19:59 24960 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-08-30 11:46 . 2012-08-30 11:46 -------- d-----w- c:\program files (x86)\IObit
2012-08-30 10:18 . 2012-08-30 10:18 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D07A48E-1B35-48F8-BE73-89910911153C}\offreg.dll
2012-08-30 10:15 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D07A48E-1B35-48F8-BE73-89910911153C}\mpengine.dll
2012-08-29 20:11 . 2012-08-29 20:11 -------- d-----w- C:\$RECYCLE(488).BIN
2012-08-29 20:07 . 2012-08-30 16:36 -------- d-----w- c:\users\devatas\AppData\Local\Temp(565)
2012-08-29 18:10 . 2012-08-29 18:10 -------- d-----w- c:\users\devatas\AppData\Roaming\Malwarebytes
2012-08-29 18:10 . 2012-08-30 10:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-29 18:10 . 2012-08-29 18:10 -------- d-----w- c:\programdata\Malwarebytes
2012-08-29 18:10 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-29 18:08 . 2012-08-29 18:14 -------- d-----w- c:\programdata\HitmanPro
2012-08-29 18:03 . 2012-08-31 01:48 -------- d-----w- C:\MGtools
2012-08-29 16:46 . 2012-08-29 16:46 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-29 14:18 . 2012-06-29 16:20 648192 ----a-w- c:\windows\system32\netapi32.dll
2012-08-21 19:20 . 2012-08-21 19:20 -------- d-----w- c:\programdata\McAfee
2012-08-18 03:01 . 2012-08-18 03:01 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 01:48 . 2012-08-31 01:41 250948 ----a-w- C:\MGlogs.zip
2012-08-29 15:40 . 2006-11-02 12:35 62134624 ----a-w- c:\windows\system32\mrt.exe
2012-08-29 13:59 . 2012-04-13 19:28 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-29 13:59 . 2011-05-13 20:40 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-21 19:22 . 2012-05-02 23:23 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-21 19:22 . 2012-05-02 23:23 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-06 17:53 . 2012-03-13 15:41 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-06 17:53 . 2012-03-13 15:41 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-02 22:19 . 2012-07-06 16:56 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-07-06 16:57 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-07-06 16:57 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-07-06 16:57 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-07-06 16:56 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-07-06 16:56 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-07-06 16:56 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-07-06 16:57 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-07-06 16:56 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-07-06 16:56 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 19:19 . 2012-07-06 16:56 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:19 . 2012-07-06 16:56 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 19:15 . 2012-07-06 16:56 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 19:12 . 2012-07-06 16:56 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-976370480-216419469-438992518-1000Core.job
- c:\users\devatas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-19 21:37]
.
2012-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-976370480-216419469-438992518-1000UA.job
- c:\users\devatas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-19 21:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDSPTray1"="hdsp32.exe" [2012-04-20 648192]
"HDSPTray2"="hdspmix.exe" [2012-04-20 1158144]
"combofix"="c:\combofix\CF13069.3XE" [2008-01-21 363008]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\devatas\AppData\Roaming\Mozilla\Firefox\Profiles\dkh94l8j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\hdsp32.exe
c:\windows\System32\hdspmix.exe
.
**************************************************************************
.
Completion time: 2012-08-31 13:45:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-31 17:45
ComboFix2.txt 2012-08-29 20:07
.
Pre-Run: 12,872,933,376 bytes free
Post-Run: 12,711,735,296 bytes free
.
- - End Of File - - 0B8A5DDB42FF88DB99869AA8F0212D13





Farbar Service Scanner Version: 06-08-2012
Ran by devatas (administrator) on 05-09-2012 at 14:51:22
Running from "C:\Users\devatas\Desktop"
MicrosoftĂ Windows Vista˘ Ultimate Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-07-03 16:01] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-16 07:12] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-09 03:17] - [2012-03-30 08:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

C:\Windows\System32\dnsrslvr.dll
[2011-04-30 15:54] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-07-03 16:01] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-07-03 16:01] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-07-03 16:01] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-07-03 16:01] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-07-03 16:01] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-07-03 16:01] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-07-03 16:01] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-07-06 13:01] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-07-03 16:01] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:14 AM

Posted 05 September 2012 - 02:14 PM

Greetings opticalwreck,

Thank you for the information. Let's start by working through some internet related settings to make sure those are all good.

Please perform the following for me, if you would.


===================================================


Troubleshooting Network Connections

--------------------

Step 1 - If a Network Icon Appears in the Windows Taskbar

  • Right click on the Network icon and select repair

    Posted Image

--------------------


Step 2 - If there is no Network Icon in the Windows Taskbar

  • Click on the Start button.
  • Click on the Settings menu option.
  • Click on the Control Panel option.
  • When the Control Panel opens, double-click on the Network Connections icon. If your Control Panel is set to Category View, then double-click on Network and Internet Connections and then click on Network Connections at the bottom.
  • You will now see a list of available network connections. Locate the connection for your Wireless or Lan adapter and right-click on it.
  • click on the Repair menu option.


    Posted Image
  • Let the repair process perform its tasks and when it has finished, hopefully your Internet connection should be working again.
  • If your internet connection is not established please perform Step 3

--------------------


Step 3 - DNS Settings

  • Go to Start > Control Panel, and choose Network Connections.
  • Right click on your default connection, usually Local Area Connection for cable and DSL or Dial-up Connection if you are using Dial-up, and choose Properties.
  • Click the Networking tab
  • Double-click on the Internet Protocol (TCP/IP) item.
  • Write down the settings in case you should need to change them back.
  • Select the radio button that says "Obtain DNS servers automatically".
  • Click OK twice to get out of the properties screen and restart your computer.
  • If not prompted to reboot go ahead and reboot manually.

--------------------


Step 4 - Internet Explorer Connection Settings

  • Launch Internet Explorer
  • Check internet options settings.
  • Tools > Internet Options > Connections
  • LAN settings
  • Choose "automatically detect settings"
  • uncheck both proxy settings boxes

--------------------


Step 5 - Firefox Connection Settings

  • Launch Firefox
  • Click on Advanced -> Network -> Setttingsů
  • the No Proxy option should be selected

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • Do you have internet access now?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 opticalwreck

opticalwreck
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 05 September 2012 - 02:32 PM

Hi Gary,

I've tried these steps prior to my initial post and again now, but still have a 'local only' connection and can't access the internet. Thanks.

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:14 AM

Posted 05 September 2012 - 02:44 PM

Greetings opticalwreck,

Thanks for trying it again. Let's run this program.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the Posted Image icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
    • List Minidump Files
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Result.txt
  • Any change?

Edited by Oh My, 05 September 2012 - 02:45 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 opticalwreck

opticalwreck
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 05 September 2012 - 03:21 PM

Here is the MiniToolBox log. No change with the internet yet...still 'Local Only'. Thanks


MiniToolBox by Farbar Version: 23-07-2012
Ran by devatas (administrator) on 05-09-2012 at 16:16:07
MicrosoftĂ Windows Vista˘ Ultimate Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter = Wireless Network Connection 7 (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Studio-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter
Physical Address. . . . . . . . . : E0-46-9A-B3-11-42
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7cdc:8fee:b48d:bfaf%22(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.191.175(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 434128538
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-5B-85-7B-00-24-1D-24-BC-F8
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7BC36B1A-DD05-4625-BECA-F1B64E595BB1}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{A2840DEB-0D1A-46CB-B3ED-F91D8F39740A}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for :

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
22 ...e0 46 9a b3 11 42 ...... NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter
1 ........................... Software Loopback Interface 1
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
19 ...00 00 00 00 00 00 00 e0 isatap.{7BC36B1A-DD05-4625-BECA-F1B64E595BB1}
18 ...00 00 00 00 00 00 00 e0 isatap.{A2840DEB-0D1A-46CB-B3ED-F91D8F39740A}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.191.175 281
169.254.191.175 255.255.255.255 On-link 169.254.191.175 281
169.254.255.255 255.255.255.255 On-link 169.254.191.175 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.191.175 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.191.175 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
22 281 fe80::/64 On-link
22 281 fe80::7cdc:8fee:b48d:bfaf/128
On-link
1 306 ff00::/8 On-link
22 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 04 C:\Windows\SysWOW64\nwprovau.dll [File Not found] ()
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/05/2012 03:28:01 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/05/2012 03:26:42 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/05/2012 03:26:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/05/2012 03:25:16 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/05/2012 02:34:15 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/05/2012 02:31:15 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/05/2012 02:29:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/05/2012 02:28:14 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (08/31/2012 03:37:07 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (08/31/2012 03:34:07 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9


System errors:
=============
Error: (09/05/2012 03:28:01 PM) (Source: Service Control Manager) (User: )
Description: Print Spooler3

Error: (09/05/2012 03:26:42 PM) (Source: Service Control Manager) (User: )
Description: Print Spooler2600001Restart the service

Error: (09/05/2012 03:26:23 PM) (Source: Service Control Manager) (User: )
Description: Beep
iaStor

Error: (09/05/2012 03:26:23 PM) (Source: Service Control Manager) (User: )
Description: Print Spooler1600001Restart the service

Error: (09/05/2012 03:26:23 PM) (Source: Service Control Manager) (User: )
Description: UPnP Device HostSSDP Discovery%%0

Error: (09/05/2012 03:26:23 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy Agent%%10044

Error: (09/05/2012 03:26:23 PM) (Source: Service Control Manager) (User: )
Description: Pml Driver HPZ12%%126

Error: (09/05/2012 03:26:23 PM) (Source: Service Control Manager) (User: )
Description: Net Driver HPZ12%%126

Error: (09/05/2012 03:26:23 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying Modules%%13876

Error: (09/05/2012 02:34:15 PM) (Source: Service Control Manager) (User: )
Description: Print Spooler3


Microsoft Office Sessions:
=========================
Error: (09/05/2012 03:28:01 PM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/05/2012 03:26:42 PM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/05/2012 03:26:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/05/2012 03:25:16 PM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/05/2012 02:34:15 PM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/05/2012 02:31:15 PM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/05/2012 02:29:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/05/2012 02:28:14 PM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (08/31/2012 03:37:07 PM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (08/31/2012 03:34:07 PM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9


=========================== Installed Programs ============================

AMD APP SDK Runtime (Version: 10.0.923.1)
AMD Catalyst Install Manager (Version: 8.0.873.0)
Apple Mobile Device Support (Version: 5.2.0.6)
Bonjour (Version: 3.0.0.10)
Canon MP620 series MP Drivers
ccc-utility64 (Version: 2012.0405.2205.37728)
CCleaner (Version: 3.19)
CPUID CPU-Z 1.60.1
Google Chrome (Version: 21.0.1180.83)
iCloud (Version: 1.1.0.40)
iTunes (Version: 10.6.3.25)
LatencyMon 3.00
Melodyne Runtime 4.0 (x64) (Version: 1.0.0)
Melodyne Runtime 4.1 (x64) (Version: 1.0.0)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
MobileMe Control Panel (Version: 3.1.8.0)
Native Instruments Abbey Road 60s Drums (Version: 1.2.0.003)
Native Instruments Absynth 5 (Version: 5.1.0.1013)
Native Instruments Battery 3 (Version: 3.2.3.637)
Native Instruments Battery Library Importer for Maschine (Version: 1.0.0.003)
Native Instruments Berlin Concert Grand (Version: 1.3.0.004)
Native Instruments Berlin Concert Grand (Version: 1.4.0.002)
Native Instruments Controller Editor (Version: 1.4.5.910)
Native Instruments Deep Freq (Version: 1.0.0.002)
Native Instruments FM8 (Version: 1.2.0.1016)
Native Instruments Guitar Rig 5 (Version: 5.1.0.2645)
Native Instruments Guitar Rig Mobile I/O (Version: 3.0.0.625)
Native Instruments Guitar Rig Pro Library for Maschine (Version: 1.0.0.001)
Native Instruments Guitar Rig Session I/O (Version: 3.0.0.625)
Native Instruments Komplete 8 (Version: 8.0.0.001)
Native Instruments Kontakt 5 (Version: 5.0.3.5812)
Native Instruments Kontakt Factory Library (Version: 1.0.0.004)
Native Instruments Kore 2 (Version: 2.1.4.8328)
Native Instruments Kore Controller (Version: 3.0.0.625)
Native Instruments Maschine (Version: 1.7.2.7746)
Native Instruments Maschine Controller (Version: 3.0.1.648)
Native Instruments Maschine Factory Content (Version: 1.1.0.001)
Native Instruments Maschine Factory Content 1.5 (Version: 1.5.0.001)
Native Instruments Maschine Mikro (Version: 3.0.2.664)
Native Instruments Massive (Version: 1.3.0.2050)
Native Instruments New York Concert Grand (Version: 1.3.0.004)
Native Instruments Paranormal Spectrums (Version: 1.0.0.001)
Native Instruments Rammfire (Version: 1.1.0.003)
Native Instruments Reaktor 5 (Version: 5.6.2.11367)
Native Instruments Reaktor Prism (Version: 1.2.0.005)
Native Instruments Reaktor Spark R2 (Version: 1.1.0.004)
Native Instruments Reflektor (Version: 1.2.0.003)
Native Instruments Rig Kontrol 3 (Version: 3.0.0.625)
Native Instruments Scarbee MM-Bass (Version: 1.2.0.006)
Native Instruments Scarbee Vintage Keys (Version: 1.1.0.002)
Native Instruments Service Center (Version: 2.3.2.926)
Native Instruments Sonic Fiction (Version: 1.0.0.002)
Native Instruments Studio Drummer (Version: 1.1.0.007)
Native Instruments The Finger R2 (Version: 1.1.0.004)
Native Instruments Traktors 12 (Version: 1.1.0.002)
Native Instruments Transient Master (Version: 1.0.0.004)
Native Instruments Upright Piano (Version: 1.4.0.003)
Native Instruments Vienna Concert Grand (Version: 1.4.0.002)
Native Instruments Vintage Organs (Version: 1.1.0.007)
Native Instruments West Africa (Version: 1.1.0.004)
RME Hammerfall DSP (WDM) (Version: 3.2.7.0)
Speccy (Version: 1.16)
Winamp Detector Plug-in (Version: 1.0.0.1)

========================= Devices: ================================

Name: Canon MP620 ser Network
Description: Canon MP620 ser Network
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Canon
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PCI Latency Tool Driver
Description: PCI Latency Tool Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Szymon Modzelewski
Service: LtcyCfgWDM
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: PCI Latency Tool Driver
Description: PCI Latency Tool Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Szymon Modzelewski
Service: LtcyCfgWDM
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: PCI Latency Tool Driver
Description: PCI Latency Tool Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Szymon Modzelewski
Service: LtcyCfgWDM
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: PCI Latency Tool Driver
Description: PCI Latency Tool Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Szymon Modzelewski
Service: LtcyCfgWDM
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


========================= Memory info: ===================================

Percentage of memory in use: 16%
Total physical RAM: 8189.39 MB
Available physical RAM: 6850.98 MB
Total Pagefile: 7940.42 MB
Available Pagefile: 6819.16 MB
Total Virtual: 4095.88 MB
Available Virtual: 3997.55 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:97.66 GB) (Free:12.02 GB) NTFS
3 Drive e: (Studio1) (Fixed) (Total:390.62 GB) (Free:40.18 GB) NTFS
4 Drive f: (Studio2) (Fixed) (Total:443.23 GB) (Free:26.5 GB) NTFS
5 Drive g: (1T Elements) (Fixed) (Total:931.51 GB) (Free:2.26 GB) NTFS
6 Drive h: (Seagate 3T) (Fixed) (Total:2794.51 GB) (Free:1879.15 GB) NTFS
7 Drive i: (500) (Fixed) (Total:465.65 GB) (Free:50.28 GB) FAT32
8 Drive j: (RAXEL) (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT

========================= Users: ========================================

User accounts for \\STUDIO-PC

Administrator devatas Guest

========================= Minidump Files ==================================

No minidump file found


**** End of log ****

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:14 AM

Posted 05 September 2012 - 05:41 PM

Greetings opticalwreck,

Let's do this and see if there is a change.


===================================================


Resetting Network Protocols

--------------------

  • Click Start, All Programs, then Accessories
  • Right click Command Prompt and select Run as Administrator
  • Individually copy and paste the following after the command prompt and hit Enter after each one

    netsh winsock reset
    netsh int ipv4 reset
    netsh int ipv6 reset

  • Reboot your computer
  • Check your internet service

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • Do you have internet access?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 opticalwreck

opticalwreck
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 05 September 2012 - 05:59 PM

I ran all three as administrator and got the following messages:

1.) netsh winsock reset - Access is denied.

2.) netsh int ipv4 reset - Reseting Echo Request, failed.
Access is denied.

Restarting Interface, OK!
A reboot is required to complete this action.

3.) netsh int ipv6 reset - Reseting Echo Request, failed.
Access is denied.

There's no user specified settings to be reset.


After rebooting, I'm still at 'local only' access. Thanks

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:14 AM

Posted 05 September 2012 - 07:05 PM

Greetings opticalwreck,

I just want to confirm you completed the last task running as Administrator. The error you received can be caused by failing to do so.

Please perform the following.


===================================================


Troubleshooting Through Device Manager

----------

  • Press windows key Posted Image + r on your keyboard at the same time
  • Type mmc devmgmt.msc and press Enter
  • Expand the Network Adapter section by clicking + sign
  • Do any of the entries have a question mark, exclamation point, etc.
  • If so, right click and select Uninstall, then OK
  • Click Action then Scan for hardware changes

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • Were there any driver errors?
  • Do you have internet access?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 opticalwreck

opticalwreck
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 06 September 2012 - 11:30 AM

Hi Gary,

I did run as administrator twice, just to be sure. I figured that would be the reason for the 'access denied' message. The network adapter is working properly. I did try uninstalling and reinstalling the device before asking for help, but that obviously didn't work either. Still no internet access...thanks again for your continued help.

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:14 AM

Posted 06 September 2012 - 01:32 PM

Greetings opticalwreck,

Let's check some services to make sure they are running. Please complete the following.


===================================================


Checking Network Services

--------------------

  • Press windows key Posted Image + r on your keyboard at the same time
  • Type services.msc and press Enter
  • Under the Status category make sure all of the following are listed as Started

    • Computer Browser
    • DHCP Client
    • DNS Client
    • Network Connections
    • Network Location Awareness
    • Remote Procedure Call (RPC)
    • Server
    • TCP/IP Netbios helper
    • WLAN AutoConfig (7/Vista wireless configurations only)
    • Workstation
  • If a service is not running, right click on the entry and select Properties
  • Select the Dependencies tab
  • Verify each of the items listed under This service depends on the following system components: are started as well

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • Results of above

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 opticalwreck

opticalwreck
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 06 September 2012 - 02:26 PM

- Computer Browser is set to Automatic. I tried to start it and got the following message: "The Computer Browser service on Local Computer started and the stopped. Some services stop automatically if they are not in use by other services or programs."
All dependencies started.

- DHCP Client is set to Automatic and Started.
All dependencies started.

- DNS Client is set to Automatic and Started.
All dependencies started.

- Network Connections is set to Manual and Started.
All dependencies started.

- Remote Procedure Call (RPC) is set to Automatic and Started.
All dependencies started.

- Server is set to Automatic and Started.
All dependencies started.

- TCP/IP Netbios Helper is set to Automatic and Started.
No dependencies

- WLAN AutoConfig is set to Automatic and Started.
All dependencies started.

- Workstation is set to Automatic and Started
All dependencies started.

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:14 AM

Posted 06 September 2012 - 03:51 PM

Greetings opticalwreck,

Let's do some more troubleshooting.

Is your router security enabled and if so have you turned that off temporarily to see if you then have internet access? If not, could you please try that.


===================================================


Troubleshooting Internet Connectivity Issues - IP Address/DNS Reset

--------------------

  • Please return to Post #4. Under Step #3 I would like you to select Obtain IP address automatically.
  • Click OK out of the screen
  • Press the windows key Posted Image + r on your keyboard at the same time
  • Type ipconfig /release and press Enter
  • Type ipconfig /renew and press Enter
  • Type net stop "dns client" and press Enter (with quotes)
  • Type net start "dns client" and press Enter (with quotes)
  • Restart your computer
  • Check to see if you have internet access


===================================================


Please rerun Farbar's MiniToolBox and post Result.txt.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Is your router security enabled?
  • Were you able to accomplish the first steps?
  • Do you have internet access?
  • Result.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 opticalwreck

opticalwreck
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 09 September 2012 - 11:43 PM

Hi Gary,

Sorry for the late reply, I was out of town longer than expected.

- I disabled the security on the router and still could not connect to the internet with the problem computer.
- Obtain IP address automatically is still set.
- I ran the four commands restarted and still have a 'local only' connection

Here are the results from MiniToolBox:

MiniToolBox by Farbar Version: 23-07-2012
Ran by devatas (administrator) on 10-09-2012 at 00:34:48
MicrosoftĂ Windows Vista˘ Ultimate Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter = Wireless Network Connection 7 (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Studio-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter
Physical Address. . . . . . . . . : E0-46-9A-B3-11-42
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7cdc:8fee:b48d:bfaf%22(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.191.175(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 434128538
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-5B-85-7B-00-24-1D-24-BC-F8
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7BC36B1A-DD05-4625-BECA-F1B64E595BB1}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{A2840DEB-0D1A-46CB-B3ED-F91D8F39740A}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for :

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
22 ...e0 46 9a b3 11 42 ...... NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter
1 ........................... Software Loopback Interface 1
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
19 ...00 00 00 00 00 00 00 e0 isatap.{7BC36B1A-DD05-4625-BECA-F1B64E595BB1}
18 ...00 00 00 00 00 00 00 e0 isatap.{A2840DEB-0D1A-46CB-B3ED-F91D8F39740A}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.191.175 286
169.254.191.175 255.255.255.255 On-link 169.254.191.175 286
169.254.255.255 255.255.255.255 On-link 169.254.191.175 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.191.175 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.191.175 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
22 286 fe80::/64 On-link
22 286 fe80::7cdc:8fee:b48d:bfaf/128
On-link
1 306 ff00::/8 On-link
22 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 04 C:\Windows\SysWOW64\nwprovau.dll [File Not found] ()
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/10/2012 00:34:49 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/10/2012 00:32:59 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2012 00:31:46 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/10/2012 00:13:01 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/10/2012 00:10:01 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/10/2012 00:08:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2012 00:07:00 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/05/2012 07:02:53 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/05/2012 06:59:53 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/05/2012 06:57:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/10/2012 00:34:50 AM) (Source: Service Control Manager) (User: )
Description: Print Spooler2600001Restart the service

Error: (09/10/2012 00:32:59 AM) (Source: Service Control Manager) (User: )
Description: Beep
iaStor

Error: (09/10/2012 00:32:59 AM) (Source: Service Control Manager) (User: )
Description: Print Spooler1600001Restart the service

Error: (09/10/2012 00:32:59 AM) (Source: Service Control Manager) (User: )
Description: UPnP Device HostSSDP Discovery%%0

Error: (09/10/2012 00:32:59 AM) (Source: Service Control Manager) (User: )
Description: IPsec Policy Agent%%10044

Error: (09/10/2012 00:32:59 AM) (Source: Service Control Manager) (User: )
Description: Pml Driver HPZ12%%126

Error: (09/10/2012 00:32:59 AM) (Source: Service Control Manager) (User: )
Description: Net Driver HPZ12%%126

Error: (09/10/2012 00:32:59 AM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying Modules%%13876

Error: (09/10/2012 00:13:01 AM) (Source: Service Control Manager) (User: )
Description: Print Spooler3

Error: (09/10/2012 00:10:01 AM) (Source: Service Control Manager) (User: )
Description: Print Spooler2600001Restart the service


Microsoft Office Sessions:
=========================
Error: (09/10/2012 00:34:49 AM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/10/2012 00:32:59 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2012 00:31:46 AM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/10/2012 00:13:01 AM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/10/2012 00:10:01 AM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/10/2012 00:08:12 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2012 00:07:00 AM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/05/2012 07:02:53 PM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/05/2012 06:59:53 PM) (Source: Microsoft-Windows-SpoolerSpoolss)(User: NT AUTHORITY)NT AUTHORITY
Description: 0x80072af9

Error: (09/05/2012 06:57:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

AMD APP SDK Runtime (Version: 10.0.923.1)
AMD Catalyst Install Manager (Version: 8.0.873.0)
Apple Mobile Device Support (Version: 5.2.0.6)
Bonjour (Version: 3.0.0.10)
Canon MP620 series MP Drivers
ccc-utility64 (Version: 2012.0405.2205.37728)
CCleaner (Version: 3.19)
CPUID CPU-Z 1.60.1
Google Chrome (Version: 21.0.1180.83)
iCloud (Version: 1.1.0.40)
iTunes (Version: 10.6.3.25)
LatencyMon 3.00
Melodyne Runtime 4.0 (x64) (Version: 1.0.0)
Melodyne Runtime 4.1 (x64) (Version: 1.0.0)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
MobileMe Control Panel (Version: 3.1.8.0)
Native Instruments Abbey Road 60s Drums (Version: 1.2.0.003)
Native Instruments Absynth 5 (Version: 5.1.0.1013)
Native Instruments Battery 3 (Version: 3.2.3.637)
Native Instruments Battery Library Importer for Maschine (Version: 1.0.0.003)
Native Instruments Berlin Concert Grand (Version: 1.3.0.004)
Native Instruments Berlin Concert Grand (Version: 1.4.0.002)
Native Instruments Controller Editor (Version: 1.4.5.910)
Native Instruments Deep Freq (Version: 1.0.0.002)
Native Instruments FM8 (Version: 1.2.0.1016)
Native Instruments Guitar Rig 5 (Version: 5.1.0.2645)
Native Instruments Guitar Rig Mobile I/O (Version: 3.0.0.625)
Native Instruments Guitar Rig Pro Library for Maschine (Version: 1.0.0.001)
Native Instruments Guitar Rig Session I/O (Version: 3.0.0.625)
Native Instruments Komplete 8 (Version: 8.0.0.001)
Native Instruments Kontakt 5 (Version: 5.0.3.5812)
Native Instruments Kontakt Factory Library (Version: 1.0.0.004)
Native Instruments Kore 2 (Version: 2.1.4.8328)
Native Instruments Kore Controller (Version: 3.0.0.625)
Native Instruments Maschine (Version: 1.7.2.7746)
Native Instruments Maschine Controller (Version: 3.0.1.648)
Native Instruments Maschine Factory Content (Version: 1.1.0.001)
Native Instruments Maschine Factory Content 1.5 (Version: 1.5.0.001)
Native Instruments Maschine Mikro (Version: 3.0.2.664)
Native Instruments Massive (Version: 1.3.0.2050)
Native Instruments New York Concert Grand (Version: 1.3.0.004)
Native Instruments Paranormal Spectrums (Version: 1.0.0.001)
Native Instruments Rammfire (Version: 1.1.0.003)
Native Instruments Reaktor 5 (Version: 5.6.2.11367)
Native Instruments Reaktor Prism (Version: 1.2.0.005)
Native Instruments Reaktor Spark R2 (Version: 1.1.0.004)
Native Instruments Reflektor (Version: 1.2.0.003)
Native Instruments Rig Kontrol 3 (Version: 3.0.0.625)
Native Instruments Scarbee MM-Bass (Version: 1.2.0.006)
Native Instruments Scarbee Vintage Keys (Version: 1.1.0.002)
Native Instruments Service Center (Version: 2.3.2.926)
Native Instruments Sonic Fiction (Version: 1.0.0.002)
Native Instruments Studio Drummer (Version: 1.1.0.007)
Native Instruments The Finger R2 (Version: 1.1.0.004)
Native Instruments Traktors 12 (Version: 1.1.0.002)
Native Instruments Transient Master (Version: 1.0.0.004)
Native Instruments Upright Piano (Version: 1.4.0.003)
Native Instruments Vienna Concert Grand (Version: 1.4.0.002)
Native Instruments Vintage Organs (Version: 1.1.0.007)
Native Instruments West Africa (Version: 1.1.0.004)
RME Hammerfall DSP (WDM) (Version: 3.2.7.0)
Speccy (Version: 1.16)
Winamp Detector Plug-in (Version: 1.0.0.1)

========================= Devices: ================================

Name: Canon MP620 ser Network
Description: Canon MP620 ser Network
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Canon
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 14%
Total physical RAM: 8189.39 MB
Available physical RAM: 6983.82 MB
Total Pagefile: 7940.42 MB
Available Pagefile: 6934.2 MB
Total Virtual: 4095.88 MB
Available Virtual: 3997.89 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:97.66 GB) (Free:12.36 GB) NTFS
3 Drive e: (Studio1) (Fixed) (Total:390.62 GB) (Free:40.18 GB) NTFS
4 Drive f: (Studio2) (Fixed) (Total:443.23 GB) (Free:26.5 GB) NTFS
5 Drive g: (1T Elements) (Fixed) (Total:931.51 GB) (Free:2.26 GB) NTFS
6 Drive h: (Seagate 3T) (Fixed) (Total:2794.51 GB) (Free:1879.15 GB) NTFS
7 Drive i: (500) (Fixed) (Total:465.65 GB) (Free:50.28 GB) FAT32

========================= Users: ========================================

User accounts for \\STUDIO-PC

Administrator devatas Guest

========================= Minidump Files ==================================

No minidump file found


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users