Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Services.exe Infected


  • Please log in to reply
21 replies to this topic

#1 Bancha

Bancha

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 01 September 2012 - 06:09 PM

So a few days ago an image popped up as an "FBI Order" stating I needed to pay to get my computer unlocked, but I knew what the virus was. This one is very nasty, and I have tried several different ways to fix it which just has not worked.

This virus has turned off Windows Defender, Firewall, etc. I launched Combofixed, it detected there was a virus, and rebooted. It restored my Windows Firewall, but defender is still not working. My computer is much slower, and I still get these warnings from AVG. I scanned with AVG, and it shows that it is infected, and my web browsers are infected, but it will not allow me to fix it.

Oh, it also redirects my browser from time to time.

Posted Image

Please help, this thing is starting to tick me off.

Edited by Bancha, 01 September 2012 - 06:11 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:36 PM

Posted 01 September 2012 - 06:21 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Bancha

Bancha
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 02 September 2012 - 07:14 AM

First Program:


19:23:54.0287 10552 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:23:54.0557 10552 ============================================================
19:23:54.0557 10552 Current date / time: 2012/09/01 19:23:54.0557
19:23:54.0557 10552 SystemInfo:
19:23:54.0557 10552
19:23:54.0557 10552 OS Version: 6.0.6002 ServicePack: 2.0
19:23:54.0557 10552 Product type: Workstation
19:23:54.0557 10552 ComputerName: FISHWISH9-PC
19:23:54.0557 10552 UserName: Administrator
19:23:54.0557 10552 Windows directory: C:\Windows
19:23:54.0557 10552 System windows directory: C:\Windows
19:23:54.0557 10552 Running under WOW64
19:23:54.0558 10552 Processor architecture: Intel x64
19:23:54.0558 10552 Number of processors: 2
19:23:54.0558 10552 Page size: 0x1000
19:23:54.0558 10552 Boot type: Normal boot
19:23:54.0558 10552 ============================================================
19:23:55.0119 10552 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:23:55.0139 10552 Drive \Device\Harddisk3\DR3 - Size: 0xEEB00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:23:55.0143 10552 ============================================================
19:23:55.0143 10552 \Device\Harddisk0\DR0:
19:23:55.0143 10552 MBR partitions:
19:23:55.0143 10552 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x24328000
19:23:55.0143 10552 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2612880C, BlocksNum 0x2472E6B5
19:23:55.0143 10552 \Device\Harddisk3\DR3:
19:23:55.0144 10552 MBR partitions:
19:23:55.0144 10552 \Device\Harddisk3\DR3\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7757E0
19:23:55.0144 10552 ============================================================
19:23:55.0160 10552 C: <-> \Device\Harddisk0\DR0\Partition1
19:23:55.0230 10552 D: <-> \Device\Harddisk0\DR0\Partition2
19:23:55.0230 10552 ============================================================
19:23:55.0230 10552 Initialize success
19:23:55.0230 10552 ============================================================
19:24:14.0468 10708 ============================================================
19:24:14.0468 10708 Scan started
19:24:14.0468 10708 Mode: Manual; TDLFS;
19:24:14.0468 10708 ============================================================
19:24:15.0016 10708 ================ Scan system memory ========================
19:24:15.0016 10708 System memory - ok
19:24:15.0017 10708 ================ Scan services =============================
19:24:15.0145 10708 [ 517D30057C726C797764BFD70A55D82A ] Acer HomeMedia Connect Service C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
19:24:15.0149 10708 Acer HomeMedia Connect Service - ok
19:24:15.0283 10708 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
19:24:15.0289 10708 ACPI - ok
19:24:15.0390 10708 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:24:15.0393 10708 AdobeFlashPlayerUpdateSvc - ok
19:24:15.0455 10708 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:24:15.0472 10708 adp94xx - ok
19:24:15.0528 10708 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:24:15.0537 10708 adpahci - ok
19:24:15.0562 10708 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:24:15.0566 10708 adpu160m - ok
19:24:15.0604 10708 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:24:15.0608 10708 adpu320 - ok
19:24:15.0648 10708 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:24:15.0649 10708 AeLookupSvc - ok
19:24:15.0700 10708 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
19:24:15.0704 10708 AFD - ok
19:24:15.0740 10708 [ 8B0D8B5BAFD4C9D57B41426BC68B32F9 ] AgereModemAudio C:\Windows\system32\agr64svc.exe
19:24:15.0741 10708 AgereModemAudio - ok
19:24:15.0783 10708 [ DDF52C4C92D831A4CDB7788B37585E36 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
19:24:15.0796 10708 AgereSoftModem - ok
19:24:15.0825 10708 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:24:15.0827 10708 agp440 - ok
19:24:15.0858 10708 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:24:15.0861 10708 aic78xx - ok
19:24:16.0037 10708 [ 29584F02A43E427C4227E3B1D9FF1B22 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
19:24:16.0038 10708 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584F02A43E427C4227E3B1D9FF1B22
19:24:16.0052 10708 Akamai ( HiddenFile.Multi.Generic ) - warning
19:24:16.0052 10708 Akamai - detected HiddenFile.Multi.Generic (1)
19:24:16.0078 10708 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
19:24:16.0081 10708 ALG - ok
19:24:16.0112 10708 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
19:24:16.0118 10708 aliide - ok
19:24:16.0149 10708 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:24:16.0151 10708 AMD External Events Utility - ok
19:24:16.0169 10708 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
19:24:16.0171 10708 amdide - ok
19:24:16.0218 10708 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:24:16.0221 10708 AmdK8 - ok
19:24:16.0427 10708 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:24:16.0533 10708 amdkmdag - ok
19:24:16.0592 10708 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:24:16.0598 10708 amdkmdap - ok
19:24:16.0654 10708 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
19:24:16.0655 10708 Appinfo - ok
19:24:16.0720 10708 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:24:16.0722 10708 Apple Mobile Device - ok
19:24:16.0784 10708 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
19:24:16.0787 10708 arc - ok
19:24:16.0829 10708 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:24:16.0831 10708 arcsas - ok
19:24:16.0963 10708 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:24:16.0965 10708 aspnet_state - ok
19:24:16.0998 10708 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:24:16.0999 10708 AsyncMac - ok
19:24:17.0050 10708 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
19:24:17.0051 10708 atapi - ok
19:24:17.0109 10708 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:24:17.0127 10708 AudioEndpointBuilder - ok
19:24:17.0140 10708 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:24:17.0147 10708 AudioSrv - ok
19:24:17.0330 10708 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
19:24:17.0379 10708 AVGIDSAgent - ok
19:24:17.0425 10708 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
19:24:17.0426 10708 AVGIDSDriver - ok
19:24:17.0453 10708 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
19:24:17.0454 10708 AVGIDSFilter - ok
19:24:17.0485 10708 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
19:24:17.0487 10708 AVGIDSHA - ok
19:24:17.0567 10708 [ 59955B4C288DD2A8B9FD2CD5158355C5 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
19:24:17.0571 10708 Avgldx64 - ok
19:24:17.0597 10708 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
19:24:17.0598 10708 Avgmfx64 - ok
19:24:17.0608 10708 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
19:24:17.0609 10708 Avgrkx64 - ok
19:24:17.0637 10708 [ 1BEE674AD792B1C63BB0DAC5FA724B23 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
19:24:17.0641 10708 Avgtdia - ok
19:24:17.0666 10708 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
19:24:17.0670 10708 avgwd - ok
19:24:17.0712 10708 [ 66F6F5DA699EDF22F7E3D7E0511A3145 ] bdfndisf C:\Windows\system32\DRIVERS\BdfNdisf6.sys
19:24:17.0713 10708 bdfndisf - ok
19:24:17.0729 10708 Beep - ok
19:24:17.0788 10708 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
19:24:17.0805 10708 BFE - ok
19:24:17.0852 10708 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:24:17.0855 10708 blbdrive - ok
19:24:17.0890 10708 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:24:17.0893 10708 bowser - ok
19:24:17.0918 10708 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:24:17.0920 10708 BrFiltLo - ok
19:24:17.0939 10708 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:24:17.0944 10708 BrFiltUp - ok
19:24:17.0983 10708 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
19:24:17.0986 10708 Browser - ok
19:24:18.0003 10708 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
19:24:18.0006 10708 Brserid - ok
19:24:18.0024 10708 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:24:18.0026 10708 BrSerWdm - ok
19:24:18.0045 10708 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:24:18.0047 10708 BrUsbMdm - ok
19:24:18.0065 10708 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:24:18.0069 10708 BrUsbSer - ok
19:24:18.0083 10708 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:24:18.0085 10708 BTHMODEM - ok
19:24:18.0131 10708 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
19:24:18.0131 10708 BUNAgentSvc - ok
19:24:18.0248 10708 catchme - ok
19:24:18.0268 10708 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:24:18.0271 10708 cdfs - ok
19:24:18.0301 10708 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:24:18.0303 10708 cdrom - ok
19:24:18.0341 10708 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
19:24:18.0342 10708 CertPropSvc - ok
19:24:18.0361 10708 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
19:24:18.0363 10708 circlass - ok
19:24:18.0382 10708 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
19:24:18.0389 10708 CLFS - ok
19:24:18.0420 10708 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:24:18.0423 10708 clr_optimization_v2.0.50727_32 - ok
19:24:18.0459 10708 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:24:18.0462 10708 clr_optimization_v2.0.50727_64 - ok
19:24:18.0538 10708 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:24:18.0540 10708 clr_optimization_v4.0.30319_32 - ok
19:24:18.0570 10708 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:24:18.0573 10708 clr_optimization_v4.0.30319_64 - ok
19:24:18.0587 10708 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:24:18.0589 10708 cmdide - ok
19:24:18.0604 10708 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:24:18.0605 10708 Compbatt - ok
19:24:18.0614 10708 COMSysApp - ok
19:24:18.0634 10708 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:24:18.0635 10708 crcdisk - ok
19:24:18.0674 10708 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:24:18.0678 10708 CryptSvc - ok
19:24:18.0748 10708 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:24:18.0772 10708 cvhsvc - ok
19:24:18.0811 10708 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:24:18.0828 10708 DcomLaunch - ok
19:24:18.0864 10708 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:24:18.0865 10708 DfsC - ok
19:24:18.0954 10708 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
19:24:19.0041 10708 DFSR - ok
19:24:19.0127 10708 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:24:19.0134 10708 Dhcp - ok
19:24:19.0184 10708 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
19:24:19.0187 10708 disk - ok
19:24:19.0213 10708 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:24:19.0217 10708 Dnscache - ok
19:24:19.0254 10708 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
19:24:19.0259 10708 dot3svc - ok
19:24:19.0288 10708 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
19:24:19.0292 10708 DPS - ok
19:24:19.0311 10708 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:24:19.0312 10708 drmkaud - ok
19:24:19.0340 10708 dump_wmimmc - ok
19:24:19.0390 10708 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:24:19.0403 10708 DXGKrnl - ok
19:24:19.0425 10708 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
19:24:19.0429 10708 E1G60 - ok
19:24:19.0440 10708 EagleX64 - ok
19:24:19.0482 10708 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
19:24:19.0486 10708 EapHost - ok
19:24:19.0501 10708 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
19:24:19.0506 10708 Ecache - ok
19:24:19.0570 10708 [ B1F2503E23425B386DF0F3413B2596F3 ] eDataSecurity Service C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
19:24:19.0576 10708 eDataSecurity Service - ok
19:24:19.0604 10708 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:24:19.0629 10708 ehRecvr - ok
19:24:19.0652 10708 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
19:24:19.0656 10708 ehSched - ok
19:24:19.0672 10708 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
19:24:19.0673 10708 ehstart - ok
19:24:19.0704 10708 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:24:19.0720 10708 elxstor - ok
19:24:19.0766 10708 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:24:19.0785 10708 EMDMgmt - ok
19:24:19.0824 10708 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:24:19.0826 10708 ErrDev - ok
19:24:19.0867 10708 [ C0FE39B8F686B7C70A666E716CC12B49 ] ETService C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
19:24:19.0868 10708 ETService - ok
19:24:19.0896 10708 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
19:24:19.0912 10708 EventSystem - ok
19:24:19.0944 10708 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
19:24:19.0948 10708 exfat - ok
19:24:19.0992 10708 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:24:19.0997 10708 fastfat - ok
19:24:20.0020 10708 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:24:20.0022 10708 fdc - ok
19:24:20.0040 10708 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
19:24:20.0042 10708 fdPHost - ok
19:24:20.0055 10708 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
19:24:20.0058 10708 FDResPub - ok
19:24:20.0067 10708 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:24:20.0070 10708 FileInfo - ok
19:24:20.0090 10708 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:24:20.0095 10708 Filetrace - ok
19:24:20.0110 10708 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:24:20.0112 10708 flpydisk - ok
19:24:20.0136 10708 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:24:20.0144 10708 FltMgr - ok
19:24:20.0231 10708 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
19:24:20.0257 10708 FontCache - ok
19:24:20.0294 10708 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:24:20.0295 10708 FontCache3.0.0.0 - ok
19:24:20.0321 10708 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:24:20.0322 10708 Fs_Rec - ok
19:24:20.0336 10708 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:24:20.0339 10708 gagp30kx - ok
19:24:20.0379 10708 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:24:20.0381 10708 GEARAspiWDM - ok
19:24:20.0412 10708 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
19:24:20.0430 10708 gpsvc - ok
19:24:20.0449 10708 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
19:24:20.0450 10708 hamachi - ok
19:24:20.0492 10708 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:24:20.0501 10708 HdAudAddService - ok
19:24:20.0559 10708 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:24:20.0586 10708 HDAudBus - ok
19:24:20.0603 10708 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:24:20.0605 10708 HidBth - ok
19:24:20.0619 10708 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:24:20.0621 10708 HidIr - ok
19:24:20.0661 10708 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
19:24:20.0664 10708 hidserv - ok
19:24:20.0678 10708 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:24:20.0680 10708 HidUsb - ok
19:24:20.0743 10708 [ 0926C3B5CBF64C88F432FF449B211807 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
19:24:20.0748 10708 HitmanProScheduler - ok
19:24:20.0767 10708 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
19:24:20.0772 10708 hkmsvc - ok
19:24:20.0793 10708 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:24:20.0795 10708 HpCISSs - ok
19:24:20.0838 10708 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:24:20.0857 10708 HTTP - ok
19:24:20.0875 10708 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:24:20.0877 10708 i2omp - ok
19:24:20.0896 10708 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:24:20.0898 10708 i8042prt - ok
19:24:20.0931 10708 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:24:20.0949 10708 iaStorV - ok
19:24:21.0017 10708 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:24:21.0046 10708 idsvc - ok
19:24:21.0090 10708 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:24:21.0092 10708 iirsp - ok
19:24:21.0145 10708 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
19:24:21.0159 10708 IKEEXT - ok
19:24:21.0249 10708 [ 8C7FA71CB1EBCD3EDE8958D27B1BF0B4 ] int15 C:\Windows\SysWOW64\drivers\int15_64.sys
19:24:21.0251 10708 int15 - ok
19:24:21.0308 10708 [ 023EB98945069178C21B324B880AD787 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:24:21.0324 10708 IntcAzAudAddService - ok
19:24:21.0355 10708 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
19:24:21.0356 10708 intelide - ok
19:24:21.0371 10708 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:24:21.0372 10708 intelppm - ok
19:24:21.0390 10708 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:24:21.0394 10708 IPBusEnum - ok
19:24:21.0411 10708 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:24:21.0414 10708 IpFilterDriver - ok
19:24:21.0474 10708 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:24:21.0480 10708 iphlpsvc - ok
19:24:21.0487 10708 IpInIp - ok
19:24:21.0506 10708 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:24:21.0509 10708 IPMIDRV - ok
19:24:21.0527 10708 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:24:21.0530 10708 IPNAT - ok
19:24:21.0571 10708 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:24:21.0581 10708 iPod Service - ok
19:24:21.0595 10708 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:24:21.0596 10708 IRENUM - ok
19:24:21.0631 10708 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:24:21.0632 10708 isapnp - ok
19:24:21.0682 10708 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:24:21.0686 10708 iScsiPrt - ok
19:24:21.0700 10708 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:24:21.0702 10708 iteatapi - ok
19:24:21.0732 10708 [ 25D0DACC04EADA6DCBC0B1E46F309759 ] ITEIO.SYS c:\Windows\System32\drivers\ITEIO.sys
19:24:21.0734 10708 ITEIO.SYS - ok
19:24:21.0758 10708 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:24:21.0760 10708 iteraid - ok
19:24:21.0774 10708 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:24:21.0776 10708 kbdclass - ok
19:24:21.0814 10708 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:24:21.0816 10708 kbdhid - ok
19:24:21.0836 10708 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
19:24:21.0838 10708 KeyIso - ok
19:24:21.0869 10708 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:24:21.0886 10708 KSecDD - ok
19:24:21.0905 10708 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:24:21.0907 10708 ksthunk - ok
19:24:21.0955 10708 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
19:24:21.0972 10708 KtmRm - ok
19:24:22.0047 10708 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:24:22.0053 10708 LanmanServer - ok
19:24:22.0095 10708 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:24:22.0103 10708 LanmanWorkstation - ok
19:24:22.0160 10708 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:24:22.0161 10708 LightScribeService - ok
19:24:22.0176 10708 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:24:22.0178 10708 lltdio - ok
19:24:22.0202 10708 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:24:22.0209 10708 lltdsvc - ok
19:24:22.0221 10708 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:24:22.0224 10708 lmhosts - ok
19:24:22.0249 10708 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:24:22.0254 10708 LSI_FC - ok
19:24:22.0270 10708 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:24:22.0274 10708 LSI_SAS - ok
19:24:22.0301 10708 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:24:22.0304 10708 LSI_SCSI - ok
19:24:22.0325 10708 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
19:24:22.0328 10708 luafv - ok
19:24:22.0351 10708 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:24:22.0354 10708 Mcx2Svc - ok
19:24:22.0379 10708 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
19:24:22.0381 10708 megasas - ok
19:24:22.0410 10708 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
19:24:22.0427 10708 MegaSR - ok
19:24:22.0448 10708 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
19:24:22.0454 10708 MMCSS - ok
19:24:22.0473 10708 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
19:24:22.0475 10708 Modem - ok
19:24:22.0516 10708 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:24:22.0518 10708 monitor - ok
19:24:22.0543 10708 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:24:22.0545 10708 mouclass - ok
19:24:22.0557 10708 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:24:22.0559 10708 mouhid - ok
19:24:22.0582 10708 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:24:22.0585 10708 MountMgr - ok
19:24:22.0619 10708 [ C177A7EBF5E8A0B596F618870516CAB8 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:24:22.0623 10708 MpFilter - ok
19:24:22.0650 10708 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
19:24:22.0655 10708 mpio - ok
19:24:22.0710 10708 [ 8FBF6B31FE8AF1833D93C5913D5B4D55 ] MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys
19:24:22.0712 10708 MpNWMon - ok
19:24:22.0730 10708 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:24:22.0734 10708 mpsdrv - ok
19:24:22.0785 10708 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
19:24:22.0801 10708 MpsSvc - ok
19:24:22.0846 10708 [ 637650A42FD23947D837053FAC789D38 ] mr97310c C:\Windows\system32\DRIVERS\mr97310c.sys
19:24:22.0849 10708 mr97310c - ok
19:24:22.0871 10708 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:24:22.0872 10708 Mraid35x - ok
19:24:22.0894 10708 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:24:22.0898 10708 MRxDAV - ok
19:24:22.0948 10708 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:24:22.0954 10708 mrxsmb - ok
19:24:23.0048 10708 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:24:23.0055 10708 mrxsmb10 - ok
19:24:23.0064 10708 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:24:23.0069 10708 mrxsmb20 - ok
19:24:23.0093 10708 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
19:24:23.0095 10708 msahci - ok
19:24:23.0116 10708 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:24:23.0119 10708 msdsm - ok
19:24:23.0134 10708 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
19:24:23.0138 10708 MSDTC - ok
19:24:23.0162 10708 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:24:23.0164 10708 Msfs - ok
19:24:23.0192 10708 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:24:23.0194 10708 msisadrv - ok
19:24:23.0225 10708 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:24:23.0229 10708 MSiSCSI - ok
19:24:23.0237 10708 msiserver - ok
19:24:23.0249 10708 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:24:23.0251 10708 MSKSSRV - ok
19:24:23.0270 10708 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:24:23.0271 10708 MSPCLOCK - ok
19:24:23.0286 10708 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:24:23.0288 10708 MSPQM - ok
19:24:23.0313 10708 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:24:23.0319 10708 MsRPC - ok
19:24:23.0347 10708 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:24:23.0351 10708 mssmbios - ok
19:24:23.0367 10708 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:24:23.0368 10708 MSTEE - ok
19:24:23.0377 10708 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
19:24:23.0379 10708 Mup - ok
19:24:23.0407 10708 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
19:24:23.0425 10708 napagent - ok
19:24:23.0461 10708 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:24:23.0465 10708 NativeWifiP - ok
19:24:23.0502 10708 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:24:23.0536 10708 NDIS - ok
19:24:23.0547 10708 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:24:23.0548 10708 NdisTapi - ok
19:24:23.0562 10708 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:24:23.0564 10708 Ndisuio - ok
19:24:23.0587 10708 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:24:23.0592 10708 NdisWan - ok
19:24:23.0608 10708 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:24:23.0610 10708 NDProxy - ok
19:24:23.0624 10708 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:24:23.0627 10708 NetBIOS - ok
19:24:23.0654 10708 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:24:23.0660 10708 netbt - ok
19:24:23.0677 10708 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
19:24:23.0679 10708 Netlogon - ok
19:24:23.0714 10708 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
19:24:23.0732 10708 Netman - ok
19:24:23.0924 10708 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:24:23.0927 10708 NetMsmqActivator - ok
19:24:23.0935 10708 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:24:23.0938 10708 NetPipeActivator - ok
19:24:23.0975 10708 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
19:24:23.0992 10708 netprofm - ok
19:24:24.0007 10708 netr28ux - ok
19:24:24.0019 10708 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:24:24.0021 10708 NetTcpActivator - ok
19:24:24.0030 10708 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:24:24.0032 10708 NetTcpPortSharing - ok
19:24:24.0072 10708 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:24:24.0074 10708 nfrd960 - ok
19:24:24.0119 10708 [ 5F7D72CBCDD025AF1F38FDEEE5646968 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:24:24.0122 10708 NisDrv - ok
19:24:24.0234 10708 [ 566DDD5D82520DA01D75F81428AC4C38 ] NisSrv C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
19:24:24.0237 10708 NisSrv - ok
19:24:24.0281 10708 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
19:24:24.0287 10708 NlaSvc - ok
19:24:24.0319 10708 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:24:24.0321 10708 Npfs - ok
19:24:24.0336 10708 npggsvc - ok
19:24:24.0346 10708 NPPTNT2 - ok
19:24:24.0368 10708 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
19:24:24.0371 10708 nsi - ok
19:24:24.0384 10708 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:24:24.0386 10708 nsiproxy - ok
19:24:24.0437 10708 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:24:24.0471 10708 Ntfs - ok
19:24:24.0487 10708 [ A2B6583A5652A385DFF5E4F49AD48761 ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
19:24:24.0488 10708 NTIBackupSvc - ok
19:24:24.0503 10708 [ 7D397449AAF52B0E7C79B64F6AD4473E ] NTIDrvr C:\Windows\system32\Drivers\NTIDrvr.sys
19:24:24.0505 10708 NTIDrvr - ok
19:24:24.0521 10708 [ 40B87FE8A1A9A5AC9E5A91D96F212BCD ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
19:24:24.0523 10708 NTISchedulerSvc - ok
19:24:24.0536 10708 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
19:24:24.0537 10708 Null - ok
19:24:24.0599 10708 [ 98350606682594521D56ECCB5D01ECF7 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx64.sys
19:24:24.0616 10708 NVENETFD - ok
19:24:24.0645 10708 [ 6E022D5F44CD8B029CF799807BB31269 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
19:24:24.0646 10708 NVHDA - ok
19:24:25.0024 10708 [ FEFFC8474BE060EA7349A172B9810415 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:24:25.0148 10708 nvlddmkm - ok
19:24:25.0172 10708 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:24:25.0180 10708 nvraid - ok
19:24:25.0205 10708 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:24:25.0207 10708 nvstor - ok
19:24:25.0228 10708 [ 581286807B5832503FD700A3217B589F ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
19:24:25.0230 10708 nvstor64 - ok
19:24:25.0277 10708 [ 18AA5FF4EE3FE45A64B98589C62B7FC0 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:24:25.0285 10708 nvsvc - ok
19:24:25.0300 10708 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:24:25.0304 10708 nv_agp - ok
19:24:25.0312 10708 NwlnkFlt - ok
19:24:25.0324 10708 NwlnkFwd - ok
19:24:25.0375 10708 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:24:25.0377 10708 ohci1394 - ok
19:24:25.0426 10708 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:24:25.0428 10708 ose - ok
19:24:25.0609 10708 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:24:25.0717 10708 osppsvc - ok
19:24:25.0759 10708 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:24:25.0785 10708 p2pimsvc - ok
19:24:25.0807 10708 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
19:24:25.0820 10708 p2psvc - ok
19:24:25.0839 10708 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
19:24:25.0842 10708 Parport - ok
19:24:25.0885 10708 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:24:25.0888 10708 partmgr - ok
19:24:25.0914 10708 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
19:24:25.0919 10708 PcaSvc - ok
19:24:25.0957 10708 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
19:24:25.0961 10708 pci - ok
19:24:25.0976 10708 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
19:24:25.0978 10708 pciide - ok
19:24:26.0022 10708 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:24:26.0026 10708 pcmcia - ok
19:24:26.0055 10708 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:24:26.0073 10708 PEAUTH - ok
19:24:26.0139 10708 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:24:26.0143 10708 PerfHost - ok
19:24:26.0258 10708 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
19:24:26.0291 10708 pla - ok
19:24:26.0349 10708 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:24:26.0357 10708 PlugPlay - ok
19:24:26.0393 10708 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:24:26.0403 10708 PNRPAutoReg - ok
19:24:26.0526 10708 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:24:26.0537 10708 PNRPsvc - ok
19:24:26.0569 10708 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:24:26.0585 10708 PolicyAgent - ok
19:24:26.0615 10708 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:24:26.0618 10708 PptpMiniport - ok
19:24:26.0635 10708 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
19:24:26.0637 10708 Processor - ok
19:24:26.0660 10708 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
19:24:26.0667 10708 ProfSvc - ok
19:24:26.0685 10708 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
19:24:26.0687 10708 ProtectedStorage - ok
19:24:26.0710 10708 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:24:26.0713 10708 PSched - ok
19:24:26.0738 10708 [ 2CFD31D41CDE75328ACAEEE2D4F4B836 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys
19:24:26.0740 10708 PSDFilter - ok
19:24:26.0761 10708 [ 51A585F999672D8BB07F22AE12B40846 ] PSDNServ C:\Windows\system32\DRIVERS\PSDNServ.sys
19:24:26.0763 10708 PSDNServ - ok
19:24:26.0774 10708 [ DB50D3F5C31B1A848B04F7F2A6FF2709 ] psdvdisk C:\Windows\system32\DRIVERS\PSDVdisk.sys
19:24:26.0777 10708 psdvdisk - ok
19:24:26.0824 10708 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:24:26.0856 10708 ql2300 - ok
19:24:26.0878 10708 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:24:26.0881 10708 ql40xx - ok
19:24:26.0908 10708 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
19:24:26.0925 10708 QWAVE - ok
19:24:26.0944 10708 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:24:26.0949 10708 QWAVEdrv - ok
19:24:26.0988 10708 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:24:26.0990 10708 RasAcd - ok
19:24:27.0017 10708 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
19:24:27.0022 10708 RasAuto - ok
19:24:27.0043 10708 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:24:27.0047 10708 Rasl2tp - ok
19:24:27.0087 10708 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
19:24:27.0104 10708 RasMan - ok
19:24:27.0143 10708 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:24:27.0145 10708 RasPppoe - ok
19:24:27.0184 10708 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:24:27.0187 10708 RasSstp - ok
19:24:27.0232 10708 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:24:27.0240 10708 rdbss - ok
19:24:27.0253 10708 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:24:27.0255 10708 RDPCDD - ok
19:24:27.0287 10708 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
19:24:27.0295 10708 rdpdr - ok
19:24:27.0303 10708 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:24:27.0305 10708 RDPENCDD - ok
19:24:27.0342 10708 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:24:27.0348 10708 RDPWD - ok
19:24:27.0372 10708 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:24:27.0376 10708 RemoteAccess - ok
19:24:27.0402 10708 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:24:27.0418 10708 RemoteRegistry - ok
19:24:27.0459 10708 [ A035A7BF5132682F53F1E7B955690CE7 ] RichVideo C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
19:24:27.0462 10708 RichVideo - ok
19:24:27.0488 10708 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
19:24:27.0491 10708 RpcLocator - ok
19:24:27.0520 10708 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
19:24:27.0531 10708 RpcSs - ok
19:24:27.0543 10708 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:24:27.0546 10708 rspndr - ok
19:24:27.0560 10708 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
19:24:27.0563 10708 SamSs - ok
19:24:27.0584 10708 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:24:27.0588 10708 sbp2port - ok
19:24:27.0613 10708 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:24:27.0618 10708 SCardSvr - ok
19:24:27.0669 10708 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
19:24:27.0695 10708 Schedule - ok
19:24:27.0725 10708 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:24:27.0726 10708 SCPolicySvc - ok
19:24:27.0752 10708 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:24:27.0757 10708 SDRSVC - ok
19:24:27.0770 10708 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:24:27.0772 10708 secdrv - ok
19:24:27.0787 10708 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
19:24:27.0790 10708 seclogon - ok
19:24:27.0803 10708 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
19:24:27.0807 10708 SENS - ok
19:24:27.0819 10708 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:24:27.0821 10708 Serenum - ok
19:24:27.0853 10708 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:24:27.0856 10708 Serial - ok
19:24:27.0868 10708 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:24:27.0870 10708 sermouse - ok
19:24:27.0906 10708 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
19:24:27.0912 10708 SessionEnv - ok
19:24:27.0929 10708 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:24:27.0931 10708 sffdisk - ok
19:24:27.0951 10708 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:24:27.0955 10708 sffp_mmc - ok
19:24:27.0998 10708 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:24:28.0000 10708 sffp_sd - ok
19:24:28.0011 10708 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:24:28.0012 10708 sfloppy - ok
19:24:28.0072 10708 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
19:24:28.0088 10708 Sftfs - ok
19:24:28.0308 10708 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:24:28.0314 10708 sftlist - ok
19:24:28.0400 10708 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:24:28.0405 10708 Sftplay - ok
19:24:28.0418 10708 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:24:28.0420 10708 Sftredir - ok
19:24:28.0446 10708 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
19:24:28.0447 10708 Sftvol - ok
19:24:28.0487 10708 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:24:28.0490 10708 sftvsa - ok
19:24:28.0530 10708 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:24:28.0539 10708 SharedAccess - ok
19:24:28.0591 10708 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:24:28.0600 10708 ShellHWDetection - ok
19:24:28.0628 10708 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:24:28.0630 10708 SiSRaid2 - ok
19:24:28.0649 10708 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:24:28.0652 10708 SiSRaid4 - ok
19:24:28.0730 10708 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:24:28.0732 10708 SkypeUpdate - ok
19:24:28.0984 10708 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
19:24:29.0014 10708 slsvc - ok
19:24:29.0065 10708 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:24:29.0069 10708 SLUINotify - ok
19:24:29.0115 10708 SmartDefragDriver - ok
19:24:29.0174 10708 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:24:29.0177 10708 Smb - ok
19:24:29.0224 10708 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:24:29.0227 10708 SNMPTRAP - ok
19:24:29.0254 10708 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
19:24:29.0256 10708 spldr - ok
19:24:29.0298 10708 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
19:24:29.0303 10708 Spooler - ok
19:24:29.0344 10708 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
19:24:29.0361 10708 srv - ok
19:24:29.0412 10708 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:24:29.0416 10708 srv2 - ok
19:24:29.0452 10708 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:24:29.0454 10708 srvnet - ok
19:24:29.0488 10708 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:24:29.0494 10708 SSDPSRV - ok
19:24:29.0527 10708 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:24:29.0536 10708 SstpSvc - ok
19:24:29.0548 10708 Steam Client Service - ok
19:24:29.0621 10708 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
19:24:29.0633 10708 stisvc - ok
19:24:29.0654 10708 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:24:29.0656 10708 swenum - ok
19:24:29.0688 10708 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
19:24:29.0705 10708 swprv - ok
19:24:29.0720 10708 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:24:29.0722 10708 Symc8xx - ok
19:24:29.0741 10708 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:24:29.0743 10708 Sym_hi - ok
19:24:29.0760 10708 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:24:29.0763 10708 Sym_u3 - ok
19:24:29.0806 10708 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
19:24:29.0839 10708 SysMain - ok
19:24:29.0855 10708 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:24:29.0860 10708 TabletInputService - ok
19:24:29.0888 10708 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:24:29.0897 10708 TapiSrv - ok
19:24:29.0916 10708 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
19:24:29.0920 10708 TBS - ok
19:24:29.0982 10708 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:24:29.0998 10708 Tcpip - ok
19:24:30.0107 10708 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:24:30.0125 10708 Tcpip6 - ok
19:24:30.0135 10708 [ FD8FDE859E38E40A20085EBB0C22B416 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:24:30.0139 10708 tcpipreg - ok
19:24:30.0164 10708 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:24:30.0166 10708 TDPIPE - ok
19:24:30.0194 10708 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:24:30.0196 10708 TDTCP - ok
19:24:30.0227 10708 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:24:30.0230 10708 tdx - ok
19:24:30.0358 10708 [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
19:24:30.0388 10708 TeamViewer7 - ok
19:24:30.0429 10708 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:24:30.0431 10708 TermDD - ok
19:24:30.0481 10708 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
19:24:30.0498 10708 TermService - ok
19:24:30.0517 10708 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
19:24:30.0522 10708 Themes - ok
19:24:30.0540 10708 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
19:24:30.0542 10708 THREADORDER - ok
19:24:30.0579 10708 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
19:24:30.0584 10708 TrkWks - ok
19:24:30.0617 10708 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:24:30.0619 10708 TrustedInstaller - ok
19:24:30.0651 10708 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:24:30.0653 10708 tssecsrv - ok
19:24:30.0680 10708 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:24:30.0682 10708 tunmp - ok
19:24:30.0719 10708 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:24:30.0722 10708 tunnel - ok
19:24:30.0752 10708 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:24:30.0755 10708 uagp35 - ok
19:24:30.0769 10708 [ 00C8CE31657624A125FDB90EFD554371 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
19:24:30.0771 10708 UBHelper - ok
19:24:30.0797 10708 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:24:30.0806 10708 udfs - ok
19:24:30.0827 10708 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:24:30.0831 10708 UI0Detect - ok
19:24:30.0857 10708 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:24:30.0860 10708 uliagpkx - ok
19:24:30.0884 10708 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:24:30.0890 10708 uliahci - ok
19:24:30.0911 10708 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:24:30.0915 10708 UlSata - ok
19:24:30.0938 10708 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:24:30.0942 10708 ulsata2 - ok
19:24:30.0981 10708 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:24:30.0983 10708 umbus - ok
19:24:31.0014 10708 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
19:24:31.0032 10708 upnphost - ok
19:24:31.0088 10708 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:24:31.0091 10708 USBAAPL64 - ok
19:24:31.0124 10708 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:24:31.0127 10708 usbaudio - ok
19:24:31.0172 10708 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:24:31.0176 10708 usbccgp - ok
19:24:31.0205 10708 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:24:31.0208 10708 usbcir - ok
19:24:31.0221 10708 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:24:31.0224 10708 usbehci - ok
19:24:31.0250 10708 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:24:31.0265 10708 usbhub - ok
19:24:31.0295 10708 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:24:31.0298 10708 usbohci - ok
19:24:31.0314 10708 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
19:24:31.0317 10708 usbprint - ok
19:24:31.0345 10708 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:24:31.0348 10708 USBSTOR - ok
19:24:31.0385 10708 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:24:31.0388 10708 usbuhci - ok
19:24:31.0419 10708 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:24:31.0424 10708 usbvideo - ok
19:24:31.0460 10708 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
19:24:31.0465 10708 UxSms - ok
19:24:31.0496 10708 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
19:24:31.0514 10708 vds - ok
19:24:31.0536 10708 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:24:31.0538 10708 vga - ok
19:24:31.0559 10708 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:24:31.0562 10708 VgaSave - ok
19:24:31.0576 10708 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
19:24:31.0578 10708 viaide - ok
19:24:31.0631 10708 [ 5F974FDE801C73952770736BECDE11E7 ] Viewpoint Manager Service C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
19:24:31.0632 10708 Viewpoint Manager Service - ok
19:24:31.0653 10708 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:24:31.0656 10708 volmgr - ok
19:24:31.0688 10708 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:24:31.0706 10708 volmgrx - ok
19:24:31.0757 10708 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:24:31.0766 10708 volsnap - ok
19:24:31.0795 10708 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:24:31.0800 10708 vsmraid - ok
19:24:31.0853 10708 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
19:24:31.0897 10708 VSS - ok
19:24:31.0936 10708 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
19:24:31.0949 10708 W32Time - ok
19:24:31.0976 10708 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:24:31.0979 10708 WacomPen - ok
19:24:32.0031 10708 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:24:32.0034 10708 Wanarp - ok
19:24:32.0041 10708 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:24:32.0043 10708 Wanarpv6 - ok
19:24:32.0094 10708 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:24:32.0108 10708 wcncsvc - ok
19:24:32.0135 10708 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:24:32.0139 10708 WcsPlugInService - ok
19:24:32.0161 10708 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
19:24:32.0163 10708 Wd - ok
19:24:32.0197 10708 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:24:32.0223 10708 Wdf01000 - ok
19:24:32.0242 10708 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:24:32.0247 10708 WdiServiceHost - ok
19:24:32.0256 10708 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:24:32.0261 10708 WdiSystemHost - ok
19:24:32.0295 10708 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
19:24:32.0302 10708 WebClient - ok
19:24:32.0360 10708 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:24:32.0372 10708 Wecsvc - ok
19:24:32.0392 10708 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:24:32.0398 10708 wercplsupport - ok
19:24:32.0419 10708 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
19:24:32.0424 10708 WerSvc - ok
19:24:32.0465 10708 WinDefend - ok
19:24:32.0480 10708 WinHttpAutoProxySvc - ok
19:24:32.0532 10708 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:24:32.0537 10708 Winmgmt - ok
19:24:32.0672 10708 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys
19:24:32.0673 10708 WinRing0_1_2_0 - ok
19:24:32.0786 10708 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
19:24:32.0839 10708 WinRM - ok
19:24:32.0890 10708 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:24:32.0915 10708 Wlansvc - ok
19:24:33.0075 10708 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:24:33.0101 10708 wlidsvc - ok
19:24:33.0158 10708 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:24:33.0159 10708 WmiAcpi - ok
19:24:33.0192 10708 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:24:33.0198 10708 wmiApSrv - ok
19:24:33.0245 10708 WMPNetworkSvc - ok
19:24:33.0287 10708 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:24:33.0296 10708 WPCSvc - ok
19:24:33.0331 10708 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:24:33.0336 10708 WPDBusEnum - ok
19:24:33.0386 10708 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
19:24:33.0389 10708 WpdUsb - ok
19:24:33.0695 10708 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:24:33.0706 10708 WPFFontCache_v0400 - ok
19:24:33.0728 10708 WPRO_40_1340 - ok
19:24:33.0755 10708 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:24:33.0757 10708 ws2ifsl - ok
19:24:33.0794 10708 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
19:24:33.0799 10708 wscsvc - ok
19:24:33.0806 10708 WSearch - ok
19:24:33.0842 10708 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:24:33.0846 10708 WUDFRd - ok
19:24:33.0876 10708 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:24:33.0881 10708 wudfsvc - ok
19:24:33.0977 10708 X6va009 - ok
19:24:34.0002 10708 ================ Scan global ===============================
19:24:34.0042 10708 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
19:24:34.0072 10708 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
19:24:34.0106 10708 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
19:24:34.0151 10708 [ B8844F93D2C5F1DCDB179AAA9AF134B7 ] C:\Windows\system32\services.exe
19:24:34.0159 10708 [Global] - ok
19:24:34.0160 10708 ================ Scan MBR ==================================
19:24:34.0188 10708 [ EF932EAA6EF4C94E66A7F6CEEC7EB422 ] \Device\Harddisk0\DR0
19:24:38.0790 10708 \Device\Harddisk0\DR0 - ok
19:24:38.0800 10708 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3
19:24:38.0971 10708 \Device\Harddisk3\DR3 - ok
19:24:38.0977 10708 ================ Scan VBR ==================================
19:24:38.0988 10708 [ 3941056915745A06AF750043A12850D9 ] \Device\Harddisk0\DR0\Partition1
19:24:38.0990 10708 \Device\Harddisk0\DR0\Partition1 - ok
19:24:39.0015 10708 [ B0560B1A005DE0DDEA0D1F2346A4F5FD ] \Device\Harddisk0\DR0\Partition2
19:24:39.0018 10708 \Device\Harddisk0\DR0\Partition2 - ok
19:24:39.0026 10708 [ 2C9BCABFA3003AD7B1CEB02437D11780 ] \Device\Harddisk3\DR3\Partition1
19:24:39.0028 10708 \Device\Harddisk3\DR3\Partition1 - ok
19:24:39.0032 10708 ============================================================
19:24:39.0032 10708 Scan finished
19:24:39.0032 10708 ============================================================
19:24:39.0050 10700 Detected object count: 1
19:24:39.0050 10700 Actual detected object count: 1
19:25:56.0200 10700 c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll - copied to quarantine
19:25:56.0201 10700 Akamai ( HiddenFile.Multi.Generic ) - User select action: Quarantine
19:25:58.0457 12688 ============================================================
19:25:58.0457 12688 Scan started
19:25:58.0457 12688 Mode: Manual; TDLFS;
19:25:58.0457 12688 ============================================================
19:25:58.0805 12688 ================ Scan system memory ========================
19:25:58.0805 12688 System memory - ok
19:25:58.0806 12688 ================ Scan services =============================
19:25:58.0918 12688 [ 517D30057C726C797764BFD70A55D82A ] Acer HomeMedia Connect Service C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
19:25:58.0921 12688 Acer HomeMedia Connect Service - ok
19:25:59.0048 12688 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
19:25:59.0052 12688 ACPI - ok
19:25:59.0129 12688 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:25:59.0132 12688 AdobeFlashPlayerUpdateSvc - ok
19:25:59.0167 12688 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:25:59.0173 12688 adp94xx - ok
19:25:59.0209 12688 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:25:59.0213 12688 adpahci - ok
19:25:59.0243 12688 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:25:59.0245 12688 adpu160m - ok
19:25:59.0277 12688 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:25:59.0279 12688 adpu320 - ok
19:25:59.0304 12688 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:25:59.0305 12688 AeLookupSvc - ok
19:25:59.0356 12688 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
19:25:59.0361 12688 AFD - ok
19:25:59.0387 12688 [ 8B0D8B5BAFD4C9D57B41426BC68B32F9 ] AgereModemAudio C:\Windows\system32\agr64svc.exe
19:25:59.0389 12688 AgereModemAudio - ok
19:25:59.0430 12688 [ DDF52C4C92D831A4CDB7788B37585E36 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
19:25:59.0444 12688 AgereSoftModem - ok
19:25:59.0472 12688 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:25:59.0473 12688 agp440 - ok
19:25:59.0497 12688 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:25:59.0498 12688 aic78xx - ok
19:25:59.0666 12688 [ 29584F02A43E427C4227E3B1D9FF1B22 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
19:25:59.0666 12688 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584F02A43E427C4227E3B1D9FF1B22
19:25:59.0680 12688 Akamai ( HiddenFile.Multi.Generic ) - warning
19:25:59.0680 12688 Akamai - detected HiddenFile.Multi.Generic (1)
19:25:59.0709 12688 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
19:25:59.0711 12688 ALG - ok
19:25:59.0735 12688 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
19:25:59.0736 12688 aliide - ok
19:25:59.0763 12688 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:25:59.0766 12688 AMD External Events Utility - ok
19:25:59.0790 12688 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
19:25:59.0791 12688 amdide - ok
19:25:59.0816 12688 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:25:59.0817 12688 AmdK8 - ok
19:26:00.0065 12688 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:26:00.0160 12688 amdkmdag - ok
19:26:00.0206 12688 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:26:00.0210 12688 amdkmdap - ok
19:26:00.0243 12688 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
19:26:00.0244 12688 Appinfo - ok
19:26:00.0292 12688 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:26:00.0294 12688 Apple Mobile Device - ok
19:26:00.0323 12688 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
19:26:00.0324 12688 arc - ok
19:26:00.0351 12688 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:26:00.0352 12688 arcsas - ok
19:26:00.0477 12688 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:26:00.0479 12688 aspnet_state - ok
19:26:00.0512 12688 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:26:00.0513 12688 AsyncMac - ok
19:26:00.0547 12688 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
19:26:00.0548 12688 atapi - ok
19:26:00.0581 12688 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:26:00.0587 12688 AudioEndpointBuilder - ok
19:26:00.0606 12688 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:26:00.0613 12688 AudioSrv - ok
19:26:00.0763 12688 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
19:26:00.0818 12688 AVGIDSAgent - ok
19:26:00.0847 12688 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
19:26:00.0849 12688 AVGIDSDriver - ok
19:26:00.0875 12688 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
19:26:00.0876 12688 AVGIDSFilter - ok
19:26:00.0899 12688 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
19:26:00.0901 12688 AVGIDSHA - ok
19:26:00.0931 12688 [ 59955B4C288DD2A8B9FD2CD5158355C5 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
19:26:00.0935 12688 Avgldx64 - ok
19:26:00.0962 12688 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
19:26:00.0963 12688 Avgmfx64 - ok
19:26:00.0974 12688 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
19:26:00.0976 12688 Avgrkx64 - ok
19:26:01.0001 12688 [ 1BEE674AD792B1C63BB0DAC5FA724B23 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
19:26:01.0006 12688 Avgtdia - ok
19:26:01.0031 12688 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
19:26:01.0034 12688 avgwd - ok
19:26:01.0076 12688 [ 66F6F5DA699EDF22F7E3D7E0511A3145 ] bdfndisf C:\Windows\system32\DRIVERS\BdfNdisf6.sys
19:26:01.0078 12688 bdfndisf - ok
19:26:01.0086 12688 Beep - ok
19:26:01.0119 12688 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
19:26:01.0124 12688 BFE - ok
19:26:01.0148 12688 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:26:01.0150 12688 blbdrive - ok
19:26:01.0179 12688 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:26:01.0181 12688 bowser - ok
19:26:01.0199 12688 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:26:01.0200 12688 BrFiltLo - ok
19:26:01.0211 12688 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:26:01.0212 12688 BrFiltUp - ok
19:26:01.0239 12688 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
19:26:01.0240 12688 Browser - ok
19:26:01.0258 12688 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
19:26:01.0260 12688 Brserid - ok
19:26:01.0279 12688 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:26:01.0280 12688 BrSerWdm - ok
19:26:01.0301 12688 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:26:01.0302 12688 BrUsbMdm - ok
19:26:01.0312 12688 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:26:01.0314 12688 BrUsbSer - ok
19:26:01.0347 12688 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:26:01.0348 12688 BTHMODEM - ok
19:26:01.0404 12688 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
19:26:01.0405 12688 BUNAgentSvc - ok
19:26:01.0512 12688 catchme - ok
19:26:01.0532 12688 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:26:01.0533 12688 cdfs - ok
19:26:01.0582 12688 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:26:01.0583 12688 cdrom - ok
19:26:01.0605 12688 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
19:26:01.0606 12688 CertPropSvc - ok
19:26:01.0625 12688 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
19:26:01.0626 12688 circlass - ok
19:26:01.0647 12688 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
19:26:01.0651 12688 CLFS - ok
19:26:01.0684 12688 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:26:01.0686 12688 clr_optimization_v2.0.50727_32 - ok
19:26:01.0723 12688 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:26:01.0725 12688 clr_optimization_v2.0.50727_64 - ok
19:26:01.0785 12688 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:26:01.0787 12688 clr_optimization_v4.0.30319_32 - ok
19:26:01.0817 12688 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:26:01.0819 12688 clr_optimization_v4.0.30319_64 - ok
19:26:01.0835 12688 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:26:01.0836 12688 cmdide - ok
19:26:01.0851 12688 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:26:01.0852 12688 Compbatt - ok
19:26:01.0861 12688 COMSysApp - ok
19:26:01.0881 12688 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:26:01.0882 12688 crcdisk - ok
19:26:01.0922 12688 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:26:01.0925 12688 CryptSvc - ok
19:26:01.0987 12688 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:26:01.0997 12688 cvhsvc - ok
19:26:02.0050 12688 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:26:02.0059 12688 DcomLaunch - ok
19:26:02.0095 12688 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:26:02.0096 12688 DfsC - ok
19:26:02.0184 12688 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
19:26:02.0217 12688 DFSR - ok
19:26:02.0241 12688 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:26:02.0245 12688 Dhcp - ok
19:26:02.0282 12688 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
19:26:02.0283 12688 disk - ok
19:26:02.0311 12688 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:26:02.0313 12688 Dnscache - ok
19:26:02.0335 12688 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
19:26:02.0338 12688 dot3svc - ok
19:26:02.0352 12688 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
19:26:02.0354 12688 DPS - ok
19:26:02.0375 12688 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:26:02.0376 12688 drmkaud - ok
19:26:02.0404 12688 dump_wmimmc - ok
19:26:02.0453 12688 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:26:02.0462 12688 DXGKrnl - ok
19:26:02.0481 12688 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
19:26:02.0484 12688 E1G60 - ok
19:26:02.0492 12688 EagleX64 - ok
19:26:02.0530 12688 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
19:26:02.0532 12688 EapHost - ok
19:26:02.0549 12688 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
19:26:02.0551 12688 Ecache - ok
19:26:02.0600 12688 [ B1F2503E23425B386DF0F3413B2596F3 ] eDataSecurity Service C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
19:26:02.0606 12688 eDataSecurity Service - ok
19:26:02.0634 12688 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:26:02.0638 12688 ehRecvr - ok
19:26:02.0656 12688 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
19:26:02.0658 12688 ehSched - ok
19:26:02.0669 12688 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
19:26:02.0670 12688 ehstart - ok
19:26:02.0699 12688 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:26:02.0704 12688 elxstor - ok
19:26:02.0738 12688 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:26:02.0744 12688 EMDMgmt - ok
19:26:02.0763 12688 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:26:02.0764 12688 ErrDev - ok
19:26:02.0814 12688 [ C0FE39B8F686B7C70A666E716CC12B49 ] ETService C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
19:26:02.0815 12688 ETService - ok
19:26:02.0851 12688 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
19:26:02.0857 12688 EventSystem - ok
19:26:02.0888 12688 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
19:26:02.0890 12688 exfat - ok
19:26:02.0923 12688 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:26:02.0925 12688 fastfat - ok
19:26:02.0959 12688 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:26:02.0960 12688 fdc - ok
19:26:02.0973 12688 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
19:26:02.0975 12688 fdPHost - ok
19:26:02.0995 12688 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
19:26:02.0996 12688 FDResPub - ok
19:26:03.0005 12688 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:26:03.0007 12688 FileInfo - ok
19:26:03.0029 12688 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:26:03.0030 12688 Filetrace - ok
19:26:03.0041 12688 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:26:03.0042 12688 flpydisk - ok
19:26:03.0065 12688 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:26:03.0069 12688 FltMgr - ok
19:26:03.0129 12688 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
19:26:03.0142 12688 FontCache - ok
19:26:03.0183 12688 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:26:03.0184 12688 FontCache3.0.0.0 - ok
19:26:03.0199 12688 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:26:03.0199 12688 Fs_Rec - ok
19:26:03.0217 12688 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:26:03.0218 12688 gagp30kx - ok
19:26:03.0252 12688 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:26:03.0252 12688 GEARAspiWDM - ok
19:26:03.0292 12688 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
19:26:03.0300 12688 gpsvc - ok
19:26:03.0321 12688 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
19:26:03.0322 12688 hamachi - ok
19:26:03.0364 12688 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:26:03.0367 12688 HdAudAddService - ok
19:26:03.0414 12688 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:26:03.0423 12688 HDAudBus - ok
19:26:03.0442 12688 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:26:03.0443 12688 HidBth - ok
19:26:03.0458 12688 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:26:03.0459 12688 HidIr - ok
19:26:03.0484 12688 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
19:26:03.0486 12688 hidserv - ok
19:26:03.0511 12688 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:26:03.0512 12688 HidUsb - ok
19:26:03.0549 12688 [ 0926C3B5CBF64C88F432FF449B211807 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
19:26:03.0551 12688 HitmanProScheduler - ok
19:26:03.0573 12688 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
19:26:03.0579 12688 hkmsvc - ok
19:26:03.0598 12688 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:26:03.0600 12688 HpCISSs - ok
19:26:03.0644 12688 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:26:03.0650 12688 HTTP - ok
19:26:03.0672 12688 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:26:03.0673 12688 i2omp - ok
19:26:03.0693 12688 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:26:03.0695 12688 i8042prt - ok
19:26:03.0720 12688 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:26:03.0723 12688 iaStorV - ok
19:26:03.0789 12688 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:26:03.0798 12688 idsvc - ok
19:26:03.0819 12688 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:26:03.0820 12688 iirsp - ok
19:26:03.0847 12688 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
19:26:03.0853 12688 IKEEXT - ok
19:26:03.0930 12688 [ 8C7FA71CB1EBCD3EDE8958D27B1BF0B4 ] int15 C:\Windows\SysWOW64\drivers\int15_64.sys
19:26:03.0931 12688 int15 - ok
19:26:03.0972 12688 [ 023EB98945069178C21B324B880AD787 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:26:03.0991 12688 IntcAzAudAddService - ok
19:26:04.0011 12688 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
19:26:04.0012 12688 intelide - ok
19:26:04.0027 12688 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:26:04.0028 12688 intelppm - ok
19:26:04.0046 12688 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:26:04.0048 12688 IPBusEnum - ok
19:26:04.0076 12688 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:26:04.0077 12688 IpFilterDriver - ok
19:26:04.0113 12688 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:26:04.0117 12688 iphlpsvc - ok
19:26:04.0124 12688 IpInIp - ok
19:26:04.0145 12688 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:26:04.0147 12688 IPMIDRV - ok
19:26:04.0166 12688 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:26:04.0168 12688 IPNAT - ok
19:26:04.0202 12688 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:26:04.0211 12688 iPod Service - ok
19:26:04.0226 12688 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:26:04.0226 12688 IRENUM - ok
19:26:04.0237 12688 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:26:04.0239 12688 isapnp - ok
19:26:04.0274 12688 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:26:04.0277 12688 iScsiPrt - ok
19:26:04.0289 12688 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:26:04.0290 12688 iteatapi - ok
19:26:04.0313 12688 [ 25D0DACC04EADA6DCBC0B1E46F309759 ] ITEIO.SYS c:\Windows\System32\drivers\ITEIO.sys
19:26:04.0314 12688 ITEIO.SYS - ok
19:26:04.0330 12688 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:26:04.0331 12688 iteraid - ok
19:26:04.0347 12688 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:26:04.0348 12688 kbdclass - ok
19:26:04.0378 12688 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:26:04.0379 12688 kbdhid - ok
19:26:04.0393 12688 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
19:26:04.0395 12688 KeyIso - ok
19:26:04.0425 12688 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:26:04.0431 12688 KSecDD - ok
19:26:04.0444 12688 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:26:04.0447 12688 ksthunk - ok
19:26:04.0477 12688 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
19:26:04.0483 12688 KtmRm - ok
19:26:04.0519 12688 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:26:04.0524 12688 LanmanServer - ok
19:26:04.0567 12688 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:26:04.0572 12688 LanmanWorkstation - ok
19:26:04.0607 12688 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:26:04.0608 12688 LightScribeService - ok
19:26:04.0624 12688 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:26:04.0625 12688 lltdio - ok
19:26:04.0648 12688 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:26:04.0652 12688 lltdsvc - ok
19:26:04.0668 12688 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:26:04.0670 12688 lmhosts - ok
19:26:04.0688 12688 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:26:04.0690 12688 LSI_FC - ok
19:26:04.0709 12688 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:26:04.0711 12688 LSI_SAS - ok
19:26:04.0723 12688 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:26:04.0725 12688 LSI_SCSI - ok
19:26:04.0739 12688 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
19:26:04.0742 12688 luafv - ok
19:26:04.0763 12688 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:26:04.0766 12688 Mcx2Svc - ok
19:26:04.0785 12688 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
19:26:04.0786 12688 megasas - ok
19:26:04.0807 12688 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
19:26:04.0813 12688 MegaSR - ok
19:26:04.0829 12688 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
19:26:04.0831 12688 MMCSS - ok
19:26:04.0846 12688 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
19:26:04.0847 12688 Modem - ok
19:26:04.0881 12688 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:26:04.0882 12688 monitor - ok
19:26:04.0907 12688 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:26:04.0911 12688 mouclass - ok
19:26:04.0938 12688 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:26:04.0939 12688 mouhid - ok
19:26:04.0963 12688 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:26:04.0965 12688 MountMgr - ok
19:26:04.0992 12688 [ C177A7EBF5E8A0B596F618870516CAB8 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:26:04.0995 12688 MpFilter - ok
19:26:05.0031 12688 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
19:26:05.0034 12688 mpio - ok
19:26:05.0083 12688 [ 8FBF6B31FE8AF1833D93C5913D5B4D55 ] MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys
19:26:05.0084 12688 MpNWMon - ok
19:26:05.0111 12688 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:26:05.0112 12688 mpsdrv - ok
19:26:05.0148 12688 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
19:26:05.0156 12688 MpsSvc - ok
19:26:05.0193 12688 [ 637650A42FD23947D837053FAC789D38 ] mr97310c C:\Windows\system32\DRIVERS\mr97310c.sys
19:26:05.0196 12688 mr97310c - ok
19:26:05.0218 12688 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:26:05.0219 12688 Mraid35x - ok
19:26:05.0242 12688 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:26:05.0244 12688 MRxDAV - ok
19:26:05.0276 12688 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:26:05.0279 12688 mrxsmb - ok
19:26:05.0321 12688 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:26:05.0324 12688 mrxsmb10 - ok
19:26:05.0337 12688 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:26:05.0339 12688 mrxsmb20 - ok
19:26:05.0357 12688 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
19:26:05.0361 12688 msahci - ok
19:26:05.0380 12688 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:26:05.0382 12688 msdsm - ok
19:26:05.0398 12688 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
19:26:05.0401 12688 MSDTC - ok
19:26:05.0434 12688 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:26:05.0435 12688 Msfs - ok
19:26:05.0448 12688 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:26:05.0449 12688 msisadrv - ok
19:26:05.0480 12688 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:26:05.0484 12688 MSiSCSI - ok
19:26:05.0496 12688 msiserver - ok
19:26:05.0513 12688 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:26:05.0514 12688 MSKSSRV - ok
19:26:05.0534 12688 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:26:05.0535 12688 MSPCLOCK - ok
19:26:05.0550 12688 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:26:05.0551 12688 MSPQM - ok
19:26:05.0578 12688 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:26:05.0581 12688 MsRPC - ok
19:26:05.0603 12688 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:26:05.0604 12688 mssmbios - ok
19:26:05.0622 12688 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:26:05.0623 12688 MSTEE - ok
19:26:05.0635 12688 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
19:26:05.0636 12688 Mup - ok
19:26:05.0663 12688 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
19:26:05.0671 12688 napagent - ok
19:26:05.0708 12688 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:26:05.0712 12688 NativeWifiP - ok
19:26:05.0758 12688 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:26:05.0767 12688 NDIS - ok
19:26:05.0777 12688 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:26:05.0779 12688 NdisTapi - ok
19:26:05.0793 12688 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:26:05.0795 12688 Ndisuio - ok
19:26:05.0809 12688 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:26:05.0812 12688 NdisWan - ok
19:26:05.0830 12688 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:26:05.0832 12688 NDProxy - ok
19:26:05.0847 12688 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:26:05.0848 12688 NetBIOS - ok
19:26:05.0877 12688 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:26:05.0881 12688 netbt - ok
19:26:05.0891 12688 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
19:26:05.0893 12688 Netlogon - ok
19:26:05.0920 12688 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
19:26:05.0927 12688 Netman - ok
19:26:05.0996 12688 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:26:05.0999 12688 NetMsmqActivator - ok
19:26:06.0036 12688 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:26:06.0038 12688 NetPipeActivator - ok
19:26:06.0072 12688 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
19:26:06.0078 12688 netprofm - ok
19:26:06.0087 12688 netr28ux - ok
19:26:06.0101 12688 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:26:06.0104 12688 NetTcpActivator - ok
19:26:06.0114 12688 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:26:06.0117 12688 NetTcpPortSharing - ok
19:26:06.0145 12688 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:26:06.0146 12688 nfrd960 - ok
19:26:06.0183 12688 [ 5F7D72CBCDD025AF1F38FDEEE5646968 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:26:06.0185 12688 NisDrv - ok
19:26:06.0272 12688 [ 566DDD5D82520DA01D75F81428AC4C38 ] NisSrv C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
19:26:06.0278 12688 NisSrv - ok
19:26:06.0295 12688 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
19:26:06.0300 12688 NlaSvc - ok
19:26:06.0317 12688 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:26:06.0318 12688 Npfs - ok
19:26:06.0331 12688 npggsvc - ok
19:26:06.0342 12688 NPPTNT2 - ok
19:26:06.0391 12688 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
19:26:06.0394 12688 nsi - ok
19:26:06.0415 12688 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:26:06.0416 12688 nsiproxy - ok
19:26:06.0478 12688 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:26:06.0493 12688 Ntfs - ok
19:26:06.0510 12688 [ A2B6583A5652A385DFF5E4F49AD48761 ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
19:26:06.0511 12688 NTIBackupSvc - ok
19:26:06.0526 12688 [ 7D397449AAF52B0E7C79B64F6AD4473E ] NTIDrvr C:\Windows\system32\Drivers\NTIDrvr.sys
19:26:06.0527 12688 NTIDrvr - ok
19:26:06.0543 12688 [ 40B87FE8A1A9A5AC9E5A91D96F212BCD ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
19:26:06.0546 12688 NTISchedulerSvc - ok
19:26:06.0558 12688 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
19:26:06.0559 12688 Null - ok
19:26:06.0604 12688 [ 98350606682594521D56ECCB5D01ECF7 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx64.sys
19:26:06.0621 12688 NVENETFD - ok
19:26:06.0642 12688 [ 6E022D5F44CD8B029CF799807BB31269 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
19:26:06.0644 12688 NVHDA - ok
19:26:06.0911 12688 [ FEFFC8474BE060EA7349A172B9810415 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:26:07.0040 12688 nvlddmkm - ok
19:26:07.0061 12688 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:26:07.0063 12688 nvraid - ok
19:26:07.0094 12688 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:26:07.0095 12688 nvstor - ok
19:26:07.0117 12688 [ 581286807B5832503FD700A3217B589F ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
19:26:07.0119 12688 nvstor64 - ok
19:26:07.0173 12688 [ 18AA5FF4EE3FE45A64B98589C62B7FC0 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:26:07.0179 12688 nvsvc - ok
19:26:07.0197 12688 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:26:07.0199 12688 nv_agp - ok
19:26:07.0209 12688 NwlnkFlt - ok
19:26:07.0220 12688 NwlnkFwd - ok
19:26:07.0264 12688 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:26:07.0265 12688 ohci1394 - ok
19:26:07.0306 12688 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:26:07.0308 12688 ose - ok
19:26:07.0471 12688 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:26:07.0520 12688 osppsvc - ok
19:26:07.0557 12688 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:26:07.0567 12688 p2pimsvc - ok
19:26:07.0599 12688 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
19:26:07.0610 12688 p2psvc - ok
19:26:07.0628 12688 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
19:26:07.0630 12688 Parport - ok
19:26:07.0666 12688 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:26:07.0667 12688 partmgr - ok
19:26:07.0686 12688 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
19:26:07.0690 12688 PcaSvc - ok
19:26:07.0729 12688 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
19:26:07.0732 12688 pci - ok
19:26:07.0746 12688 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
19:26:07.0747 12688 pciide - ok
19:26:07.0767 12688 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:26:07.0770 12688 pcmcia - ok
19:26:07.0803 12688 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:26:07.0811 12688 PEAUTH - ok
19:26:07.0904 12688 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:26:07.0906 12688 PerfHost - ok
19:26:07.0972 12688 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
19:26:07.0990 12688 pla - ok
19:26:08.0019 12688 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:26:08.0026 12688 PlugPlay - ok
19:26:08.0060 12688 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:26:08.0072 12688 PNRPAutoReg - ok
19:26:08.0095 12688 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:26:08.0107 12688 PNRPsvc - ok
19:26:08.0157 12688 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:26:08.0164 12688 PolicyAgent - ok
19:26:08.0204 12688 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:26:08.0205 12688 PptpMiniport - ok
19:26:08.0224 12688 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
19:26:08.0225 12688 Processor - ok
19:26:08.0249 12688 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
19:26:08.0253 12688 ProfSvc - ok
19:26:08.0266 12688 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
19:26:08.0268 12688 ProtectedStorage - ok
19:26:08.0289 12688 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:26:08.0292 12688 PSched - ok
19:26:08.0300 12688 [ 2CFD31D41CDE75328ACAEEE2D4F4B836 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys
19:26:08.0301 12688 PSDFilter - ok
19:26:08.0317 12688 [ 51A585F999672D8BB07F22AE12B40846 ] PSDNServ C:\Windows\system32\DRIVERS\PSDNServ.sys
19:26:08.0318 12688 PSDNServ - ok
19:26:08.0331 12688 [ DB50D3F5C31B1A848B04F7F2A6FF2709 ] psdvdisk C:\Windows\system32\DRIVERS\PSDVdisk.sys
19:26:08.0333 12688 psdvdisk - ok
19:26:08.0369 12688 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:26:08.0382 12688 ql2300 - ok
19:26:08.0400 12688 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:26:08.0402 12688 ql40xx - ok
19:26:08.0422 12688 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
19:26:08.0428 12688 QWAVE - ok
19:26:08.0449 12688 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:26:08.0451 12688 QWAVEdrv - ok
19:26:08.0469 12688 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:26:08.0470 12688 RasAcd - ok
19:26:08.0489 12688 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
19:26:08.0495 12688 RasAuto - ok
19:26:08.0515 12688 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:26:08.0518 12688 Rasl2tp - ok
19:26:08.0542 12688 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
19:26:08.0549 12688 RasMan - ok
19:26:08.0572 12688 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:26:08.0576 12688 RasPppoe - ok
19:26:08.0598 12688 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:26:08.0600 12688 RasSstp - ok
19:26:08.0638 12688 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:26:08.0641 12688 rdbss - ok
19:26:08.0667 12688 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:26:08.0668 12688 RDPCDD - ok
19:26:08.0718 12688 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
19:26:08.0722 12688 rdpdr - ok
19:26:08.0731 12688 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:26:08.0732 12688 RDPENCDD - ok
19:26:08.0781 12688 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:26:08.0784 12688 RDPWD - ok
19:26:08.0819 12688 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:26:08.0822 12688 RemoteAccess - ok
19:26:08.0857 12688 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:26:08.0862 12688 RemoteRegistry - ok
19:26:08.0906 12688 [ A035A7BF5132682F53F1E7B955690CE7 ] RichVideo C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
19:26:08.0909 12688 RichVideo - ok
19:26:08.0952 12688 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
19:26:08.0954 12688 RpcLocator - ok
19:26:08.0984 12688 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
19:26:08.0993 12688 RpcSs - ok
19:26:09.0015 12688 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:26:09.0017 12688 rspndr - ok
19:26:09.0033 12688 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
19:26:09.0035 12688 SamSs - ok
19:26:09.0056 12688 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:26:09.0059 12688 sbp2port - ok
19:26:09.0085 12688 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:26:09.0089 12688 SCardSvr - ok
19:26:09.0143 12688 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
19:26:09.0155 12688 Schedule - ok
19:26:09.0189 12688 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:26:09.0191 12688 SCPolicySvc - ok
19:26:09.0233 12688 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:26:09.0237 12688 SDRSVC - ok
19:26:09.0267 12688 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:26:09.0269 12688 secdrv - ok
19:26:09.0284 12688 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
19:26:09.0288 12688 seclogon - ok
19:26:09.0317 12688 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
19:26:09.0321 12688 SENS - ok
19:26:09.0350 12688 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:26:09.0351 12688 Serenum - ok
19:26:09.0375 12688 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:26:09.0377 12688 Serial - ok
19:26:09.0390 12688 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:26:09.0394 12688 sermouse - ok
19:26:09.0428 12688 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
19:26:09.0431 12688 SessionEnv - ok
19:26:09.0443 12688 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:26:09.0445 12688 sffdisk - ok
19:26:09.0456 12688 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:26:09.0458 12688 sffp_mmc - ok
19:26:09.0470 12688 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:26:09.0471 12688 sffp_sd - ok
19:26:09.0483 12688 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:26:09.0484 12688 sfloppy - ok
19:26:09.0527 12688 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
19:26:09.0535 12688 Sftfs - ok
19:26:09.0605 12688 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:26:09.0610 12688 sftlist - ok
19:26:09.0651 12688 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:26:09.0655 12688 Sftplay - ok
19:26:09.0683 12688 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:26:09.0684 12688 Sftredir - ok
19:26:09.0698 12688 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
19:26:09.0699 12688 Sftvol - ok
19:26:09.0734 12688 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:26:09.0737 12688 sftvsa - ok
19:26:09.0761 12688 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:26:09.0765 12688 SharedAccess - ok
19:26:09.0805 12688 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:26:09.0811 12688 ShellHWDetection - ok
19:26:09.0825 12688 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:26:09.0826 12688 SiSRaid2 - ok
19:26:09.0838 12688 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:26:09.0840 12688 SiSRaid4 - ok
19:26:09.0894 12688 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:26:09.0896 12688 SkypeUpdate - ok
19:26:09.0969 12688 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
19:26:09.0998 12688 slsvc - ok
19:26:10.0020 12688 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:26:10.0024 12688 SLUINotify - ok
19:26:10.0046 12688 SmartDefragDriver - ok
19:26:10.0080 12688 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:26:10.0081 12688 Smb - ok
19:26:10.0121 12688 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:26:10.0124 12688 SNMPTRAP - ok
19:26:10.0152 12688 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
19:26:10.0153 12688 spldr - ok
19:26:10.0204 12688 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
19:26:10.0210 12688 Spooler - ok
19:26:10.0258 12688 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
19:26:10.0266 12688 srv - ok
19:26:10.0301 12688 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:26:10.0304 12688 srv2 - ok
19:26:10.0341 12688 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:26:10.0343 12688 srvnet - ok
19:26:10.0369 12688 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:26:10.0374 12688 SSDPSRV - ok
19:26:10.0393 12688 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:26:10.0398 12688 SstpSvc - ok
19:26:10.0420 12688 Steam Client Service - ok
19:26:10.0477 12688 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
19:26:10.0486 12688 stisvc - ok
19:26:10.0510 12688 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:26:10.0511 12688 swenum - ok
19:26:10.0544 12688 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
19:26:10.0557 12688 swprv - ok
19:26:10.0576 12688 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:26:10.0577 12688 Symc8xx - ok
19:26:10.0605 12688 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:26:10.0606 12688 Sym_hi - ok
19:26:10.0641 12688 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:26:10.0643 12688 Sym_u3 - ok
19:26:10.0687 12688 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
19:26:10.0698 12688 SysMain - ok
19:26:10.0727 12688 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:26:10.0731 12688 TabletInputService - ok
19:26:10.0752 12688 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:26:10.0759 12688 TapiSrv - ok
19:26:10.0780 12688 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
19:26:10.0784 12688 TBS - ok
19:26:10.0829 12688 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:26:10.0844 12688 Tcpip - ok
19:26:10.0888 12688 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:26:10.0902 12688 Tcpip6 - ok
19:26:10.0910 12688 [ FD8FDE859E38E40A20085EBB0C22B416 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:26:10.0912 12688 tcpipreg - ok
19:26:10.0927 12688 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:26:10.0928 12688 TDPIPE - ok
19:26:10.0942 12688 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:26:10.0943 12688 TDTCP - ok
19:26:10.0966 12688 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:26:10.0968 12688 tdx - ok
19:26:11.0076 12688 [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
19:26:11.0107 12688 TeamViewer7 - ok
19:26:11.0151 12688 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:26:11.0153 12688 TermDD - ok
19:26:11.0195 12688 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
19:26:11.0203 12688 TermService - ok
19:26:11.0231 12688 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
19:26:11.0237 12688 Themes - ok
19:26:11.0271 12688 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
19:26:11.0276 12688 THREADORDER - ok
19:26:11.0302 12688 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
19:26:11.0306 12688 TrkWks - ok
19:26:11.0340 12688 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:26:11.0341 12688 TrustedInstaller - ok
19:26:11.0381 12688 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:26:11.0383 12688 tssecsrv - ok
19:26:11.0419 12688 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:26:11.0420 12688 tunmp - ok
19:26:11.0458 12688 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:26:11.0460 12688 tunnel - ok
19:26:11.0474 12688 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:26:11.0476 12688 uagp35 - ok
19:26:11.0492 12688 [ 00C8CE31657624A125FDB90EFD554371 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
19:26:11.0493 12688 UBHelper - ok
19:26:11.0520 12688 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:26:11.0526 12688 udfs - ok
19:26:11.0546 12688 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:26:11.0550 12688 UI0Detect - ok
19:26:11.0571 12688 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:26:11.0574 12688 uliagpkx - ok
19:26:11.0598 12688 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:26:11.0601 12688 uliahci - ok
19:26:11.0626 12688 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:26:11.0628 12688 UlSata - ok
19:26:11.0643 12688 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:26:11.0646 12688 ulsata2 - ok
19:26:11.0687 12688 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:26:11.0688 12688 umbus - ok
19:26:11.0712 12688 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
19:26:11.0719 12688 upnphost - ok
19:26:11.0752 12688 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:26:11.0753 12688 USBAAPL64 - ok
19:26:11.0779 12688 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:26:11.0781 12688 usbaudio - ok
19:26:11.0820 12688 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:26:11.0822 12688 usbccgp - ok
19:26:11.0836 12688 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:26:11.0838 12688 usbcir - ok
19:26:11.0857 12688 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:26:11.0860 12688 usbehci - ok
19:26:11.0887 12688 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:26:11.0892 12688 usbhub - ok
19:26:11.0909 12688 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:26:11.0910 12688 usbohci - ok
19:26:11.0928 12688 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
19:26:11.0929 12688 usbprint - ok
19:26:11.0950 12688 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:26:11.0952 12688 USBSTOR - ok
19:26:11.0983 12688 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:26:11.0984 12688 usbuhci - ok
19:26:12.0017 12688 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:26:12.0019 12688 usbvideo - ok
19:26:12.0049 12688 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
19:26:12.0056 12688 UxSms - ok
19:26:12.0094 12688 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
19:26:12.0101 12688 vds - ok
19:26:12.0125 12688 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:26:12.0126 12688 vga - ok
19:26:12.0159 12688 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:26:12.0160 12688 VgaSave - ok
19:26:12.0190 12688 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
19:26:12.0191 12688 viaide - ok
19:26:12.0244 12688 [ 5F974FDE801C73952770736BECDE11E7 ] Viewpoint Manager Service C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
19:26:12.0245 12688 Viewpoint Manager Service - ok
19:26:12.0277 12688 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:26:12.0278 12688 volmgr - ok
19:26:12.0319 12688 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:26:12.0325 12688 volmgrx - ok
19:26:12.0388 12688 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:26:12.0392 12688 volsnap - ok
19:26:12.0418 12688 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:26:12.0420 12688 vsmraid - ok
19:26:12.0492 12688 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
19:26:12.0510 12688 VSS - ok
19:26:12.0533 12688 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
19:26:12.0541 12688 W32Time - ok
19:26:12.0565 12688 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:26:12.0566 12688 WacomPen - ok
19:26:12.0595 12688 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:26:12.0596 12688 Wanarp - ok
19:26:12.0607 12688 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:26:12.0608 12688 Wanarpv6 - ok
19:26:12.0635 12688 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:26:12.0643 12688 wcncsvc - ok
19:26:12.0666 12688 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:26:12.0669 12688 WcsPlugInService - ok
19:26:12.0684 12688 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
19:26:12.0685 12688 Wd - ok
19:26:12.0713 12688 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:26:12.0722 12688 Wdf01000 - ok
19:26:12.0741 12688 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:26:12.0745 12688 WdiServiceHost - ok
19:26:12.0761 12688 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:26:12.0765 12688 WdiSystemHost - ok
19:26:12.0784 12688 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
19:26:12.0789 12688 WebClient - ok
19:26:12.0824 12688 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:26:12.0830 12688 Wecsvc - ok
19:26:12.0848 12688 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:26:12.0851 12688 wercplsupport - ok
19:26:12.0866 12688 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
19:26:12.0870 12688 WerSvc - ok
19:26:12.0887 12688 WinDefend - ok
19:26:12.0902 12688 WinHttpAutoProxySvc - ok
19:26:12.0954 12688 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:26:12.0957 12688 Winmgmt - ok
19:26:13.0028 12688 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys
19:26:13.0029 12688 WinRing0_1_2_0 - ok
19:26:13.0101 12688 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
19:26:13.0125 12688 WinRM - ok
19:26:13.0179 12688 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:26:13.0188 12688 Wlansvc - ok
19:26:13.0321 12688 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:26:13.0345 12688 wlidsvc - ok
19:26:13.0372 12688 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:26:13.0373 12688 WmiAcpi - ok
19:26:13.0407 12688 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:26:13.0410 12688 wmiApSrv - ok
19:26:13.0416 12688 WMPNetworkSvc - ok
19:26:13.0449 12688 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:26:13.0455 12688 WPCSvc - ok
19:26:13.0503 12688 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:26:13.0507 12688 WPDBusEnum - ok
19:26:13.0542 12688 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
19:26:13.0543 12688 WpdUsb - ok
19:26:13.0668 12688 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:26:13.0678 12688 WPFFontCache_v0400 - ok
19:26:13.0699 12688 WPRO_40_1340 - ok
19:26:13.0727 12688 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:26:13.0728 12688 ws2ifsl - ok
19:26:13.0766 12688 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
19:26:13.0770 12688 wscsvc - ok
19:26:13.0792 12688 WSearch - ok
19:26:13.0831 12688 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:26:13.0833 12688 WUDFRd - ok
19:26:13.0849 12688 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:26:13.0853 12688 wudfsvc - ok
19:26:13.0907 12688 X6va009 - ok
19:26:13.0965 12688 ================ Scan global ===============================
19:26:13.0989 12688 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
19:26:14.0028 12688 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
19:26:14.0078 12688 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
19:26:14.0114 12688 [ B8844F93D2C5F1DCDB179AAA9AF134B7 ] C:\Windows\system32\services.exe
19:26:14.0123 12688 [Global] - ok
19:26:14.0124 12688 ================ Scan MBR ==================================
19:26:14.0144 12688 [ EF932EAA6EF4C94E66A7F6CEEC7EB422 ] \Device\Harddisk0\DR0
19:26:18.0571 12688 \Device\Harddisk0\DR0 - ok
19:26:18.0580 12688 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3
19:26:18.0741 12688 \Device\Harddisk3\DR3 - ok
19:26:18.0741 12688 ================ Scan VBR ==================================
19:26:18.0747 12688 [ 3941056915745A06AF750043A12850D9 ] \Device\Harddisk0\DR0\Partition1
19:26:18.0749 12688 \Device\Harddisk0\DR0\Partition1 - ok
19:26:18.0771 12688 [ B0560B1A005DE0DDEA0D1F2346A4F5FD ] \Device\Harddisk0\DR0\Partition2
19:26:18.0773 12688 \Device\Harddisk0\DR0\Partition2 - ok
19:26:18.0781 12688 [ 2C9BCABFA3003AD7B1CEB02437D11780 ] \Device\Harddisk3\DR3\Partition1
19:26:18.0783 12688 \Device\Harddisk3\DR3\Partition1 - ok
19:26:18.0784 12688 ============================================================
19:26:18.0784 12688 Scan finished
19:26:18.0784 12688 ============================================================
19:26:18.0802 12680 Detected object count: 1
19:26:18.0802 12680 Actual detected object count: 1
19:26:22.0148 12680 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
19:26:22.0148 12680 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
19:26:24.0815 10544 Deinitialize success


Second Program: Computer blue screened and shutdown to prevent something.



Third Program:



C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Trial Creator\Export\SoftDMA_Trial\Autorun.inf INF/Autorun.gen worm cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\MySearch\bar\1.bin\S4PLUGIN.DLL.vir a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbarUpdater.exe.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Roaming\pcftp.dll.vir a variant of Win32/Medfos.CY trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir a variant of Win32/Sirefef.EZ trojan deleted - quarantined
C:\Users\Administrator\AppData\Local\{97952C4D-F240-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
C:\Users\fishwish9\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\US8ZT4NL\abyr[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\fishwish9\Documents\Downloads\freeripmp3_31.exe Win32/Adware.ADON application cleaned by deleting - quarantined
C:\Users\fishwish9\Documents\Downloads\installer_windows_movie_maker_14_0_8092_0805_English.exe Win32/Toggle application cleaned by deleting - quarantined
C:\Users\fishwish9\Documents\Downloads\registrybooster (1).exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\fishwish9\Documents\Downloads\SoftonicDownloader80984.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Windows\Installer\{42fad9e2-bc35-3f99-8341-c3c5342c90f8}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{42fad9e2-bc35-3f99-8341-c3c5342c90f8}\U\000000cb.@ Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\Windows\Installer\{42fad9e2-bc35-3f99-8341-c3c5342c90f8}\U\80000000.@ Win64/Sirefef.AP trojan cleaned by deleting - quarantined
C:\Windows\Installer\{42fad9e2-bc35-3f99-8341-c3c5342c90f8}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{42fad9e2-bc35-3f99-8341-c3c5342c90f8}\U\80000064.@ Win64/Sirefef.AN trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.EZ trojan

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:36 PM

Posted 02 September 2012 - 07:56 AM

Boot into safemode with networking and run ASWMBR

#5 Bancha

Bancha
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 02 September 2012 - 08:26 AM

Boot into safemode with networking and run ASWMBR


Do I need to download that program?

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:36 PM

Posted 02 September 2012 - 08:29 AM

I think you already have it on desktop

#7 Bancha

Bancha
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 02 September 2012 - 09:34 AM

I think you already have it on desktop



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-02 10:01:05
-----------------------------
10:01:05.697 OS Version: Windows x64 6.0.6002 Service Pack 2
10:01:05.697 Number of processors: 2 586 0xF0D
10:01:05.728 ComputerName: FISHWISH9-PC UserName:
10:01:14.448 Initialize success
10:02:35.709 AVAST engine defs: 12090200
10:02:45.287 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
10:02:45.287 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
10:02:45.303 Disk 0 MBR read successfully
10:02:45.303 Disk 0 MBR scan
10:02:45.303 Disk 0 unknown MBR code
10:02:45.318 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
10:02:45.334 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 296528 MB offset 31459328
10:02:45.350 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 298588 MB offset 638748684
10:02:45.381 Disk 0 scanning C:\Windows\system32\drivers
10:02:52.931 Service scanning
10:03:10.856 Modules scanning
10:03:10.856 Disk 0 trace - called modules:
10:03:10.871 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
10:03:10.871 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d14060]
10:03:10.887 3 CLASSPNP.SYS[fffffa600120cc33] -> nt!IofCallDriver -> [0xfffffa80040a77c0]
10:03:10.887 5 acpi.sys[fffffa60008f7fde] -> nt!IofCallDriver -> \Device\00000063[0xfffffa80040b0060]
10:03:13.086 AVAST engine scan C:\Windows
10:03:17.345 AVAST engine scan C:\Windows\system32
10:05:12.863 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
10:05:15.281 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
10:06:49.646 AVAST engine scan C:\Windows\system32\drivers
10:07:04.076 AVAST engine scan C:\Users\Administrator
10:24:17.923 AVAST engine scan C:\ProgramData
10:30:13.478 Scan finished successfully
10:31:24.053 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
10:31:24.068 The log file has been saved successfully to "C:\aswMBR.txt"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:36 PM

Posted 02 September 2012 - 09:43 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#9 Bancha

Bancha
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 02 September 2012 - 10:44 AM

I already scanned with Malwarebytes, and it shows nothing. I did it as you said again, and nothing. I know there is a problem though.

When I try to do the minitoolbox, it gives me some kind of error, and says it failed.

Nevertheless, here's the log:


MiniToolBox by Farbar Version: 23-07-2012
Ran by Administrator (administrator) on 02-09-2012 at 11:26:31
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce 10/100/1000 Mbps Ethernet = Local Area Connection (Connected)
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.

Windows IP Configuration

Host Name . . . . . . . . . . . . : fishwish9-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : westell.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : westell.com
Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet
Physical Address. . . . . . . . . : 00-21-97-4C-94-44
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9d58:868f:48d8:30b5%10(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.30(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, September 02, 2012 10:32:31 AM
Lease Expires . . . . . . . . . . : Monday, September 03, 2012 10:32:30 AM
Default Gateway . . . . . . . . . : 10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 218111632
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0C-BD-42-E4-00-21-97-4C-94-44
DNS Servers . . . . . . . . . . . : 76.5.159.133
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.westell.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


Pinging google.com [74.125.228.104] with 32 bytes of data:

Reply from 74.125.228.104: bytes=32 time=25ms TTL=54

Reply from 74.125.228.104: bytes=32 time=26ms TTL=54



Ping statistics for 74.125.228.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 25ms, Maximum = 26ms, Average = 25ms



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

Reply from 98.138.253.109: bytes=32 time=87ms TTL=50

Reply from 98.138.253.109: bytes=32 time=105ms TTL=50



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 87ms, Maximum = 105ms, Average = 96ms



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
10 ...00 21 97 4c 94 44 ...... NVIDIA nForce 10/100/1000 Mbps Ethernet
1 ........................... Software Loopback Interface 1
20 ...00 00 00 00 00 00 00 e0 isatap.westell.com
19 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.30 20
10.0.0.0 255.255.255.0 On-link 10.0.0.30 276
10.0.0.30 255.255.255.255 On-link 10.0.0.30 276
10.0.0.255 255.255.255.255 On-link 10.0.0.30 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.30 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.30 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::9d58:868f:48d8:30b5/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/02/2012 11:27:22 AM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000138, fault offset 0x0006f52f,
process id 0x22b8, application start time 0xnslookup.exe0.

Error: (09/02/2012 11:27:17 AM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000138, fault offset 0x0006f52f,
process id 0x152c, application start time 0xnslookup.exe0.

Error: (09/02/2012 11:27:08 AM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000138, fault offset 0x0006f52f,
process id 0x25b0, application start time 0xnslookup.exe0.

Error: (09/02/2012 10:33:59 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2012 09:59:44 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2012 09:58:39 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (09/02/2012 09:53:59 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2012 09:51:17 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2012 09:50:30 AM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (09/02/2012 09:45:07 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/02/2012 10:35:13 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070424

Error: (09/02/2012 10:34:01 AM) (Source: Service Control Manager) (User: )
Description: bdfndisf
Beep

Error: (09/02/2012 10:34:01 AM) (Source: Service Control Manager) (User: )
Description: Client Virtualization HandlerApplication Virtualization Client%%1068

Error: (09/02/2012 10:34:01 AM) (Source: Service Control Manager) (User: )
Description: Application Virtualization ClientSftfs%%31

Error: (09/02/2012 10:34:01 AM) (Source: Service Control Manager) (User: )
Description: Sftfs%%31

Error: (09/02/2012 10:34:01 AM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (09/02/2012 10:34:01 AM) (Source: Service Control Manager) (User: )
Description: npf%%1275

Error: (09/02/2012 10:34:01 AM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (09/02/2012 10:34:01 AM) (Source: Service Control Manager) (User: )
Description: Computer Browser%%1060

Error: (09/02/2012 10:33:14 AM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070424


Microsoft Office Sessions:
=========================
Error: (09/02/2012 11:27:22 AM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.185414ec3e39fc00001380006f52f22b801cd891f716c9756

Error: (09/02/2012 11:27:17 AM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.185414ec3e39fc00001380006f52f152c01cd891f6ef31b76

Error: (09/02/2012 11:27:08 AM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.185414ec3e39fc00001380006f52f25b001cd891f5f5388d6

Error: (09/02/2012 10:33:59 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2012 09:59:44 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2012 09:58:39 AM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (09/02/2012 09:53:59 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2012 09:51:17 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2012 09:50:30 AM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (09/02/2012 09:45:07 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

Agere Systems PCI-SV92EX Soft Modem
Akamai NetSession Interface
AOL Messaging Toolbar
Apple Mobile Device Support (Version: 4.0.0.97)
ATI AVIVO64 Codecs (Version: 11.1.0.50406)
ATI Catalyst Install Manager (Version: 3.0.769.0)
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2197)
ccc-utility64 (Version: 2010.0406.2133.36843)
CCleaner (Version: 3.07)
Google Chrome (Version: 21.0.1180.89)
iTunes (Version: 10.5.3.3)
LSI PCI-SV92EX Soft Modem (Version: 2.2.100)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
NVIDIA Drivers (Version: 1.10)
PE585QAEncoder-64 (Version: 6.00.1918)
PVSonyDll (Version: 1.00.0001)
TeamSpeak 3 Client (Version: 3.0.7)
Ventrilo Client for Windows x64 (Version: 3.0.7.0)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Language Selector (Version: 15.4.3555.0308)
WinRAR archiver
Yontoo Layers Runtime 1.10.01 (Version: 1.10.01)

========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 4094.32 MB
Available physical RAM: 2457.69 MB
Total Pagefile: 8395.89 MB
Available Pagefile: 6534.08 MB
Total Virtual: 4095.88 MB
Available Virtual: 3994.82 MB

========================= Partitions: =====================================

1 Drive c: (ACER) (Fixed) (Total:289.58 GB) (Free:112.93 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:291.59 GB) (Free:265.27 GB) NTFS
3 Drive e: () (Removable) (Total:3.73 GB) (Free:3.69 GB) FAT32
4 Drive f: (SINS) (CDROM) (Total:0.85 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\FISHWISH9-PC

Administrator ASPNET fishwish9
Guest


**** End of log ****


FSS:

Farbar Service Scanner Version: 06-08-2012
Ran by Administrator (administrator) on 02-09-2012 at 11:36:25
Running from "C:\Users\Administrator\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-09-23 18:25] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-16 16:21] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-09 19:34] - [2012-03-30 08:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A

C:\Windows\System32\dnsrslvr.dll
[2011-04-13 07:03] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-09-23 18:25] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-09-23 18:25] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-09-23 18:25] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-09-23 18:25] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-09-23 18:25] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-09-23 18:25] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-09-23 18:25] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-06-13 17:47] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-09-23 18:25] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****


# AdwCleaner v2.000 - Logfile created 09/02/2012 at 11:38:42
# Updated 30/08/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Administrator - FISHWISH9-PC
# Boot Mode : Normal
# Running from : C:\Users\Administrator\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Viewpoint Manager Service

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\Software Update Utility
Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\Program Files (x86)\ConduitEngine
Deleted on reboot : C:\Program Files (x86)\PageRage
Deleted on reboot : C:\Program Files (x86)\Viewpoint
Deleted on reboot : C:\Program Files (x86)\Winamp Toolbar
Deleted on reboot : C:\ProgramData\InstallMate
Deleted on reboot : C:\ProgramData\Tarma Installer
Deleted on reboot : C:\ProgramData\Viewpoint
Deleted on reboot : C:\ProgramData\WeCareReminder
Deleted on reboot : C:\Users\Administrator\AppData\Local\Conduit
Deleted on reboot : C:\Users\Administrator\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\Administrator\AppData\LocalLow\ConduitEngine
Deleted on reboot : C:\Users\Administrator\AppData\LocalLow\PageRage
Deleted on reboot : C:\Users\Administrator\AppData\LocalLow\PriceGong
Deleted on reboot : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\g5y4pun3.default\extensions\plugin@yontoo.com
Deleted on reboot : C:\Users\fishwish9\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\fishwish9\AppData\LocalLow\Viewpoint
File Deleted : C:\Program Files (x86)\Mozilla FireFox\Components\AskSearch.js
File Deleted : C:\Users\fishwish9\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PageRage
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PageRage Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9565115D-C7D6-46D3-BD63-B67B481A4368}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2086743
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2405280
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2418376
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072254
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{60A4228B-CFB0-4567-92C7-3350E7FB7802}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\PageRage
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60A4228B-CFB0-4567-92C7-3350E7FB7802}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9565115D-C7D6-46D3-BD63-B67B481A4368}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BAA0D96F-1205-4F9C-85FC-C122B6321D21}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E08B8660-A28E-4D89-BDEE-0B1AFED93F1B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{445D0F4E-451D-4C31-9BBC-8C9C518E26FA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7728B93E-5147-418F-A464-4F62D262E49E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB5AFAAF-F0D5-4024-B94C-DD023E62BF0A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9565115D-C7D6-46D3-BD63-B67B481A4368}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PageRage Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9565115D-C7D6-46D3-BD63-B67B481A4368}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9565115D-C7D6-46D3-BD63-B67B481A4368}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{9565115D-C7D6-46D3-BD63-B67B481A4368}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9565115D-C7D6-46D3-BD63-B67B481A4368}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6002.18005

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253 --> hxxp://www.google.com

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Users\fishwish9\AppData\Roaming\Mozilla\Firefox\Profiles\28cg0haz.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\g5y4pun3.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Users\fishwish9\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.28] : keyword = "toolbar.ask.com",
Deleted [l.31] : search_url = "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q={searchTerms}&crm=1",
Deleted [l.219] : homepage = "hxxp://search.conduit.com/?SearchSource=10&ctid=CT2086743",

File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [13105 octets] - [02/09/2012 11:38:42]

########## EOF - C:\AdwCleaner[S1].txt - [13166 octets] ##########

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:36 PM

Posted 02 September 2012 - 10:46 AM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Post the new FSS log

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#11 Bancha

Bancha
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 02 September 2012 - 11:02 AM

Farbar Service Scanner Version: 06-08-2012
Ran by Administrator (administrator) on 02-09-2012 at 11:56:37
Running from "C:\Users\Administrator\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-09-23 18:25] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-16 16:21] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-09 19:34] - [2012-03-30 08:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A

C:\Windows\System32\dnsrslvr.dll
[2011-04-13 07:03] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-09-23 18:25] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-09-23 18:25] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-09-23 18:25] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-09-23 18:25] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-09-23 18:25] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-09-23 18:25] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-09-23 18:25] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-06-13 17:47] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-09-23 18:25] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****




Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/02/2012 12:00:41 PM in x64 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\Users\Administrator\Downloads\FSS (2).exe (PID: 6068) [UP-HEUR]

1 proccess terminated!

Possibly Patched Files.

* C:\Windows\system32\services.exe

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.com "@" has been changed to ComFile!
* HKLM\Software\Classes\.com "@" was reset to comfile!


Performing miscellaneous checks.
* C:\Windows\assembly\GAC_32\Desktop.ini [ZA File]
* C:\Windows\assembly\GAC_64\Desktop.ini [ZA File]

Checking Windows Service Integrity:

* BITS [Missing Service]
* wuauserv [Missing Service]

* msiserver => %systemroot%\system32\msiexec.exe /V [Incorrect ImagePath]
* gpsvc => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* C:\Windows\System32\services.exe [NoSig]
+-> C:\Windows\ERDNT\cache64\services.exe : 384,512 : 04/11/2009 00:10 AM : 934e0b7d77ff78c18d9f8891221b6de3 [Pos Repl]
+-> C:\Windows\SysWOW64\services.exe : 279,552 : 04/11/2009 00:27 AM : d4e6d91c1349b7bfb3599a6ada56851b [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe : 384,512 : 01/20/2008 09:49 PM : dfac660f0f139276cc9299812de42719 [Pos Repl]
+-> C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe : 384,512 : 04/11/2009 09:10 AM : 934e0b7d77ff78c18d9f8891221b6de3 [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe : 279,040 : 01/20/2008 09:50 PM : 2b336ab6286d6c81fa02cbab914e3c6c [Pos Repl]
+-> C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe : 279,552 : 04/11/2009 09:27 AM : d4e6d91c1349b7bfb3599a6ada56851b [Pos Repl]

Program finished at: 09/02/2012 12:02:36 PM
Execution time: 0 hours(s), 1 minute(s), and 55 seconds(s)

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:36 PM

Posted 02 September 2012 - 11:06 AM

Download

wuauserv
BITS

Launch them,click YES

Click on startmenu and type

cmd

Right click on it and select run as administrator and run this command

sfc /scanfile=c:\windows\system32\services.exe

After scan completes

Restart the PC,post the new RKILL log

Edited by narenxp, 02 September 2012 - 11:29 AM.


#13 Bancha

Bancha
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 02 September 2012 - 11:20 AM

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 09/02/2012 12:13:29

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 22 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : (C:\Users\ADMINI~1\AppData\Local\Temp\xsaenwmroc.exe) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : pcftp ( "C:\Users\Administrator\AppData\Roaming\pcftp.dll",_Readline) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2055994319-331947924-863013329-500[...]\Run : (C:\Users\ADMINI~1\AppData\Local\Temp\xsaenwmroc.exe) -> FOUND
[Services][BLACKLIST] HKLM\[...]\ControlSet001\Services\int15 (\??\C:\Windows\SysWOW64\drivers\int15_64.sys) -> FOUND
[Services][BLACKLIST] HKLM\[...]\ControlSet002\Services\int15 (\??\C:\Windows\SysWOW64\drivers\int15_64.sys) -> FOUND
[STARTUP][SUSP PATH] Yuuguu.lnk @fishwish9 : C:\Users\fishwish9\AppData\Roaming\Yuuguu\jre\bin\javaw.exe -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{C163FDE0-3634-4EAC-8584-85130DD122FA} : NameServer (76.5.159.133) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{C163FDE0-3634-4EAC-8584-85130DD122FA} : NameServer (76.5.159.133) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[WALLP] HKCU\[...]\Desktop : Wallpaper (C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{42fad9e2-bc35-3f99-8341-c3c5342c90f8}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{42fad9e2-bc35-3f99-8341-c3c5342c90f8}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{42fad9e2-bc35-3f99-8341-c3c5342c90f8}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD64 00AAKS-22A7B SCSI Disk Device +++++
--- User ---
[MBR] fb300943d592ff4bca2817d11253e212
[BSP] 917928e5c3b1335ee7d94bdb498e24c3 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 296528 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 638748684 | Size: 298588 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: SanDisk Cruzer Switch USB Device +++++
--- User ---
[MBR] 659cd89007d3026cf8251ab66a999f1b
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 3818 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt






RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Remove -- Date : 09/02/2012 12:15:17

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 19 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : (C:\Users\ADMINI~1\AppData\Local\Temp\xsaenwmroc.exe) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : pcftp ( "C:\Users\Administrator\AppData\Roaming\pcftp.dll",_Readline) -> DELETED
[Services][BLACKLIST] HKLM\[...]\ControlSet001\Services\int15 (\??\C:\Windows\SysWOW64\drivers\int15_64.sys) -> DELETED
[Services][BLACKLIST] HKLM\[...]\ControlSet002\Services\int15 (\??\C:\Windows\SysWOW64\drivers\int15_64.sys) -> DELETED
[STARTUP][SUSP PATH] Yuuguu.lnk @fishwish9 : C:\Users\fishwish9\AppData\Roaming\Yuuguu\jre\bin\javaw.exe -> DELETED
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{C163FDE0-3634-4EAC-8584-85130DD122FA} : NameServer (76.5.159.133) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{C163FDE0-3634-4EAC-8584-85130DD122FA} : NameServer (76.5.159.133) -> NOT REMOVED, USE DNSFIX
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[WALLP] HKCU\[...]\Desktop : Wallpaper (C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg) -> REPLACED (C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{42fad9e2-bc35-3f99-8341-c3c5342c90f8}\@ --> REMOVED AT REBOOT
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{42fad9e2-bc35-3f99-8341-c3c5342c90f8}\U\00000004.@ --> REMOVED
[Del.Parent][FILE] 00000008.@ : C:\Windows\Installer\{42fad9e2-bc35-3f99-8341-c3c5342c90f8}\U\00000008.@ --> REMOVED
[Del.Parent][FILE] 000000cb.@ : C:\Windows\Installer\{42fad9e2-bc35-3f99-8341-c3c5342c90f8}\U\000000cb.@ --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\Windows\Installer\{42fad9e2-bc35-3f99-8341-c3c5342c90f8}\U\80000000.@ --> REMOVED
[Del.Parent][FILE] 80000032.@ : C:\Windows\Installer\{42fad9e2-bc35-3f99-8341-c3c5342c90f8}\U\80000032.@ --> REMOVED
[Del.Parent][FILE] 80000064.@ : C:\Windows\Installer\{42fad9e2-bc35-3f99-8341-c3c5342c90f8}\U\80000064.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{42fad9e2-bc35-3f99-8341-c3c5342c90f8}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{42fad9e2-bc35-3f99-8341-c3c5342c90f8}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{42fad9e2-bc35-3f99-8341-c3c5342c90f8}\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{42fad9e2-bc35-3f99-8341-c3c5342c90f8}\L --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> REMOVED AT REBOOT
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> REMOVED AT REBOOT
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> REPLACED AT REBOOT (C:\Windows\ERDNT\cache64\services.exe)

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD64 00AAKS-22A7B SCSI Disk Device +++++
--- User ---
[MBR] fb300943d592ff4bca2817d11253e212
[BSP] 917928e5c3b1335ee7d94bdb498e24c3 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 296528 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 638748684 | Size: 298588 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: SanDisk Cruzer Switch USB Device +++++
--- User ---
[MBR] 659cd89007d3026cf8251ab66a999f1b
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 3818 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Edited by Bancha, 02 September 2012 - 11:21 AM.


#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:36 PM

Posted 02 September 2012 - 11:23 AM

Run RKILL and post the new log

Edited by narenxp, 02 September 2012 - 11:30 AM.


#15 Bancha

Bancha
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 02 September 2012 - 11:25 AM

Remove the rogue killer log posted before

Run RKILL and post the new log


What do you mean remove the first log?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users