Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.Trace and Backdoor.Agent


  • Please log in to reply
9 replies to this topic

#1 Invalio

Invalio

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 17 September 2012 - 06:45 AM

Hi everyone,

I did a full scan with MalwareBytes which picked up three things:

HKCU\SOFTWARE\CYBER (Backdoor.Trace)
HKCU\Software\Cyber|FirstExecution (Backdoor.Trace)
C:\Users\Shay\AppData\Roaming\Microsoft\Windows Update.exe (Backdoor.Agent)

All were quarantined and deleted successfully. I did a quick scan to follow up and I appear to be clean. However, browsing other topics on this forum led me to believe that this problem is not so easily gotten rid of. I'd appreciate some advice on what I should do, and if a nuke/pave is neccessary.

Thanks,

Invalio

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:37 PM

Posted 17 September 2012 - 07:23 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Invalio

Invalio
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 17 September 2012 - 02:43 PM

Hi narenxp, thanks for taking the time to help me out :).

I did as you requested. In the meantime, I ran a full scan with MBAM which picked up nothing, which is nice.

Anyway, here are the logs you asked for. Use Ctrl + F and search for [LOG] to scroll to each one.

[LOG] TDSSkiller

19:22:42.0408 4088 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:22:50.0101 4088 ============================================================
19:22:50.0101 4088 Current date / time: 2012/09/17 19:22:50.0101
19:22:50.0101 4088 SystemInfo:
19:22:50.0101 4088
19:22:50.0101 4088 OS Version: 6.1.7601 ServicePack: 1.0
19:22:50.0101 4088 Product type: Workstation
19:22:50.0101 4088 ComputerName: SHAY-HP
19:22:50.0102 4088 UserName: Shay
19:22:50.0102 4088 Windows directory: C:\Windows
19:22:50.0102 4088 System windows directory: C:\Windows
19:22:50.0102 4088 Running under WOW64
19:22:50.0102 4088 Processor architecture: Intel x64
19:22:50.0102 4088 Number of processors: 4
19:22:50.0102 4088 Page size: 0x1000
19:22:50.0102 4088 Boot type: Normal boot
19:22:50.0102 4088 ============================================================
19:22:51.0158 4088 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:22:51.0230 4088 ============================================================
19:22:51.0230 4088 \Device\Harddisk0\DR0:
19:22:51.0236 4088 MBR partitions:
19:22:51.0236 4088 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
19:22:51.0236 4088 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48D14000
19:22:51.0236 4088 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x48D78000, BlocksNum 0x1AAC000
19:22:51.0236 4088 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
19:22:51.0236 4088 ============================================================
19:22:51.0269 4088 C: <-> \Device\Harddisk0\DR0\Partition2
19:22:51.0317 4088 D: <-> \Device\Harddisk0\DR0\Partition3
19:22:51.0318 4088 ============================================================
19:22:51.0318 4088 Initialize success
19:22:51.0318 4088 ============================================================
19:23:14.0797 4784 ============================================================
19:23:14.0797 4784 Scan started
19:23:14.0797 4784 Mode: Manual; TDLFS;
19:23:14.0797 4784 ============================================================
19:23:15.0100 4784 ================ Scan system memory ========================
19:23:15.0100 4784 System memory - ok
19:23:15.0101 4784 ================ Scan services =============================
19:23:15.0218 4784 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
19:23:15.0222 4784 !SASCORE - ok
19:23:15.0444 4784 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:23:15.0450 4784 1394ohci - ok
19:23:15.0501 4784 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:23:15.0509 4784 ACPI - ok
19:23:15.0558 4784 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:23:15.0560 4784 AcpiPmi - ok
19:23:15.0658 4784 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:23:15.0661 4784 AdobeARMservice - ok
19:23:15.0790 4784 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:23:15.0796 4784 AdobeFlashPlayerUpdateSvc - ok
19:23:15.0858 4784 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:23:15.0869 4784 adp94xx - ok
19:23:15.0895 4784 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:23:15.0903 4784 adpahci - ok
19:23:15.0916 4784 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:23:15.0922 4784 adpu320 - ok
19:23:15.0960 4784 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:23:15.0962 4784 AeLookupSvc - ok
19:23:16.0064 4784 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:23:16.0075 4784 AFD - ok
19:23:16.0138 4784 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:23:16.0141 4784 agp440 - ok
19:23:16.0178 4784 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:23:16.0181 4784 ALG - ok
19:23:16.0201 4784 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:23:16.0204 4784 aliide - ok
19:23:16.0245 4784 [ 850F0C8034225FA3F50D551A905FA503 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:23:16.0250 4784 AMD External Events Utility - ok
19:23:16.0307 4784 AMD FUEL Service - ok
19:23:16.0346 4784 [ DD27F6C3DE9BFE50635C721E09EDC5DD ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
19:23:16.0351 4784 AMD Reservation Manager - ok
19:23:16.0384 4784 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:23:16.0386 4784 amdide - ok
19:23:16.0441 4784 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
19:23:16.0443 4784 amdiox64 - ok
19:23:16.0481 4784 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:23:16.0484 4784 AmdK8 - ok
19:23:16.0777 4784 [ 7979BF4A66EFDADF3D00A052409609B1 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:23:17.0024 4784 amdkmdag - ok
19:23:17.0078 4784 [ 7D5CDB0161E91951D3DD99E55CEA4D01 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:23:17.0084 4784 amdkmdap - ok
19:23:17.0115 4784 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:23:17.0117 4784 AmdPPM - ok
19:23:17.0165 4784 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:23:17.0170 4784 amdsata - ok
19:23:17.0195 4784 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:23:17.0200 4784 amdsbs - ok
19:23:17.0224 4784 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:23:17.0225 4784 amdxata - ok
19:23:17.0277 4784 [ 6363014D5E4CCD280FB4902EC3C2CCFE ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
19:23:17.0279 4784 amd_sata - ok
19:23:17.0290 4784 [ 51A5AED2A4CCEDA6ADDCF3194C9B29EB ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
19:23:17.0291 4784 amd_xata - ok
19:23:17.0308 4784 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:23:17.0312 4784 AppID - ok
19:23:17.0337 4784 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:23:17.0339 4784 AppIDSvc - ok
19:23:17.0363 4784 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:23:17.0365 4784 Appinfo - ok
19:23:17.0450 4784 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:23:17.0454 4784 Apple Mobile Device - ok
19:23:17.0560 4784 [ 12D7F9A13F1E9D527F5A1F12DE8B0EDD ] AR5416 C:\Windows\system32\DRIVERS\athwx.sys
19:23:17.0677 4784 AR5416 - ok
19:23:17.0713 4784 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
19:23:17.0715 4784 arc - ok
19:23:17.0726 4784 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:23:17.0728 4784 arcsas - ok
19:23:17.0753 4784 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:23:17.0754 4784 AsyncMac - ok
19:23:17.0786 4784 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:23:17.0788 4784 atapi - ok
19:23:17.0830 4784 [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
19:23:17.0831 4784 AthBTPort - ok
19:23:17.0905 4784 [ 4C4A576818EA028257C624AE36FF7A03 ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
19:23:17.0909 4784 Atheros Bt&Wlan Coex Agent - ok
19:23:17.0923 4784 [ 1A3F71AADE163866001C91BF9FB6F299 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
19:23:17.0926 4784 AtherosSvc - ok
19:23:18.0128 4784 [ B4421D8CDADC441F76BA39532A3E3414 ] athr C:\Windows\system32\DRIVERS\athrx.sys
19:23:18.0253 4784 athr - ok
19:23:18.0315 4784 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
19:23:18.0318 4784 AtiHdmiService - ok
19:23:18.0353 4784 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys
19:23:18.0354 4784 AtiPcie - ok
19:23:18.0419 4784 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:23:18.0498 4784 AudioEndpointBuilder - ok
19:23:18.0575 4784 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:23:18.0585 4784 AudioSrv - ok
19:23:18.0640 4784 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:23:18.0644 4784 AxInstSV - ok
19:23:18.0702 4784 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:23:18.0713 4784 b06bdrv - ok
19:23:18.0746 4784 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:23:18.0753 4784 b57nd60a - ok
19:23:18.0897 4784 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
19:23:18.0989 4784 BCM43XX - ok
19:23:19.0019 4784 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:23:19.0022 4784 BDESVC - ok
19:23:19.0060 4784 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:23:19.0062 4784 Beep - ok
19:23:19.0122 4784 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:23:19.0201 4784 BFE - ok
19:23:19.0256 4784 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:23:19.0336 4784 BITS - ok
19:23:19.0374 4784 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:23:19.0376 4784 blbdrive - ok
19:23:19.0454 4784 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:23:19.0463 4784 Bonjour Service - ok
19:23:19.0502 4784 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:23:19.0505 4784 bowser - ok
19:23:19.0549 4784 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:23:19.0552 4784 BrFiltLo - ok
19:23:19.0564 4784 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:23:19.0567 4784 BrFiltUp - ok
19:23:19.0608 4784 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:23:19.0612 4784 Browser - ok
19:23:19.0624 4784 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:23:19.0631 4784 Brserid - ok
19:23:19.0640 4784 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:23:19.0643 4784 BrSerWdm - ok
19:23:19.0650 4784 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:23:19.0652 4784 BrUsbMdm - ok
19:23:19.0659 4784 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:23:19.0661 4784 BrUsbSer - ok
19:23:19.0702 4784 [ FE70889A85C57A9268101B2DB0474509 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
19:23:19.0706 4784 BTATH_A2DP - ok
19:23:19.0754 4784 [ A83A91D07D1FE6BBE7A9DB46CA00434B ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
19:23:19.0755 4784 BTATH_BUS - ok
19:23:19.0837 4784 [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
19:23:19.0841 4784 BTATH_HCRP - ok
19:23:19.0862 4784 [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
19:23:19.0863 4784 BTATH_LWFLT - ok
19:23:19.0882 4784 [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
19:23:19.0885 4784 BTATH_RCP - ok
19:23:19.0974 4784 [ DCE0798FD5BB4E452227EC58700956F5 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
19:23:19.0978 4784 BtFilter - ok
19:23:20.0025 4784 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:23:20.0027 4784 BthEnum - ok
19:23:20.0050 4784 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:23:20.0053 4784 BTHMODEM - ok
19:23:20.0097 4784 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:23:20.0100 4784 BthPan - ok
19:23:20.0182 4784 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:23:20.0261 4784 BTHPORT - ok
19:23:20.0293 4784 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:23:20.0297 4784 bthserv - ok
19:23:20.0336 4784 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
19:23:20.0338 4784 BTHUSB - ok
19:23:20.0364 4784 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:23:20.0368 4784 cdfs - ok
19:23:20.0436 4784 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:23:20.0440 4784 cdrom - ok
19:23:20.0491 4784 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:23:20.0494 4784 CertPropSvc - ok
19:23:20.0533 4784 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
19:23:20.0535 4784 circlass - ok
19:23:20.0618 4784 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:23:20.0626 4784 CLFS - ok
19:23:20.0698 4784 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:23:20.0701 4784 clr_optimization_v2.0.50727_32 - ok
19:23:20.0746 4784 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:23:20.0749 4784 clr_optimization_v2.0.50727_64 - ok
19:23:20.0799 4784 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
19:23:20.0800 4784 clwvd - ok
19:23:20.0836 4784 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
19:23:20.0838 4784 CmBatt - ok
19:23:20.0859 4784 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:23:20.0861 4784 cmdide - ok
19:23:20.0903 4784 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:23:20.0913 4784 CNG - ok
19:23:20.0940 4784 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:23:20.0942 4784 Compbatt - ok
19:23:20.0981 4784 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:23:20.0984 4784 CompositeBus - ok
19:23:21.0004 4784 COMSysApp - ok
19:23:21.0071 4784 [ 3CA734CE373E5675FBC15CA2C45228E5 ] cpudrv64 C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
19:23:21.0119 4784 cpudrv64 - ok
19:23:21.0149 4784 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:23:21.0151 4784 crcdisk - ok
19:23:21.0206 4784 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:23:21.0211 4784 CryptSvc - ok
19:23:21.0324 4784 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:23:21.0404 4784 cvhsvc - ok
19:23:21.0464 4784 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:23:21.0477 4784 DcomLaunch - ok
19:23:21.0516 4784 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:23:21.0524 4784 defragsvc - ok
19:23:21.0560 4784 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:23:21.0564 4784 DfsC - ok
19:23:21.0607 4784 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:23:21.0615 4784 Dhcp - ok
19:23:21.0652 4784 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:23:21.0654 4784 discache - ok
19:23:21.0678 4784 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
19:23:21.0681 4784 Disk - ok
19:23:21.0728 4784 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:23:21.0733 4784 Dnscache - ok
19:23:21.0778 4784 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:23:21.0785 4784 dot3svc - ok
19:23:21.0858 4784 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:23:21.0863 4784 DPS - ok
19:23:21.0908 4784 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:23:21.0910 4784 drmkaud - ok
19:23:22.0008 4784 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:23:22.0022 4784 DXGKrnl - ok
19:23:22.0074 4784 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:23:22.0078 4784 EapHost - ok
19:23:22.0231 4784 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:23:22.0339 4784 ebdrv - ok
19:23:22.0377 4784 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:23:22.0379 4784 EFS - ok
19:23:22.0462 4784 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:23:22.0541 4784 ehRecvr - ok
19:23:22.0550 4784 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:23:22.0554 4784 ehSched - ok
19:23:22.0602 4784 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:23:22.0680 4784 elxstor - ok
19:23:22.0690 4784 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:23:22.0693 4784 ErrDev - ok
19:23:22.0762 4784 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:23:22.0771 4784 EventSystem - ok
19:23:22.0842 4784 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:23:22.0847 4784 exfat - ok
19:23:22.0880 4784 ezSharedSvc - ok
19:23:22.0916 4784 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:23:22.0921 4784 fastfat - ok
19:23:22.0985 4784 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:23:23.0076 4784 Fax - ok
19:23:23.0104 4784 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
19:23:23.0107 4784 fdc - ok
19:23:23.0152 4784 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:23:23.0154 4784 fdPHost - ok
19:23:23.0164 4784 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:23:23.0167 4784 FDResPub - ok
19:23:23.0215 4784 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:23:23.0218 4784 FileInfo - ok
19:23:23.0239 4784 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:23:23.0241 4784 Filetrace - ok
19:23:23.0262 4784 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:23:23.0265 4784 flpydisk - ok
19:23:23.0279 4784 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:23:23.0286 4784 FltMgr - ok
19:23:23.0358 4784 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:23:23.0449 4784 FontCache - ok
19:23:23.0511 4784 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:23:23.0514 4784 FontCache3.0.0.0 - ok
19:23:23.0544 4784 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:23:23.0547 4784 FsDepends - ok
19:23:23.0587 4784 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:23:23.0588 4784 Fs_Rec - ok
19:23:23.0678 4784 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:23:23.0683 4784 fvevol - ok
19:23:23.0717 4784 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:23:23.0728 4784 gagp30kx - ok
19:23:23.0763 4784 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:23:23.0765 4784 GEARAspiWDM - ok
19:23:23.0814 4784 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:23:23.0893 4784 gpsvc - ok
19:23:23.0926 4784 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:23:23.0928 4784 hcw85cir - ok
19:23:23.0960 4784 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:23:23.0968 4784 HdAudAddService - ok
19:23:24.0003 4784 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:23:24.0006 4784 HDAudBus - ok
19:23:24.0016 4784 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:23:24.0019 4784 HidBatt - ok
19:23:24.0045 4784 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:23:24.0048 4784 HidBth - ok
19:23:24.0082 4784 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:23:24.0085 4784 HidIr - ok
19:23:24.0123 4784 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:23:24.0127 4784 hidserv - ok
19:23:24.0154 4784 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:23:24.0157 4784 HidUsb - ok
19:23:24.0182 4784 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:23:24.0187 4784 hkmsvc - ok
19:23:24.0262 4784 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:23:24.0269 4784 HomeGroupListener - ok
19:23:24.0305 4784 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:23:24.0312 4784 HomeGroupProvider - ok
19:23:24.0408 4784 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
19:23:24.0410 4784 HP Support Assistant Service - ok
19:23:24.0492 4784 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
19:23:24.0499 4784 HPClientSvc - ok
19:23:24.0619 4784 [ E07F8E78D08D9269E3365C2A4F637191 ] hpCMSrv C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
19:23:24.0711 4784 hpCMSrv - ok
19:23:24.0818 4784 [ E7C7829BA0395E48F8C8FE16B8832344 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
19:23:24.0909 4784 hpqwmiex - ok
19:23:24.0937 4784 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:23:24.0941 4784 HpSAMD - ok
19:23:25.0006 4784 [ 2BEC76BDCD1BC080210325E7B5094834 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
19:23:25.0007 4784 HPWMISVC - ok
19:23:25.0085 4784 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:23:25.0165 4784 HTTP - ok
19:23:25.0179 4784 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:23:25.0181 4784 hwpolicy - ok
19:23:25.0217 4784 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:23:25.0220 4784 i8042prt - ok
19:23:25.0316 4784 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:23:25.0325 4784 iaStorV - ok
19:23:25.0475 4784 [ D72BF0AE484F88399E8343E821C10D6A ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
19:23:25.0569 4784 IconMan_R - ok
19:23:25.0643 4784 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:23:25.0734 4784 idsvc - ok
19:23:25.0778 4784 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:23:25.0781 4784 iirsp - ok
19:23:25.0842 4784 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:23:25.0933 4784 IKEEXT - ok
19:23:25.0949 4784 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:23:25.0952 4784 intelide - ok
19:23:25.0990 4784 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
19:23:25.0993 4784 intelppm - ok
19:23:26.0028 4784 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:23:26.0031 4784 IPBusEnum - ok
19:23:26.0058 4784 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:23:26.0060 4784 IpFilterDriver - ok
19:23:26.0151 4784 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:23:26.0231 4784 iphlpsvc - ok
19:23:26.0258 4784 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:23:26.0262 4784 IPMIDRV - ok
19:23:26.0304 4784 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:23:26.0308 4784 IPNAT - ok
19:23:26.0375 4784 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:23:26.0466 4784 iPod Service - ok
19:23:26.0494 4784 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:23:26.0496 4784 IRENUM - ok
19:23:26.0516 4784 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:23:26.0518 4784 isapnp - ok
19:23:26.0549 4784 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:23:26.0556 4784 iScsiPrt - ok
19:23:26.0589 4784 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:23:26.0591 4784 kbdclass - ok
19:23:26.0610 4784 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:23:26.0612 4784 kbdhid - ok
19:23:26.0632 4784 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:23:26.0635 4784 KeyIso - ok
19:23:26.0678 4784 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:23:26.0680 4784 KSecDD - ok
19:23:26.0753 4784 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:23:26.0757 4784 KSecPkg - ok
19:23:26.0805 4784 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:23:26.0806 4784 ksthunk - ok
19:23:26.0857 4784 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:23:26.0868 4784 KtmRm - ok
19:23:26.0919 4784 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:23:26.0927 4784 LanmanServer - ok
19:23:26.0963 4784 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:23:26.0970 4784 LanmanWorkstation - ok
19:23:27.0010 4784 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:23:27.0013 4784 lltdio - ok
19:23:27.0050 4784 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:23:27.0058 4784 lltdsvc - ok
19:23:27.0127 4784 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:23:27.0130 4784 lmhosts - ok
19:23:27.0177 4784 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:23:27.0181 4784 LSI_FC - ok
19:23:27.0207 4784 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:23:27.0211 4784 LSI_SAS - ok
19:23:27.0222 4784 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:23:27.0225 4784 LSI_SAS2 - ok
19:23:27.0238 4784 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:23:27.0242 4784 LSI_SCSI - ok
19:23:27.0265 4784 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:23:27.0268 4784 luafv - ok
19:23:27.0316 4784 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:23:27.0321 4784 Mcx2Svc - ok
19:23:27.0329 4784 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
19:23:27.0332 4784 megasas - ok
19:23:27.0403 4784 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:23:27.0422 4784 MegaSR - ok
19:23:27.0447 4784 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:23:27.0451 4784 MMCSS - ok
19:23:27.0473 4784 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:23:27.0476 4784 Modem - ok
19:23:27.0510 4784 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:23:27.0511 4784 monitor - ok
19:23:27.0539 4784 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:23:27.0541 4784 mouclass - ok
19:23:27.0568 4784 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:23:27.0571 4784 mouhid - ok
19:23:27.0599 4784 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:23:27.0602 4784 mountmgr - ok
19:23:27.0651 4784 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:23:27.0655 4784 MpFilter - ok
19:23:27.0667 4784 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:23:27.0671 4784 mpio - ok
19:23:27.0683 4784 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:23:27.0686 4784 mpsdrv - ok
19:23:27.0746 4784 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:23:27.0825 4784 MpsSvc - ok
19:23:27.0897 4784 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:23:27.0901 4784 MRxDAV - ok
19:23:27.0940 4784 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:23:27.0944 4784 mrxsmb - ok
19:23:28.0027 4784 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:23:28.0034 4784 mrxsmb10 - ok
19:23:28.0061 4784 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:23:28.0065 4784 mrxsmb20 - ok
19:23:28.0100 4784 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:23:28.0102 4784 msahci - ok
19:23:28.0178 4784 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:23:28.0183 4784 msdsm - ok
19:23:28.0252 4784 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:23:28.0258 4784 MSDTC - ok
19:23:28.0292 4784 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:23:28.0294 4784 Msfs - ok
19:23:28.0313 4784 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:23:28.0315 4784 mshidkmdf - ok
19:23:28.0330 4784 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:23:28.0331 4784 msisadrv - ok
19:23:28.0364 4784 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:23:28.0370 4784 MSiSCSI - ok
19:23:28.0377 4784 msiserver - ok
19:23:28.0432 4784 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:23:28.0434 4784 MSKSSRV - ok
19:23:28.0479 4784 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:23:28.0480 4784 MsMpSvc - ok
19:23:28.0490 4784 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:23:28.0492 4784 MSPCLOCK - ok
19:23:28.0502 4784 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:23:28.0505 4784 MSPQM - ok
19:23:28.0563 4784 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:23:28.0571 4784 MsRPC - ok
19:23:28.0596 4784 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:23:28.0597 4784 mssmbios - ok
19:23:28.0621 4784 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:23:28.0623 4784 MSTEE - ok
19:23:28.0651 4784 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:23:28.0653 4784 MTConfig - ok
19:23:28.0676 4784 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:23:28.0678 4784 Mup - ok
19:23:28.0721 4784 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:23:28.0734 4784 napagent - ok
19:23:28.0772 4784 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:23:28.0777 4784 NativeWifiP - ok
19:23:28.0845 4784 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:23:28.0924 4784 NDIS - ok
19:23:28.0963 4784 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:23:28.0966 4784 NdisCap - ok
19:23:29.0006 4784 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:23:29.0008 4784 NdisTapi - ok
19:23:29.0026 4784 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:23:29.0029 4784 Ndisuio - ok
19:23:29.0041 4784 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:23:29.0046 4784 NdisWan - ok
19:23:29.0055 4784 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:23:29.0058 4784 NDProxy - ok
19:23:29.0090 4784 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:23:29.0092 4784 NetBIOS - ok
19:23:29.0122 4784 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:23:29.0128 4784 NetBT - ok
19:23:29.0156 4784 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:23:29.0158 4784 Netlogon - ok
19:23:29.0220 4784 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:23:29.0230 4784 Netman - ok
19:23:29.0289 4784 [ 3E5A36127E201DDF663176B66828FAFE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:23:29.0293 4784 NetMsmqActivator - ok
19:23:29.0303 4784 [ 3E5A36127E201DDF663176B66828FAFE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:23:29.0305 4784 NetPipeActivator - ok
19:23:29.0382 4784 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:23:29.0393 4784 netprofm - ok
19:23:29.0403 4784 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:23:29.0404 4784 NetTcpActivator - ok
19:23:29.0416 4784 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:23:29.0417 4784 NetTcpPortSharing - ok
19:23:29.0473 4784 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:23:29.0476 4784 nfrd960 - ok
19:23:29.0485 4784 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:23:29.0489 4784 NisDrv - ok
19:23:29.0518 4784 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
19:23:29.0525 4784 NisSrv - ok
19:23:29.0583 4784 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:23:29.0592 4784 NlaSvc - ok
19:23:29.0617 4784 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:23:29.0620 4784 Npfs - ok
19:23:29.0636 4784 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:23:29.0640 4784 nsi - ok
19:23:29.0673 4784 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:23:29.0675 4784 nsiproxy - ok
19:23:29.0758 4784 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:23:29.0850 4784 Ntfs - ok
19:23:29.0883 4784 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:23:29.0885 4784 Null - ok
19:23:29.0971 4784 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
19:23:29.0980 4784 NVENETFD - ok
19:23:30.0017 4784 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:23:30.0023 4784 nvraid - ok
19:23:30.0035 4784 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:23:30.0040 4784 nvstor - ok
19:23:30.0063 4784 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:23:30.0068 4784 nv_agp - ok
19:23:30.0079 4784 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:23:30.0082 4784 ohci1394 - ok
19:23:30.0124 4784 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:23:30.0129 4784 ose - ok
19:23:30.0352 4784 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:23:30.0562 4784 osppsvc - ok
19:23:30.0608 4784 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:23:30.0618 4784 p2pimsvc - ok
19:23:30.0692 4784 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:23:30.0704 4784 p2psvc - ok
19:23:30.0742 4784 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
19:23:30.0745 4784 Parport - ok
19:23:30.0789 4784 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:23:30.0791 4784 partmgr - ok
19:23:30.0836 4784 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:23:30.0843 4784 PcaSvc - ok
19:23:30.0910 4784 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:23:30.0915 4784 pci - ok
19:23:30.0925 4784 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:23:30.0927 4784 pciide - ok
19:23:30.0993 4784 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:23:30.0999 4784 pcmcia - ok
19:23:31.0009 4784 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:23:31.0011 4784 pcw - ok
19:23:31.0054 4784 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:23:31.0080 4784 PEAUTH - ok
19:23:31.0179 4784 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:23:31.0183 4784 PerfHost - ok
19:23:31.0263 4784 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:23:31.0355 4784 pla - ok
19:23:31.0424 4784 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:23:31.0435 4784 PlugPlay - ok
19:23:31.0455 4784 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:23:31.0458 4784 PNRPAutoReg - ok
19:23:31.0471 4784 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:23:31.0476 4784 PNRPsvc - ok
19:23:31.0522 4784 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
19:23:31.0524 4784 Point64 - ok
19:23:31.0559 4784 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:23:31.0567 4784 PolicyAgent - ok
19:23:31.0606 4784 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:23:31.0611 4784 Power - ok
19:23:31.0658 4784 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:23:31.0661 4784 PptpMiniport - ok
19:23:31.0681 4784 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
19:23:31.0684 4784 Processor - ok
19:23:31.0717 4784 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:23:31.0724 4784 ProfSvc - ok
19:23:31.0745 4784 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:23:31.0747 4784 ProtectedStorage - ok
19:23:31.0783 4784 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:23:31.0788 4784 Psched - ok
19:23:31.0893 4784 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:23:31.0985 4784 ql2300 - ok
19:23:32.0011 4784 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:23:32.0015 4784 ql40xx - ok
19:23:32.0043 4784 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:23:32.0051 4784 QWAVE - ok
19:23:32.0062 4784 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:23:32.0065 4784 QWAVEdrv - ok
19:23:32.0080 4784 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:23:32.0081 4784 RasAcd - ok
19:23:32.0129 4784 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:23:32.0132 4784 RasAgileVpn - ok
19:23:32.0143 4784 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:23:32.0149 4784 RasAuto - ok
19:23:32.0178 4784 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:23:32.0182 4784 Rasl2tp - ok
19:23:32.0237 4784 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:23:32.0246 4784 RasMan - ok
19:23:32.0258 4784 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:23:32.0261 4784 RasPppoe - ok
19:23:32.0272 4784 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:23:32.0275 4784 RasSstp - ok
19:23:32.0320 4784 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:23:32.0327 4784 rdbss - ok
19:23:32.0348 4784 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
19:23:32.0351 4784 rdpbus - ok
19:23:32.0391 4784 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:23:32.0392 4784 RDPCDD - ok
19:23:32.0408 4784 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:23:32.0409 4784 RDPENCDD - ok
19:23:32.0426 4784 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:23:32.0428 4784 RDPREFMP - ok
19:23:32.0458 4784 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:23:32.0464 4784 RDPWD - ok
19:23:32.0499 4784 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:23:32.0504 4784 rdyboost - ok
19:23:32.0541 4784 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:23:32.0546 4784 RemoteAccess - ok
19:23:32.0585 4784 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:23:32.0592 4784 RemoteRegistry - ok
19:23:32.0620 4784 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:23:32.0625 4784 RFCOMM - ok
19:23:32.0650 4784 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:23:32.0655 4784 RpcEptMapper - ok
19:23:32.0690 4784 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:23:32.0694 4784 RpcLocator - ok
19:23:32.0787 4784 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:23:32.0798 4784 RpcSs - ok
19:23:32.0863 4784 [ 1F5E7AF59B390261A85F5BEDB1BB88B3 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
19:23:32.0869 4784 RSPCIESTOR - ok
19:23:32.0909 4784 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:23:32.0912 4784 rspndr - ok
19:23:32.0974 4784 [ EA5532868BA76923D75BCB2A1448D810 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:23:32.0982 4784 RTL8167 - ok
19:23:33.0000 4784 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:23:33.0002 4784 SamSs - ok
19:23:33.0072 4784 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:23:33.0073 4784 SASDIFSV - ok
19:23:33.0081 4784 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:23:33.0082 4784 SASKUTIL - ok
19:23:33.0111 4784 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:23:33.0114 4784 sbp2port - ok
19:23:33.0138 4784 SBRE - ok
19:23:33.0174 4784 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:23:33.0181 4784 SCardSvr - ok
19:23:33.0198 4784 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:23:33.0201 4784 scfilter - ok
19:23:33.0304 4784 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:23:33.0397 4784 Schedule - ok
19:23:33.0436 4784 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:23:33.0439 4784 SCPolicySvc - ok
19:23:33.0491 4784 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
19:23:33.0495 4784 sdbus - ok
19:23:33.0526 4784 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:23:33.0533 4784 SDRSVC - ok
19:23:33.0564 4784 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:23:33.0566 4784 secdrv - ok
19:23:33.0594 4784 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:23:33.0598 4784 seclogon - ok
19:23:33.0632 4784 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:23:33.0637 4784 SENS - ok
19:23:33.0674 4784 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:23:33.0679 4784 SensrSvc - ok
19:23:33.0724 4784 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
19:23:33.0727 4784 Serenum - ok
19:23:33.0749 4784 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
19:23:33.0753 4784 Serial - ok
19:23:33.0763 4784 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:23:33.0766 4784 sermouse - ok
19:23:33.0817 4784 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:23:33.0823 4784 SessionEnv - ok
19:23:33.0830 4784 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:23:33.0833 4784 sffdisk - ok
19:23:33.0840 4784 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:23:33.0843 4784 sffp_mmc - ok
19:23:33.0849 4784 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:23:33.0851 4784 sffp_sd - ok
19:23:33.0858 4784 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:23:33.0861 4784 sfloppy - ok
19:23:33.0926 4784 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
19:23:33.0938 4784 Sftfs - ok
19:23:34.0009 4784 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:23:34.0019 4784 sftlist - ok
19:23:34.0078 4784 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:23:34.0083 4784 Sftplay - ok
19:23:34.0099 4784 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:23:34.0100 4784 Sftredir - ok
19:23:34.0122 4784 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
19:23:34.0124 4784 Sftvol - ok
19:23:34.0199 4784 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:23:34.0205 4784 sftvsa - ok
19:23:34.0243 4784 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:23:34.0252 4784 SharedAccess - ok
19:23:34.0304 4784 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:23:34.0314 4784 ShellHWDetection - ok
19:23:34.0341 4784 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:23:34.0344 4784 SiSRaid2 - ok
19:23:34.0366 4784 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:23:34.0370 4784 SiSRaid4 - ok
19:23:34.0406 4784 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:23:34.0410 4784 Smb - ok
19:23:34.0459 4784 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:23:34.0463 4784 SNMPTRAP - ok
19:23:34.0482 4784 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:23:34.0484 4784 spldr - ok
19:23:34.0528 4784 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:23:34.0607 4784 Spooler - ok
19:23:34.0749 4784 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:23:34.0876 4784 sppsvc - ok
19:23:34.0902 4784 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:23:34.0905 4784 sppuinotify - ok
19:23:34.0954 4784 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:23:34.0964 4784 srv - ok
19:23:34.0983 4784 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:23:34.0989 4784 srv2 - ok
19:23:35.0034 4784 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:23:35.0039 4784 SrvHsfHDA - ok
19:23:35.0121 4784 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:23:35.0213 4784 SrvHsfV92 - ok
19:23:35.0282 4784 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:23:35.0361 4784 SrvHsfWinac - ok
19:23:35.0410 4784 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:23:35.0415 4784 srvnet - ok
19:23:35.0467 4784 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:23:35.0474 4784 SSDPSRV - ok
19:23:35.0494 4784 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:23:35.0499 4784 SstpSvc - ok
19:23:35.0595 4784 [ A6B2EC3A2B6AD7C3F7B2F3495CADE4C0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
19:23:35.0603 4784 STacSV - ok
19:23:35.0632 4784 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:23:35.0635 4784 stexstor - ok
19:23:35.0733 4784 [ EBA98394A7D58F7552C52192BD8FA7E6 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
19:23:35.0812 4784 STHDA - ok
19:23:35.0874 4784 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:23:35.0953 4784 stisvc - ok
19:23:35.0987 4784 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:23:35.0988 4784 swenum - ok
19:23:36.0043 4784 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:23:36.0057 4784 swprv - ok
19:23:36.0107 4784 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:23:36.0114 4784 SynTP - ok
19:23:36.0216 4784 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:23:36.0308 4784 SysMain - ok
19:23:36.0356 4784 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:23:36.0363 4784 TabletInputService - ok
19:23:36.0412 4784 [ B70DF208E97536CA9F29289E609F5B16 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
19:23:36.0416 4784 taphss - ok
19:23:36.0495 4784 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:23:36.0504 4784 TapiSrv - ok
19:23:36.0530 4784 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:23:36.0535 4784 TBS - ok
19:23:36.0632 4784 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:23:36.0724 4784 Tcpip - ok
19:23:36.0796 4784 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:23:36.0818 4784 TCPIP6 - ok
19:23:36.0860 4784 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:23:36.0862 4784 tcpipreg - ok
19:23:36.0888 4784 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:23:36.0890 4784 TDPIPE - ok
19:23:36.0912 4784 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:23:36.0915 4784 TDTCP - ok
19:23:36.0925 4784 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:23:36.0928 4784 tdx - ok
19:23:36.0938 4784 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:23:36.0940 4784 TermDD - ok
19:23:36.0983 4784 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:23:37.0018 4784 TermService - ok
19:23:37.0038 4784 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:23:37.0043 4784 Themes - ok
19:23:37.0069 4784 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:23:37.0072 4784 THREADORDER - ok
19:23:37.0098 4784 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:23:37.0104 4784 TrkWks - ok
19:23:37.0169 4784 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:23:37.0174 4784 TrustedInstaller - ok
19:23:37.0205 4784 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:23:37.0208 4784 tssecsrv - ok
19:23:37.0233 4784 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:23:37.0237 4784 TsUsbFlt - ok
19:23:37.0254 4784 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:23:37.0257 4784 TsUsbGD - ok
19:23:37.0287 4784 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:23:37.0291 4784 tunnel - ok
19:23:37.0301 4784 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:23:37.0305 4784 uagp35 - ok
19:23:37.0375 4784 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:23:37.0383 4784 udfs - ok
19:23:37.0427 4784 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:23:37.0432 4784 UI0Detect - ok
19:23:37.0452 4784 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:23:37.0456 4784 uliagpkx - ok
19:23:37.0473 4784 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:23:37.0476 4784 umbus - ok
19:23:37.0499 4784 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
19:23:37.0501 4784 UmPass - ok
19:23:37.0580 4784 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:23:37.0590 4784 upnphost - ok
19:23:37.0629 4784 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:23:37.0632 4784 USBAAPL64 - ok
19:23:37.0660 4784 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:23:37.0664 4784 usbccgp - ok
19:23:37.0688 4784 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:23:37.0701 4784 usbcir - ok
19:23:37.0726 4784 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:23:37.0729 4784 usbehci - ok
19:23:37.0790 4784 [ 76E2FFAD301490BA27B947C6507752FB ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
19:23:37.0792 4784 usbfilter - ok
19:23:37.0837 4784 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:23:37.0845 4784 usbhub - ok
19:23:37.0856 4784 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:23:37.0858 4784 usbohci - ok
19:23:37.0876 4784 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
19:23:37.0888 4784 usbprint - ok
19:23:37.0898 4784 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:23:37.0901 4784 USBSTOR - ok
19:23:37.0911 4784 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:23:37.0913 4784 usbuhci - ok
19:23:37.0945 4784 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:23:37.0949 4784 usbvideo - ok
19:23:37.0989 4784 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:23:37.0994 4784 UxSms - ok
19:23:38.0011 4784 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:23:38.0014 4784 VaultSvc - ok
19:23:38.0022 4784 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:23:38.0023 4784 vdrvroot - ok
19:23:38.0109 4784 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:23:38.0186 4784 vds - ok
19:23:38.0225 4784 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:23:38.0228 4784 vga - ok
19:23:38.0247 4784 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:23:38.0250 4784 VgaSave - ok
19:23:38.0263 4784 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:23:38.0269 4784 vhdmp - ok
19:23:38.0280 4784 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:23:38.0282 4784 viaide - ok
19:23:38.0294 4784 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:23:38.0295 4784 volmgr - ok
19:23:38.0306 4784 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:23:38.0311 4784 volmgrx - ok
19:23:38.0321 4784 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:23:38.0325 4784 volsnap - ok
19:23:38.0351 4784 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:23:38.0354 4784 vsmraid - ok
19:23:38.0425 4784 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:23:38.0517 4784 VSS - ok
19:23:38.0556 4784 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:23:38.0558 4784 vwifibus - ok
19:23:38.0582 4784 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:23:38.0585 4784 vwififlt - ok
19:23:38.0603 4784 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:23:38.0613 4784 W32Time - ok
19:23:38.0638 4784 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:23:38.0640 4784 WacomPen - ok
19:23:38.0655 4784 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:23:38.0657 4784 WANARP - ok
19:23:38.0671 4784 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:23:38.0672 4784 Wanarpv6 - ok
19:23:38.0760 4784 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:23:38.0852 4784 WatAdminSvc - ok
19:23:38.0921 4784 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:23:39.0013 4784 wbengine - ok
19:23:39.0037 4784 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:23:39.0042 4784 WbioSrvc - ok
19:23:39.0120 4784 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:23:39.0132 4784 wcncsvc - ok
19:23:39.0163 4784 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:23:39.0169 4784 WcsPlugInService - ok
19:23:39.0194 4784 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
19:23:39.0197 4784 Wd - ok
19:23:39.0286 4784 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:23:39.0365 4784 Wdf01000 - ok
19:23:39.0382 4784 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:23:39.0388 4784 WdiServiceHost - ok
19:23:39.0396 4784 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:23:39.0399 4784 WdiSystemHost - ok
19:23:39.0433 4784 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:23:39.0439 4784 WebClient - ok
19:23:39.0516 4784 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:23:39.0525 4784 Wecsvc - ok
19:23:39.0553 4784 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:23:39.0559 4784 wercplsupport - ok
19:23:39.0582 4784 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:23:39.0589 4784 WerSvc - ok
19:23:39.0632 4784 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:23:39.0634 4784 WfpLwf - ok
19:23:39.0651 4784 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:23:39.0654 4784 WIMMount - ok
19:23:39.0671 4784 WinDefend - ok
19:23:39.0680 4784 WinHttpAutoProxySvc - ok
19:23:39.0744 4784 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:23:39.0749 4784 Winmgmt - ok
19:23:39.0797 4784 WinRing0_1_2_0 - ok
19:23:39.0887 4784 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:23:39.0991 4784 WinRM - ok
19:23:40.0076 4784 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:23:40.0167 4784 Wlansvc - ok
19:23:40.0235 4784 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:23:40.0238 4784 wlcrasvc - ok
19:23:40.0392 4784 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:23:40.0496 4784 wlidsvc - ok
19:23:40.0538 4784 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:23:40.0539 4784 WmiAcpi - ok
19:23:40.0589 4784 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:23:40.0595 4784 wmiApSrv - ok
19:23:40.0635 4784 WMPNetworkSvc - ok
19:23:40.0662 4784 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:23:40.0667 4784 WPCSvc - ok
19:23:40.0685 4784 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:23:40.0692 4784 WPDBusEnum - ok
19:23:40.0717 4784 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:23:40.0720 4784 ws2ifsl - ok
19:23:40.0747 4784 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:23:40.0753 4784 wscsvc - ok
19:23:40.0760 4784 WSearch - ok
19:23:40.0864 4784 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:23:40.0972 4784 wuauserv - ok
19:23:41.0003 4784 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:23:41.0005 4784 WudfPf - ok
19:23:41.0040 4784 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:23:41.0045 4784 WUDFRd - ok
19:23:41.0076 4784 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:23:41.0082 4784 wudfsvc - ok
19:23:41.0166 4784 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:23:41.0175 4784 WwanSvc - ok
19:23:41.0204 4784 ================ Scan global ===============================
19:23:41.0237 4784 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:23:41.0275 4784 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:23:41.0293 4784 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:23:41.0326 4784 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:23:41.0369 4784 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:23:41.0380 4784 [Global] - ok
19:23:41.0381 4784 ================ Scan MBR ==================================
19:23:41.0394 4784 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:23:42.0516 4784 \Device\Harddisk0\DR0 - ok
19:23:42.0517 4784 ================ Scan VBR ==================================
19:23:42.0527 4784 [ 6A4CCBC8BB34AB871E6D1CA2DDBB8C0C ] \Device\Harddisk0\DR0\Partition1
19:23:42.0531 4784 \Device\Harddisk0\DR0\Partition1 - ok
19:23:42.0546 4784 [ 31180FF8BA1E93F8910C3946AF36B00D ] \Device\Harddisk0\DR0\Partition2
19:23:42.0549 4784 \Device\Harddisk0\DR0\Partition2 - ok
19:23:42.0582 4784 [ 882F1E5187683582FE207705ABFFEE3D ] \Device\Harddisk0\DR0\Partition3
19:23:42.0586 4784 \Device\Harddisk0\DR0\Partition3 - ok
19:23:42.0605 4784 [ BD5E6A659239502773EDECEF33634DFB ] \Device\Harddisk0\DR0\Partition4
19:23:42.0607 4784 \Device\Harddisk0\DR0\Partition4 - ok
19:23:42.0607 4784 ============================================================
19:23:42.0607 4784 Scan finished
19:23:42.0607 4784 ============================================================
19:23:42.0625 3636 Detected object count: 0
19:23:42.0625 3636 Actual detected object count: 0
19:23:51.0085 2324 Deinitialize success

[LOG] aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-17 19:24:17
-----------------------------
19:24:17.925 OS Version: Windows x64 6.1.7601 Service Pack 1
19:24:17.925 Number of processors: 4 586 0x503
19:24:17.927 ComputerName: SHAY-HP UserName: Shay
19:24:20.733 Initialize success
19:28:38.067 AVAST engine defs: 12091400
19:29:10.313 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062
19:29:10.319 Disk 0 Vendor: TOSHIBA_ GS00 Size: 610480MB BusType: 11
19:29:10.415 Disk 0 MBR read successfully
19:29:10.422 Disk 0 MBR scan
19:29:10.435 Disk 0 Windows 7 default MBR code
19:29:10.448 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
19:29:10.522 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 596520 MB offset 409600
19:29:10.614 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13656 MB offset 1222082560
19:29:10.680 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048
19:29:10.914 Disk 0 scanning C:\Windows\system32\drivers
19:29:32.904 Service scanning
19:30:36.747 Modules scanning
19:30:36.757 Disk 0 trace - called modules:
19:30:37.131 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
19:30:37.143 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004413060]
19:30:37.155 3 CLASSPNP.SYS[fffff8800198343f] -> nt!IofCallDriver -> [0xfffffa80042e4ac0]
19:30:37.167 5 amd_xata.sys[fffff880010df900] -> nt!IofCallDriver -> \Device\00000062[0xfffffa80042de9c0]
19:30:40.273 AVAST engine scan C:\Windows
19:30:47.386 AVAST engine scan C:\Windows\system32
19:36:58.927 AVAST engine scan C:\Windows\system32\drivers
19:37:31.480 AVAST engine scan C:\Users\Shay
19:41:39.336 AVAST engine scan C:\ProgramData
19:43:00.010 Scan finished successfully
19:53:35.399 Disk 0 MBR has been saved successfully to "C:\Users\Shay\Documents\MBR.dat"
19:53:35.495 The log file has been saved successfully to "C:\Users\Shay\Documents\aswMBR.txt"

[LOG] ESET online scanner

-- There was no LIST of found threats to click, but I found this log file in C:\Program Files (x86)\ESET\ESET Online Scanner:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cf5966e9e751a14cb456b27d9ae7f53f
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-17 07:35:37
# local_time=2012-09-17 08:35:37 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 57586976 100371637 0 0
# compatibility_mode=8192 67108863 100 0 191 191 0 0
# scanned=202507
# found=0
# cleaned=0
# scan_time=3949

Once again, thanks for your support.

Invalio

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:37 PM

Posted 17 September 2012 - 10:53 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.



Download

adware cleaner

Launch it click on Delete

post the generated log

#5 Invalio

Invalio
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 18 September 2012 - 02:46 PM

Hi narenxp

Thanks for your continued help. Again, Ctrl + F and search for each different [LOG].

[LOG] MalwareBytes Anti-Malware


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.18.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Shay :: SHAY-HP [administrator]

18/09/2012 19:46:44
mbam-log-2012-09-18 (19-46-44).txt

Scan type: Full scan (C:\|D:\|E:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 390715
Time elapsed: 47 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[LOG] Mini Toolbox


MiniToolBox by Farbar Version: 23-07-2012
Ran by Shay (administrator) on 18-09-2012 at 20:18:45
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Qualcomm Atheros AR9285 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="Local Area Connection" address=192.168.137.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Shay-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Peer-Peer
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Home

Ethernet adapter Bluetooth Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #2
Physical Address. . . . . . . . . : D0-DF-9A-0E-DD-64
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Qualcomm Atheros AR9285 802.11b/g/n WiFi Adapter
Physical Address. . . . . . . . . : D0-DF-9A-0E-6D-D4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::bdd5:d34f:ae83:37b2%15(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 18 September 2012 19:36:14
Lease Expires . . . . . . . . . . : 19 September 2012 20:17:40
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 382787482
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-4E-D6-28-2C-27-D7-E8-77-13
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 2C-27-D7-E8-77-13
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{2AD2C89E-D1F9-4FAA-8BCA-0E947E0FBA6E}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.Home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{1A6FB5ED-485E-4030-A89D-3DF774E5F942}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:863:2ba9:3f57:fffa(Preferred)
Link-local IPv6 Address . . . . . : fe80::863:2ba9:3f57:fffa%18(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: MyRouter.Home
Address: 192.168.0.1

Name: google.com
Addresses: 2a00:1450:4009:802::1009
173.194.34.65
173.194.34.66
173.194.34.67
173.194.34.68
173.194.34.69
173.194.34.70
173.194.34.71
173.194.34.72
173.194.34.73
173.194.34.78
173.194.34.64


Pinging google.com [173.194.34.65] with 32 bytes of data:
Reply from 173.194.34.65: bytes=32 time=345ms TTL=57
Reply from 173.194.34.65: bytes=32 time=356ms TTL=57

Ping statistics for 173.194.34.65:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 345ms, Maximum = 356ms, Average = 350ms
Server: MyRouter.Home
Address: 192.168.0.1

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=1038ms TTL=54
Reply from 72.30.38.140: bytes=32 time=947ms TTL=54

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 947ms, Maximum = 1038ms, Average = 992ms
Server: MyRouter.Home
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
17...d0 df 9a 0e dd 64 ......Bluetooth Device (Personal Area Network) #2
15...d0 df 9a 0e 6d d4 ......Qualcomm Atheros AR9285 802.11b/g/n WiFi Adapter
13...2c 27 d7 e8 77 13 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.5 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.5 281
192.168.0.5 255.255.255.255 On-link 192.168.0.5 281
192.168.0.255 255.255.255.255 On-link 192.168.0.5 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.5 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.5 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
18 58 ::/0 On-link
1 306 ::1/128 On-link
18 58 2001::/32 On-link
18 306 2001:0:5ef5:79fb:863:2ba9:3f57:fffa/128
On-link
15 281 fe80::/64 On-link
18 306 fe80::/64 On-link
18 306 fe80::863:2ba9:3f57:fffa/128
On-link
15 281 fe80::bdd5:d34f:ae83:37b2/128
On-link
1 306 ff00::/8 On-link
18 306 ff00::/8 On-link
15 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 10 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 10 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/18/2012 07:37:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/18/2012 07:36:08 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/18/2012 07:36:08 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/18/2012 07:36:08 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/18/2012 07:36:08 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (09/18/2012 07:36:06 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/18/2012 07:36:06 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (09/18/2012 07:36:06 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/18/2012 07:36:06 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/18/2012 07:36:06 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))


System errors:
=============
Error: (09/18/2012 07:46:52 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.135.1368.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/18/2012 07:46:52 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.135.1368.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/18/2012 07:36:16 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (09/18/2012 07:36:16 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (09/18/2012 07:36:14 PM) (Source: ipnathlp) (User: )
Description: 0

Error: (09/18/2012 07:36:09 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (09/18/2012 07:36:09 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (09/18/2012 07:36:09 PM) (Source: DCOM) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (09/18/2012 07:36:08 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/18/2012 07:36:08 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.


Microsoft Office Sessions:
=========================
Error: (09/18/2012 07:37:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/18/2012 07:36:08 PM) (Source: Windows Search Service)(User: )
Description: Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/18/2012 07:36:08 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/18/2012 07:36:08 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (09/18/2012 07:36:08 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (09/18/2012 07:36:06 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (09/18/2012 07:36:06 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (09/18/2012 07:36:06 PM) (Source: Windows Search Service)(User: )
Description: Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (09/18/2012 07:36:06 PM) (Source: Windows Search Service)(User: )
Description: Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (09/18/2012 07:36:06 PM) (Source: Windows Search Service)(User: )
Description: Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))


=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
Adobe Reader X (10.1.4) MUI (Version: 10.1.4)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
AMD Fuel (Version: 2011.0228.1151.21177)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Atheros Driver Installation Program (Version: 9.2)
ATI Catalyst Install Manager (Version: 3.0.812.0)
Audacity 2.0
Bluetooth Win7 Suite (64) (Version: 7.2.0.60)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.0228.1151.21177)
Catalyst Control Center InstallProxy (Version: 2011.0228.1151.21177)
Catalyst Control Center Localization All (Version: 2011.0228.1151.21177)
ccc-core-static (Version: 2011.0228.1151.21177)
ccc-utility64 (Version: 2011.0228.1151.21177)
CCC Help Chinese Standard (Version: 2011.0228.1150.21177)
CCC Help Chinese Traditional (Version: 2011.0228.1150.21177)
CCC Help Czech (Version: 2011.0228.1150.21177)
CCC Help Danish (Version: 2011.0228.1150.21177)
CCC Help Dutch (Version: 2011.0228.1150.21177)
CCC Help English (Version: 2011.0228.1150.21177)
CCC Help Finnish (Version: 2011.0228.1150.21177)
CCC Help French (Version: 2011.0228.1150.21177)
CCC Help German (Version: 2011.0228.1150.21177)
CCC Help Greek (Version: 2011.0228.1150.21177)
CCC Help Hungarian (Version: 2011.0228.1150.21177)
CCC Help Italian (Version: 2011.0228.1150.21177)
CCC Help Japanese (Version: 2011.0228.1150.21177)
CCC Help Korean (Version: 2011.0228.1150.21177)
CCC Help Norwegian (Version: 2011.0228.1150.21177)
CCC Help Polish (Version: 2011.0228.1150.21177)
CCC Help Portuguese (Version: 2011.0228.1150.21177)
CCC Help Russian (Version: 2011.0228.1150.21177)
CCC Help Spanish (Version: 2011.0228.1150.21177)
CCC Help Swedish (Version: 2011.0228.1150.21177)
CCC Help Thai (Version: 2011.0228.1150.21177)
CCC Help Turkish (Version: 2011.0228.1150.21177)
CCleaner (Version: 3.22)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
CodeBlocks (Version: 10.05)
CyberLink YouCam (Version: 3.5.1.3922)
D3DX10 (Version: 15.4.2368.0902)
Defraggler (Version: 2.10)
Energy Star Digital Logo (Version: 1.0.1)
ESET Online Scanner v3
ESU for Microsoft Windows 7 (Version: 1.0.0)
GIMP 2.8.0 (Version: 2.8.0)
Google Chrome (Version: 21.0.1180.89)
GraphicsGale FreeEdition version 1.93.19
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
HP Auto (Version: 1.0.12494.3472)
HP Client Services (Version: 1.1.12938.3539)
HP Connection Manager (Version: 4.1.25.1)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.2.0.0)
HP On Screen Display (Version: 1.3.5)
HP Power Manager (Version: 1.4.7)
HP Quick Launch (Version: 2.7.2)
HP Setup (Version: 8.6.4530.3651)
HP Setup Manager (Version: 1.1.13253.3682)
HP Software Framework (Version: 4.5.10.1)
HP Support Assistant (Version: 6.1.12.1)
IDT Audio (Version: 1.0.6341.0)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 24 (64-bit) (Version: 6.0.240)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 15.4.3502.0922)
LAME v3.99.3 (for Windows)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft ASP.NET Web Pages 2 (Version: 2.0.20505.0)
Microsoft ASP.NET Web Pages 2 Runtime (Version: 2.0.20505.0)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.5131.5000)
Microsoft Report Viewer Redistributable 2008 (KB971119) (Version: 9.0.30731)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (Version: 10.0.40219)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
MiKTeX 2.9 (Version: 2.9)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MyDefrag v4.3.1 (Version: 4.0.0.0)
OfficeAdRemover
Realtek Ethernet Controller Driver (Version: 7.40.126.2011)
Realtek PCIE Card Reader (Version: 6.1.7601.83)
Recovery Manager (Version: 2.0.0)
RPG MAKER VX Ace RTP (Version: 1.00)
SUPERAntiSpyware (Version: 5.5.1012)
Synaptics Pointing Device Driver (Version: 15.3.29.0)
System Requirements Lab for Intel (Version: 4.5.5.0)
TexMakerX 2.1 (Version: 2.1)
VoiceOver Kit (Version: 1.42.128.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.20 beta 2 (64-bit) (Version: 4.20.2)
WMV9/VC-1 Video Playback (Version: 1.00.0000)
World of Warcraft (Version: 4.3.4.15595)

========================= Memory info: ===================================

Percentage of memory in use: 53%
Total physical RAM: 3834.9 MB
Available physical RAM: 1777.87 MB
Total Pagefile: 7668 MB
Available Pagefile: 5524.69 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.45 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:582.54 GB) (Free:519.47 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:13.34 GB) (Free:1.5 GB) NTFS

========================= Users: ========================================

User accounts for \\SHAY-HP

Administrator Guest Shay


**** End of log ****

[LOG] FSS

Farbar Service Scanner Version: 06-08-2012
Ran by Shay (administrator) on 18-09-2012 at 20:22:10
Running from "C:\Users\Shay\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-09-12 01:06] - [2012-08-22 19:12] - 1913200 ____A (Microsoft Corporation) F782CAD3CEDBB3F9FFE3BF2775D92DDC

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

[LOG] Adware Cleaner


# AdwCleaner v2.002 - Logfile created 09/18/2012 at 20:36:13
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Shay - SHAY-HP
# Boot Mode : Normal
# Running from : C:\Users\Shay\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Shay\AppData\Local\Conduit
Folder Deleted : C:\Users\Shay\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Shay\AppData\LocalLow\PriceGong

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Users\Shay\AppData\Roaming\Mozilla\Firefox\Profiles\n5b9jpsb.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Shay\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [2212 octets] - [18/09/2012 20:36:13]

########## EOF - C:\AdwCleaner[S2].txt - [2272 octets] ##########

Thanks very much for your help.

Invalio

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:37 PM

Posted 18 September 2012 - 03:02 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#7 Invalio

Invalio
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 18 September 2012 - 03:34 PM

[LOG] RKill

Rkill 2.3.15 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/18/2012 09:29:27 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\Shay\Desktop\metapad.exe (PID: 2744) [UP-HEUR]
* C:\Users\Shay\Desktop\metapad.exe (PID: 384) [UP-HEUR]
* C:\Users\Shay\Desktop\metapad.exe (PID: 732) [UP-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Shay\Desktop\rkill\rkill-09-18-2012-09-29-34.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.exe\shell found and deleted!


Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/18/2012 09:30:05 PM
Execution time: 0 hours(s), 0 minute(s), and 37 seconds(s)

[LOG] Autoruns


"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "OfficeAdRemover.lnk" "" "" "c:\program files (x86)\officeadremover\officeadremover.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Atheros" "Bluetooth Application Extension" "Atheros Commnucations" "c:\program files (x86)\bluetooth suite\btvappext.dll"
+ "DefragglerShellExtension" "DefragglerShell" "Piriform Ltd" "c:\program files\defraggler\defragglershell64.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR32" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "FTShellContext" "ShellContextExt Module" "Atheros Commnucations" "c:\program files (x86)\bluetooth suite\shellcontextext.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "Ath_CopyHook" "AthCopyHook Dynamic Link Library" "Atheros Commnucations" "c:\program files (x86)\bluetooth suite\athcopyhook.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "DefragglerShellExtension" "DefragglerShell" "Piriform Ltd" "c:\program files\defraggler\defragglershell64.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR32" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR32" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "CIESpeechBHO Class" "Bluetooth IE PlugIn" "Atheros Commnucations" "c:\program files (x86)\bluetooth suite\ieplugin.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
+ "Send by Bluetooth to" "Bluetooth IE PlugIn" "Atheros Commnucations" "c:\program files (x86)\bluetooth suite\ieplugin.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\CCleanerSkipUAC" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-3645049411-2455804104-2460851655-1001Core" "Google Installer" "Google Inc." "c:\users\shay\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-3645049411-2455804104-2460851655-1001UA" "Google Installer" "Google Inc." "c:\users\shay\appdata\local\google\update\googleupdate.exe"
+ "\HPCeeScheduleForShay" "HP Ceement" "Hewlett-Packard" "c:\program files (x86)\hewlett-packard\hp ceement\hpcee.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\Microsoft_Hardware_Launch_IPoint_exe" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft intellipoint\ipoint.exe"
+ "\MirageAgent" "YouCam Mirage" "CyberLink" "c:\program files (x86)\cyberlink\youcam\ycmmirage.exe"
+ "\MyDefrag v4.3.1 Daily" "" "" "c:\program files\mydefrag v4.3.1\scripts\automaticdaily.myd"
+ "\MyDefrag v4.3.1 Monthly" "" "" "c:\program files\mydefrag v4.3.1\scripts\automaticmonthly.myd"
+ "\{ABFAB3A8-C10A-42A2-87B5-A4EE91B6483C}" "Google Chrome" "Google Inc." "c:\users\shay\appdata\local\google\chrome\application\chrome.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore64.exe"
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "AMD FUEL Service" "Provides FUEL Functionality" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe"
+ "AMD Reservation Manager" "Blocks the resources for the applications at the software level." "Advanced Micro Devices" "c:\program files\ati technologies\ati.ace\reservation manager\amd reservation manager.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Atheros Bt&Wlan Coex Agent" "Co-existence Coordinator Service between 11a/b/g/n Wireless LAN and Bluetooth." "Atheros" "c:\program files (x86)\bluetooth suite\ath_coexagent.exe"
+ "AtherosSvc" "Atheros BT Stack Service Agent" "Atheros Commnucations" "c:\program files (x86)\bluetooth suite\adminservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "cvhsvc" "Client Virtualization Handler Service (unlocalized description)" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe"
+ "ezSharedSvc" "Provides licensing, security and parental control services for EasyBits applications. If this service is stopped or disabled, these applications will not function properly." "EasyBits Software AS" "c:\windows\syswow64\ezsharedsvchost.exe"
+ "HP Support Assistant Service" "HP Support Assistant Service" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe"
+ "HPClientSvc" "HP Client Services" "Hewlett-Packard Company" "c:\program files\hewlett-packard\hp client services\hpclientservices.exe"
+ "hpCMSrv" "Manages all HP embedded network connectivities." "Hewlett-Packard Development Company L.P." "c:\program files (x86)\hewlett-packard\hp connection manager\hpcmsrv.exe"
+ "hpqwmiex" "HP Software Framework WMI Service" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe"
+ "HPWMISVC" "HP Quick Launch WMI Service" "Hewlett-Packard Development Company, L.P." "c:\program files (x86)\hewlett-packard\hp quick launch\hpwmisvc.exe"
+ "IconMan_R" "Realtek Card Reader Icon Tool." "Realsil Microelectronics Inc." "c:\program files (x86)\realtek\realtek pcie card reader\riconman.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "sftlist" "Streams and manages applications." "Microsoft Corporation" "c:\program files (x86)\microsoft application virtualization client\sftlist.exe"
+ "sftvsa" "Monitors global service events and launches virtual services." "Microsoft Corporation" "c:\program files (x86)\microsoft application virtualization client\sftvsa.exe"
+ "STacSV" "Manages audio jack configurations." "IDT, Inc." "c:\program files\idt\wdm\stacsv64.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amd_sata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amd_sata.sys"
+ "amd_xata" "Stor Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amd_xata.sys"
+ "amdiox64" "AMD IO Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdiox64.sys"
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "AR5416" "Driver for Atheros Wireless Network Adapter" "Atheros Communications, Inc." "c:\windows\system32\drivers\athwx.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "AthBTPort" "Atheros FILTER driver" "Atheros" "c:\windows\system32\drivers\btath_flt.sys"
+ "athr" "Qualcomm Atheros Extensible Wireless LAN device driver" "Qualcomm Atheros Communications, Inc." "c:\windows\system32\drivers\athrx.sys"
+ "AtiHdmiService" "ATI High Definition Audio Function Driver" "ATI Technologies, Inc." "c:\windows\system32\drivers\atihdmi.sys"
+ "AtiPcie" "AMD PCIE Filter Driver for ATI PCIE chipset" "Advanced Micro Devices Inc." "c:\windows\system32\drivers\atipcie64.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl664.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "BTATH_A2DP" "Atheros A2DP driver" "Atheros" "c:\windows\system32\drivers\btath_a2dp.sys"
+ "BTATH_BUS" "Atheros BUS driver" "Atheros" "c:\windows\system32\drivers\btath_bus.sys"
+ "BTATH_HCRP" "Atheros HCRP driver" "Atheros" "c:\windows\system32\drivers\btath_hcrp.sys"
+ "BTATH_LWFLT" "Atheros FILTER driver" "Atheros" "c:\windows\system32\drivers\btath_lwflt.sys"
+ "BTATH_RCP" "Atheros AVRCP driver" "Atheros" "c:\windows\system32\drivers\btath_rcp.sys"
+ "BtFilter" "BtFilter Driver" "Atheros" "c:\windows\system32\drivers\btfilter.sys"
+ "clwvd" "CyberLink WebCam Virtual Driver" "CyberLink Corporation" "c:\windows\system32\drivers\clwvd.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "cpudrv64" "" "" "c:\program files (x86)\systemrequirementslab\cpudrv64.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "NVENETFD" "NVIDIA MCP Networking Function Driver." "NVIDIA Corporation" "c:\windows\system32\drivers\nvm62x64.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RSPCIESTOR" "Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtspstor.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt64win7.sys"
+ "SASDIFSV" "SASDIFSV64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv64.sys"
+ "SASKUTIL" "SASKUTIL64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil64.sys"
+ "SBRE" "" "" "File not found: C:\Windows\system32\drivers\SBREdrv.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "SrvHsfHDA" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstazl6.sys"
+ "SrvHsfV92" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstdpv6.sys"
+ "SrvHsfWinac" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstcnxt6.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "STHDA" "IDT PC Audio TPE" "IDT, Inc." "c:\windows\system32\drivers\stwrt64.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "taphss" "TAP-Win32 Virtual Network Driver" "AnchorFree Inc" "c:\windows\system32\drivers\taphss.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "usbfilter" "AMD USB Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\usbfilter.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "WinRing0_1_2_0" "" "" "File not found: C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "ATI Ticker" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "MMACE Deinterlace" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"


Thanks again :)

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:37 PM

Posted 18 September 2012 - 03:54 PM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#9 Invalio

Invalio
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 18 September 2012 - 04:56 PM

Hi narenxp

I just wanted to say thank you very much for all your help :).

Take care!

Invalio

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:37 PM

Posted 18 September 2012 - 05:19 PM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users