Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chrome Redirect Virus


  • This topic is locked This topic is locked
35 replies to this topic

#1 JayBone

JayBone

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southbridge, VA
  • Local time:12:29 PM

Posted 23 September 2012 - 10:35 PM

Greetings!

Google Redirect Virus has infected my pc too. I tried, for two weeks straight, EVERYTHING to get rid of this mess but i've been unsuccessful. Can someone please help me. Seems like majority mouse clicks are being redirected to Scour. thanks!

BC AdBot (Login to Remove)

 


#2 JayBone

JayBone
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southbridge, VA
  • Local time:12:29 PM

Posted 23 September 2012 - 10:43 PM

Also, I'm using Windows 7 Home Premium

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 PM

Posted 24 September 2012 - 01:15 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 JayBone

JayBone
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southbridge, VA
  • Local time:12:29 PM

Posted 24 September 2012 - 01:01 PM

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java™ 6 Update 29
Java 7 Update 6
Java version out of Date!
Adobe Reader X 10.1.3 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

#5 JayBone

JayBone
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southbridge, VA
  • Local time:12:29 PM

Posted 24 September 2012 - 01:05 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.6.2
Run by Gateway at 14:03:34 on 2012-09-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4060.2425 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gateway\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbengine.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx4800&r=273605101200p0337y1j5k49115230/
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=zx4800&r=273605101200p0337y1j5k49115230
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [PhotoGadgetFirstRun_Portal] 0 (0x0)
uRun: [PhotoGadgetFirstRun] 0 (0x0)
uRun: [MusicGadget] "C:\Program" Files (x86)\Gateway\Gateway Touch Suite\TouchMusic.exe"
uRun: [PhotoGadget] "C:\Program" Files (x86)\Gateway\Gateway Touch Suite\TouchPhotoShow.exe"
uRun: [TouchMemo] "C:\Program" Files (x86)\Gateway\Gateway Touch Suite\TouchMemo.exe"
uRun: [Facebook Update] "C:\Users\Gateway\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Google Update] "C:\Users\Gateway\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Gateway\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab
DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - hxxp://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab
DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab
DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9F0FE654-B558-468B-9757-43FCC4BAB3B1} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9F0FE654-B558-468B-9757-43FCC4BAB3B1}\C696E6B6379737 : DhcpNameServer = 71.252.0.12 68.237.161.12
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun-x64: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-11-27 240160]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-13 116648]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-13 116648]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-24 06:52:53 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CC093CBC-D4B2-4731-8AEB-8DA87A566FB6}\offreg.dll
2012-09-24 06:52:15 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CC093CBC-D4B2-4731-8AEB-8DA87A566FB6}\mpengine.dll
2012-09-23 11:30:33 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-20 16:46:28 -------- d-----w- C:\Users\Gateway\AppData\Local\{FB09F362-C3CF-4171-98B6-EF9C4A030494}
2012-09-13 20:03:04 -------- d-----w- C:\Users\Gateway\AppData\Local\{8519239F-8018-4B5D-8CED-4C7E1E411C73}
2012-09-12 15:09:39 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 15:09:39 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 15:09:37 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 15:09:37 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 15:09:35 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-12 15:09:34 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 15:09:31 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-10 17:32:37 -------- d-----w- C:\Users\Gateway\AppData\Local\{13D064B0-65E3-4B25-99E0-9E271E4C42CE}
2012-09-03 20:33:53 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{193133ED-129C-4100-B229-7AF9243B2B1B}\gapaengine.dll
2012-09-03 20:31:42 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-09-03 20:31:38 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-09-03 19:08:10 -------- d-----w- C:\Program Files\HitmanPro
2012-09-03 19:06:16 -------- d-----w- C:\ProgramData\HitmanPro
2012-09-03 18:41:44 -------- d-----w- C:\Program Files\Enigma Software Group
2012-09-03 18:40:48 -------- d-----w- C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-09-03 18:40:46 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-08-31 16:24:57 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-31 06:41:26 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F8FCEADF-8529-4E2A-84A6-C6DB6C479F77}\mpengine.dll
2012-08-30 14:21:26 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-30 01:29:19 -------- d-----w- C:\Users\Gateway\AppData\Roaming\EurekaLog
2012-08-29 23:10:37 -------- d-----w- C:\Users\Gateway\AppData\Roaming\SUPERAntiSpyware.com
2012-08-29 22:48:26 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-08-29 22:48:25 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-08-29 22:10:06 -------- d-----w- C:\Users\Gateway\AppData\Local\{6A973D3F-D6B0-48A6-AACB-FA5B1E5229E7}
2012-08-29 02:15:22 -------- d-----w- C:\Users\Gateway\AppData\Local\{C9A7CD0B-FCB4-4840-BD8A-5CC65AE3F096}
2012-08-28 01:57:45 98816 ----a-w- C:\Windows\sed.exe
2012-08-28 01:57:45 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-28 01:57:45 256000 ----a-w- C:\Windows\PEV.exe
2012-08-28 01:57:45 208896 ----a-w- C:\Windows\MBR.exe
2012-08-28 01:48:33 -------- d-----w- C:\Users\Gateway\AppData\Roaming\GetRightToGo
2012-08-28 01:21:36 -------- d-----w- C:\Backreg
2012-08-28 01:16:18 39184 ----a-w- C:\Windows\System32\Partizan.exe
2012-08-28 01:14:40 -------- d-----w- C:\ProgramData\RegRun
2012-08-28 01:14:18 2 --shatr- C:\Windows\winstart.bat
2012-08-28 01:14:03 -------- d-----w- C:\Program Files (x86)\UnHackMe
.
==================== Find3M ====================
.
2012-08-30 14:21:04 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-30 14:21:04 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-04 09:30:16 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-04 09:30:16 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-06 20:07:42 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
.
============= FINISH: 14:04:11.16 ===============

#6 JayBone

JayBone
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southbridge, VA
  • Local time:12:29 PM

Posted 24 September 2012 - 01:10 PM

Gringo, no problems running these three instructions you put here.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 PM

Posted 24 September 2012 - 01:12 PM

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 JayBone

JayBone
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southbridge, VA
  • Local time:12:29 PM

Posted 24 September 2012 - 01:33 PM

# AdwCleaner v2.003 - Logfile created 09/24/2012 at 14:30:17
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Gateway - GATEWAY-PC
# Boot Mode : Normal
# Running from : C:\Users\Gateway\Desktop\adwcleaner (1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Partner

***** [Registry] *****

Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Gateway\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2355 octets] - [24/09/2012 14:30:17]

########## EOF - C:\AdwCleaner[S1].txt - [2415 octets] ##########

#9 JayBone

JayBone
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southbridge, VA
  • Local time:12:29 PM

Posted 24 September 2012 - 01:41 PM

RogueKiller V8.0.5 [09/23/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Gateway [Admin rights]
Mode : Remove -- Date : 09/24/2012 14:39:31

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{8ef59813-d9f9-b9fe-88d5-fd5252ce858a}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{8ef59813-d9f9-b9fe-88d5-fd5252ce858a}\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\Gateway\AppData\Local\{8ef59813-d9f9-b9fe-88d5-fd5252ce858a}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Users\Gateway\AppData\Local\{8ef59813-d9f9-b9fe-88d5-fd5252ce858a}\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3750528AS ATA Device +++++
--- User ---
[MBR] 561c5fa383e721c8debb43a14895a289
[BSP] 6bc91b18b3f2edc38534e940df3f4b63 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29362176 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29566976 | Size: 700966 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#10 JayBone

JayBone
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southbridge, VA
  • Local time:12:29 PM

Posted 24 September 2012 - 01:45 PM

a webpage popped-up and asked to change my default search provider to bing.com. This was the address http://tigzyrk.blogspot.com/2011/09/rootkit-zeroaccess-max.html on top of the page was tigzy-RK ........... I just "X' out..Was that OK?

Edited by JayBone, 24 September 2012 - 01:47 PM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 PM

Posted 24 September 2012 - 03:59 PM

Greetings JayBone

Yes that is OK - it was from rougekiller

I want you to run these next to see if there is anything left of the rootkit,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 JayBone

JayBone
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southbridge, VA
  • Local time:12:29 PM

Posted 24 September 2012 - 04:51 PM

17:45:54.0066 2220 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:45:54.0472 2220 ============================================================
17:45:54.0472 2220 Current date / time: 2012/09/24 17:45:54.0472
17:45:54.0472 2220 SystemInfo:
17:45:54.0472 2220
17:45:54.0472 2220 OS Version: 6.1.7601 ServicePack: 1.0
17:45:54.0472 2220 Product type: Workstation
17:45:54.0472 2220 ComputerName: GATEWAY-PC
17:45:54.0472 2220 UserName: Gateway
17:45:54.0472 2220 Windows directory: C:\Windows
17:45:54.0472 2220 System windows directory: C:\Windows
17:45:54.0472 2220 Running under WOW64
17:45:54.0472 2220 Processor architecture: Intel x64
17:45:54.0472 2220 Number of processors: 2
17:45:54.0472 2220 Page size: 0x1000
17:45:54.0472 2220 Boot type: Normal boot
17:45:54.0472 2220 ============================================================
17:45:55.0798 2220 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:45:55.0798 2220 ============================================================
17:45:55.0798 2220 \Device\Harddisk0\DR0:
17:45:55.0798 2220 MBR partitions:
17:45:55.0798 2220 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
17:45:55.0798 2220 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x559136F0
17:45:55.0798 2220 ============================================================
17:45:55.0829 2220 C: <-> \Device\Harddisk0\DR0\Partition2
17:45:55.0829 2220 ============================================================
17:45:55.0829 2220 Initialize success
17:45:55.0829 2220 ============================================================
17:46:04.0456 5068 ============================================================
17:46:04.0456 5068 Scan started
17:46:04.0456 5068 Mode: Manual;
17:46:04.0456 5068 ============================================================
17:46:04.0939 5068 ================ Scan system memory ========================
17:46:04.0939 5068 System memory - ok
17:46:04.0939 5068 ================ Scan services =============================
17:46:05.0048 5068 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:46:05.0048 5068 1394ohci - ok
17:46:05.0064 5068 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:46:05.0080 5068 ACPI - ok
17:46:05.0095 5068 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:46:05.0095 5068 AcpiPmi - ok
17:46:05.0189 5068 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:46:05.0189 5068 AdobeARMservice - ok
17:46:05.0236 5068 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:46:05.0236 5068 adp94xx - ok
17:46:05.0267 5068 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:46:05.0267 5068 adpahci - ok
17:46:05.0282 5068 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:46:05.0282 5068 adpu320 - ok
17:46:05.0314 5068 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:46:05.0314 5068 AeLookupSvc - ok
17:46:05.0376 5068 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:46:05.0376 5068 AFD - ok
17:46:05.0407 5068 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:46:05.0407 5068 agp440 - ok
17:46:05.0423 5068 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:46:05.0423 5068 ALG - ok
17:46:05.0438 5068 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:46:05.0438 5068 aliide - ok
17:46:05.0454 5068 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:46:05.0454 5068 amdide - ok
17:46:05.0470 5068 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:46:05.0470 5068 AmdK8 - ok
17:46:05.0485 5068 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:46:05.0485 5068 AmdPPM - ok
17:46:05.0501 5068 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:46:05.0501 5068 amdsata - ok
17:46:05.0516 5068 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:46:05.0516 5068 amdsbs - ok
17:46:05.0532 5068 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:46:05.0532 5068 amdxata - ok
17:46:05.0563 5068 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:46:05.0563 5068 AppID - ok
17:46:05.0579 5068 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:46:05.0579 5068 AppIDSvc - ok
17:46:05.0610 5068 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:46:05.0626 5068 Appinfo - ok
17:46:05.0657 5068 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:46:05.0657 5068 Apple Mobile Device - ok
17:46:05.0688 5068 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:46:05.0688 5068 arc - ok
17:46:05.0704 5068 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:46:05.0704 5068 arcsas - ok
17:46:05.0719 5068 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:46:05.0719 5068 AsyncMac - ok
17:46:05.0735 5068 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:46:05.0735 5068 atapi - ok
17:46:05.0860 5068 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\Windows\system32\drivers\atikmdag.sys
17:46:05.0969 5068 atikmdag - ok
17:46:06.0016 5068 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:46:06.0016 5068 AudioEndpointBuilder - ok
17:46:06.0031 5068 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:46:06.0031 5068 AudioSrv - ok
17:46:06.0047 5068 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:46:06.0062 5068 AxInstSV - ok
17:46:06.0078 5068 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:46:06.0094 5068 b06bdrv - ok
17:46:06.0109 5068 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:46:06.0109 5068 b57nd60a - ok
17:46:06.0125 5068 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:46:06.0125 5068 BDESVC - ok
17:46:06.0140 5068 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:46:06.0140 5068 Beep - ok
17:46:06.0187 5068 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:46:06.0203 5068 BFE - ok
17:46:06.0218 5068 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
17:46:06.0234 5068 BITS - ok
17:46:06.0265 5068 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:46:06.0265 5068 blbdrive - ok
17:46:06.0328 5068 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:46:06.0328 5068 Bonjour Service - ok
17:46:06.0359 5068 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:46:06.0374 5068 bowser - ok
17:46:06.0393 5068 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:46:06.0394 5068 BrFiltLo - ok
17:46:06.0408 5068 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:46:06.0410 5068 BrFiltUp - ok
17:46:06.0437 5068 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:46:06.0439 5068 BridgeMP - ok
17:46:06.0458 5068 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:46:06.0461 5068 Browser - ok
17:46:06.0470 5068 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:46:06.0474 5068 Brserid - ok
17:46:06.0492 5068 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:46:06.0494 5068 BrSerWdm - ok
17:46:06.0503 5068 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:46:06.0504 5068 BrUsbMdm - ok
17:46:06.0512 5068 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:46:06.0514 5068 BrUsbSer - ok
17:46:06.0546 5068 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
17:46:06.0547 5068 BthEnum - ok
17:46:06.0562 5068 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:46:06.0565 5068 BTHMODEM - ok
17:46:06.0577 5068 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:46:06.0579 5068 BthPan - ok
17:46:06.0613 5068 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
17:46:06.0619 5068 BTHPORT - ok
17:46:06.0640 5068 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:46:06.0642 5068 bthserv - ok
17:46:06.0664 5068 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
17:46:06.0667 5068 BTHUSB - ok
17:46:06.0684 5068 catchme - ok
17:46:06.0704 5068 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:46:06.0706 5068 cdfs - ok
17:46:06.0767 5068 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:46:06.0770 5068 cdrom - ok
17:46:06.0803 5068 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:46:06.0805 5068 CertPropSvc - ok
17:46:06.0819 5068 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:46:06.0822 5068 circlass - ok
17:46:06.0840 5068 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:46:06.0844 5068 CLFS - ok
17:46:06.0901 5068 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:46:06.0904 5068 clr_optimization_v2.0.50727_32 - ok
17:46:06.0951 5068 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:46:06.0955 5068 clr_optimization_v2.0.50727_64 - ok
17:46:07.0017 5068 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:46:07.0020 5068 clr_optimization_v4.0.30319_32 - ok
17:46:07.0060 5068 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:46:07.0063 5068 clr_optimization_v4.0.30319_64 - ok
17:46:07.0077 5068 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:46:07.0079 5068 CmBatt - ok
17:46:07.0095 5068 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:46:07.0096 5068 cmdide - ok
17:46:07.0143 5068 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:46:07.0150 5068 CNG - ok
17:46:07.0166 5068 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:46:07.0168 5068 Compbatt - ok
17:46:07.0206 5068 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:46:07.0207 5068 CompositeBus - ok
17:46:07.0215 5068 COMSysApp - ok
17:46:07.0233 5068 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:46:07.0234 5068 crcdisk - ok
17:46:07.0276 5068 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:46:07.0279 5068 CryptSvc - ok
17:46:07.0326 5068 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:46:07.0336 5068 DcomLaunch - ok
17:46:07.0354 5068 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:46:07.0358 5068 defragsvc - ok
17:46:07.0391 5068 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:46:07.0393 5068 DfsC - ok
17:46:07.0408 5068 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:46:07.0413 5068 Dhcp - ok
17:46:07.0430 5068 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:46:07.0432 5068 discache - ok
17:46:07.0444 5068 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:46:07.0445 5068 Disk - ok
17:46:07.0483 5068 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:46:07.0486 5068 Dnscache - ok
17:46:07.0514 5068 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:46:07.0518 5068 dot3svc - ok
17:46:07.0563 5068 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
17:46:07.0566 5068 Dot4 - ok
17:46:07.0616 5068 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
17:46:07.0618 5068 Dot4Print - ok
17:46:07.0641 5068 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
17:46:07.0643 5068 dot4usb - ok
17:46:07.0685 5068 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:46:07.0688 5068 DPS - ok
17:46:07.0705 5068 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:46:07.0707 5068 drmkaud - ok
17:46:07.0741 5068 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:46:07.0748 5068 DXGKrnl - ok
17:46:07.0790 5068 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:46:07.0811 5068 EapHost - ok
17:46:08.0056 5068 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:46:08.0116 5068 ebdrv - ok
17:46:08.0130 5068 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:46:08.0132 5068 EFS - ok
17:46:08.0176 5068 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:46:08.0184 5068 ehRecvr - ok
17:46:08.0212 5068 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:46:08.0215 5068 ehSched - ok
17:46:08.0238 5068 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:46:08.0245 5068 elxstor - ok
17:46:08.0273 5068 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:46:08.0274 5068 ErrDev - ok
17:46:08.0326 5068 esgiguard - ok
17:46:08.0359 5068 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:46:08.0366 5068 EventSystem - ok
17:46:08.0383 5068 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:46:08.0386 5068 exfat - ok
17:46:08.0399 5068 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:46:08.0402 5068 fastfat - ok
17:46:08.0432 5068 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:46:08.0440 5068 Fax - ok
17:46:08.0461 5068 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:46:08.0463 5068 fdc - ok
17:46:08.0473 5068 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:46:08.0474 5068 fdPHost - ok
17:46:08.0490 5068 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:46:08.0492 5068 FDResPub - ok
17:46:08.0502 5068 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:46:08.0504 5068 FileInfo - ok
17:46:08.0515 5068 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:46:08.0516 5068 Filetrace - ok
17:46:08.0537 5068 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:46:08.0538 5068 flpydisk - ok
17:46:08.0562 5068 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:46:08.0565 5068 FltMgr - ok
17:46:08.0596 5068 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:46:08.0604 5068 FontCache - ok
17:46:08.0646 5068 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:46:08.0647 5068 FontCache3.0.0.0 - ok
17:46:08.0676 5068 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:46:08.0678 5068 FsDepends - ok
17:46:08.0716 5068 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:46:08.0717 5068 Fs_Rec - ok
17:46:08.0749 5068 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:46:08.0752 5068 fvevol - ok
17:46:08.0776 5068 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:46:08.0779 5068 gagp30kx - ok
17:46:08.0881 5068 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
17:46:08.0885 5068 GamesAppService - ok
17:46:08.0923 5068 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:46:08.0924 5068 GEARAspiWDM - ok
17:46:08.0955 5068 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:46:08.0967 5068 gpsvc - ok
17:46:09.0048 5068 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
17:46:09.0060 5068 Greg_Service - ok
17:46:09.0132 5068 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:46:09.0135 5068 gupdate - ok
17:46:09.0153 5068 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:46:09.0155 5068 gupdatem - ok
17:46:09.0177 5068 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:46:09.0179 5068 hcw85cir - ok
17:46:09.0220 5068 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:46:09.0226 5068 HdAudAddService - ok
17:46:09.0246 5068 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:46:09.0248 5068 HDAudBus - ok
17:46:09.0258 5068 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:46:09.0261 5068 HidBatt - ok
17:46:09.0278 5068 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:46:09.0280 5068 HidBth - ok
17:46:09.0299 5068 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:46:09.0301 5068 HidIr - ok
17:46:09.0316 5068 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
17:46:09.0318 5068 hidserv - ok
17:46:09.0331 5068 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:46:09.0333 5068 HidUsb - ok
17:46:09.0361 5068 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:46:09.0364 5068 hkmsvc - ok
17:46:09.0402 5068 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:46:09.0406 5068 HomeGroupListener - ok
17:46:09.0438 5068 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:46:09.0441 5068 HomeGroupProvider - ok
17:46:09.0544 5068 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
17:46:09.0548 5068 hpqcxs08 - ok
17:46:09.0574 5068 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
17:46:09.0577 5068 hpqddsvc - ok
17:46:09.0594 5068 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:46:09.0598 5068 HpSAMD - ok
17:46:09.0649 5068 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
17:46:09.0659 5068 HPSLPSVC - ok
17:46:09.0718 5068 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:46:09.0728 5068 HTTP - ok
17:46:09.0768 5068 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:46:09.0768 5068 hwpolicy - ok
17:46:09.0792 5068 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:46:09.0795 5068 i8042prt - ok
17:46:09.0836 5068 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:46:09.0843 5068 iaStorV - ok
17:46:09.0885 5068 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:46:09.0898 5068 idsvc - ok
17:46:10.0084 5068 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:46:10.0263 5068 igfx - ok
17:46:10.0291 5068 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:46:10.0293 5068 iirsp - ok
17:46:10.0322 5068 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:46:10.0332 5068 IKEEXT - ok
17:46:10.0414 5068 [ B6E61B181884527CC5B68C2D79504B43 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:46:10.0426 5068 IntcAzAudAddService - ok
17:46:10.0454 5068 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:46:10.0455 5068 intelide - ok
17:46:10.0475 5068 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:46:10.0476 5068 intelppm - ok
17:46:10.0495 5068 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:46:10.0498 5068 IPBusEnum - ok
17:46:10.0530 5068 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:46:10.0532 5068 IpFilterDriver - ok
17:46:10.0568 5068 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:46:10.0575 5068 iphlpsvc - ok
17:46:10.0604 5068 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:46:10.0606 5068 IPMIDRV - ok
17:46:10.0624 5068 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:46:10.0627 5068 IPNAT - ok
17:46:10.0677 5068 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:46:10.0684 5068 iPod Service - ok
17:46:10.0694 5068 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:46:10.0696 5068 IRENUM - ok
17:46:10.0709 5068 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:46:10.0710 5068 isapnp - ok
17:46:10.0732 5068 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:46:10.0735 5068 iScsiPrt - ok
17:46:10.0768 5068 [ 357F61A9F84D39DD7D9B4F783772BAF2 ] itecir C:\Windows\system32\DRIVERS\itecir.sys
17:46:10.0770 5068 itecir - ok
17:46:10.0800 5068 [ 02BD12C2EE52F0849A5D6F9A2FA67B4E ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
17:46:10.0802 5068 JMCR - ok
17:46:10.0820 5068 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:46:10.0821 5068 kbdclass - ok
17:46:10.0832 5068 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:46:10.0834 5068 kbdhid - ok
17:46:10.0844 5068 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:46:10.0846 5068 KeyIso - ok
17:46:10.0881 5068 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:46:10.0883 5068 KSecDD - ok
17:46:10.0908 5068 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:46:10.0910 5068 KSecPkg - ok
17:46:10.0916 5068 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:46:10.0919 5068 ksthunk - ok
17:46:10.0945 5068 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:46:10.0951 5068 KtmRm - ok
17:46:10.0992 5068 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:46:10.0997 5068 LanmanServer - ok
17:46:11.0022 5068 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:46:11.0026 5068 LanmanWorkstation - ok
17:46:11.0056 5068 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:46:11.0058 5068 lltdio - ok
17:46:11.0086 5068 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:46:11.0093 5068 lltdsvc - ok
17:46:11.0111 5068 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:46:11.0114 5068 lmhosts - ok
17:46:11.0134 5068 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:46:11.0136 5068 LSI_FC - ok
17:46:11.0153 5068 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:46:11.0155 5068 LSI_SAS - ok
17:46:11.0174 5068 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:46:11.0176 5068 LSI_SAS2 - ok
17:46:11.0191 5068 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:46:11.0194 5068 LSI_SCSI - ok
17:46:11.0210 5068 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:46:11.0212 5068 luafv - ok
17:46:11.0241 5068 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:46:11.0244 5068 Mcx2Svc - ok
17:46:11.0258 5068 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:46:11.0260 5068 megasas - ok
17:46:11.0282 5068 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:46:11.0286 5068 MegaSR - ok
17:46:11.0304 5068 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:46:11.0306 5068 MMCSS - ok
17:46:11.0332 5068 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:46:11.0334 5068 Modem - ok
17:46:11.0352 5068 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:46:11.0353 5068 monitor - ok
17:46:11.0394 5068 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:46:11.0395 5068 mouclass - ok
17:46:11.0412 5068 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:46:11.0414 5068 mouhid - ok
17:46:11.0443 5068 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:46:11.0445 5068 mountmgr - ok
17:46:11.0510 5068 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
17:46:11.0514 5068 MpFilter - ok
17:46:11.0545 5068 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:46:11.0549 5068 mpio - ok
17:46:11.0568 5068 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:46:11.0571 5068 mpsdrv - ok
17:46:11.0636 5068 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:46:11.0650 5068 MpsSvc - ok
17:46:11.0703 5068 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:46:11.0706 5068 MRxDAV - ok
17:46:11.0734 5068 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:46:11.0736 5068 mrxsmb - ok
17:46:11.0773 5068 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:46:11.0777 5068 mrxsmb10 - ok
17:46:11.0795 5068 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:46:11.0797 5068 mrxsmb20 - ok
17:46:11.0818 5068 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:46:11.0819 5068 msahci - ok
17:46:11.0846 5068 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:46:11.0848 5068 msdsm - ok
17:46:11.0863 5068 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:46:11.0867 5068 MSDTC - ok
17:46:11.0892 5068 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:46:11.0892 5068 Msfs - ok
17:46:11.0920 5068 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:46:11.0921 5068 mshidkmdf - ok
17:46:11.0935 5068 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:46:11.0936 5068 msisadrv - ok
17:46:11.0963 5068 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:46:11.0966 5068 MSiSCSI - ok
17:46:11.0972 5068 msiserver - ok
17:46:11.0993 5068 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:46:11.0995 5068 MSKSSRV - ok
17:46:12.0044 5068 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:46:12.0045 5068 MsMpSvc - ok
17:46:12.0062 5068 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:46:12.0063 5068 MSPCLOCK - ok
17:46:12.0078 5068 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:46:12.0078 5068 MSPQM - ok
17:46:12.0094 5068 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:46:12.0094 5068 MsRPC - ok
17:46:12.0110 5068 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:46:12.0110 5068 mssmbios - ok
17:46:12.0125 5068 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:46:12.0125 5068 MSTEE - ok
17:46:12.0141 5068 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:46:12.0141 5068 MTConfig - ok
17:46:12.0172 5068 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:46:12.0172 5068 Mup - ok
17:46:12.0203 5068 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:46:12.0219 5068 napagent - ok
17:46:12.0234 5068 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:46:12.0250 5068 NativeWifiP - ok
17:46:12.0297 5068 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:46:12.0297 5068 NDIS - ok
17:46:12.0312 5068 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:46:12.0312 5068 NdisCap - ok
17:46:12.0344 5068 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:46:12.0344 5068 NdisTapi - ok
17:46:12.0375 5068 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:46:12.0375 5068 Ndisuio - ok
17:46:12.0406 5068 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:46:12.0406 5068 NdisWan - ok
17:46:12.0422 5068 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:46:12.0422 5068 NDProxy - ok
17:46:12.0484 5068 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
17:46:12.0500 5068 Nero BackItUp Scheduler 4.0 - ok
17:46:12.0578 5068 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:46:12.0578 5068 Net Driver HPZ12 - ok
17:46:12.0578 5068 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:46:12.0578 5068 NetBIOS - ok
17:46:12.0609 5068 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:46:12.0609 5068 NetBT - ok
17:46:12.0624 5068 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:46:12.0624 5068 Netlogon - ok
17:46:12.0640 5068 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:46:12.0640 5068 Netman - ok
17:46:12.0671 5068 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:46:12.0671 5068 netprofm - ok
17:46:12.0718 5068 [ 44D4BD55191624C82A2745296BA42814 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
17:46:12.0718 5068 netr28x - ok
17:46:12.0734 5068 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:46:12.0749 5068 NetTcpPortSharing - ok
17:46:12.0765 5068 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:46:12.0765 5068 nfrd960 - ok
17:46:12.0796 5068 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:46:12.0796 5068 NisDrv - ok
17:46:12.0843 5068 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
17:46:12.0843 5068 NisSrv - ok
17:46:12.0874 5068 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:46:12.0890 5068 NlaSvc - ok
17:46:12.0905 5068 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:46:12.0905 5068 Npfs - ok
17:46:12.0921 5068 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:46:12.0921 5068 nsi - ok
17:46:12.0936 5068 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:46:12.0936 5068 nsiproxy - ok
17:46:12.0983 5068 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:46:13.0014 5068 Ntfs - ok
17:46:13.0186 5068 [ BD691091AC7D9713D8F0B07C6B099E6C ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
17:46:13.0202 5068 NTI IScheduleSvc - ok
17:46:13.0217 5068 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
17:46:13.0217 5068 NTIDrvr - ok
17:46:13.0233 5068 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:46:13.0233 5068 Null - ok
17:46:13.0248 5068 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:46:13.0248 5068 nvraid - ok
17:46:13.0280 5068 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:46:13.0280 5068 nvstor - ok
17:46:13.0295 5068 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:46:13.0311 5068 nv_agp - ok
17:46:13.0358 5068 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:46:13.0358 5068 odserv - ok
17:46:13.0404 5068 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:46:13.0404 5068 ohci1394 - ok
17:46:13.0451 5068 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:46:13.0451 5068 ose - ok
17:46:13.0482 5068 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:46:13.0482 5068 p2pimsvc - ok
17:46:13.0498 5068 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:46:13.0514 5068 p2psvc - ok
17:46:13.0529 5068 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:46:13.0529 5068 Parport - ok
17:46:13.0560 5068 Partizan - ok
17:46:13.0592 5068 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:46:13.0592 5068 partmgr - ok
17:46:13.0607 5068 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:46:13.0607 5068 PcaSvc - ok
17:46:13.0654 5068 PcdrNdisuio - ok
17:46:13.0701 5068 PCDSRVC{3CB8192B-E4B0445F-06020101}_0 - ok
17:46:13.0716 5068 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:46:13.0716 5068 pci - ok
17:46:13.0732 5068 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:46:13.0732 5068 pciide - ok
17:46:13.0748 5068 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:46:13.0748 5068 pcmcia - ok
17:46:13.0779 5068 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:46:13.0779 5068 pcw - ok
17:46:13.0794 5068 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:46:13.0794 5068 PEAUTH - ok
17:46:13.0841 5068 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:46:13.0841 5068 PerfHost - ok
17:46:13.0888 5068 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:46:13.0919 5068 pla - ok
17:46:13.0950 5068 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:46:13.0966 5068 PlugPlay - ok
17:46:14.0013 5068 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:46:14.0028 5068 Pml Driver HPZ12 - ok
17:46:14.0044 5068 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:46:14.0044 5068 PNRPAutoReg - ok
17:46:14.0060 5068 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:46:14.0060 5068 PNRPsvc - ok
17:46:14.0075 5068 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:46:14.0091 5068 PolicyAgent - ok
17:46:14.0106 5068 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:46:14.0106 5068 Power - ok
17:46:14.0138 5068 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:46:14.0138 5068 PptpMiniport - ok
17:46:14.0169 5068 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:46:14.0169 5068 Processor - ok
17:46:14.0200 5068 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:46:14.0200 5068 ProfSvc - ok
17:46:14.0231 5068 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:46:14.0231 5068 ProtectedStorage - ok
17:46:14.0278 5068 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:46:14.0278 5068 Psched - ok
17:46:14.0294 5068 pwipf6 - ok
17:46:14.0325 5068 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:46:14.0356 5068 ql2300 - ok
17:46:14.0372 5068 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:46:14.0372 5068 ql40xx - ok
17:46:14.0387 5068 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:46:14.0403 5068 QWAVE - ok
17:46:14.0418 5068 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:46:14.0418 5068 QWAVEdrv - ok
17:46:14.0434 5068 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:46:14.0434 5068 RasAcd - ok
17:46:14.0450 5068 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:46:14.0450 5068 RasAgileVpn - ok
17:46:14.0465 5068 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:46:14.0465 5068 RasAuto - ok
17:46:14.0481 5068 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:46:14.0481 5068 Rasl2tp - ok
17:46:14.0574 5068 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:46:14.0637 5068 RasMan - ok
17:46:14.0652 5068 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:46:14.0652 5068 RasPppoe - ok
17:46:14.0668 5068 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:46:14.0668 5068 RasSstp - ok
17:46:14.0699 5068 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:46:14.0699 5068 rdbss - ok
17:46:14.0715 5068 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:46:14.0715 5068 rdpbus - ok
17:46:14.0730 5068 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:46:14.0730 5068 RDPCDD - ok
17:46:14.0746 5068 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:46:14.0762 5068 RDPENCDD - ok
17:46:14.0762 5068 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:46:14.0762 5068 RDPREFMP - ok
17:46:14.0793 5068 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:46:14.0808 5068 RDPWD - ok
17:46:14.0840 5068 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:46:14.0840 5068 rdyboost - ok
17:46:14.0855 5068 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:46:14.0855 5068 RemoteAccess - ok
17:46:14.0871 5068 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:46:14.0871 5068 RemoteRegistry - ok
17:46:14.0902 5068 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:46:14.0902 5068 RFCOMM - ok
17:46:14.0980 5068 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
17:46:14.0980 5068 RichVideo - ok
17:46:14.0996 5068 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:46:15.0011 5068 RpcEptMapper - ok
17:46:15.0011 5068 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:46:15.0011 5068 RpcLocator - ok
17:46:15.0058 5068 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
17:46:15.0058 5068 RpcSs - ok
17:46:15.0074 5068 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:46:15.0074 5068 rspndr - ok
17:46:15.0105 5068 [ 91296F0B2653281B2F11E0FCE56AA427 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:46:15.0105 5068 RTL8167 - ok
17:46:15.0120 5068 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:46:15.0120 5068 SamSs - ok
17:46:15.0152 5068 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:46:15.0152 5068 sbp2port - ok
17:46:15.0167 5068 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:46:15.0167 5068 SCardSvr - ok
17:46:15.0183 5068 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:46:15.0183 5068 scfilter - ok
17:46:15.0214 5068 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:46:15.0261 5068 Schedule - ok
17:46:15.0292 5068 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:46:15.0292 5068 SCPolicySvc - ok
17:46:15.0323 5068 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
17:46:15.0323 5068 sdbus - ok
17:46:15.0339 5068 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:46:15.0339 5068 SDRSVC - ok
17:46:15.0370 5068 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:46:15.0370 5068 secdrv - ok
17:46:15.0401 5068 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:46:15.0401 5068 seclogon - ok
17:46:15.0417 5068 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
17:46:15.0417 5068 SENS - ok
17:46:15.0432 5068 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:46:15.0432 5068 SensrSvc - ok
17:46:15.0448 5068 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:46:15.0448 5068 Serenum - ok
17:46:15.0464 5068 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:46:15.0464 5068 Serial - ok
17:46:15.0479 5068 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:46:15.0495 5068 sermouse - ok
17:46:15.0557 5068 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:46:15.0557 5068 SessionEnv - ok
17:46:15.0588 5068 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:46:15.0588 5068 sffdisk - ok
17:46:15.0620 5068 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:46:15.0620 5068 sffp_mmc - ok
17:46:15.0635 5068 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:46:15.0635 5068 sffp_sd - ok
17:46:15.0651 5068 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:46:15.0651 5068 sfloppy - ok
17:46:15.0729 5068 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:46:15.0729 5068 SharedAccess - ok
17:46:15.0760 5068 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:46:15.0776 5068 ShellHWDetection - ok
17:46:15.0791 5068 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:46:15.0807 5068 SiSRaid2 - ok
17:46:15.0822 5068 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:46:15.0822 5068 SiSRaid4 - ok
17:46:15.0838 5068 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:46:15.0838 5068 Smb - ok
17:46:15.0885 5068 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:46:15.0885 5068 SNMPTRAP - ok
17:46:15.0900 5068 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:46:15.0900 5068 spldr - ok
17:46:15.0947 5068 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:46:15.0963 5068 Spooler - ok
17:46:16.0056 5068 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:46:16.0103 5068 sppsvc - ok
17:46:16.0150 5068 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:46:16.0181 5068 sppuinotify - ok
17:46:16.0244 5068 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:46:16.0244 5068 srv - ok
17:46:16.0259 5068 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:46:16.0259 5068 srv2 - ok
17:46:16.0275 5068 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:46:16.0275 5068 srvnet - ok
17:46:16.0290 5068 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:46:16.0306 5068 SSDPSRV - ok
17:46:16.0306 5068 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:46:16.0322 5068 SstpSvc - ok
17:46:16.0322 5068 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:46:16.0337 5068 stexstor - ok
17:46:16.0462 5068 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:46:16.0524 5068 stisvc - ok
17:46:16.0556 5068 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:46:16.0556 5068 swenum - ok
17:46:16.0587 5068 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:46:16.0602 5068 swprv - ok
17:46:16.0649 5068 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:46:16.0680 5068 SysMain - ok
17:46:16.0712 5068 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:46:16.0712 5068 TabletInputService - ok
17:46:16.0727 5068 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:46:16.0727 5068 TapiSrv - ok
17:46:16.0743 5068 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:46:16.0743 5068 TBS - ok
17:46:16.0790 5068 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:46:16.0836 5068 Tcpip - ok
17:46:16.0899 5068 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:46:16.0914 5068 TCPIP6 - ok
17:46:16.0946 5068 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:46:16.0946 5068 tcpipreg - ok
17:46:16.0977 5068 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:46:16.0977 5068 TDPIPE - ok
17:46:17.0008 5068 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:46:17.0008 5068 TDTCP - ok
17:46:17.0024 5068 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:46:17.0039 5068 tdx - ok
17:46:17.0039 5068 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:46:17.0039 5068 TermDD - ok
17:46:17.0070 5068 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:46:17.0070 5068 TermService - ok
17:46:17.0086 5068 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:46:17.0086 5068 Themes - ok
17:46:17.0117 5068 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:46:17.0117 5068 THREADORDER - ok
17:46:17.0133 5068 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:46:17.0133 5068 TrkWks - ok
17:46:17.0164 5068 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:46:17.0164 5068 TrustedInstaller - ok
17:46:17.0195 5068 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:46:17.0195 5068 tssecsrv - ok
17:46:17.0242 5068 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:46:17.0242 5068 TsUsbFlt - ok
17:46:17.0273 5068 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:46:17.0273 5068 tunnel - ok
17:46:17.0304 5068 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:46:17.0304 5068 uagp35 - ok
17:46:17.0336 5068 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
17:46:17.0336 5068 UBHelper - ok
17:46:17.0367 5068 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:46:17.0367 5068 udfs - ok
17:46:17.0382 5068 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:46:17.0382 5068 UI0Detect - ok
17:46:17.0414 5068 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:46:17.0414 5068 uliagpkx - ok
17:46:17.0429 5068 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
17:46:17.0429 5068 umbus - ok
17:46:17.0445 5068 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:46:17.0460 5068 UmPass - ok
17:46:17.0492 5068 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
17:46:17.0507 5068 Updater Service - ok
17:46:17.0523 5068 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:46:17.0523 5068 upnphost - ok
17:46:17.0538 5068 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:46:17.0554 5068 USBAAPL64 - ok
17:46:17.0554 5068 usbbus - ok
17:46:17.0585 5068 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:46:17.0585 5068 usbccgp - ok
17:46:17.0632 5068 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:46:17.0632 5068 usbcir - ok
17:46:17.0632 5068 UsbDiag - ok
17:46:17.0648 5068 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:46:17.0648 5068 usbehci - ok
17:46:17.0663 5068 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:46:17.0679 5068 usbhub - ok
17:46:17.0679 5068 USBModem - ok
17:46:17.0710 5068 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:46:17.0710 5068 usbohci - ok
17:46:17.0741 5068 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:46:17.0741 5068 usbprint - ok
17:46:17.0772 5068 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:46:17.0788 5068 usbscan - ok
17:46:17.0788 5068 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:46:17.0804 5068 USBSTOR - ok
17:46:17.0819 5068 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:46:17.0819 5068 usbuhci - ok
17:46:17.0850 5068 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:46:17.0850 5068 usbvideo - ok
17:46:17.0850 5068 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:46:17.0866 5068 UxSms - ok
17:46:17.0866 5068 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:46:17.0866 5068 VaultSvc - ok
17:46:17.0882 5068 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:46:17.0882 5068 vdrvroot - ok
17:46:17.0944 5068 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:46:17.0944 5068 vds - ok
17:46:17.0975 5068 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:46:17.0975 5068 vga - ok
17:46:18.0006 5068 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:46:18.0006 5068 VgaSave - ok
17:46:18.0038 5068 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:46:18.0038 5068 vhdmp - ok
17:46:18.0053 5068 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:46:18.0053 5068 viaide - ok
17:46:18.0069 5068 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:46:18.0069 5068 volmgr - ok
17:46:18.0084 5068 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:46:18.0100 5068 volmgrx - ok
17:46:18.0116 5068 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:46:18.0116 5068 volsnap - ok
17:46:18.0131 5068 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:46:18.0147 5068 vsmraid - ok
17:46:18.0209 5068 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:46:18.0240 5068 VSS - ok
17:46:18.0256 5068 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:46:18.0256 5068 vwifibus - ok
17:46:18.0272 5068 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:46:18.0272 5068 vwififlt - ok
17:46:18.0303 5068 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:46:18.0303 5068 W32Time - ok
17:46:18.0318 5068 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:46:18.0318 5068 WacomPen - ok
17:46:18.0334 5068 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:46:18.0350 5068 WANARP - ok
17:46:18.0350 5068 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:46:18.0350 5068 Wanarpv6 - ok
17:46:18.0412 5068 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:46:18.0443 5068 WatAdminSvc - ok
17:46:18.0490 5068 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:46:18.0506 5068 wbengine - ok
17:46:18.0537 5068 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:46:18.0537 5068 WbioSrvc - ok
17:46:18.0568 5068 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:46:18.0584 5068 wcncsvc - ok
17:46:18.0584 5068 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:46:18.0599 5068 WcsPlugInService - ok
17:46:18.0599 5068 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:46:18.0615 5068 Wd - ok
17:46:18.0630 5068 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:46:18.0646 5068 Wdf01000 - ok
17:46:18.0646 5068 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:46:18.0662 5068 WdiServiceHost - ok
17:46:18.0662 5068 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:46:18.0662 5068 WdiSystemHost - ok
17:46:18.0677 5068 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:46:18.0677 5068 WebClient - ok
17:46:18.0693 5068 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:46:18.0708 5068 Wecsvc - ok
17:46:18.0724 5068 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:46:18.0724 5068 wercplsupport - ok
17:46:18.0740 5068 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:46:18.0740 5068 WerSvc - ok
17:46:18.0755 5068 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:46:18.0755 5068 WfpLwf - ok
17:46:18.0771 5068 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:46:18.0771 5068 WIMMount - ok
17:46:18.0802 5068 WinDefend - ok
17:46:18.0818 5068 WinHttpAutoProxySvc - ok
17:46:18.0849 5068 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:46:18.0864 5068 Winmgmt - ok
17:46:18.0896 5068 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:46:19.0005 5068 WinRM - ok
17:46:19.0067 5068 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:46:19.0067 5068 WinUsb - ok
17:46:19.0098 5068 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:46:19.0114 5068 Wlansvc - ok
17:46:19.0208 5068 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:46:19.0254 5068 wlidsvc - ok
17:46:19.0286 5068 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:46:19.0286 5068 WmiAcpi - ok
17:46:19.0332 5068 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:46:19.0332 5068 wmiApSrv - ok
17:46:19.0348 5068 WMPNetworkSvc - ok
17:46:19.0348 5068 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:46:19.0348 5068 WPCSvc - ok
17:46:19.0395 5068 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:46:19.0395 5068 WPDBusEnum - ok
17:46:19.0426 5068 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:46:19.0426 5068 ws2ifsl - ok
17:46:19.0442 5068 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
17:46:19.0457 5068 wscsvc - ok
17:46:19.0457 5068 WSearch - ok
17:46:19.0551 5068 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:46:19.0582 5068 wuauserv - ok
17:46:19.0613 5068 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:46:19.0629 5068 WudfPf - ok
17:46:19.0660 5068 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:46:19.0660 5068 WUDFRd - ok
17:46:19.0707 5068 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:46:19.0707 5068 wudfsvc - ok
17:46:19.0722 5068 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:46:19.0738 5068 WwanSvc - ok
17:46:19.0769 5068 ================ Scan global ===============================
17:46:19.0800 5068 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:46:19.0832 5068 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:46:19.0847 5068 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:46:19.0863 5068 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:46:19.0878 5068 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:46:19.0878 5068 [Global] - ok
17:46:19.0878 5068 ================ Scan MBR ==================================
17:46:19.0894 5068 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:46:20.0050 5068 \Device\Harddisk0\DR0 - ok
17:46:20.0050 5068 ================ Scan VBR ==================================
17:46:20.0050 5068 [ CA0347242ECA300E9C2F5E1E00EA6EB0 ] \Device\Harddisk0\DR0\Partition1
17:46:20.0066 5068 \Device\Harddisk0\DR0\Partition1 - ok
17:46:20.0097 5068 [ A8353FE00F9420B5A3261DF7DF4DB822 ] \Device\Harddisk0\DR0\Partition2
17:46:20.0097 5068 \Device\Harddisk0\DR0\Partition2 - ok
17:46:20.0097 5068 ============================================================
17:46:20.0097 5068 Scan finished
17:46:20.0097 5068 ============================================================
17:46:20.0112 4452 Detected object count: 0
17:46:20.0112 4452 Actual detected object count: 0

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 PM

Posted 24 September 2012 - 04:57 PM

Hello JayBone


Let me have the aswMBR report when it is ready



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 JayBone

JayBone
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southbridge, VA
  • Local time:12:29 PM

Posted 24 September 2012 - 05:03 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-24 17:53:11
-----------------------------
17:53:11.734 OS Version: Windows x64 6.1.7601 Service Pack 1
17:53:11.734 Number of processors: 2 586 0x170A
17:53:11.734 ComputerName: GATEWAY-PC UserName: Gateway
17:53:14.230 Initialize success
17:53:24.416 AVAST engine defs: 12092301
17:53:30.766 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:53:30.781 Disk 0 Vendor: ST3750528AS CC44 Size: 715404MB BusType: 11
17:53:30.797 Disk 0 MBR read successfully
17:53:30.797 Disk 0 MBR scan
17:53:30.812 Disk 0 Windows 7 default MBR code
17:53:30.844 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048
17:53:30.875 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176
17:53:30.953 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 700966 MB offset 29566976
17:53:31.031 Disk 0 scanning C:\Windows\system32\drivers
17:53:45.648 Service scanning
17:54:13.433 Modules scanning
17:54:13.448 Disk 0 trace - called modules:
17:54:13.464 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:54:13.979 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005816060]
17:54:13.979 3 CLASSPNP.SYS[fffff8800191e43f] -> nt!IofCallDriver -> [0xfffffa80053a64d0]
17:54:13.994 5 ACPI.sys[fffff88000ec97a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80053a2680]
17:54:17.099 AVAST engine scan C:\Windows
17:54:22.309 AVAST engine scan C:\Windows\system32
17:58:45.472 AVAST engine scan C:\Windows\system32\drivers
17:59:06.251 AVAST engine scan C:\Users\Gateway
18:02:48.933 Disk 0 MBR has been saved successfully to "C:\Users\Gateway\Desktop\MBR.dat"
18:02:48.933 The log file has been saved successfully to "C:\Users\Gateway\Desktop\aswMBR.txt"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 PM

Posted 24 September 2012 - 05:07 PM

Hello JayBone

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users