Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure if I am infected or just plain screwed up


  • Please log in to reply
14 replies to this topic

#1 weldermike

weldermike

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 27 September 2012 - 07:05 AM

Hi everyone. This is my first try at this so please be patient.

I am running Wndows 7 and yesterday I suddenly got a blue screen and a restart. It will start, run for a few minutes with the processor clicking away and then will do it again.

In safe mode it starts no problem and does not go blue. Ran Malwarebites and came up with 8 "infections". I deleted them and restarted and now it says it can not find the cleanup file whaen starting and still goes Blue repeatedly.

Any ideas?

I am running through a router, wired. I have 3 other laptops in my network running wirelessly with no issues.

The last couple of days before this Imay have had a web hijacker as I would click on a site from a Google search and it took me to a different site. When I clicked back to the search then to the site again it would go to the correct site this time.

I know I am just spewing but I am not sure if any of this is related to the problem.

Thanks!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:26 PM

Posted 27 September 2012 - 07:06 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 weldermike

weldermike
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 27 September 2012 - 09:20 AM

Thanks for the fast reply. Will run them tonight. In safe mode I guess since that is the only way to keep the computer on.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:26 PM

Posted 27 September 2012 - 09:24 AM

:thumbup2:

#5 weldermike

weldermike
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 27 September 2012 - 08:07 PM

19:26:49.0292 1704 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:26:49.0604 1704 ============================================================
19:26:49.0604 1704 Current date / time: 2012/09/27 19:26:49.0604
19:26:49.0604 1704 SystemInfo:
19:26:49.0604 1704
19:26:49.0604 1704 OS Version: 6.1.7601 ServicePack: 1.0
19:26:49.0604 1704 Product type: Workstation
19:26:49.0604 1704 ComputerName: THEFLAGGFAMI-PC
19:26:49.0604 1704 UserName: The Flagg Family
19:26:49.0604 1704 Windows directory: C:\Windows
19:26:49.0604 1704 System windows directory: C:\Windows
19:26:49.0604 1704 Processor architecture: Intel x86
19:26:49.0604 1704 Number of processors: 2
19:26:49.0604 1704 Page size: 0x1000
19:26:49.0604 1704 Boot type: Safe boot with network
19:26:49.0604 1704 ============================================================
19:26:50.0603 1704 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:26:50.0665 1704 Drive \Device\Harddisk6\DR7 - Size: 0x1EAE00000 (7.67 Gb), SectorSize: 0x200, Cylinders: 0x3E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:26:50.0665 1704 ============================================================
19:26:50.0665 1704 \Device\Harddisk0\DR0:
19:26:50.0665 1704 MBR partitions:
19:26:50.0665 1704 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
19:26:50.0665 1704 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x38F6A000
19:26:50.0665 1704 \Device\Harddisk6\DR7:
19:26:50.0665 1704 MBR partitions:
19:26:50.0665 1704 \Device\Harddisk6\DR7\Partition1: MBR, Type 0xB, StartLBA 0x558, BlocksNum 0xF56AA8
19:26:50.0665 1704 ============================================================
19:26:50.0696 1704 C: <-> \Device\Harddisk0\DR0\Partition2
19:26:50.0712 1704 D: <-> \Device\Harddisk0\DR0\Partition1
19:26:50.0712 1704 ============================================================
19:26:50.0712 1704 Initialize success
19:26:50.0712 1704 ============================================================
19:27:09.0557 1744 ============================================================
19:27:09.0557 1744 Scan started
19:27:09.0557 1744 Mode: Manual; TDLFS;
19:27:09.0557 1744 ============================================================
19:27:10.0009 1744 ================ Scan system memory ========================
19:27:10.0009 1744 System memory - ok
19:27:10.0009 1744 ================ Scan services =============================
19:27:10.0165 1744 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:27:10.0165 1744 1394ohci - ok
19:27:10.0212 1744 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:27:10.0212 1744 ACPI - ok
19:27:10.0227 1744 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:27:10.0227 1744 AcpiPmi - ok
19:27:10.0290 1744 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:27:10.0290 1744 adp94xx - ok
19:27:10.0321 1744 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:27:10.0321 1744 adpahci - ok
19:27:10.0352 1744 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:27:10.0352 1744 adpu320 - ok
19:27:10.0383 1744 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:27:10.0399 1744 AeLookupSvc - ok
19:27:10.0446 1744 [ 330A1E4DF07C2E29949ED8631CD8828E ] AERTFilters C:\Windows\system32\AERTSrv.exe
19:27:10.0446 1744 AERTFilters - ok
19:27:10.0493 1744 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
19:27:10.0493 1744 AFD - ok
19:27:10.0508 1744 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
19:27:10.0508 1744 agp440 - ok
19:27:10.0555 1744 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
19:27:10.0555 1744 aic78xx - ok
19:27:10.0586 1744 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:27:10.0602 1744 ALG - ok
19:27:10.0617 1744 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:27:10.0633 1744 aliide - ok
19:27:10.0649 1744 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:27:10.0649 1744 amdagp - ok
19:27:10.0680 1744 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:27:10.0680 1744 amdide - ok
19:27:10.0711 1744 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:27:10.0711 1744 AmdK8 - ok
19:27:10.0727 1744 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:27:10.0727 1744 AmdPPM - ok
19:27:10.0773 1744 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:27:10.0773 1744 amdsata - ok
19:27:10.0789 1744 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:27:10.0789 1744 amdsbs - ok
19:27:10.0805 1744 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:27:10.0805 1744 amdxata - ok
19:27:10.0836 1744 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
19:27:10.0851 1744 AppID - ok
19:27:10.0883 1744 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:27:10.0883 1744 AppIDSvc - ok
19:27:10.0945 1744 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
19:27:10.0945 1744 Appinfo - ok
19:27:11.0023 1744 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:27:11.0023 1744 Apple Mobile Device - ok
19:27:11.0070 1744 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:27:11.0070 1744 arc - ok
19:27:11.0085 1744 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:27:11.0085 1744 arcsas - ok
19:27:11.0163 1744 [ 7B44F870FC2DA172C5367D9E3F96F553 ] ASKService C:\Program Files\AskBarDis\bar\bin\AskService.exe
19:27:11.0163 1744 ASKService - ok
19:27:11.0195 1744 [ 367621CB272A8D9E7D910388916D5737 ] ASKUpgrade C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
19:27:11.0195 1744 ASKUpgrade - ok
19:27:11.0226 1744 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:27:11.0226 1744 AsyncMac - ok
19:27:11.0241 1744 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
19:27:11.0241 1744 atapi - ok
19:27:11.0288 1744 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:27:11.0304 1744 AudioEndpointBuilder - ok
19:27:11.0319 1744 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:27:11.0319 1744 Audiosrv - ok
19:27:11.0366 1744 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:27:11.0366 1744 AxInstSV - ok
19:27:11.0429 1744 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
19:27:11.0429 1744 b06bdrv - ok
19:27:11.0475 1744 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:27:11.0475 1744 b57nd60x - ok
19:27:11.0538 1744 [ B98C4EFAD723F9E18CBF68AA2B63D225 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
19:27:11.0538 1744 BBSvc - ok
19:27:11.0585 1744 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:27:11.0585 1744 BDESVC - ok
19:27:11.0631 1744 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:27:11.0631 1744 Beep - ok
19:27:11.0709 1744 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
19:27:11.0709 1744 BFE - ok
19:27:11.0756 1744 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
19:27:11.0834 1744 BITS - ok
19:27:11.0850 1744 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:27:11.0850 1744 blbdrive - ok
19:27:11.0912 1744 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:27:11.0928 1744 Bonjour Service - ok
19:27:11.0943 1744 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:27:11.0943 1744 bowser - ok
19:27:11.0990 1744 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:27:11.0990 1744 BrFiltLo - ok
19:27:12.0006 1744 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:27:12.0006 1744 BrFiltUp - ok
19:27:12.0053 1744 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
19:27:12.0053 1744 Browser - ok
19:27:12.0068 1744 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:27:12.0084 1744 Brserid - ok
19:27:12.0099 1744 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:27:12.0099 1744 BrSerWdm - ok
19:27:12.0115 1744 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:27:12.0115 1744 BrUsbMdm - ok
19:27:12.0131 1744 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:27:12.0131 1744 BrUsbSer - ok
19:27:12.0146 1744 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:27:12.0146 1744 BTHMODEM - ok
19:27:12.0193 1744 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:27:12.0193 1744 bthserv - ok
19:27:12.0224 1744 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:27:12.0224 1744 cdfs - ok
19:27:12.0302 1744 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:27:12.0302 1744 cdrom - ok
19:27:12.0349 1744 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
19:27:12.0349 1744 CertPropSvc - ok
19:27:12.0365 1744 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:27:12.0365 1744 circlass - ok
19:27:12.0396 1744 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:27:12.0396 1744 CLFS - ok
19:27:12.0489 1744 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:27:12.0489 1744 clr_optimization_v2.0.50727_32 - ok
19:27:12.0552 1744 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:27:12.0599 1744 clr_optimization_v4.0.30319_32 - ok
19:27:12.0614 1744 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:27:12.0614 1744 CmBatt - ok
19:27:12.0645 1744 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:27:12.0645 1744 cmdide - ok
19:27:12.0692 1744 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
19:27:12.0708 1744 CNG - ok
19:27:12.0739 1744 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:27:12.0739 1744 Compbatt - ok
19:27:12.0770 1744 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:27:12.0770 1744 CompositeBus - ok
19:27:12.0786 1744 COMSysApp - ok
19:27:12.0817 1744 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:27:12.0817 1744 crcdisk - ok
19:27:12.0864 1744 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:27:12.0864 1744 CryptSvc - ok
19:27:12.0911 1744 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:27:12.0911 1744 DcomLaunch - ok
19:27:12.0957 1744 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:27:12.0957 1744 defragsvc - ok
19:27:13.0004 1744 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:27:13.0004 1744 DfsC - ok
19:27:13.0051 1744 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:27:13.0051 1744 Dhcp - ok
19:27:13.0067 1744 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:27:13.0067 1744 discache - ok
19:27:13.0098 1744 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:27:13.0113 1744 Disk - ok
19:27:13.0129 1744 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:27:13.0129 1744 Dnscache - ok
19:27:13.0160 1744 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
19:27:13.0160 1744 dot3svc - ok
19:27:13.0207 1744 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
19:27:13.0207 1744 DPS - ok
19:27:13.0254 1744 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:27:13.0254 1744 drmkaud - ok
19:27:13.0285 1744 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:27:13.0316 1744 DXGKrnl - ok
19:27:13.0363 1744 [ CF0A6015F437161698C5B2A0A12CF052 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
19:27:13.0363 1744 e1express - ok
19:27:13.0394 1744 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:27:13.0394 1744 EapHost - ok
19:27:13.0472 1744 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
19:27:13.0566 1744 ebdrv - ok
19:27:13.0597 1744 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
19:27:13.0597 1744 EFS - ok
19:27:13.0675 1744 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:27:13.0691 1744 ehRecvr - ok
19:27:13.0737 1744 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:27:13.0737 1744 ehSched - ok
19:27:13.0784 1744 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:27:13.0784 1744 elxstor - ok
19:27:13.0878 1744 [ 3FCCE2927E79A3F84AAAE90250F3F8F2 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
19:27:13.0878 1744 EPSON_PM_RPCV4_01 - ok
19:27:13.0893 1744 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:27:13.0893 1744 ErrDev - ok
19:27:13.0956 1744 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:27:13.0956 1744 EventSystem - ok
19:27:13.0971 1744 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:27:13.0971 1744 exfat - ok
19:27:13.0987 1744 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:27:13.0987 1744 fastfat - ok
19:27:14.0034 1744 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
19:27:14.0034 1744 Fax - ok
19:27:14.0049 1744 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:27:14.0049 1744 fdc - ok
19:27:14.0065 1744 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:27:14.0065 1744 fdPHost - ok
19:27:14.0065 1744 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:27:14.0081 1744 FDResPub - ok
19:27:14.0096 1744 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:27:14.0096 1744 FileInfo - ok
19:27:14.0096 1744 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:27:14.0096 1744 Filetrace - ok
19:27:14.0112 1744 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:27:14.0112 1744 flpydisk - ok
19:27:14.0143 1744 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:27:14.0159 1744 FltMgr - ok
19:27:14.0190 1744 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
19:27:14.0205 1744 FontCache - ok
19:27:14.0283 1744 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:27:14.0283 1744 FontCache3.0.0.0 - ok
19:27:14.0299 1744 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:27:14.0299 1744 FsDepends - ok
19:27:14.0330 1744 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
19:27:14.0346 1744 fssfltr - ok
19:27:14.0439 1744 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:27:14.0455 1744 fsssvc - ok
19:27:14.0471 1744 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:27:14.0471 1744 Fs_Rec - ok
19:27:14.0502 1744 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:27:14.0502 1744 fvevol - ok
19:27:14.0549 1744 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:27:14.0549 1744 gagp30kx - ok
19:27:14.0564 1744 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:27:14.0564 1744 GEARAspiWDM - ok
19:27:14.0627 1744 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
19:27:14.0627 1744 GoToAssist - ok
19:27:14.0673 1744 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
19:27:14.0673 1744 gpsvc - ok
19:27:14.0798 1744 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9eab16229fa77 C:\Program Files\Google\Update\GoogleUpdate.exe
19:27:14.0798 1744 gupdate1c9eab16229fa77 - ok
19:27:14.0798 1744 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:27:14.0798 1744 gupdatem - ok
19:27:14.0845 1744 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:27:14.0845 1744 gusvc - ok
19:27:14.0876 1744 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:27:14.0876 1744 hcw85cir - ok
19:27:14.0923 1744 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:27:14.0923 1744 HDAudBus - ok
19:27:14.0939 1744 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:27:14.0939 1744 HidBatt - ok
19:27:14.0954 1744 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:27:14.0954 1744 HidBth - ok
19:27:14.0985 1744 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:27:15.0001 1744 HidIr - ok
19:27:15.0032 1744 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
19:27:15.0032 1744 hidserv - ok
19:27:15.0079 1744 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
19:27:15.0079 1744 HidUsb - ok
19:27:15.0110 1744 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:27:15.0110 1744 hkmsvc - ok
19:27:15.0157 1744 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:27:15.0157 1744 HomeGroupListener - ok
19:27:15.0188 1744 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:27:15.0188 1744 HomeGroupProvider - ok
19:27:15.0235 1744 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:27:15.0235 1744 HpSAMD - ok
19:27:15.0282 1744 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:27:15.0282 1744 HTTP - ok
19:27:15.0313 1744 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:27:15.0313 1744 hwpolicy - ok
19:27:15.0344 1744 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:27:15.0344 1744 i8042prt - ok
19:27:15.0391 1744 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:27:15.0391 1744 iaStorV - ok
19:27:15.0453 1744 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:27:15.0500 1744 idsvc - ok
19:27:15.0609 1744 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
19:27:15.0719 1744 igfx - ok
19:27:15.0765 1744 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:27:15.0765 1744 iirsp - ok
19:27:15.0812 1744 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
19:27:15.0812 1744 IKEEXT - ok
19:27:15.0906 1744 [ F8F53C5449F15B23D4C61D51D2701DA8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:27:15.0937 1744 IntcAzAudAddService - ok
19:27:15.0968 1744 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:27:15.0968 1744 intelide - ok
19:27:15.0999 1744 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:27:15.0999 1744 intelppm - ok
19:27:16.0046 1744 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:27:16.0046 1744 IPBusEnum - ok
19:27:16.0062 1744 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:27:16.0062 1744 IpFilterDriver - ok
19:27:16.0109 1744 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:27:16.0124 1744 iphlpsvc - ok
19:27:16.0140 1744 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:27:16.0140 1744 IPMIDRV - ok
19:27:16.0155 1744 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:27:16.0171 1744 IPNAT - ok
19:27:16.0202 1744 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:27:16.0218 1744 iPod Service - ok
19:27:16.0249 1744 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:27:16.0249 1744 IRENUM - ok
19:27:16.0265 1744 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:27:16.0265 1744 isapnp - ok
19:27:16.0280 1744 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:27:16.0280 1744 iScsiPrt - ok
19:27:16.0327 1744 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:27:16.0327 1744 kbdclass - ok
19:27:16.0358 1744 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:27:16.0358 1744 kbdhid - ok
19:27:16.0374 1744 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
19:27:16.0374 1744 KeyIso - ok
19:27:16.0405 1744 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:27:16.0405 1744 KSecDD - ok
19:27:16.0421 1744 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:27:16.0421 1744 KSecPkg - ok
19:27:16.0452 1744 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:27:16.0467 1744 KtmRm - ok
19:27:16.0499 1744 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
19:27:16.0514 1744 LanmanServer - ok
19:27:16.0545 1744 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:27:16.0561 1744 LanmanWorkstation - ok
19:27:16.0608 1744 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:27:16.0608 1744 lltdio - ok
19:27:16.0639 1744 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:27:16.0639 1744 lltdsvc - ok
19:27:16.0655 1744 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:27:16.0655 1744 lmhosts - ok
19:27:16.0717 1744 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:27:16.0717 1744 LSI_FC - ok
19:27:16.0733 1744 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:27:16.0733 1744 LSI_SAS - ok
19:27:16.0733 1744 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:27:16.0733 1744 LSI_SAS2 - ok
19:27:16.0764 1744 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:27:16.0764 1744 LSI_SCSI - ok
19:27:16.0779 1744 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:27:16.0779 1744 luafv - ok
19:27:16.0826 1744 [ 1A7DB7A00A4B0D8DA24CD691A4547291 ] LVPr2Mon C:\Windows\system32\Drivers\LVPr2Mon.sys
19:27:16.0826 1744 LVPr2Mon - ok
19:27:16.0873 1744 [ 0DDFDCAA92C7F553328DB06BA599BEA9 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
19:27:16.0873 1744 LVPrcSrv - ok
19:27:16.0920 1744 [ 23F8EF78BB9553E465A476F3CEE5CA18 ] LVUSBSta C:\Windows\system32\drivers\LVUSBSta.sys
19:27:16.0920 1744 LVUSBSta - ok
19:27:16.0982 1744 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:27:16.0982 1744 Mcx2Svc - ok
19:27:16.0998 1744 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:27:16.0998 1744 megasas - ok
19:27:17.0045 1744 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:27:17.0045 1744 MegaSR - ok
19:27:17.0076 1744 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:27:17.0076 1744 MMCSS - ok
19:27:17.0091 1744 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:27:17.0091 1744 Modem - ok
19:27:17.0123 1744 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:27:17.0123 1744 monitor - ok
19:27:17.0154 1744 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
19:27:17.0154 1744 mouclass - ok
19:27:17.0169 1744 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:27:17.0169 1744 mouhid - ok
19:27:17.0201 1744 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:27:17.0201 1744 mountmgr - ok
19:27:17.0247 1744 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:27:17.0247 1744 MpFilter - ok
19:27:17.0279 1744 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
19:27:17.0279 1744 mpio - ok
19:27:17.0419 1744 [ A69630D039C38018689190234F866D77 ] MpKsl9b041fa1 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{53A2BC15-7EA3-45EA-9B35-B45F17C06AFA}\MpKsl9b041fa1.sys
19:27:17.0419 1744 Suspicious file (Forged): c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{53A2BC15-7EA3-45EA-9B35-B45F17C06AFA}\MpKsl9b041fa1.sys. Real md5: A69630D039C38018689190234F866D77, Fake md5: 4137EE420481D10734DA3018D0325582
19:27:17.0419 1744 MpKsl9b041fa1 ( ForgedFile.Multi.Generic ) - warning
19:27:17.0419 1744 MpKsl9b041fa1 - detected ForgedFile.Multi.Generic (1)
19:27:17.0419 1744 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:27:17.0419 1744 mpsdrv - ok
19:27:17.0466 1744 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:27:17.0481 1744 MpsSvc - ok
19:27:17.0513 1744 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:27:17.0513 1744 MRxDAV - ok
19:27:17.0544 1744 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:27:17.0544 1744 mrxsmb - ok
19:27:17.0591 1744 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:27:17.0591 1744 mrxsmb10 - ok
19:27:17.0606 1744 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:27:17.0606 1744 mrxsmb20 - ok
19:27:17.0637 1744 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
19:27:17.0637 1744 msahci - ok
19:27:17.0653 1744 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:27:17.0653 1744 msdsm - ok
19:27:17.0669 1744 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:27:17.0669 1744 MSDTC - ok
19:27:17.0715 1744 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:27:17.0715 1744 Msfs - ok
19:27:17.0715 1744 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:27:17.0715 1744 mshidkmdf - ok
19:27:17.0747 1744 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:27:17.0747 1744 msisadrv - ok
19:27:17.0809 1744 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:27:17.0809 1744 MSiSCSI - ok
19:27:17.0809 1744 msiserver - ok
19:27:17.0840 1744 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:27:17.0840 1744 MSKSSRV - ok
19:27:17.0887 1744 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:27:17.0887 1744 MsMpSvc - ok
19:27:17.0903 1744 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:27:17.0903 1744 MSPCLOCK - ok
19:27:17.0918 1744 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:27:17.0918 1744 MSPQM - ok
19:27:17.0934 1744 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:27:17.0934 1744 MsRPC - ok
19:27:17.0949 1744 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:27:17.0949 1744 mssmbios - ok
19:27:17.0965 1744 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:27:17.0965 1744 MSTEE - ok
19:27:17.0981 1744 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:27:17.0981 1744 MTConfig - ok
19:27:17.0996 1744 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:27:17.0996 1744 Mup - ok
19:27:18.0059 1744 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
19:27:18.0059 1744 napagent - ok
19:27:18.0105 1744 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:27:18.0105 1744 NativeWifiP - ok
19:27:18.0152 1744 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:27:18.0152 1744 NDIS - ok
19:27:18.0183 1744 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:27:18.0183 1744 NdisCap - ok
19:27:18.0215 1744 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:27:18.0215 1744 NdisTapi - ok
19:27:18.0246 1744 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:27:18.0246 1744 Ndisuio - ok
19:27:18.0293 1744 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:27:18.0293 1744 NdisWan - ok
19:27:18.0324 1744 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:27:18.0324 1744 NDProxy - ok
19:27:18.0355 1744 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:27:18.0355 1744 NetBIOS - ok
19:27:18.0402 1744 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:27:18.0402 1744 NetBT - ok
19:27:18.0402 1744 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
19:27:18.0402 1744 Netlogon - ok
19:27:18.0449 1744 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:27:18.0464 1744 Netman - ok
19:27:18.0495 1744 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:27:18.0511 1744 netprofm - ok
19:27:18.0558 1744 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:27:18.0558 1744 NetTcpPortSharing - ok
19:27:18.0589 1744 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:27:18.0589 1744 nfrd960 - ok
19:27:18.0636 1744 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:27:18.0636 1744 NisDrv - ok
19:27:18.0683 1744 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
19:27:18.0683 1744 NisSrv - ok
19:27:18.0714 1744 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:27:18.0729 1744 NlaSvc - ok
19:27:18.0729 1744 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:27:18.0729 1744 Npfs - ok
19:27:18.0776 1744 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:27:18.0776 1744 nsi - ok
19:27:18.0792 1744 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:27:18.0792 1744 nsiproxy - ok
19:27:18.0854 1744 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:27:18.0870 1744 Ntfs - ok
19:27:18.0885 1744 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:27:18.0885 1744 Null - ok
19:27:18.0901 1744 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:27:18.0917 1744 nvraid - ok
19:27:18.0932 1744 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:27:18.0932 1744 nvstor - ok
19:27:18.0963 1744 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:27:18.0963 1744 nv_agp - ok
19:27:19.0026 1744 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:27:19.0026 1744 odserv - ok
19:27:19.0057 1744 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:27:19.0057 1744 ohci1394 - ok
19:27:19.0088 1744 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:27:19.0104 1744 ose - ok
19:27:19.0135 1744 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:27:19.0135 1744 p2pimsvc - ok
19:27:19.0166 1744 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:27:19.0166 1744 p2psvc - ok
19:27:19.0213 1744 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:27:19.0213 1744 Parport - ok
19:27:19.0244 1744 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:27:19.0244 1744 partmgr - ok
19:27:19.0260 1744 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:27:19.0260 1744 Parvdm - ok
19:27:19.0275 1744 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:27:19.0275 1744 PcaSvc - ok
19:27:19.0307 1744 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
19:27:19.0307 1744 pci - ok
19:27:19.0322 1744 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
19:27:19.0322 1744 pciide - ok
19:27:19.0338 1744 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:27:19.0338 1744 pcmcia - ok
19:27:19.0385 1744 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:27:19.0385 1744 pcw - ok
19:27:19.0400 1744 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:27:19.0416 1744 PEAUTH - ok
19:27:19.0525 1744 [ DD184D9ADFE2A8A21741DBDFE9E22F5C ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V32.SYS
19:27:19.0619 1744 PID_PEPI - ok
19:27:19.0697 1744 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:27:19.0712 1744 pla - ok
19:27:19.0743 1744 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:27:19.0759 1744 PlugPlay - ok
19:27:19.0790 1744 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:27:19.0790 1744 PNRPAutoReg - ok
19:27:19.0821 1744 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:27:19.0837 1744 PNRPsvc - ok
19:27:19.0853 1744 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:27:19.0853 1744 PolicyAgent - ok
19:27:19.0868 1744 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
19:27:19.0868 1744 Power - ok
19:27:19.0915 1744 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:27:19.0915 1744 PptpMiniport - ok
19:27:19.0931 1744 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:27:19.0931 1744 Processor - ok
19:27:19.0977 1744 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
19:27:19.0977 1744 ProfSvc - ok
19:27:19.0977 1744 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:27:19.0977 1744 ProtectedStorage - ok
19:27:20.0024 1744 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:27:20.0024 1744 Psched - ok
19:27:20.0055 1744 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
19:27:20.0055 1744 PxHelp20 - ok
19:27:20.0102 1744 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:27:20.0133 1744 ql2300 - ok
19:27:20.0149 1744 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:27:20.0149 1744 ql40xx - ok
19:27:20.0180 1744 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:27:20.0196 1744 QWAVE - ok
19:27:20.0211 1744 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:27:20.0211 1744 QWAVEdrv - ok
19:27:20.0227 1744 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:27:20.0227 1744 RasAcd - ok
19:27:20.0258 1744 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:27:20.0258 1744 RasAgileVpn - ok
19:27:20.0274 1744 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:27:20.0289 1744 RasAuto - ok
19:27:20.0305 1744 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:27:20.0305 1744 Rasl2tp - ok
19:27:20.0352 1744 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
19:27:20.0352 1744 RasMan - ok
19:27:20.0367 1744 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:27:20.0367 1744 RasPppoe - ok
19:27:20.0367 1744 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:27:20.0367 1744 RasSstp - ok
19:27:20.0430 1744 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:27:20.0430 1744 rdbss - ok
19:27:20.0445 1744 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:27:20.0445 1744 rdpbus - ok
19:27:20.0477 1744 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:27:20.0477 1744 RDPCDD - ok
19:27:20.0523 1744 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:27:20.0523 1744 RDPENCDD - ok
19:27:20.0539 1744 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:27:20.0539 1744 RDPREFMP - ok
19:27:20.0586 1744 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:27:20.0586 1744 RDPWD - ok
19:27:20.0633 1744 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:27:20.0648 1744 rdyboost - ok
19:27:20.0679 1744 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
19:27:20.0679 1744 RemoteAccess - ok
19:27:20.0726 1744 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:27:20.0726 1744 RemoteRegistry - ok
19:27:20.0757 1744 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:27:20.0773 1744 RpcEptMapper - ok
19:27:20.0773 1744 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
19:27:20.0789 1744 RpcLocator - ok
19:27:20.0820 1744 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
19:27:20.0820 1744 RpcSs - ok
19:27:20.0851 1744 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:27:20.0851 1744 rspndr - ok
19:27:20.0867 1744 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
19:27:20.0867 1744 SamSs - ok
19:27:20.0913 1744 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:27:20.0913 1744 sbp2port - ok
19:27:20.0945 1744 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:27:20.0945 1744 SCardSvr - ok
19:27:20.0976 1744 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:27:20.0976 1744 scfilter - ok
19:27:21.0038 1744 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
19:27:21.0054 1744 Schedule - ok
19:27:21.0054 1744 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:27:21.0054 1744 SCPolicySvc - ok
19:27:21.0085 1744 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:27:21.0085 1744 SDRSVC - ok
19:27:21.0147 1744 [ 78779EE07231C658B483B1F38B5088DF ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE
19:27:21.0147 1744 SeaPort - ok
19:27:21.0194 1744 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:27:21.0194 1744 secdrv - ok
19:27:21.0225 1744 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
19:27:21.0225 1744 seclogon - ok
19:27:21.0257 1744 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
19:27:21.0257 1744 SENS - ok
19:27:21.0303 1744 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:27:21.0303 1744 SensrSvc - ok
19:27:21.0319 1744 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:27:21.0319 1744 Serenum - ok
19:27:21.0350 1744 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:27:21.0350 1744 Serial - ok
19:27:21.0366 1744 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:27:21.0366 1744 sermouse - ok
19:27:21.0413 1744 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
19:27:21.0413 1744 SessionEnv - ok
19:27:21.0428 1744 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:27:21.0428 1744 sffdisk - ok
19:27:21.0459 1744 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:27:21.0459 1744 sffp_mmc - ok
19:27:21.0475 1744 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:27:21.0475 1744 sffp_sd - ok
19:27:21.0491 1744 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:27:21.0491 1744 sfloppy - ok
19:27:21.0537 1744 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:27:21.0537 1744 SharedAccess - ok
19:27:21.0553 1744 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:27:21.0569 1744 ShellHWDetection - ok
19:27:21.0584 1744 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:27:21.0584 1744 sisagp - ok
19:27:21.0615 1744 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:27:21.0631 1744 SiSRaid2 - ok
19:27:21.0647 1744 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:27:21.0647 1744 SiSRaid4 - ok
19:27:21.0725 1744 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:27:21.0725 1744 SkypeUpdate - ok
19:27:21.0756 1744 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:27:21.0756 1744 Smb - ok
19:27:21.0818 1744 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:27:21.0818 1744 SNMPTRAP - ok
19:27:21.0834 1744 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:27:21.0834 1744 spldr - ok
19:27:21.0881 1744 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
19:27:21.0912 1744 Spooler - ok
19:27:21.0990 1744 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
19:27:22.0052 1744 sppsvc - ok
19:27:22.0083 1744 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:27:22.0083 1744 sppuinotify - ok
19:27:22.0130 1744 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:27:22.0130 1744 srv - ok
19:27:22.0146 1744 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:27:22.0161 1744 srv2 - ok
19:27:22.0177 1744 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:27:22.0177 1744 srvnet - ok
19:27:22.0208 1744 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:27:22.0208 1744 SSDPSRV - ok
19:27:22.0224 1744 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:27:22.0224 1744 SstpSvc - ok
19:27:22.0255 1744 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:27:22.0255 1744 stexstor - ok
19:27:22.0317 1744 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
19:27:22.0317 1744 StiSvc - ok
19:27:22.0364 1744 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
19:27:22.0364 1744 stllssvr - ok
19:27:22.0380 1744 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
19:27:22.0380 1744 swenum - ok
19:27:22.0395 1744 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
19:27:22.0395 1744 swprv - ok
19:27:22.0458 1744 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
19:27:22.0489 1744 SysMain - ok
19:27:22.0505 1744 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:27:22.0505 1744 TabletInputService - ok
19:27:22.0536 1744 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
19:27:22.0536 1744 TapiSrv - ok
19:27:22.0583 1744 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
19:27:22.0583 1744 TBS - ok
19:27:22.0645 1744 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:27:22.0676 1744 Tcpip - ok
19:27:22.0723 1744 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:27:22.0723 1744 TCPIP6 - ok
19:27:22.0770 1744 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:27:22.0770 1744 tcpipreg - ok
19:27:22.0801 1744 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:27:22.0801 1744 TDPIPE - ok
19:27:22.0832 1744 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:27:22.0832 1744 TDTCP - ok
19:27:22.0863 1744 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:27:22.0863 1744 tdx - ok
19:27:22.0879 1744 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:27:22.0879 1744 TermDD - ok
19:27:22.0926 1744 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
19:27:22.0941 1744 TermService - ok
19:27:22.0957 1744 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
19:27:22.0957 1744 Themes - ok
19:27:22.0973 1744 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
19:27:22.0973 1744 THREADORDER - ok
19:27:23.0019 1744 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
19:27:23.0019 1744 TrkWks - ok
19:27:23.0066 1744 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:27:23.0066 1744 TrustedInstaller - ok
19:27:23.0082 1744 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:27:23.0082 1744 tssecsrv - ok
19:27:23.0129 1744 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:27:23.0129 1744 TsUsbFlt - ok
19:27:23.0175 1744 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:27:23.0175 1744 tunnel - ok
19:27:23.0207 1744 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:27:23.0207 1744 uagp35 - ok
19:27:23.0253 1744 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:27:23.0253 1744 udfs - ok
19:27:23.0285 1744 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:27:23.0285 1744 UI0Detect - ok
19:27:23.0300 1744 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:27:23.0300 1744 uliagpkx - ok
19:27:23.0347 1744 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
19:27:23.0347 1744 umbus - ok
19:27:23.0363 1744 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:27:23.0363 1744 UmPass - ok
19:27:23.0394 1744 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
19:27:23.0394 1744 upnphost - ok
19:27:23.0456 1744 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
19:27:23.0456 1744 USBAAPL - ok
19:27:23.0487 1744 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:27:23.0487 1744 usbaudio - ok
19:27:23.0550 1744 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:27:23.0550 1744 usbccgp - ok
19:27:23.0565 1744 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:27:23.0565 1744 usbcir - ok
19:27:23.0597 1744 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:27:23.0597 1744 usbehci - ok
19:27:23.0612 1744 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:27:23.0612 1744 usbhub - ok
19:27:23.0659 1744 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:27:23.0659 1744 usbohci - ok
19:27:23.0690 1744 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:27:23.0690 1744 usbprint - ok
19:27:23.0721 1744 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:27:23.0721 1744 usbscan - ok
19:27:23.0753 1744 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:27:23.0753 1744 USBSTOR - ok
19:27:23.0768 1744 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:27:23.0768 1744 usbuhci - ok
19:27:23.0784 1744 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
19:27:23.0784 1744 UxSms - ok
19:27:23.0799 1744 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
19:27:23.0815 1744 VaultSvc - ok
19:27:23.0831 1744 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:27:23.0831 1744 vdrvroot - ok
19:27:23.0862 1744 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
19:27:23.0877 1744 vds - ok
19:27:23.0893 1744 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:27:23.0893 1744 vga - ok
19:27:23.0909 1744 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:27:23.0924 1744 VgaSave - ok
19:27:23.0940 1744 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:27:23.0955 1744 vhdmp - ok
19:27:23.0987 1744 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:27:23.0987 1744 viaagp - ok
19:27:24.0018 1744 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
19:27:24.0018 1744 ViaC7 - ok
19:27:24.0033 1744 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
19:27:24.0033 1744 viaide - ok
19:27:24.0049 1744 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:27:24.0049 1744 volmgr - ok
19:27:24.0065 1744 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:27:24.0065 1744 volmgrx - ok
19:27:24.0080 1744 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:27:24.0096 1744 volsnap - ok
19:27:24.0127 1744 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:27:24.0127 1744 vsmraid - ok
19:27:24.0174 1744 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
19:27:24.0205 1744 VSS - ok
19:27:24.0252 1744 [ 682FCF7D2EB5158CD30408E976562408 ] VSTHWBS2 C:\Windows\system32\DRIVERS\VSTBS23.SYS
19:27:24.0267 1744 VSTHWBS2 - ok
19:27:24.0283 1744 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] VST_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
19:27:24.0314 1744 VST_DPV - ok
19:27:24.0330 1744 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:27:24.0330 1744 vwifibus - ok
19:27:24.0377 1744 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
19:27:24.0377 1744 W32Time - ok
19:27:24.0423 1744 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:27:24.0423 1744 WacomPen - ok
19:27:24.0455 1744 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:27:24.0455 1744 WANARP - ok
19:27:24.0470 1744 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:27:24.0470 1744 Wanarpv6 - ok
19:27:24.0517 1744 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:27:24.0548 1744 WatAdminSvc - ok
19:27:24.0579 1744 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
19:27:24.0611 1744 wbengine - ok
19:27:24.0626 1744 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:27:24.0642 1744 WbioSrvc - ok
19:27:24.0673 1744 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:27:24.0673 1744 wcncsvc - ok
19:27:24.0704 1744 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:27:24.0704 1744 WcsPlugInService - ok
19:27:24.0720 1744 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:27:24.0720 1744 Wd - ok
19:27:24.0735 1744 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:27:24.0751 1744 Wdf01000 - ok
19:27:24.0767 1744 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:27:24.0767 1744 WdiServiceHost - ok
19:27:24.0767 1744 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:27:24.0767 1744 WdiSystemHost - ok
19:27:24.0813 1744 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
19:27:24.0829 1744 WebClient - ok
19:27:24.0829 1744 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:27:24.0845 1744 Wecsvc - ok
19:27:24.0845 1744 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:27:24.0845 1744 wercplsupport - ok
19:27:24.0907 1744 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:27:24.0907 1744 WerSvc - ok
19:27:24.0907 1744 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:27:24.0923 1744 WfpLwf - ok
19:27:24.0923 1744 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:27:24.0923 1744 WIMMount - ok
19:27:24.0985 1744 [ BC0C7EA89194C299F051C24119000E17 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
19:27:25.0001 1744 winachsf - ok
19:27:25.0079 1744 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:27:25.0094 1744 WinDefend - ok
19:27:25.0094 1744 WinHttpAutoProxySvc - ok
19:27:25.0172 1744 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:27:25.0172 1744 Winmgmt - ok
19:27:25.0235 1744 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
19:27:25.0250 1744 WinRM - ok
19:27:25.0297 1744 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:27:25.0297 1744 WinUsb - ok
19:27:25.0344 1744 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:27:25.0391 1744 Wlansvc - ok
19:27:25.0469 1744 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:27:25.0515 1744 wlidsvc - ok
19:27:25.0531 1744 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:27:25.0531 1744 WmiAcpi - ok
19:27:25.0562 1744 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:27:25.0562 1744 wmiApSrv - ok
19:27:25.0625 1744 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:27:25.0640 1744 WMPNetworkSvc - ok
19:27:25.0656 1744 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:27:25.0656 1744 WPCSvc - ok
19:27:25.0687 1744 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:27:25.0703 1744 WPDBusEnum - ok
19:27:25.0765 1744 WPFFontCache_v0400 - ok
19:27:25.0796 1744 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:27:25.0796 1744 ws2ifsl - ok
19:27:25.0812 1744 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
19:27:25.0812 1744 wscsvc - ok
19:27:25.0812 1744 WSearch - ok
19:27:25.0890 1744 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:27:25.0937 1744 wuauserv - ok
19:27:25.0968 1744 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:27:25.0983 1744 WudfPf - ok
19:27:26.0030 1744 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:27:26.0030 1744 WUDFRd - ok
19:27:26.0077 1744 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:27:26.0077 1744 wudfsvc - ok
19:27:26.0108 1744 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:27:26.0108 1744 WwanSvc - ok
19:27:26.0124 1744 ================ Scan global ===============================
19:27:26.0171 1744 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:27:26.0202 1744 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
19:27:26.0217 1744 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
19:27:26.0249 1744 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:27:26.0280 1744 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:27:26.0280 1744 [Global] - ok
19:27:26.0280 1744 ================ Scan MBR ==================================
19:27:26.0295 1744 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:27:26.0295 1744 Suspicious mbr (Forged): \Device\Harddisk0\DR0
19:27:26.0342 1744 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
19:27:26.0342 1744 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
19:27:26.0389 1744 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:27:26.0389 1744 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:27:26.0389 1744 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk6\DR7
19:27:26.0514 1744 \Device\Harddisk6\DR7 - ok
19:27:26.0514 1744 ================ Scan VBR ==================================
19:27:26.0529 1744 [ 2B2C4931F16A920927FC0C01FB181799 ] \Device\Harddisk0\DR0\Partition1
19:27:26.0529 1744 \Device\Harddisk0\DR0\Partition1 - ok
19:27:26.0545 1744 [ 11BDD3988030B7173AC56D1FE861C98B ] \Device\Harddisk0\DR0\Partition2
19:27:26.0545 1744 \Device\Harddisk0\DR0\Partition2 - ok
19:27:26.0545 1744 [ A8D4DFBCA7E99BC085C0D3EFF0447C62 ] \Device\Harddisk6\DR7\Partition1
19:27:26.0545 1744 \Device\Harddisk6\DR7\Partition1 - ok
19:27:26.0545 1744 ============================================================
19:27:26.0545 1744 Scan finished
19:27:26.0545 1744 ============================================================
19:27:26.0561 1772 Detected object count: 3
19:27:26.0561 1772 Actual detected object count: 3
19:28:03.0751 1772 MpKsl9b041fa1 ( ForgedFile.Multi.Generic ) - skipped by user
19:28:03.0751 1772 MpKsl9b041fa1 ( ForgedFile.Multi.Generic ) - User select action: Skip
19:28:04.0391 1772 \Device\Harddisk0\DR0\# - copied to quarantine
19:28:04.0391 1772 \Device\Harddisk0\DR0 - copied to quarantine
19:28:04.0422 1772 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
19:28:04.0422 1772 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
19:28:04.0422 1772 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
19:28:04.0438 1772 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
19:28:04.0438 1772 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
19:28:04.0438 1772 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
19:28:04.0438 1772 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
19:28:04.0453 1772 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
19:28:04.0453 1772 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
19:28:04.0453 1772 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
19:28:04.0453 1772 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
19:28:04.0453 1772 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
19:28:04.0453 1772 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
19:28:04.0453 1772 \Device\Harddisk0\DR0 - ok
19:28:04.0500 1772 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
19:28:04.0500 1772 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:28:04.0500 1772 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
19:28:17.0776 3052 Deinitialize success


ASWMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-27 19:35:53
-----------------------------
19:35:53.068 OS Version: Windows 6.1.7601 Service Pack 1
19:35:53.068 Number of processors: 2 586 0xF0B
19:35:53.068 ComputerName: THEFLAGGFAMI-PC UserName:
19:35:53.895 Initialize success
19:39:07.975 AVAST engine defs: 12092701
19:39:24.808 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:39:24.808 Disk 0 Vendor: ST3500630AS 3.ADJ Size: 476940MB BusType: 3
19:39:24.808 Disk 0 MBR read successfully
19:39:24.823 Disk 0 MBR scan
19:39:24.823 Disk 0 Windows 7 default MBR code
19:39:24.823 Disk 0 MBR hidden
19:39:24.823 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
19:39:24.823 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640
19:39:24.839 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 466644 MB offset 21084160
19:39:24.839 Disk 0 scanning sectors +976771072
19:39:24.917 Disk 0 scanning C:\Windows\system32\drivers
19:39:33.200 Service scanning
19:39:52.170 Modules scanning
19:39:55.680 Disk 0 trace - called modules:
19:39:55.696 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86c453a8]<<
19:39:55.696 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x856fd648]
19:39:55.696 3 CLASSPNP.SYS[8b1ad59e] -> nt!IofCallDriver -> [0x8496e608]
19:39:55.696 5 ACPI.sys[8aeba3d4] -> nt!IofCallDriver -> \IdeDeviceP0T0L0-0[0x84974908]
19:39:55.696 \Driver\atapi[0x85bb8960] -> IRP_MJ_CREATE -> 0x85d164b1
19:39:56.507 AVAST engine scan C:\Windows
19:39:58.644 AVAST engine scan C:\Windows\system32
19:42:09.404 AVAST engine scan C:\Windows\system32\drivers
19:42:19.512 AVAST engine scan C:\Windows\system32\config\systemprofile
19:43:29.884 Disk 0 MBR has been saved successfully to "C:\Windows\system32\config\systemprofile\Desktop\MBR.dat"
19:43:29.884 The log file has been saved successfully to "C:\Windows\system32\config\systemprofile\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-27 19:35:53
-----------------------------
19:35:53.068 OS Version: Windows 6.1.7601 Service Pack 1
19:35:53.068 Number of processors: 2 586 0xF0B
19:35:53.068 ComputerName: THEFLAGGFAMI-PC UserName:
19:35:53.895 Initialize success
19:39:07.975 AVAST engine defs: 12092701
19:39:24.808 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:39:24.808 Disk 0 Vendor: ST3500630AS 3.ADJ Size: 476940MB BusType: 3
19:39:24.808 Disk 0 MBR read successfully
19:39:24.823 Disk 0 MBR scan
19:39:24.823 Disk 0 Windows 7 default MBR code
19:39:24.823 Disk 0 MBR hidden
19:39:24.823 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
19:39:24.823 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640
19:39:24.839 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 466644 MB offset 21084160
19:39:24.839 Disk 0 scanning sectors +976771072
19:39:24.917 Disk 0 scanning C:\Windows\system32\drivers
19:39:33.200 Service scanning
19:39:52.170 Modules scanning
19:39:55.680 Disk 0 trace - called modules:
19:39:55.696 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86c453a8]<<
19:39:55.696 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x856fd648]
19:39:55.696 3 CLASSPNP.SYS[8b1ad59e] -> nt!IofCallDriver -> [0x8496e608]
19:39:55.696 5 ACPI.sys[8aeba3d4] -> nt!IofCallDriver -> \IdeDeviceP0T0L0-0[0x84974908]
19:39:55.696 \Driver\atapi[0x85bb8960] -> IRP_MJ_CREATE -> 0x85d164b1
19:39:56.507 AVAST engine scan C:\Windows
19:39:58.644 AVAST engine scan C:\Windows\system32
19:42:09.404 AVAST engine scan C:\Windows\system32\drivers
19:42:19.512 AVAST engine scan C:\Windows\system32\config\systemprofile
19:43:29.884 Disk 0 MBR has been saved successfully to "C:\Windows\system32\config\systemprofile\Desktop\MBR.dat"
19:43:29.884 The log file has been saved successfully to "C:\Windows\system32\config\systemprofile\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-27 19:35:53
-----------------------------
19:35:53.068 OS Version: Windows 6.1.7601 Service Pack 1
19:35:53.068 Number of processors: 2 586 0xF0B
19:35:53.068 ComputerName: THEFLAGGFAMI-PC UserName:
19:35:53.895 Initialize success
19:39:07.975 AVAST engine defs: 12092701
19:39:24.808 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:39:24.808 Disk 0 Vendor: ST3500630AS 3.ADJ Size: 476940MB BusType: 3
19:39:24.808 Disk 0 MBR read successfully
19:39:24.823 Disk 0 MBR scan
19:39:24.823 Disk 0 Windows 7 default MBR code
19:39:24.823 Disk 0 MBR hidden
19:39:24.823 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
19:39:24.823 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640
19:39:24.839 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 466644 MB offset 21084160
19:39:24.839 Disk 0 scanning sectors +976771072
19:39:24.917 Disk 0 scanning C:\Windows\system32\drivers
19:39:33.200 Service scanning
19:39:52.170 Modules scanning
19:39:55.680 Disk 0 trace - called modules:
19:39:55.696 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86c453a8]<<
19:39:55.696 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x856fd648]
19:39:55.696 3 CLASSPNP.SYS[8b1ad59e] -> nt!IofCallDriver -> [0x8496e608]
19:39:55.696 5 ACPI.sys[8aeba3d4] -> nt!IofCallDriver -> \IdeDeviceP0T0L0-0[0x84974908]
19:39:55.696 \Driver\atapi[0x85bb8960] -> IRP_MJ_CREATE -> 0x85d164b1
19:39:56.507 AVAST engine scan C:\Windows
19:39:58.644 AVAST engine scan C:\Windows\system32
19:42:09.404 AVAST engine scan C:\Windows\system32\drivers
19:42:19.512 AVAST engine scan C:\Windows\system32\config\systemprofile
19:43:29.884 Disk 0 MBR has been saved successfully to "C:\Windows\system32\config\systemprofile\Desktop\MBR.dat"
19:43:29.884 The log file has been saved successfully to "C:\Windows\system32\config\systemprofile\Desktop\aswMBR.txt"


C:\$WINDOWS.~Q\DATA\Program Files\Internet Explorer\msimg32.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\Uninstall Information\ib_uninst_0\uninstall.exe a variant of Win32/Obfuscated.NEU trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.09.2012_19.26.49\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.09.2012_19.26.49\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.09.2012_19.26.49\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.NP trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.09.2012_19.26.49\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.09.2012_19.26.49\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.09.2012_19.26.49\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\Users\The Flagg Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPULWYIL\CouponAlert.exe Win32/AdInstaller application cleaned by deleting - quarantined
C:\Users\The Flagg Family\AppData\Local\Temp\ICReinstall\cnet2_avc-free_exe[1].exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:26 PM

Posted 27 September 2012 - 08:44 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

Launch it and scan should start running.After scan gets completed,post the generated log here.

#7 weldermike

weldermike
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 01 October 2012 - 10:28 AM

Computer seems to be running fine now.


Malware Bytes

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.27.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
The Flagg Family :: THEFLAGGFAMI-PC [administrator]

09/27/2012 9:47:33 PM
mbam-log-2012-09-27 (21-47-33).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 516256
Time elapsed: 2 hour(s), 16 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MiniToolBox by Farbar Version: 23-07-2012
Ran by The Flagg Family (administrator) on 30-09-2012 at 16:23:03
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82562V-2 10/100 Network Connection = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : TheFlaggFami-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.invalid

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : domain.invalid
Description . . . . . . . . . . . : Intel® 82562V-2 10/100 Network Connection
Physical Address. . . . . . . . . : 00-21-9B-06-4E-36
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::45de:c6e8:70c6:3a2b%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.198(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, September 28, 2012 3:19:45 AM
Lease Expires . . . . . . . . . . : Monday, October 01, 2012 3:27:35 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 251666843
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-16-18-B2-00-21-9B-06-4E-36
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.domain.invalid:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : domain.invalid
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:18b4:1088:b8e0:65db(Preferred)
Link-local IPv6 Address . . . . . : fe80::18b4:1088:b8e0:65db%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
1.0.168.192.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
(root) ??? unknown type 41 ???
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 2607:f8b0:4009:803::1000
74.125.225.132
74.125.225.128
74.125.225.133
74.125.225.135
74.125.225.134
74.125.225.129
74.125.225.136
74.125.225.137
74.125.225.131
74.125.225.142
74.125.225.130


Pinging google.com [74.125.225.137] with 32 bytes of data:
Reply from 74.125.225.137: bytes=32 time=14ms TTL=55
Reply from 74.125.225.137: bytes=32 time=15ms TTL=55

Ping statistics for 74.125.225.137:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 14ms, Maximum = 15ms, Average = 14ms
1.0.168.192.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
(root) ??? unknown type 41 ???
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.138.253.109
72.30.38.140
98.139.183.24


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=1166ms TTL=48
Reply from 72.30.38.140: bytes=32 time=1001ms TTL=48

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1001ms, Maximum = 1166ms, Average = 1083ms
1.0.168.192.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial = 1
refresh = 600 (10 mins)
retry = 1200 (20 mins)
expire = 604800 (7 days)
default TTL = 10800 (3 hours)
(root) ??? unknown type 41 ???
Server: UnKnown
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
9...00 21 9b 06 4e 36 ......Intel® 82562V-2 10/100 Network Connection
1...........................Software Loopback Interface 1
10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.198 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.198 276
192.168.0.198 255.255.255.255 On-link 192.168.0.198 276
192.168.0.255 255.255.255.255 On-link 192.168.0.198 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.198 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.198 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 58 ::/0 On-link
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:4137:9e76:18b4:1088:b8e0:65db/128
On-link
9 276 fe80::/64 On-link
11 306 fe80::/64 On-link
11 306 fe80::18b4:1088:b8e0:65db/128
On-link
9 276 fe80::45de:c6e8:70c6:3a2b/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
9 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/30/2012 03:26:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8175

Error: (09/30/2012 03:26:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8175

Error: (09/30/2012 03:26:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/30/2012 03:26:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7177

Error: (09/30/2012 03:26:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7177

Error: (09/30/2012 03:26:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/30/2012 03:26:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6178

Error: (09/30/2012 03:26:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6178

Error: (09/30/2012 03:26:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/30/2012 03:26:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5180


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (04/14/2010 03:15:38 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20737 seconds with 2760 seconds of active time. This session ended with a crash.

Error: (03/07/2010 10:36:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 985 seconds with 960 seconds of active time. This session ended with a crash.

Error: (12/03/2009 08:56:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2830 seconds with 1260 seconds of active time. This session ended with a crash.

Error: (09/16/2009 08:10:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 167356 seconds with 1320 seconds of active time. This session ended with a crash.

Error: (04/07/2009 08:43:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 173 seconds with 60 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 1.5.3.9130)
Adobe Digital Editions
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Reader 9.3.1 (Version: 9.3.1)
Adobe Shockwave Player 11.5 (Version: 11.5.1.601)
AIM 6
AIM Toolbar
Amazon MP3 Downloader 1.0.12 (Version: 1.0.12)
Any Video Converter 3.3.2
AOL Install (Version: 1.0.0)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Big Fish Games: Game Manager (Version: 2.0.1.43)
Bing Bar (Version: 7.0.756.0)
Bonjour (Version: 3.0.0.10)
Browser Address Error Redirector (Version: 1.00.0000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant D850 PCI V.92 Modem
Coupon Printer for Windows (Version: 5.0.0.1)
D3DX10 (Version: 15.4.2368.0902)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Version: 2.1.08060)
Digital Line Detect (Version: 1.21)
Download Updater (AOL LLC)
EDocs
Epson Easy Photo Print 2 (Version: 2.3.2.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
EPSON Printer Software
EPSON Scan
ESET Online Scanner v3
Forces in 1 Dimension
GamesBar 2.0.1.55 (Version: 2.0.1.55)
Google Chrome (Version: 21.0.1180.89)
Google Desktop (Version: -)
Google Earth (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.115)
Google Updater (Version: 2.4.2432.1652)
GoToAssist 8.0.0.514
ImageMixer 3 SE Ver.5 Transfer Utility (Version: 3.04.009)
ImageMixer 3 SE Ver.5 Video Tools (Version: 3.04.014)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel® PRO Network Connections 12.1.11.0 (Version: )
Intel® TV Wizard
Internet Service Offers Launcher (Version: 1.00.0000)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.4.1)
Java™ 6 Update 25 (Version: 6.0.250)
Junk Mail filter update (Version: 15.4.3502.0922)
League of Legends (Version: 1.3)
Logitech QuickCam Driver Package
Logitech Vid (Version: 1.10.1009)
Logitech Webcam Software (Version: 12.10.1113)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Modem Diagnostic Tool (Version: 1.0.17.8)
MSVCRT (Version: 15.4.2862.0708)
Music Transfer Utility Ver.2 (Version: 1.01.006)
Music, Photos & Videos Launcher (Version: 1.00.0000)
Mystery Case Files - Huntsville (remove only)
NetWaiting (Version: 2.5.44)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
ooVoo (Version: 2.9.0105)
Pando Media Booster (Version: 2.3.5.2)
PLATO Web Learning Network Clients
Product Documentation Launcher (Version: 1.00.0000)
Quicken 2007 (Version: 16.1.1.27)
QuickTime (Version: 7.72.80.56)
Realtek High Definition Audio Driver
Roblox for The Flagg Family
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Scratch (Version: 1.4.0.0)
SilvestriRN5e
Skype web features (Version: 1.0.3971)
Skype™ 5.10 (Version: 5.10.116)
Slingo Quest (Version: 1.1.0.0)
Slingo Quest Hawaii (Version: 1.1.0.0)
teenSMART®
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vuze
Vuze Toolbar (Version: 4.1.0.5)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Zynga Toolbar (Version: )

========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 3317.18 MB
Available physical RAM: 1885.83 MB
Total Pagefile: 6632.64 MB
Available Pagefile: 3824.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1919.93 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:455.71 GB) (Free:121.28 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.99 GB) NTFS

========================= Users: ========================================

User accounts for \\THEFLAGGFAMI-PC

Administrator Guest The Flagg Family

========================= Restore Points ==================================

05-09-2012 07:00:10 Windows Update
08-09-2012 20:46:12 Windows Update
12-09-2012 19:26:40 Windows Update
13-09-2012 07:00:11 Windows Update
16-09-2012 08:02:49 Windows Update
19-09-2012 08:29:02 Windows Update
22-09-2012 09:03:49 Windows Update
23-09-2012 07:00:13 Windows Update
26-09-2012 07:45:04 Windows Update
28-09-2012 01:17:30 Windows Update
28-09-2012 07:00:12 Windows Update

**** End of log ****

FSS

Farbar Service Scanner Version: 19-09-2012
Ran by The Flagg Family (administrator) on 30-09-2012 at 20:24:37
Running from "C:\Users\The Flagg Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N34D6F7I"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-09-27 21:20] - [2012-08-22 13:16] - 1292144 ____A (Microsoft Corporation) A5EBB8F648000E88B7D9390B514976BF

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


Adware cleaner

# AdwCleaner v2.003 - Logfile created 09/30/2012 at 20:27:41
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : The Flagg Family - THEFLAGGFAMI-PC
# Boot Mode : Normal
# Running from : C:\Users\The Flagg Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JHCCHEKU\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : AskService
Stopped & Deleted : AskUpgrade

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\AskBarDis
Folder Deleted : C:\Program Files\BasicScan
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\GamesBar
Folder Deleted : C:\Program Files\Zynga
Folder Deleted : C:\ProgramData\GamesBar
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesBar
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\The Flagg Family\AppData\Local\Conduit
Folder Deleted : C:\Users\The Flagg Family\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\The Flagg Family\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\The Flagg Family\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\The Flagg Family\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\The Flagg Family\AppData\LocalLow\Zynga

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Zynga
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AskBarDis
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\FunWebProducts
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{622FD888-4E91-4D68-84D4-7262FD0811BF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E29F5797-3BFB-4FAA-9F20-372AF942C11B}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3198785
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1A93C934-025B-4C3A-B38E-9654A7003239}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E29F5797-3BFB-4FAA-9F20-372AF942C11B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zynga Toolbar
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\Software\Zynga
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6F282B65-56BF-4BD1-A8B2-A4449A05863D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Google Chrome v21.0.1180.89

File : C:\Users\The Flagg Family\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.8] : homepage = "hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=48",
Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=48" ]
Deleted [l.41] : icon_url = "hxxp://search.conduit.com/fav.ico",
Deleted [l.44] : keyword = "search.conduit.com",
Deleted [l.47] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3198785",
Deleted [l.48] : suggest_url = "hxxp://search.conduit.com/"
Deleted [l.1370] : homepage = "hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=48",
Deleted [l.1635] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=48" ]

*************************

AdwCleaner[S1].txt - [11523 octets] - [30/09/2012 20:27:41]

########## EOF - C:\AdwCleaner[S1].txt - [11584 octets] ##########

JRT

Junkware Removal Tool (JRT) by Thisisu
Version: 1.1.9 (09.30.2012)
OS: Windows 7 Home Premium x86
Ran by The Flagg Family on 09/30/2012 at 20:36:20.40
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Registry Values:

Successfully deleted: [VALUE] {cce665dd-f6dd-4808-968e-eaec971f70ef} from: hkey_current_user\software\microsoft\internet explorer\urlsearchhooks



*** Registry Keys:

Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
ERROR: Access is denied.
Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
ERROR: Access is denied.
Failed to delete: [KEY-LOCKED!] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
ERROR: Access is denied.
Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\classes\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
ERROR: Access is denied.
Failed to delete: [KEY-LOCKED!] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}
ERROR: Access is denied.
Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\classes\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}



*** Files: 0 Detections



*** Folders: 0 Detections



Removed the following from [PREFS.JS] :



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on 09/30/2012 at 20:36:25.33
End of Report

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:26 PM

Posted 01 October 2012 - 10:30 AM

Run TDSSkiller once again and select DELETE for this entry,post the new log

19:28:04.0500 1772 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

Run ASWMBR again and post the log

#9 weldermike

weldermike
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 01 October 2012 - 11:13 AM

OK. Will post it tomorrow.

Thanks!!!!

#10 weldermike

weldermike
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 02 October 2012 - 06:25 AM

21:18:42.0684 2972 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:18:43.0011 2972 ============================================================
21:18:43.0011 2972 Current date / time: 2012/10/01 21:18:43.0011
21:18:43.0011 2972 SystemInfo:
21:18:43.0011 2972
21:18:43.0011 2972 OS Version: 6.1.7601 ServicePack: 1.0
21:18:43.0011 2972 Product type: Workstation
21:18:43.0011 2972 ComputerName: THEFLAGGFAMI-PC
21:18:43.0011 2972 UserName: The Flagg Family
21:18:43.0011 2972 Windows directory: C:\Windows
21:18:43.0011 2972 System windows directory: C:\Windows
21:18:43.0011 2972 Processor architecture: Intel x86
21:18:43.0011 2972 Number of processors: 2
21:18:43.0012 2972 Page size: 0x1000
21:18:43.0012 2972 Boot type: Normal boot
21:18:43.0012 2972 ============================================================
21:18:44.0456 2972 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:18:44.0550 2972 ============================================================
21:18:44.0550 2972 \Device\Harddisk0\DR0:
21:18:44.0556 2972 MBR partitions:
21:18:44.0556 2972 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
21:18:44.0556 2972 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x38F6A000
21:18:44.0556 2972 ============================================================
21:18:44.0578 2972 C: <-> \Device\Harddisk0\DR0\Partition2
21:18:44.0601 2972 D: <-> \Device\Harddisk0\DR0\Partition1
21:18:44.0601 2972 ============================================================
21:18:44.0601 2972 Initialize success
21:18:44.0601 2972 ============================================================
21:19:13.0198 5552 ============================================================
21:19:13.0198 5552 Scan started
21:19:13.0198 5552 Mode: Manual; TDLFS;
21:19:13.0198 5552 ============================================================
21:19:13.0490 5552 ================ Scan system memory ========================
21:19:13.0491 5552 System memory - ok
21:19:13.0491 5552 ================ Scan services =============================
21:19:13.0679 5552 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:19:13.0681 5552 1394ohci - ok
21:19:13.0714 5552 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:19:13.0718 5552 ACPI - ok
21:19:13.0731 5552 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:19:13.0732 5552 AcpiPmi - ok
21:19:13.0783 5552 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:19:13.0787 5552 adp94xx - ok
21:19:13.0803 5552 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:19:13.0807 5552 adpahci - ok
21:19:13.0824 5552 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:19:13.0825 5552 adpu320 - ok
21:19:13.0873 5552 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:19:13.0874 5552 AeLookupSvc - ok
21:19:13.0922 5552 [ 330A1E4DF07C2E29949ED8631CD8828E ] AERTFilters C:\Windows\system32\AERTSrv.exe
21:19:13.0924 5552 AERTFilters - ok
21:19:13.0984 5552 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
21:19:13.0988 5552 AFD - ok
21:19:14.0011 5552 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
21:19:14.0012 5552 agp440 - ok
21:19:14.0035 5552 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
21:19:14.0036 5552 aic78xx - ok
21:19:14.0069 5552 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
21:19:14.0070 5552 ALG - ok
21:19:14.0095 5552 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
21:19:14.0096 5552 aliide - ok
21:19:14.0122 5552 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:19:14.0123 5552 amdagp - ok
21:19:14.0150 5552 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
21:19:14.0151 5552 amdide - ok
21:19:14.0168 5552 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:19:14.0169 5552 AmdK8 - ok
21:19:14.0188 5552 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:19:14.0188 5552 AmdPPM - ok
21:19:14.0221 5552 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:19:14.0222 5552 amdsata - ok
21:19:14.0239 5552 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:19:14.0240 5552 amdsbs - ok
21:19:14.0262 5552 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:19:14.0262 5552 amdxata - ok
21:19:14.0310 5552 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
21:19:14.0310 5552 AppID - ok
21:19:14.0361 5552 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:19:14.0361 5552 AppIDSvc - ok
21:19:14.0410 5552 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
21:19:14.0411 5552 Appinfo - ok
21:19:14.0491 5552 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:19:14.0493 5552 Apple Mobile Device - ok
21:19:14.0541 5552 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
21:19:14.0543 5552 arc - ok
21:19:14.0563 5552 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:19:14.0564 5552 arcsas - ok
21:19:14.0585 5552 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:19:14.0586 5552 AsyncMac - ok
21:19:14.0614 5552 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
21:19:14.0615 5552 atapi - ok
21:19:14.0659 5552 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:19:14.0662 5552 AudioEndpointBuilder - ok
21:19:14.0684 5552 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:19:14.0687 5552 Audiosrv - ok
21:19:14.0737 5552 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:19:14.0738 5552 AxInstSV - ok
21:19:14.0768 5552 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
21:19:14.0771 5552 b06bdrv - ok
21:19:14.0804 5552 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:19:14.0805 5552 b57nd60x - ok
21:19:14.0855 5552 [ B98C4EFAD723F9E18CBF68AA2B63D225 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
21:19:14.0856 5552 BBSvc - ok
21:19:14.0899 5552 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
21:19:14.0900 5552 BDESVC - ok
21:19:14.0908 5552 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
21:19:14.0908 5552 Beep - ok
21:19:14.0930 5552 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
21:19:14.0933 5552 BFE - ok
21:19:14.0985 5552 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
21:19:14.0990 5552 BITS - ok
21:19:15.0001 5552 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:19:15.0002 5552 blbdrive - ok
21:19:15.0077 5552 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:19:15.0081 5552 Bonjour Service - ok
21:19:15.0106 5552 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:19:15.0107 5552 bowser - ok
21:19:15.0127 5552 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:19:15.0128 5552 BrFiltLo - ok
21:19:15.0142 5552 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:19:15.0143 5552 BrFiltUp - ok
21:19:15.0190 5552 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
21:19:15.0191 5552 Browser - ok
21:19:15.0215 5552 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:19:15.0216 5552 Brserid - ok
21:19:15.0231 5552 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:19:15.0231 5552 BrSerWdm - ok
21:19:15.0242 5552 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:19:15.0243 5552 BrUsbMdm - ok
21:19:15.0253 5552 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:19:15.0254 5552 BrUsbSer - ok
21:19:15.0273 5552 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:19:15.0274 5552 BTHMODEM - ok
21:19:15.0331 5552 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
21:19:15.0332 5552 bthserv - ok
21:19:15.0359 5552 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:19:15.0360 5552 cdfs - ok
21:19:15.0396 5552 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:19:15.0396 5552 cdrom - ok
21:19:15.0452 5552 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
21:19:15.0453 5552 CertPropSvc - ok
21:19:15.0483 5552 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:19:15.0484 5552 circlass - ok
21:19:15.0532 5552 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
21:19:15.0536 5552 CLFS - ok
21:19:15.0628 5552 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:19:15.0630 5552 clr_optimization_v2.0.50727_32 - ok
21:19:15.0705 5552 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:19:15.0707 5552 clr_optimization_v4.0.30319_32 - ok
21:19:15.0727 5552 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:19:15.0728 5552 CmBatt - ok
21:19:15.0750 5552 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:19:15.0750 5552 cmdide - ok
21:19:15.0789 5552 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
21:19:15.0792 5552 CNG - ok
21:19:15.0827 5552 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:19:15.0828 5552 Compbatt - ok
21:19:15.0851 5552 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:19:15.0851 5552 CompositeBus - ok
21:19:15.0864 5552 COMSysApp - ok
21:19:15.0881 5552 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:19:15.0881 5552 crcdisk - ok
21:19:15.0925 5552 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:19:15.0926 5552 CryptSvc - ok
21:19:15.0979 5552 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
21:19:15.0983 5552 DcomLaunch - ok
21:19:16.0023 5552 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
21:19:16.0025 5552 defragsvc - ok
21:19:16.0065 5552 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:19:16.0066 5552 DfsC - ok
21:19:16.0095 5552 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:19:16.0098 5552 Dhcp - ok
21:19:16.0106 5552 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
21:19:16.0106 5552 discache - ok
21:19:16.0131 5552 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:19:16.0132 5552 Disk - ok
21:19:16.0152 5552 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:19:16.0153 5552 Dnscache - ok
21:19:16.0197 5552 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
21:19:16.0201 5552 dot3svc - ok
21:19:16.0240 5552 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
21:19:16.0243 5552 DPS - ok
21:19:16.0299 5552 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:19:16.0300 5552 drmkaud - ok
21:19:16.0340 5552 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:19:16.0345 5552 DXGKrnl - ok
21:19:16.0391 5552 [ CF0A6015F437161698C5B2A0A12CF052 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
21:19:16.0393 5552 e1express - ok
21:19:16.0433 5552 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
21:19:16.0435 5552 EapHost - ok
21:19:16.0539 5552 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
21:19:16.0561 5552 ebdrv - ok
21:19:16.0603 5552 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
21:19:16.0605 5552 EFS - ok
21:19:16.0682 5552 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:19:16.0688 5552 ehRecvr - ok
21:19:16.0727 5552 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
21:19:16.0728 5552 ehSched - ok
21:19:16.0752 5552 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:19:16.0755 5552 elxstor - ok
21:19:16.0856 5552 [ 3FCCE2927E79A3F84AAAE90250F3F8F2 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
21:19:16.0858 5552 EPSON_PM_RPCV4_01 - ok
21:19:16.0882 5552 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:19:16.0883 5552 ErrDev - ok
21:19:16.0937 5552 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
21:19:16.0939 5552 EventSystem - ok
21:19:16.0953 5552 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
21:19:16.0955 5552 exfat - ok
21:19:16.0973 5552 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:19:16.0974 5552 fastfat - ok
21:19:17.0035 5552 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
21:19:17.0042 5552 Fax - ok
21:19:17.0060 5552 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:19:17.0061 5552 fdc - ok
21:19:17.0078 5552 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
21:19:17.0079 5552 fdPHost - ok
21:19:17.0106 5552 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
21:19:17.0108 5552 FDResPub - ok
21:19:17.0121 5552 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:19:17.0122 5552 FileInfo - ok
21:19:17.0127 5552 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:19:17.0128 5552 Filetrace - ok
21:19:17.0146 5552 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:19:17.0147 5552 flpydisk - ok
21:19:17.0167 5552 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:19:17.0169 5552 FltMgr - ok
21:19:17.0208 5552 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
21:19:17.0213 5552 FontCache - ok
21:19:17.0290 5552 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:19:17.0291 5552 FontCache3.0.0.0 - ok
21:19:17.0306 5552 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:19:17.0306 5552 FsDepends - ok
21:19:17.0355 5552 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
21:19:17.0356 5552 fssfltr - ok
21:19:17.0482 5552 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
21:19:17.0498 5552 fsssvc - ok
21:19:17.0521 5552 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:19:17.0522 5552 Fs_Rec - ok
21:19:17.0582 5552 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:19:17.0583 5552 fvevol - ok
21:19:17.0631 5552 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:19:17.0631 5552 gagp30kx - ok
21:19:17.0647 5552 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:19:17.0648 5552 GEARAspiWDM - ok
21:19:17.0713 5552 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
21:19:17.0714 5552 GoToAssist - ok
21:19:17.0764 5552 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
21:19:17.0769 5552 gpsvc - ok
21:19:17.0892 5552 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9eab16229fa77 C:\Program Files\Google\Update\GoogleUpdate.exe
21:19:17.0894 5552 gupdate1c9eab16229fa77 - ok
21:19:17.0901 5552 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:19:17.0903 5552 gupdatem - ok
21:19:17.0946 5552 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:19:17.0947 5552 gusvc - ok
21:19:17.0986 5552 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:19:17.0986 5552 hcw85cir - ok
21:19:18.0009 5552 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:19:18.0010 5552 HDAudBus - ok
21:19:18.0030 5552 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:19:18.0031 5552 HidBatt - ok
21:19:18.0054 5552 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:19:18.0055 5552 HidBth - ok
21:19:18.0085 5552 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:19:18.0085 5552 HidIr - ok
21:19:18.0128 5552 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
21:19:18.0129 5552 hidserv - ok
21:19:18.0165 5552 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
21:19:18.0166 5552 HidUsb - ok
21:19:18.0207 5552 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:19:18.0211 5552 hkmsvc - ok
21:19:18.0264 5552 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:19:18.0269 5552 HomeGroupListener - ok
21:19:18.0309 5552 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:19:18.0311 5552 HomeGroupProvider - ok
21:19:18.0328 5552 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:19:18.0328 5552 HpSAMD - ok
21:19:18.0387 5552 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:19:18.0393 5552 HTTP - ok
21:19:18.0435 5552 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:19:18.0436 5552 hwpolicy - ok
21:19:18.0465 5552 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:19:18.0466 5552 i8042prt - ok
21:19:18.0511 5552 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:19:18.0513 5552 iaStorV - ok
21:19:18.0576 5552 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:19:18.0582 5552 idsvc - ok
21:19:18.0717 5552 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
21:19:18.0745 5552 igfx - ok
21:19:18.0787 5552 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:19:18.0788 5552 iirsp - ok
21:19:18.0848 5552 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
21:19:18.0856 5552 IKEEXT - ok
21:19:18.0937 5552 [ F8F53C5449F15B23D4C61D51D2701DA8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:19:18.0953 5552 IntcAzAudAddService - ok
21:19:18.0972 5552 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
21:19:18.0973 5552 intelide - ok
21:19:18.0995 5552 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:19:18.0996 5552 intelppm - ok
21:19:19.0038 5552 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:19:19.0040 5552 IPBusEnum - ok
21:19:19.0059 5552 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:19:19.0059 5552 IpFilterDriver - ok
21:19:19.0107 5552 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:19:19.0114 5552 iphlpsvc - ok
21:19:19.0141 5552 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:19:19.0142 5552 IPMIDRV - ok
21:19:19.0159 5552 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:19:19.0160 5552 IPNAT - ok
21:19:19.0204 5552 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:19:19.0211 5552 iPod Service - ok
21:19:19.0237 5552 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:19:19.0238 5552 IRENUM - ok
21:19:19.0256 5552 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:19:19.0257 5552 isapnp - ok
21:19:19.0274 5552 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:19:19.0276 5552 iScsiPrt - ok
21:19:19.0310 5552 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:19:19.0311 5552 kbdclass - ok
21:19:19.0339 5552 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:19:19.0339 5552 kbdhid - ok
21:19:19.0352 5552 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
21:19:19.0354 5552 KeyIso - ok
21:19:19.0399 5552 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:19:19.0400 5552 KSecDD - ok
21:19:19.0412 5552 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:19:19.0414 5552 KSecPkg - ok
21:19:19.0460 5552 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
21:19:19.0465 5552 KtmRm - ok
21:19:19.0491 5552 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
21:19:19.0494 5552 LanmanServer - ok
21:19:19.0506 5552 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:19:19.0509 5552 LanmanWorkstation - ok
21:19:19.0559 5552 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:19:19.0560 5552 lltdio - ok
21:19:19.0602 5552 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:19:19.0604 5552 lltdsvc - ok
21:19:19.0619 5552 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
21:19:19.0621 5552 lmhosts - ok
21:19:19.0647 5552 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:19:19.0648 5552 LSI_FC - ok
21:19:19.0663 5552 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:19:19.0664 5552 LSI_SAS - ok
21:19:19.0681 5552 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:19:19.0682 5552 LSI_SAS2 - ok
21:19:19.0721 5552 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:19:19.0722 5552 LSI_SCSI - ok
21:19:19.0740 5552 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
21:19:19.0741 5552 luafv - ok
21:19:19.0770 5552 [ 1A7DB7A00A4B0D8DA24CD691A4547291 ] LVPr2Mon C:\Windows\system32\Drivers\LVPr2Mon.sys
21:19:19.0771 5552 LVPr2Mon - ok
21:19:19.0826 5552 [ 0DDFDCAA92C7F553328DB06BA599BEA9 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
21:19:19.0828 5552 LVPrcSrv - ok
21:19:19.0887 5552 [ 23F8EF78BB9553E465A476F3CEE5CA18 ] LVUSBSta C:\Windows\system32\drivers\LVUSBSta.sys
21:19:19.0888 5552 LVUSBSta - ok
21:19:19.0927 5552 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:19:19.0929 5552 Mcx2Svc - ok
21:19:19.0941 5552 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:19:19.0941 5552 megasas - ok
21:19:19.0964 5552 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:19:19.0966 5552 MegaSR - ok
21:19:20.0012 5552 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
21:19:20.0014 5552 MMCSS - ok
21:19:20.0023 5552 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
21:19:20.0024 5552 Modem - ok
21:19:20.0044 5552 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:19:20.0044 5552 monitor - ok
21:19:20.0065 5552 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
21:19:20.0065 5552 mouclass - ok
21:19:20.0085 5552 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:19:20.0085 5552 mouhid - ok
21:19:20.0132 5552 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:19:20.0133 5552 mountmgr - ok
21:19:20.0190 5552 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
21:19:20.0193 5552 MpFilter - ok
21:19:20.0214 5552 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
21:19:20.0215 5552 mpio - ok
21:19:20.0319 5552 [ A69630D039C38018689190234F866D77 ] MpKsl8670d9a6 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4FAFCF3B-04FC-402A-BF52-7605015C9DC8}\MpKsl8670d9a6.sys
21:19:20.0319 5552 MpKsl8670d9a6 - ok
21:19:20.0335 5552 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:19:20.0336 5552 mpsdrv - ok
21:19:20.0388 5552 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:19:20.0392 5552 MpsSvc - ok
21:19:20.0435 5552 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:19:20.0436 5552 MRxDAV - ok
21:19:20.0491 5552 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:19:20.0492 5552 mrxsmb - ok
21:19:20.0540 5552 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:19:20.0542 5552 mrxsmb10 - ok
21:19:20.0558 5552 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:19:20.0559 5552 mrxsmb20 - ok
21:19:20.0591 5552 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
21:19:20.0591 5552 msahci - ok
21:19:20.0600 5552 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:19:20.0601 5552 msdsm - ok
21:19:20.0620 5552 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
21:19:20.0622 5552 MSDTC - ok
21:19:20.0642 5552 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:19:20.0643 5552 Msfs - ok
21:19:20.0687 5552 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:19:20.0687 5552 mshidkmdf - ok
21:19:20.0713 5552 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:19:20.0714 5552 msisadrv - ok
21:19:20.0756 5552 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:19:20.0758 5552 MSiSCSI - ok
21:19:20.0763 5552 msiserver - ok
21:19:20.0792 5552 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:19:20.0793 5552 MSKSSRV - ok
21:19:20.0835 5552 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:19:20.0836 5552 MsMpSvc - ok
21:19:20.0857 5552 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:19:20.0857 5552 MSPCLOCK - ok
21:19:20.0873 5552 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:19:20.0874 5552 MSPQM - ok
21:19:20.0892 5552 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:19:20.0893 5552 MsRPC - ok
21:19:20.0909 5552 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:19:20.0909 5552 mssmbios - ok
21:19:20.0926 5552 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:19:20.0927 5552 MSTEE - ok
21:19:20.0940 5552 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:19:20.0941 5552 MTConfig - ok
21:19:20.0960 5552 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
21:19:20.0961 5552 Mup - ok
21:19:21.0002 5552 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
21:19:21.0006 5552 napagent - ok
21:19:21.0055 5552 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:19:21.0057 5552 NativeWifiP - ok
21:19:21.0115 5552 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:19:21.0122 5552 NDIS - ok
21:19:21.0147 5552 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:19:21.0148 5552 NdisCap - ok
21:19:21.0178 5552 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:19:21.0179 5552 NdisTapi - ok
21:19:21.0226 5552 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:19:21.0227 5552 Ndisuio - ok
21:19:21.0246 5552 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:19:21.0248 5552 NdisWan - ok
21:19:21.0301 5552 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:19:21.0302 5552 NDProxy - ok
21:19:21.0319 5552 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:19:21.0319 5552 NetBIOS - ok
21:19:21.0379 5552 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:19:21.0380 5552 NetBT - ok
21:19:21.0391 5552 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
21:19:21.0394 5552 Netlogon - ok
21:19:21.0456 5552 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
21:19:21.0459 5552 Netman - ok
21:19:21.0494 5552 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
21:19:21.0498 5552 netprofm - ok
21:19:21.0512 5552 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:19:21.0514 5552 NetTcpPortSharing - ok
21:19:21.0540 5552 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:19:21.0541 5552 nfrd960 - ok
21:19:21.0601 5552 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:19:21.0603 5552 NisDrv - ok
21:19:21.0652 5552 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
21:19:21.0656 5552 NisSrv - ok
21:19:21.0703 5552 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:19:21.0709 5552 NlaSvc - ok
21:19:21.0719 5552 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:19:21.0721 5552 Npfs - ok
21:19:21.0775 5552 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
21:19:21.0777 5552 nsi - ok
21:19:21.0788 5552 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:19:21.0789 5552 nsiproxy - ok
21:19:21.0857 5552 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:19:21.0864 5552 Ntfs - ok
21:19:21.0874 5552 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
21:19:21.0875 5552 Null - ok
21:19:21.0904 5552 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:19:21.0905 5552 nvraid - ok
21:19:21.0918 5552 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:19:21.0920 5552 nvstor - ok
21:19:21.0946 5552 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:19:21.0947 5552 nv_agp - ok
21:19:22.0030 5552 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:19:22.0034 5552 odserv - ok
21:19:22.0068 5552 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:19:22.0069 5552 ohci1394 - ok
21:19:22.0121 5552 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:19:22.0123 5552 ose - ok
21:19:22.0170 5552 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:19:22.0174 5552 p2pimsvc - ok
21:19:22.0194 5552 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
21:19:22.0200 5552 p2psvc - ok
21:19:22.0234 5552 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:19:22.0235 5552 Parport - ok
21:19:22.0282 5552 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:19:22.0284 5552 partmgr - ok
21:19:22.0301 5552 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
21:19:22.0302 5552 Parvdm - ok
21:19:22.0325 5552 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:19:22.0327 5552 PcaSvc - ok
21:19:22.0350 5552 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
21:19:22.0352 5552 pci - ok
21:19:22.0374 5552 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
21:19:22.0375 5552 pciide - ok
21:19:22.0393 5552 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:19:22.0394 5552 pcmcia - ok
21:19:22.0417 5552 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
21:19:22.0417 5552 pcw - ok
21:19:22.0473 5552 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:19:22.0480 5552 PEAUTH - ok
21:19:22.0604 5552 [ DD184D9ADFE2A8A21741DBDFE9E22F5C ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V32.SYS
21:19:22.0621 5552 PID_PEPI - ok
21:19:22.0695 5552 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
21:19:22.0713 5552 pla - ok
21:19:22.0765 5552 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:19:22.0769 5552 PlugPlay - ok
21:19:22.0807 5552 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:19:22.0809 5552 PNRPAutoReg - ok
21:19:22.0827 5552 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:19:22.0831 5552 PNRPsvc - ok
21:19:22.0851 5552 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:19:22.0854 5552 PolicyAgent - ok
21:19:22.0901 5552 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
21:19:22.0904 5552 Power - ok
21:19:22.0959 5552 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:19:22.0960 5552 PptpMiniport - ok
21:19:22.0979 5552 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:19:22.0980 5552 Processor - ok
21:19:23.0031 5552 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
21:19:23.0034 5552 ProfSvc - ok
21:19:23.0042 5552 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:19:23.0044 5552 ProtectedStorage - ok
21:19:23.0068 5552 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:19:23.0069 5552 Psched - ok
21:19:23.0092 5552 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
21:19:23.0092 5552 PxHelp20 - ok
21:19:23.0152 5552 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:19:23.0160 5552 ql2300 - ok
21:19:23.0174 5552 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:19:23.0175 5552 ql40xx - ok
21:19:23.0212 5552 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
21:19:23.0215 5552 QWAVE - ok
21:19:23.0227 5552 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:19:23.0228 5552 QWAVEdrv - ok
21:19:23.0245 5552 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:19:23.0246 5552 RasAcd - ok
21:19:23.0295 5552 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:19:23.0296 5552 RasAgileVpn - ok
21:19:23.0323 5552 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
21:19:23.0326 5552 RasAuto - ok
21:19:23.0366 5552 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:19:23.0367 5552 Rasl2tp - ok
21:19:23.0413 5552 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
21:19:23.0416 5552 RasMan - ok
21:19:23.0428 5552 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:19:23.0428 5552 RasPppoe - ok
21:19:23.0446 5552 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:19:23.0447 5552 RasSstp - ok
21:19:23.0491 5552 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:19:23.0493 5552 rdbss - ok
21:19:23.0517 5552 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:19:23.0518 5552 rdpbus - ok
21:19:23.0556 5552 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:19:23.0557 5552 RDPCDD - ok
21:19:23.0581 5552 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:19:23.0581 5552 RDPENCDD - ok
21:19:23.0593 5552 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:19:23.0594 5552 RDPREFMP - ok
21:19:23.0640 5552 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:19:23.0642 5552 RDPWD - ok
21:19:23.0689 5552 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:19:23.0692 5552 rdyboost - ok
21:19:23.0738 5552 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
21:19:23.0740 5552 RemoteAccess - ok
21:19:23.0783 5552 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:19:23.0786 5552 RemoteRegistry - ok
21:19:23.0807 5552 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:19:23.0809 5552 RpcEptMapper - ok
21:19:23.0847 5552 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
21:19:23.0849 5552 RpcLocator - ok
21:19:23.0867 5552 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
21:19:23.0871 5552 RpcSs - ok
21:19:23.0914 5552 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:19:23.0914 5552 rspndr - ok
21:19:23.0925 5552 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
21:19:23.0926 5552 SamSs - ok
21:19:23.0951 5552 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:19:23.0952 5552 sbp2port - ok
21:19:23.0989 5552 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:19:23.0992 5552 SCardSvr - ok
21:19:23.0997 5552 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:19:23.0998 5552 scfilter - ok
21:19:24.0047 5552 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
21:19:24.0053 5552 Schedule - ok
21:19:24.0065 5552 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:19:24.0066 5552 SCPolicySvc - ok
21:19:24.0113 5552 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:19:24.0119 5552 SDRSVC - ok
21:19:24.0163 5552 [ 78779EE07231C658B483B1F38B5088DF ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE
21:19:24.0166 5552 SeaPort - ok
21:19:24.0184 5552 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:19:24.0186 5552 secdrv - ok
21:19:24.0226 5552 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
21:19:24.0230 5552 seclogon - ok
21:19:24.0243 5552 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
21:19:24.0247 5552 SENS - ok
21:19:24.0296 5552 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:19:24.0299 5552 SensrSvc - ok
21:19:24.0312 5552 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:19:24.0313 5552 Serenum - ok
21:19:24.0332 5552 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:19:24.0333 5552 Serial - ok
21:19:24.0360 5552 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:19:24.0361 5552 sermouse - ok
21:19:24.0400 5552 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
21:19:24.0402 5552 SessionEnv - ok
21:19:24.0435 5552 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:19:24.0435 5552 sffdisk - ok
21:19:24.0441 5552 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:19:24.0441 5552 sffp_mmc - ok
21:19:24.0447 5552 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:19:24.0448 5552 sffp_sd - ok
21:19:24.0464 5552 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:19:24.0465 5552 sfloppy - ok
21:19:24.0509 5552 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:19:24.0511 5552 SharedAccess - ok
21:19:24.0532 5552 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:19:24.0536 5552 ShellHWDetection - ok
21:19:24.0576 5552 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:19:24.0577 5552 sisagp - ok
21:19:24.0606 5552 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:19:24.0606 5552 SiSRaid2 - ok
21:19:24.0628 5552 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:19:24.0628 5552 SiSRaid4 - ok
21:19:24.0692 5552 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:19:24.0693 5552 SkypeUpdate - ok
21:19:24.0724 5552 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:19:24.0725 5552 Smb - ok
21:19:24.0769 5552 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:19:24.0772 5552 SNMPTRAP - ok
21:19:24.0786 5552 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
21:19:24.0787 5552 spldr - ok
21:19:24.0829 5552 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
21:19:24.0833 5552 Spooler - ok
21:19:24.0951 5552 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
21:19:24.0971 5552 sppsvc - ok
21:19:25.0013 5552 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:19:25.0016 5552 sppuinotify - ok
21:19:25.0060 5552 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:19:25.0062 5552 srv - ok
21:19:25.0076 5552 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:19:25.0077 5552 srv2 - ok
21:19:25.0087 5552 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:19:25.0089 5552 srvnet - ok
21:19:25.0140 5552 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:19:25.0143 5552 SSDPSRV - ok
21:19:25.0163 5552 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:19:25.0165 5552 SstpSvc - ok
21:19:25.0210 5552 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:19:25.0211 5552 stexstor - ok
21:19:25.0253 5552 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
21:19:25.0262 5552 StiSvc - ok
21:19:25.0318 5552 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:19:25.0323 5552 stllssvr - ok
21:19:25.0356 5552 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
21:19:25.0357 5552 swenum - ok
21:19:25.0371 5552 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
21:19:25.0375 5552 swprv - ok
21:19:25.0433 5552 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
21:19:25.0450 5552 SysMain - ok
21:19:25.0472 5552 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:19:25.0475 5552 TabletInputService - ok
21:19:25.0524 5552 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
21:19:25.0527 5552 TapiSrv - ok
21:19:25.0570 5552 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
21:19:25.0573 5552 TBS - ok
21:19:25.0644 5552 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:19:25.0651 5552 Tcpip - ok
21:19:25.0702 5552 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:19:25.0709 5552 TCPIP6 - ok
21:19:25.0779 5552 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:19:25.0780 5552 tcpipreg - ok
21:19:25.0828 5552 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:19:25.0828 5552 TDPIPE - ok
21:19:25.0866 5552 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:19:25.0867 5552 TDTCP - ok
21:19:25.0905 5552 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:19:25.0906 5552 tdx - ok
21:19:25.0915 5552 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:19:25.0916 5552 TermDD - ok
21:19:25.0976 5552 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
21:19:25.0981 5552 TermService - ok
21:19:25.0991 5552 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
21:19:25.0994 5552 Themes - ok
21:19:26.0009 5552 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
21:19:26.0011 5552 THREADORDER - ok
21:19:26.0058 5552 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
21:19:26.0061 5552 TrkWks - ok
21:19:26.0143 5552 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:19:26.0146 5552 TrustedInstaller - ok
21:19:26.0194 5552 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:19:26.0194 5552 tssecsrv - ok
21:19:26.0234 5552 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:19:26.0235 5552 TsUsbFlt - ok
21:19:26.0287 5552 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:19:26.0288 5552 tunnel - ok
21:19:26.0334 5552 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:19:26.0335 5552 uagp35 - ok
21:19:26.0384 5552 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:19:26.0386 5552 udfs - ok
21:19:26.0424 5552 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:19:26.0427 5552 UI0Detect - ok
21:19:26.0442 5552 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:19:26.0443 5552 uliagpkx - ok
21:19:26.0476 5552 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
21:19:26.0477 5552 umbus - ok
21:19:26.0494 5552 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:19:26.0495 5552 UmPass - ok
21:19:26.0536 5552 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
21:19:26.0540 5552 upnphost - ok
21:19:26.0589 5552 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
21:19:26.0590 5552 USBAAPL - ok
21:19:26.0633 5552 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:19:26.0634 5552 usbaudio - ok
21:19:26.0659 5552 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:19:26.0661 5552 usbccgp - ok
21:19:26.0684 5552 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:19:26.0685 5552 usbcir - ok
21:19:26.0708 5552 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:19:26.0709 5552 usbehci - ok
21:19:26.0742 5552 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:19:26.0743 5552 usbhub - ok
21:19:26.0771 5552 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:19:26.0772 5552 usbohci - ok
21:19:26.0820 5552 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:19:26.0820 5552 usbprint - ok
21:19:26.0860 5552 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:19:26.0860 5552 usbscan - ok
21:19:26.0878 5552 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:19:26.0879 5552 USBSTOR - ok
21:19:26.0894 5552 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:19:26.0895 5552 usbuhci - ok
21:19:26.0920 5552 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
21:19:26.0922 5552 UxSms - ok
21:19:26.0948 5552 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
21:19:26.0950 5552 VaultSvc - ok
21:19:26.0965 5552 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:19:26.0966 5552 vdrvroot - ok
21:19:27.0016 5552 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
21:19:27.0021 5552 vds - ok
21:19:27.0046 5552 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:19:27.0047 5552 vga - ok
21:19:27.0057 5552 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:19:27.0058 5552 VgaSave - ok
21:19:27.0078 5552 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:19:27.0079 5552 vhdmp - ok
21:19:27.0092 5552 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:19:27.0093 5552 viaagp - ok
21:19:27.0107 5552 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
21:19:27.0107 5552 ViaC7 - ok
21:19:27.0128 5552 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
21:19:27.0128 5552 viaide - ok
21:19:27.0144 5552 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:19:27.0145 5552 volmgr - ok
21:19:27.0161 5552 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:19:27.0162 5552 volmgrx - ok
21:19:27.0177 5552 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:19:27.0179 5552 volsnap - ok
21:19:27.0203 5552 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:19:27.0204 5552 vsmraid - ok
21:19:27.0257 5552 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
21:19:27.0266 5552 VSS - ok
21:19:27.0332 5552 [ 682FCF7D2EB5158CD30408E976562408 ] VSTHWBS2 C:\Windows\system32\DRIVERS\VSTBS23.SYS
21:19:27.0334 5552 VSTHWBS2 - ok
21:19:27.0364 5552 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] VST_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:19:27.0369 5552 VST_DPV - ok
21:19:27.0381 5552 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:19:27.0381 5552 vwifibus - ok
21:19:27.0428 5552 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
21:19:27.0432 5552 W32Time - ok
21:19:27.0449 5552 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:19:27.0450 5552 WacomPen - ok
21:19:27.0492 5552 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:19:27.0492 5552 WANARP - ok
21:19:27.0496 5552 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:19:27.0497 5552 Wanarpv6 - ok
21:19:27.0548 5552 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:19:27.0555 5552 WatAdminSvc - ok
21:19:27.0602 5552 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
21:19:27.0618 5552 wbengine - ok
21:19:27.0631 5552 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:19:27.0634 5552 WbioSrvc - ok
21:19:27.0675 5552 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:19:27.0679 5552 wcncsvc - ok
21:19:27.0690 5552 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:19:27.0692 5552 WcsPlugInService - ok
21:19:27.0728 5552 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:19:27.0728 5552 Wd - ok
21:19:27.0748 5552 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:19:27.0751 5552 Wdf01000 - ok
21:19:27.0765 5552 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:19:27.0768 5552 WdiServiceHost - ok
21:19:27.0772 5552 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:19:27.0775 5552 WdiSystemHost - ok
21:19:27.0817 5552 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
21:19:27.0821 5552 WebClient - ok
21:19:27.0835 5552 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:19:27.0838 5552 Wecsvc - ok
21:19:27.0848 5552 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:19:27.0850 5552 wercplsupport - ok
21:19:27.0883 5552 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
21:19:27.0885 5552 WerSvc - ok
21:19:27.0897 5552 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:19:27.0898 5552 WfpLwf - ok
21:19:27.0911 5552 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:19:27.0912 5552 WIMMount - ok
21:19:27.0948 5552 [ BC0C7EA89194C299F051C24119000E17 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:19:27.0952 5552 winachsf - ok
21:19:28.0037 5552 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:19:28.0044 5552 WinDefend - ok
21:19:28.0056 5552 WinHttpAutoProxySvc - ok
21:19:28.0147 5552 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:19:28.0149 5552 Winmgmt - ok
21:19:28.0211 5552 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
21:19:28.0228 5552 WinRM - ok
21:19:28.0301 5552 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:19:28.0301 5552 WinUsb - ok
21:19:28.0359 5552 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:19:28.0372 5552 Wlansvc - ok
21:19:28.0464 5552 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:19:28.0481 5552 wlidsvc - ok
21:19:28.0508 5552 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:19:28.0509 5552 WmiAcpi - ok
21:19:28.0555 5552 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:19:28.0556 5552 wmiApSrv - ok
21:19:28.0658 5552 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:19:28.0670 5552 WMPNetworkSvc - ok
21:19:28.0688 5552 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:19:28.0693 5552 WPCSvc - ok
21:19:28.0742 5552 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:19:28.0748 5552 WPDBusEnum - ok
21:19:28.0825 5552 WPFFontCache_v0400 - ok
21:19:28.0859 5552 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:19:28.0860 5552 ws2ifsl - ok
21:19:28.0872 5552 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
21:19:28.0877 5552 wscsvc - ok
21:19:28.0883 5552 WSearch - ok
21:19:28.0967 5552 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:19:28.0991 5552 wuauserv - ok
21:19:29.0036 5552 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:19:29.0037 5552 WudfPf - ok
21:19:29.0088 5552 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:19:29.0089 5552 WUDFRd - ok
21:19:29.0122 5552 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:19:29.0128 5552 wudfsvc - ok
21:19:29.0187 5552 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:19:29.0194 5552 WwanSvc - ok
21:19:29.0203 5552 ================ Scan global ===============================
21:19:29.0256 5552 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:19:29.0315 5552 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
21:19:29.0339 5552 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
21:19:29.0387 5552 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:19:29.0405 5552 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:19:29.0408 5552 [Global] - ok
21:19:29.0409 5552 ================ Scan MBR ==================================
21:19:29.0420 5552 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:19:29.0630 5552 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:19:29.0630 5552 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:19:29.0631 5552 ================ Scan VBR ==================================
21:19:29.0658 5552 [ 2B2C4931F16A920927FC0C01FB181799 ] \Device\Harddisk0\DR0\Partition1
21:19:29.0660 5552 \Device\Harddisk0\DR0\Partition1 - ok
21:19:29.0664 5552 [ 11BDD3988030B7173AC56D1FE861C98B ] \Device\Harddisk0\DR0\Partition2
21:19:29.0666 5552 \Device\Harddisk0\DR0\Partition2 - ok
21:19:29.0667 5552 ============================================================
21:19:29.0667 5552 Scan finished
21:19:29.0667 5552 ============================================================
21:19:29.0722 5732 Detected object count: 1
21:19:29.0722 5732 Actual detected object count: 1
21:20:39.0236 5732 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
21:20:39.0249 5732 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
21:20:39.0286 5732 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:20:39.0309 5732 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:20:40.0021 5732 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:20:40.0065 5732 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
21:20:40.0069 5732 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
21:20:40.0114 5732 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:20:40.0326 5732 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:20:40.0365 5732 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:20:40.0376 5732 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
21:20:40.0381 5732 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
21:20:40.0385 5732 \Device\Harddisk0\DR0\TDLFS - deleted
21:20:40.0386 5732 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-01 21:25:14
-----------------------------
21:25:14.605 OS Version: Windows 6.1.7601 Service Pack 1
21:25:14.605 Number of processors: 2 586 0xF0B
21:25:14.606 ComputerName: THEFLAGGFAMI-PC UserName:
21:25:15.561 Initialize success
21:28:21.225 AVAST engine defs: 12100101
21:32:37.831 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:32:37.836 Disk 0 Vendor: ST3500630AS 3.ADJ Size: 476940MB BusType: 3
21:32:37.859 Disk 0 MBR read successfully
21:32:37.863 Disk 0 MBR scan
21:32:37.872 Disk 0 Windows 7 default MBR code
21:32:37.880 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
21:32:37.914 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640
21:32:37.940 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 466644 MB offset 21084160
21:32:37.985 Disk 0 scanning sectors +976771072
21:32:38.110 Disk 0 scanning C:\Windows\system32\drivers
21:32:54.356 Service scanning
21:33:08.814 Service MpKsl8670d9a6 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4FAFCF3B-04FC-402A-BF52-7605015C9DC8}\MpKsl8670d9a6.sys **LOCKED** 32
21:33:28.837 Modules scanning
21:33:34.679 Disk 0 trace - called modules:
21:33:34.722 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys dxgkrnl.sys igdkmd32.sys dxgmms1.sys watchdog.sys intelppm.sys HDAudBus.sys
21:33:34.728 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8670b2e0]
21:33:34.734 3 CLASSPNP.SYS[8c19059e] -> nt!IofCallDriver -> [0x86263898]
21:33:34.739 5 ACPI.sys[8bcb33d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85977610]
21:33:35.959 AVAST engine scan C:\Windows
21:33:39.624 AVAST engine scan C:\Windows\system32
21:37:49.986 AVAST engine scan C:\Windows\system32\drivers
21:38:09.541 AVAST engine scan C:\Users\The Flagg Family
21:39:02.969 Disk 0 MBR has been saved successfully to "C:\Users\The Flagg Family\Desktop\MBR.dat"
21:39:02.977 The log file has been saved successfully to "C:\Users\The Flagg Family\Desktop\aswMBR2.txt"

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:26 PM

Posted 02 October 2012 - 06:30 AM

Right click on JUNKWARE removal tool-select run as administrator.After scan completes post the log

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#12 weldermike

weldermike
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 03 October 2012 - 08:26 AM

Junkware Removal Tool (JRT) by Thisisu
Version: 1.2.2 (10.02.2012)
OS: Windows 7 Home Premium x86
Ran by The Flagg Family on 10/02/2012 at 20:14:51.70
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

ERROR: Access is denied.
Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
Successfully deleted: [KEY] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
Successfully deleted: [KEY] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [KEY] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}
Successfully deleted: [KEY] "hkey_current_user\software\conduit"



*** Files: 0 Detections



*** Folders: 0 Detections



Removed the following from [PREFS.JS] :



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on 10/02/2012 at 20:14:57.31
End of Report

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/02/2012 08:16:34 PM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\The Flagg Family\Desktop\JRT.exe (PID: 4972) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 10/02/2012 08:16:52 PM
Execution time: 0 hours(s), 0 minute(s), and 18 seconds(s)

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\reader 9.0\reader\reader_sl.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "dscactivate" " " " " "c:\program files\dell support center\gs_agent\custom\dsca.exe"
+ "ECenter" " " " " "c:\dell\e-center\eulalauncher.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "LogitechQuickCamRibbon" "Camera Software" "Logitech Inc." "c:\program files\logitech\logitech webcam software\lws.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "RtHDVCpl" "HD Audio Control Panel" "Realtek Semiconductor" "c:\windows\rthdvcpl.exe"
+ "SunJavaUpdateSched" "" "" "File not found: C:\Program Files\Java\jre6\bin\jusched.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Digital Line Detect.lnk" "Digital Line Detection" "Avanquest Software " "c:\program files\digital line detect\dlg.exe"
+ "ImageMixer 3 SE Camera Monitor Ver.5.lnk" "" "PIXELA CORPORATION" "c:\program files\pixela\imagemixer 3 se ver.5\transfer utility\cameramonitor.exe"
"HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load" "" "" ""
+ "C:\Users\THEFLA~1\AppData\Local\Temp\{95094~1.EXE" "" "" "File not found: C:\Users\THEFLA~1\AppData\Local\Temp\{95094~1.EXE"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "EPSON Stylus CX4800 Series" "EPSON Status Monitor 3" "SEIKO EPSON CORPORATION" "c:\windows\system32\spool\drivers\w32x86\3\e_fatiada.exe"
+ "Google Update" "Google Installer" "Google Inc." "c:\users\the flagg family\appdata\local\google\update\googleupdate.exe"
+ "Logitech Vid" "Logitech Vid" "Logitech Inc." "c:\program files\logitech\logitech vid\vid.exe"
+ "SearchEngineProtection" "" "" "File not found: C:\Program Files\Gamesbar\SearchEngineProtection.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
+ "FlashPlayerUpdate" "Adobe® Flash® Player Installer/Uninstaller 11.3 r300" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashutil32_11_3_300_265_activex.exe"
+ "Shockwave Updater" "Shockwave Helper" "Adobe Systems, Inc." "c:\windows\system32\adobe\shockwave 11\swhelper_1151601.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "livecall" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.dll"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "msnim" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.dll"
+ "skype4com" "Skype for COM API" "Skype Technologies" "c:\program files\common files\skype\skype4com.dll"
+ "wlmailhtml" "Windows Live Mail" "Microsoft Corporation" "c:\program files\windows live\mail\mailcomm.dll"
+ "wlpg" "Windows Live Album Download Protocol Handler" "Microsoft Corporation" "c:\program files\windows live\photo gallery\albumdownloadprotocolhandler.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "AIM Toolbar Loader" "AIM Toolbar IE Dynamic Link Library" "AOL LLC." "c:\program files\aim toolbar\aimtb.dll"
+ "Bing Bar Helper" "Bing Client Extensions" "Microsoft Corporation." "c:\program files\microsoft\bingbar\bingext.dll"
+ "CBrowserHelperObject Object" "BAE.dll" "Dell Inc." "c:\program files\dell\bae\bae.dll"
+ "Easy Photo Print" "Epson Easy Photo Print (TBL)" "SEIKO EPSON CORPORATION" "c:\program files\epson software\easy photo print\eptbl.dll"
+ "GamesBarBHO Class" "" "" "File not found: C:\Program Files\GamesBar\2.0.1.55\oberontb.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Skype add-on (mastermind)" "Skype add-on for IE" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "SSVHelper Class" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" ""
+ "AIM Toolbar Search Class" "AIM Toolbar IE Dynamic Link Library" "AOL LLC." "c:\program files\aim toolbar\aimtb.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "AIM Toolbar" "AIM Toolbar IE Dynamic Link Library" "AOL LLC." "c:\program files\aim toolbar\aimtb.dll"
+ "Bing" "Bing Client Extensions" "Microsoft Corporation." "c:\program files\microsoft\bingbar\bingext.dll"
+ "EPTBL" "Epson Easy Photo Print (TBL)" "SEIKO EPSON CORPORATION" "c:\program files\epson software\easy photo print\eptbl.dll"
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "AIM Toolbar" "AIM Toolbar IE Dynamic Link Library" "AOL LLC." "c:\program files\aim toolbar\aimtb.dll"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office12\onbttnie.dll"
+ "Skype" "Skype add-on for IE" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "Skype add-on for Internet Explorer" "Skype add-on for IE" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-849849326-2601386290-864959393-1000Core" "Google Installer" "Google Inc." "c:\users\the flagg family\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-849849326-2601386290-864959393-1000UA" "Google Installer" "Google Inc." "c:\users\the flagg family\appdata\local\google\update\googleupdate.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "File not found: C:\Windows\system32\gatherWiredInfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "File not found: C:\Windows\system32\gatherWirelessInfo.vbs"
+ "\RunAsStdUser Task" "" "" "File not found: C:\Users\The Flagg Family\AppData\Local\snappydeeSA\bin\1.0.6.0\SnappyDeeSA.exe"
+ "\{4CB66BDB-52AD-4884-8973-BACFF4BDECD1}" "Internet Explorer" "Microsoft Corporation" "c:\program files\internet explorer\iexplore.exe"
+ "\{4F0FCEA0-77FF-48A3-8B3A-DD7B4754B6E6}" "Skype " "Skype Technologies S.A." "c:\program files\skype\phone\skype.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AERTFilters" "Andrea filters APO access service (32-bit)" "Andrea Electronics Corporation" "c:\windows\system32\aertsrv.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "BBSvc" "Keeps Bing Bar up-to-date. Disabling this service might prevent updates and expose your computer to security vulnerabilities or functional flaws in Bing Bar." "Microsoft Corporation." "c:\program files\microsoft\bingbar\bbsvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "EPSON_PM_RPCV4_01" "EPSON Status Monitor 3" "SEIKO EPSON CORPORATION" "c:\programdata\epson\epw!3 ssrp\e_s40rp7.exe"
+ "fsssvc" "This service enables Family Safety on the computer. If this service is not running, Family Safety will not work." "Microsoft Corporation" "c:\program files\windows live\family safety\fsssvc.exe"
+ "GoToAssist" "Citrix GoToAssist provides remote help to this PC." "Citrix Online, a division of Citrix Systems, Inc." "c:\program files\citrix\gotoassist\514\g2aservice.exe"
+ "gupdate1c9eab16229fa77" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "LVPrcSrv" "Injector service" "Logitech Inc." "c:\program files\common files\logishrd\lvmvfm\lvprcsrv.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "SeaPort" "Enables the detection, download and installation of up-to-date configuration files for Bing Bar. Also provides server communication for the customer experience improvement program. Stopping or disabling this service may prevent you from getting the latest updates for Bing Bar, which may expose your computer to security vulnerabilities or functional flaws in the Bing Bar." "Microsoft Corporation" "c:\program files\microsoft\bingbar\seaport.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files\skype\updater\updater.exe"
+ "stllssvr" "SureThing Labelflash Disc Printer Service Module" "MicroVision Development, Inc." "c:\program files\common files\surething shared\stllssvr.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "WPFFontCache_v0400" "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-101" "" "File not found: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aic78xx" "Adaptec Ultra SCSI miniport" "Adaptec, Inc." "c:\windows\system32\drivers\djsvs.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows family" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "aswMBR" "" "" "File not found: C:\Users\THEFLA~1\AppData\Local\Temp\aswMBR.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbdx.sys"
+ "b57nd60x" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60x.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "e1express" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1e6032.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbdx.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd32.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhda.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "LVPr2Mon" "Logitech ProcMon Driver" "Logitech Inc." "c:\windows\system32\drivers\lvpr2mon.sys"
+ "LVUSBSta" "USB Statistic Driver" "Logitech Inc." "c:\windows\system32\drivers\lvusbsta.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7 for x86" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PID_PEPI" "Logitech Webcam Software Driver" "Logitech Inc." "c:\windows\system32\drivers\lv302v32.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "Serial" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\serial.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "VST_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstdpv3.sys"
+ "VSTHWBS2" "HSF_HWB2 WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstbs23.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstcnxt3.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "VIDC.I420" "Video Codec" "Logitech Inc." "c:\windows\system32\lvcodec2.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files\google\google earth\client\wavdest.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "Dump" "Pixela File Dump Filter" "PiXELA Corp." "c:\program files\pixela\imagemixer 3 se ver.5\video tools\pixedump.ax"
+ "PiXELA AC-3 Decoder" "PiXELA AC-3 Decoder" "Pixela" "c:\program files\pixela\imagemixer 3 se ver.5\video tools\px_ac3dec.ax"
+ "Pixela Audio format convert Filter (IMX-DES)" "Audio Format Converter (DES)" "PIXELA CORPORATION" "c:\program files\pixela\imagemixer 3 se ver.5\video tools\imxaudfmtcnvt_des.ax"
+ "Pixela Color Format Convert Filter DES" "PIXELA Resize Filter" "PIXELA CORPORATION" "c:\program files\pixela\imagemixer 3 se ver.5\video tools\pxresizefilter.ax"
+ "PiXELA Deinterlace Filter" "PIXELA Deinterlace Filter" "PIXELA CORPORATION" "c:\program files\pixela\imagemixer 3 se ver.5\video tools\deinterlacefilter.ax"
+ "Pixela DV Video Decoder" "DV Video Decoder" "PIXELA CORPORATION" "c:\program files\pixela\imagemixer 3 se ver.5\video tools\pxdvdec.ax"
+ "Pixela File Source (Sync)" "Multi File Source Filter (Sync)" "PIXELA CORPORATION." "c:\program files\pixela\imagemixer 3 se ver.5\video tools\pxfilesrc.ax"
+ "PIXELA H.264 Encoder" "H.264 Encoder Filter" "PIXELA CORPORATION" "c:\program files\pixela\imagemixer 3 se ver.5\video tools\pxh264encoder.ax"
+ "Pixela H264 Decoder2(HP)" "pix_h264_HPDecFilter" "PIXELA CORPORATION" "c:\program files\pixela\imagemixer 3 se ver.5\video tools\pix_h264_hpdecfilter.ax"
+ "Pixela Mpeg Splitter" "Mpeg Splitter Filter" "PIXELA CORPORATION" "c:\program files\pixela\imagemixer 3 se ver.5\video tools\pxmpegsplitter.ax"
+ "Pixela mpeg system multiplexer (IMx)" "pixela mpeg system multiplexer filter (IMx)" "PIXELA CORPORATION." "c:\program files\pixela\imagemixer 3 se ver.5\video tools\imxpsmux.ax"
+ "PIXELA MPEG2 Video Decoder for IMx" "Mpeg Video Decode Filter" "PIXELA CORPORATION" "c:\program files\pixela\imagemixer 3 se ver.5\video tools\mpvdec_imx.ax"
+ "PIXELA MPEG2 Video Decoder(IMX)" "PIXELA MPEG DECODER" "PIXELA Corp." "c:\program files\pixela\imagemixer 3 se ver.5\video tools\immpvdec.ax"
+ "PIXELA MPEG2 Video Encoder" "Mpeg2 Video Encoder Filter" "Pixela Corporation" "c:\program files\pixela\imagemixer 3 se ver.5\video tools\pxmpegvidenc.ax"
+ "PIXELA MPEG2-Splitter(IMX)" "MPEG PS SPLITTER" "PIXELA CORPORATION" "c:\program files\pixela\imagemixer 3 se ver.5\video tools\imxpsspl.ax"
+ "Pixela MPEG2-TS Multiplexer" "MPEG2-TS Multiplexer" "PIXELA CORPORATION" "c:\program files\pixela\imagemixer 3 se ver.5\video tools\pxtsmuxer.ax"
+ "Pixela QuickTime Writer" "QuickTime File Writer" "PIXELA CORPORATION" "c:\program files\pixela\imagemixer 3 se ver.5\video tools\pxqtwriter.ax"
+ "Pixela Resize Filter" "PIXELA Resize Filter" "PIXELA CORPORATION" "c:\program files\pixela\imagemixer 3 se ver.5\video tools\pxresizefilter.ax"
+ "Pixela Scaling Filter for IMx" "PIXELA Resizer for HD" "PIXELA CORPORATION" "c:\program files\pixela\imagemixer 3 se ver.5\video tools\pixelascalingfilterimx.ax"
+ "PiXELA Sound Rate Change" "PIXELA PCM Sound Rate Change (IMX)" "PIXELA CORPORATION" "c:\program files\pixela\imagemixer 3 se ver.5\video tools\imxratechange.ax"
+ "Pixela VAUXPack for DVCap" "PxVAUXPack" "PIXELA CORPORATION" "c:\program files\pixela\imagemixer 3 se ver.5\video tools\pxvauxpackfordvcap.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "GoToAssist" "Citrix Online GoToAssist" "Citrix Online, a division of Citrix Systems, Inc." "c:\program files\citrix\gotoassist\514\g2awinlogon.dll"
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Epson Inbox Language Monitor01" "Epson Printer Driver" "SEIKO EPSON CORPORATION" "c:\windows\system32\ep0slm01.dll"
+ "EPSON Stylus CX4800 Series 32MonitorBA" "EPSON Bi-directional Monitor" "SEIKO EPSON CORPORATION" "c:\windows\system32\e_flbada.dll"
"C:\Users\The Flagg Family\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Clock" "Watch the clock in your own time zone or any city in the world." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\Clock.gadget\en-US\Gadget.xml"
+ "Feed Headlines" "Track the latest news, sports, and entertainment headlines." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\RSSFeeds.Gadget\en-US\Gadget.xml"
+ "Slide Show" "Show a continuous slide show of your pictures." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\SlideShow.Gadget\en-US\Gadget.xml"

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:26 PM

Posted 03 October 2012 - 09:37 AM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#14 weldermike

weldermike
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 03 October 2012 - 12:05 PM

Thanks for everything!! If there is something you need welded I would help you out but considering your a few thousand miles away, not sure how to make that work!

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:26 PM

Posted 03 October 2012 - 01:41 PM

Thankyou is enough :)

safe surfing




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users