Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirects again after Bleeping Computer fixed it? Now local pc business fails to solve problem


  • Please log in to reply
18 replies to this topic

#1 sawdog

sawdog

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 29 September 2012 - 09:28 PM

This summer I went through Combofix process with a Bleeping Computer Malware Response Team member. Not long after the process I began having redirects again despite following the instructions for how to avoid it again.
Last week I took my computer to a local pc shop that said they could eliminate the virus.
Upon getting the computer back I got a redirect almost instantly.
I am worried about this issue as last time the computer was infected my email got hacked.

Anybody able to take a crack at this?

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:08 AM

Posted 29 September 2012 - 09:43 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 sawdog

sawdog
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 29 September 2012 - 11:18 PM

20:46:59.0450 5904 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:47:00.0027 5904 ============================================================
20:47:00.0027 5904 Current date / time: 2012/09/29 20:47:00.0027
20:47:00.0027 5904 SystemInfo:
20:47:00.0027 5904
20:47:00.0027 5904 OS Version: 6.1.7601 ServicePack: 1.0
20:47:00.0027 5904 Product type: Workstation
20:47:00.0027 5904 ComputerName: KUEHL-HP
20:47:00.0027 5904 UserName: Kuehl
20:47:00.0027 5904 Windows directory: C:\Windows
20:47:00.0027 5904 System windows directory: C:\Windows
20:47:00.0027 5904 Running under WOW64
20:47:00.0027 5904 Processor architecture: Intel x64
20:47:00.0027 5904 Number of processors: 4
20:47:00.0027 5904 Page size: 0x1000
20:47:00.0027 5904 Boot type: Normal boot
20:47:00.0027 5904 ============================================================
20:47:01.0618 5904 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:47:01.0758 5904 ============================================================
20:47:01.0758 5904 \Device\Harddisk0\DR0:
20:47:01.0805 5904 MBR partitions:
20:47:01.0805 5904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
20:47:01.0805 5904 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x387E7800
20:47:01.0805 5904 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3884B800, BlocksNum 0x1B06800
20:47:01.0805 5904 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
20:47:01.0805 5904 ============================================================
20:47:01.0852 5904 C: <-> \Device\Harddisk0\DR0\Partition2
20:47:01.0961 5904 D: <-> \Device\Harddisk0\DR0\Partition3
20:47:01.0961 5904 ============================================================
20:47:01.0961 5904 Initialize success
20:47:01.0961 5904 ============================================================
20:48:06.0499 0840 ============================================================
20:48:06.0499 0840 Scan started
20:48:06.0499 0840 Mode: Manual; TDLFS;
20:48:06.0499 0840 ============================================================
20:48:06.0982 0840 ================ Scan system memory ========================
20:48:06.0982 0840 System memory - ok
20:48:06.0982 0840 ================ Scan services =============================
20:48:07.0216 0840 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:48:07.0232 0840 1394ohci - ok
20:48:07.0279 0840 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:48:07.0279 0840 ACPI - ok
20:48:07.0341 0840 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:48:07.0341 0840 AcpiPmi - ok
20:48:07.0481 0840 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:48:07.0497 0840 AdobeARMservice - ok
20:48:07.0653 0840 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:48:07.0653 0840 AdobeFlashPlayerUpdateSvc - ok
20:48:07.0731 0840 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:48:07.0747 0840 adp94xx - ok
20:48:07.0825 0840 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:48:07.0825 0840 adpahci - ok
20:48:07.0887 0840 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:48:07.0903 0840 adpu320 - ok
20:48:07.0934 0840 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:48:07.0934 0840 AeLookupSvc - ok
20:48:07.0996 0840 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:48:08.0012 0840 AFD - ok
20:48:08.0059 0840 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:48:08.0074 0840 agp440 - ok
20:48:08.0105 0840 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:48:08.0105 0840 ALG - ok
20:48:08.0183 0840 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:48:08.0183 0840 aliide - ok
20:48:08.0246 0840 [ 850F0C8034225FA3F50D551A905FA503 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:48:08.0261 0840 AMD External Events Utility - ok
20:48:08.0293 0840 AMD FUEL Service - ok
20:48:08.0324 0840 [ DD27F6C3DE9BFE50635C721E09EDC5DD ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
20:48:08.0324 0840 AMD Reservation Manager - ok
20:48:08.0371 0840 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:48:08.0386 0840 amdide - ok
20:48:08.0449 0840 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
20:48:08.0449 0840 amdiox64 - ok
20:48:08.0480 0840 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:48:08.0495 0840 AmdK8 - ok
20:48:08.0776 0840 [ 7979BF4A66EFDADF3D00A052409609B1 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:48:08.0995 0840 amdkmdag - ok
20:48:09.0073 0840 [ 7D5CDB0161E91951D3DD99E55CEA4D01 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:48:09.0073 0840 amdkmdap - ok
20:48:09.0104 0840 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:48:09.0119 0840 AmdPPM - ok
20:48:09.0166 0840 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:48:09.0166 0840 amdsata - ok
20:48:09.0213 0840 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
20:48:09.0213 0840 amdsbs - ok
20:48:09.0260 0840 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:48:09.0260 0840 amdxata - ok
20:48:09.0291 0840 [ 6363014D5E4CCD280FB4902EC3C2CCFE ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
20:48:09.0291 0840 amd_sata - ok
20:48:09.0291 0840 [ 51A5AED2A4CCEDA6ADDCF3194C9B29EB ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
20:48:09.0291 0840 amd_xata - ok
20:48:09.0322 0840 Andbus - ok
20:48:09.0338 0840 AndDiag - ok
20:48:09.0338 0840 AndGps - ok
20:48:09.0353 0840 ANDModem - ok
20:48:09.0463 0840 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:48:09.0478 0840 AppID - ok
20:48:09.0509 0840 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:48:09.0509 0840 AppIDSvc - ok
20:48:09.0525 0840 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:48:09.0525 0840 Appinfo - ok
20:48:09.0634 0840 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:48:09.0634 0840 Apple Mobile Device - ok
20:48:09.0712 0840 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
20:48:09.0712 0840 arc - ok
20:48:09.0743 0840 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:48:09.0743 0840 arcsas - ok
20:48:09.0790 0840 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:48:09.0790 0840 AsyncMac - ok
20:48:09.0868 0840 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:48:09.0868 0840 atapi - ok
20:48:09.0946 0840 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
20:48:09.0962 0840 AtiHdmiService - ok
20:48:09.0962 0840 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys
20:48:09.0962 0840 AtiPcie - ok
20:48:10.0040 0840 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:48:10.0055 0840 AudioEndpointBuilder - ok
20:48:10.0071 0840 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:48:10.0087 0840 AudioSrv - ok
20:48:10.0133 0840 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:48:10.0133 0840 AxInstSV - ok
20:48:10.0211 0840 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
20:48:10.0227 0840 b06bdrv - ok
20:48:10.0289 0840 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:48:10.0289 0840 b57nd60a - ok
20:48:10.0352 0840 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
20:48:10.0367 0840 BBSvc - ok
20:48:10.0430 0840 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
20:48:10.0461 0840 BCM43XX - ok
20:48:10.0477 0840 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:48:10.0477 0840 BDESVC - ok
20:48:10.0539 0840 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:48:10.0539 0840 Beep - ok
20:48:10.0601 0840 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:48:10.0617 0840 BFE - ok
20:48:10.0664 0840 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
20:48:10.0679 0840 BITS - ok
20:48:10.0742 0840 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
20:48:10.0742 0840 blbdrive - ok
20:48:10.0820 0840 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:48:10.0835 0840 Bonjour Service - ok
20:48:10.0882 0840 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:48:10.0898 0840 bowser - ok
20:48:10.0929 0840 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
20:48:10.0929 0840 BrFiltLo - ok
20:48:10.0960 0840 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
20:48:10.0960 0840 BrFiltUp - ok
20:48:11.0023 0840 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:48:11.0038 0840 BridgeMP - ok
20:48:11.0054 0840 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:48:11.0054 0840 Browser - ok
20:48:11.0085 0840 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:48:11.0101 0840 Brserid - ok
20:48:11.0116 0840 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:48:11.0116 0840 BrSerWdm - ok
20:48:11.0147 0840 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:48:11.0163 0840 BrUsbMdm - ok
20:48:11.0194 0840 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:48:11.0194 0840 BrUsbSer - ok
20:48:11.0194 0840 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:48:11.0210 0840 BTHMODEM - ok
20:48:11.0241 0840 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:48:11.0241 0840 bthserv - ok
20:48:11.0303 0840 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:48:11.0303 0840 cdfs - ok
20:48:11.0366 0840 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:48:11.0381 0840 cdrom - ok
20:48:11.0475 0840 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:48:11.0475 0840 CertPropSvc - ok
20:48:11.0522 0840 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
20:48:11.0522 0840 circlass - ok
20:48:11.0553 0840 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:48:11.0569 0840 CLFS - ok
20:48:11.0631 0840 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:48:11.0631 0840 clr_optimization_v2.0.50727_32 - ok
20:48:11.0678 0840 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:48:11.0693 0840 clr_optimization_v2.0.50727_64 - ok
20:48:11.0787 0840 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:48:11.0787 0840 clr_optimization_v4.0.30319_32 - ok
20:48:11.0849 0840 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:48:11.0849 0840 clr_optimization_v4.0.30319_64 - ok
20:48:11.0912 0840 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
20:48:11.0912 0840 clwvd - ok
20:48:11.0990 0840 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
20:48:11.0990 0840 CmBatt - ok
20:48:12.0021 0840 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:48:12.0021 0840 cmdide - ok
20:48:12.0068 0840 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:48:12.0068 0840 CNG - ok
20:48:12.0099 0840 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
20:48:12.0099 0840 Compbatt - ok
20:48:12.0161 0840 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:48:12.0161 0840 CompositeBus - ok
20:48:12.0193 0840 COMSysApp - ok
20:48:12.0286 0840 cpuz135 - ok
20:48:12.0317 0840 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:48:12.0317 0840 crcdisk - ok
20:48:12.0380 0840 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:48:12.0395 0840 CryptSvc - ok
20:48:12.0473 0840 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:48:12.0489 0840 DcomLaunch - ok
20:48:12.0551 0840 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:48:12.0567 0840 defragsvc - ok
20:48:12.0629 0840 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:48:12.0629 0840 DfsC - ok
20:48:12.0676 0840 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:48:12.0692 0840 Dhcp - ok
20:48:12.0707 0840 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:48:12.0707 0840 discache - ok
20:48:12.0770 0840 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
20:48:12.0770 0840 Disk - ok
20:48:12.0801 0840 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:48:12.0801 0840 Dnscache - ok
20:48:12.0879 0840 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:48:12.0879 0840 dot3svc - ok
20:48:12.0910 0840 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:48:12.0910 0840 DPS - ok
20:48:12.0957 0840 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:48:12.0973 0840 drmkaud - ok
20:48:13.0035 0840 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:48:13.0051 0840 DXGKrnl - ok
20:48:13.0082 0840 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:48:13.0082 0840 EapHost - ok
20:48:13.0207 0840 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
20:48:13.0269 0840 ebdrv - ok
20:48:13.0300 0840 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:48:13.0300 0840 EFS - ok
20:48:13.0425 0840 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:48:13.0441 0840 ehRecvr - ok
20:48:13.0456 0840 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:48:13.0456 0840 ehSched - ok
20:48:13.0519 0840 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:48:13.0534 0840 elxstor - ok
20:48:13.0550 0840 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:48:13.0550 0840 ErrDev - ok
20:48:13.0643 0840 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:48:13.0659 0840 EventSystem - ok
20:48:13.0690 0840 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:48:13.0690 0840 exfat - ok
20:48:13.0737 0840 ezSharedSvc - ok
20:48:13.0768 0840 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:48:13.0768 0840 fastfat - ok
20:48:13.0846 0840 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:48:13.0862 0840 Fax - ok
20:48:13.0877 0840 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
20:48:13.0877 0840 fdc - ok
20:48:13.0909 0840 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:48:13.0909 0840 fdPHost - ok
20:48:13.0940 0840 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:48:13.0940 0840 FDResPub - ok
20:48:13.0955 0840 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:48:13.0955 0840 FileInfo - ok
20:48:13.0971 0840 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:48:13.0971 0840 Filetrace - ok
20:48:14.0002 0840 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
20:48:14.0018 0840 flpydisk - ok
20:48:14.0080 0840 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:48:14.0080 0840 FltMgr - ok
20:48:14.0143 0840 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
20:48:14.0143 0840 FontCache - ok
20:48:14.0221 0840 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:48:14.0221 0840 FontCache3.0.0.0 - ok
20:48:14.0252 0840 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:48:14.0252 0840 FsDepends - ok
20:48:14.0299 0840 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:48:14.0299 0840 Fs_Rec - ok
20:48:14.0361 0840 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:48:14.0377 0840 fvevol - ok
20:48:14.0439 0840 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:48:14.0439 0840 gagp30kx - ok
20:48:14.0517 0840 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
20:48:14.0533 0840 GamesAppService - ok
20:48:14.0579 0840 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:48:14.0579 0840 GEARAspiWDM - ok
20:48:14.0642 0840 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:48:14.0657 0840 gpsvc - ok
20:48:14.0735 0840 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:48:14.0735 0840 gupdate - ok
20:48:14.0782 0840 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:48:14.0782 0840 gupdatem - ok
20:48:14.0798 0840 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:48:14.0813 0840 hcw85cir - ok
20:48:14.0876 0840 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:48:14.0891 0840 HdAudAddService - ok
20:48:14.0954 0840 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:48:14.0954 0840 HDAudBus - ok
20:48:14.0985 0840 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
20:48:14.0985 0840 HidBatt - ok
20:48:15.0001 0840 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:48:15.0001 0840 HidBth - ok
20:48:15.0016 0840 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
20:48:15.0032 0840 HidIr - ok
20:48:15.0047 0840 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
20:48:15.0063 0840 hidserv - ok
20:48:15.0125 0840 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
20:48:15.0125 0840 HidUsb - ok
20:48:15.0172 0840 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:48:15.0172 0840 hkmsvc - ok
20:48:15.0188 0840 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:48:15.0188 0840 HomeGroupListener - ok
20:48:15.0235 0840 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:48:15.0235 0840 HomeGroupProvider - ok
20:48:15.0313 0840 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
20:48:15.0328 0840 HP Support Assistant Service - ok
20:48:15.0422 0840 [ DA075126F867727810EE9B98B3041C4C ] HPAuto C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
20:48:15.0437 0840 HPAuto - ok
20:48:15.0469 0840 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
20:48:15.0469 0840 HPClientSvc - ok
20:48:15.0593 0840 [ E040F0064D39F73BB4995D494F3DCBB8 ] hpCMSrv C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
20:48:15.0609 0840 hpCMSrv - ok
20:48:15.0625 0840 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
20:48:15.0625 0840 HPDrvMntSvc.exe - ok
20:48:15.0687 0840 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
20:48:15.0703 0840 hpqwmiex - ok
20:48:15.0765 0840 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:48:15.0765 0840 HpSAMD - ok
20:48:15.0843 0840 [ EAD185ACDCFD81BF2172CD6F36277D50 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
20:48:15.0843 0840 HPWMISVC - ok
20:48:15.0890 0840 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:48:15.0905 0840 HTTP - ok
20:48:15.0937 0840 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:48:15.0937 0840 hwpolicy - ok
20:48:16.0015 0840 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:48:16.0015 0840 i8042prt - ok
20:48:16.0077 0840 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:48:16.0077 0840 iaStorV - ok
20:48:16.0202 0840 [ 2C3CC41FEFCB77E2826886E6B7EF93AE ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
20:48:16.0233 0840 IconMan_R - ok
20:48:16.0280 0840 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:48:16.0295 0840 idsvc - ok
20:48:16.0373 0840 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:48:16.0373 0840 iirsp - ok
20:48:16.0420 0840 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:48:16.0436 0840 IKEEXT - ok
20:48:16.0467 0840 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:48:16.0467 0840 intelide - ok
20:48:16.0483 0840 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
20:48:16.0483 0840 intelppm - ok
20:48:16.0514 0840 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:48:16.0514 0840 IPBusEnum - ok
20:48:16.0545 0840 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:48:16.0545 0840 IpFilterDriver - ok
20:48:16.0592 0840 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:48:16.0592 0840 iphlpsvc - ok
20:48:16.0623 0840 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:48:16.0623 0840 IPMIDRV - ok
20:48:16.0639 0840 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:48:16.0639 0840 IPNAT - ok
20:48:16.0732 0840 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:48:16.0748 0840 iPod Service - ok
20:48:16.0810 0840 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:48:16.0810 0840 IRENUM - ok
20:48:16.0826 0840 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:48:16.0841 0840 isapnp - ok
20:48:16.0873 0840 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:48:16.0873 0840 iScsiPrt - ok
20:48:16.0919 0840 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:48:16.0919 0840 kbdclass - ok
20:48:16.0966 0840 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:48:16.0966 0840 kbdhid - ok
20:48:16.0997 0840 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:48:16.0997 0840 KeyIso - ok
20:48:17.0029 0840 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:48:17.0029 0840 KSecDD - ok
20:48:17.0060 0840 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:48:17.0075 0840 KSecPkg - ok
20:48:17.0122 0840 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:48:17.0122 0840 ksthunk - ok
20:48:17.0169 0840 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:48:17.0185 0840 KtmRm - ok
20:48:17.0263 0840 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:48:17.0263 0840 LanmanServer - ok
20:48:17.0294 0840 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:48:17.0309 0840 LanmanWorkstation - ok
20:48:17.0387 0840 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:48:17.0403 0840 lltdio - ok
20:48:17.0419 0840 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:48:17.0434 0840 lltdsvc - ok
20:48:17.0450 0840 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:48:17.0450 0840 lmhosts - ok
20:48:17.0528 0840 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:48:17.0528 0840 LSI_FC - ok
20:48:17.0575 0840 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:48:17.0575 0840 LSI_SAS - ok
20:48:17.0590 0840 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
20:48:17.0590 0840 LSI_SAS2 - ok
20:48:17.0621 0840 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:48:17.0621 0840 LSI_SCSI - ok
20:48:17.0668 0840 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:48:17.0668 0840 luafv - ok
20:48:17.0715 0840 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:48:17.0715 0840 Mcx2Svc - ok
20:48:17.0746 0840 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
20:48:17.0746 0840 megasas - ok
20:48:17.0809 0840 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
20:48:17.0824 0840 MegaSR - ok
20:48:17.0871 0840 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:48:17.0887 0840 MMCSS - ok
20:48:17.0918 0840 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:48:17.0918 0840 Modem - ok
20:48:17.0965 0840 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:48:17.0965 0840 monitor - ok
20:48:18.0011 0840 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:48:18.0027 0840 mouclass - ok
20:48:18.0058 0840 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys
20:48:18.0058 0840 mouhid - ok
20:48:18.0089 0840 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:48:18.0089 0840 mountmgr - ok
20:48:18.0167 0840 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
20:48:18.0167 0840 MpFilter - ok
20:48:18.0214 0840 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:48:18.0214 0840 mpio - ok
20:48:18.0230 0840 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:48:18.0230 0840 mpsdrv - ok
20:48:18.0292 0840 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:48:18.0308 0840 MpsSvc - ok
20:48:18.0323 0840 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:48:18.0339 0840 MRxDAV - ok
20:48:18.0370 0840 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:48:18.0370 0840 mrxsmb - ok
20:48:18.0401 0840 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:48:18.0401 0840 mrxsmb10 - ok
20:48:18.0433 0840 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:48:18.0433 0840 mrxsmb20 - ok
20:48:18.0448 0840 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:48:18.0448 0840 msahci - ok
20:48:18.0479 0840 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:48:18.0479 0840 msdsm - ok
20:48:18.0495 0840 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:48:18.0511 0840 MSDTC - ok
20:48:18.0526 0840 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:48:18.0542 0840 Msfs - ok
20:48:18.0542 0840 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:48:18.0557 0840 mshidkmdf - ok
20:48:18.0589 0840 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:48:18.0589 0840 msisadrv - ok
20:48:18.0635 0840 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:48:18.0635 0840 MSiSCSI - ok
20:48:18.0651 0840 msiserver - ok
20:48:18.0713 0840 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:48:18.0713 0840 MSKSSRV - ok
20:48:18.0854 0840 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:48:18.0869 0840 MsMpSvc - ok
20:48:18.0885 0840 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:48:18.0885 0840 MSPCLOCK - ok
20:48:18.0901 0840 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:48:18.0901 0840 MSPQM - ok
20:48:18.0947 0840 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:48:18.0947 0840 MsRPC - ok
20:48:18.0979 0840 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:48:18.0979 0840 mssmbios - ok
20:48:19.0010 0840 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:48:19.0010 0840 MSTEE - ok
20:48:19.0025 0840 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
20:48:19.0025 0840 MTConfig - ok
20:48:19.0072 0840 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:48:19.0072 0840 Mup - ok
20:48:19.0119 0840 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:48:19.0135 0840 napagent - ok
20:48:19.0197 0840 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:48:19.0213 0840 NativeWifiP - ok
20:48:19.0291 0840 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:48:19.0306 0840 NDIS - ok
20:48:19.0322 0840 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:48:19.0322 0840 NdisCap - ok
20:48:19.0384 0840 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:48:19.0384 0840 NdisTapi - ok
20:48:19.0415 0840 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:48:19.0431 0840 Ndisuio - ok
20:48:19.0447 0840 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:48:19.0447 0840 NdisWan - ok
20:48:19.0462 0840 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:48:19.0478 0840 NDProxy - ok
20:48:19.0525 0840 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:48:19.0525 0840 NetBIOS - ok
20:48:19.0556 0840 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:48:19.0556 0840 NetBT - ok
20:48:19.0571 0840 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:48:19.0571 0840 Netlogon - ok
20:48:19.0634 0840 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:48:19.0634 0840 Netman - ok
20:48:19.0665 0840 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:48:19.0696 0840 netprofm - ok
20:48:19.0727 0840 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:48:19.0727 0840 NetTcpPortSharing - ok
20:48:19.0774 0840 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:48:19.0774 0840 nfrd960 - ok
20:48:19.0837 0840 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:48:19.0837 0840 NisDrv - ok
20:48:19.0883 0840 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
20:48:19.0883 0840 NisSrv - ok
20:48:19.0946 0840 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:48:19.0961 0840 NlaSvc - ok
20:48:19.0993 0840 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:48:19.0993 0840 Npfs - ok
20:48:20.0024 0840 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:48:20.0024 0840 nsi - ok
20:48:20.0039 0840 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:48:20.0039 0840 nsiproxy - ok
20:48:20.0117 0840 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:48:20.0149 0840 Ntfs - ok
20:48:20.0180 0840 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:48:20.0180 0840 Null - ok
20:48:20.0242 0840 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
20:48:20.0258 0840 NVENETFD - ok
20:48:20.0320 0840 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:48:20.0320 0840 nvraid - ok
20:48:20.0351 0840 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:48:20.0351 0840 nvstor - ok
20:48:20.0383 0840 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:48:20.0383 0840 nv_agp - ok
20:48:20.0414 0840 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:48:20.0414 0840 ohci1394 - ok
20:48:20.0507 0840 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:48:20.0507 0840 ose - ok
20:48:20.0663 0840 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:48:20.0788 0840 osppsvc - ok
20:48:20.0819 0840 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:48:20.0835 0840 p2pimsvc - ok
20:48:20.0866 0840 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:48:20.0882 0840 p2psvc - ok
20:48:20.0913 0840 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
20:48:20.0929 0840 Parport - ok
20:48:20.0960 0840 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:48:20.0960 0840 partmgr - ok
20:48:20.0991 0840 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:48:21.0007 0840 PcaSvc - ok
20:48:21.0022 0840 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:48:21.0038 0840 pci - ok
20:48:21.0053 0840 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:48:21.0053 0840 pciide - ok
20:48:21.0085 0840 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:48:21.0085 0840 pcmcia - ok
20:48:21.0116 0840 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:48:21.0116 0840 pcw - ok
20:48:21.0147 0840 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:48:21.0163 0840 PEAUTH - ok
20:48:21.0256 0840 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:48:21.0256 0840 PerfHost - ok
20:48:21.0350 0840 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:48:21.0365 0840 pla - ok
20:48:21.0397 0840 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:48:21.0412 0840 PlugPlay - ok
20:48:21.0428 0840 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:48:21.0443 0840 PNRPAutoReg - ok
20:48:21.0459 0840 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:48:21.0459 0840 PNRPsvc - ok
20:48:21.0506 0840 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:48:21.0506 0840 PolicyAgent - ok
20:48:21.0553 0840 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:48:21.0553 0840 Power - ok
20:48:21.0631 0840 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:48:21.0631 0840 PptpMiniport - ok
20:48:21.0662 0840 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
20:48:21.0662 0840 Processor - ok
20:48:21.0740 0840 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:48:21.0740 0840 ProfSvc - ok
20:48:21.0787 0840 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:48:21.0787 0840 ProtectedStorage - ok
20:48:21.0833 0840 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:48:21.0833 0840 Psched - ok
20:48:21.0911 0840 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:48:21.0943 0840 ql2300 - ok
20:48:21.0958 0840 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:48:21.0974 0840 ql40xx - ok
20:48:21.0989 0840 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:48:22.0005 0840 QWAVE - ok
20:48:22.0021 0840 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:48:22.0021 0840 QWAVEdrv - ok
20:48:22.0036 0840 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:48:22.0036 0840 RasAcd - ok
20:48:22.0099 0840 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:48:22.0099 0840 RasAgileVpn - ok
20:48:22.0114 0840 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:48:22.0130 0840 RasAuto - ok
20:48:22.0145 0840 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:48:22.0145 0840 Rasl2tp - ok
20:48:22.0177 0840 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:48:22.0192 0840 RasMan - ok
20:48:22.0192 0840 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:48:22.0208 0840 RasPppoe - ok
20:48:22.0208 0840 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:48:22.0208 0840 RasSstp - ok
20:48:22.0239 0840 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:48:22.0255 0840 rdbss - ok
20:48:22.0270 0840 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
20:48:22.0270 0840 rdpbus - ok
20:48:22.0286 0840 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:48:22.0301 0840 RDPCDD - ok
20:48:22.0348 0840 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:48:22.0348 0840 RDPENCDD - ok
20:48:22.0364 0840 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:48:22.0364 0840 RDPREFMP - ok
20:48:22.0395 0840 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:48:22.0395 0840 RDPWD - ok
20:48:22.0442 0840 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:48:22.0457 0840 rdyboost - ok
20:48:22.0489 0840 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:48:22.0504 0840 RemoteAccess - ok
20:48:22.0535 0840 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:48:22.0535 0840 RemoteRegistry - ok
20:48:22.0582 0840 [ 085D18C71AB2611A3D61528132B6501E ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
20:48:22.0582 0840 RoxioNow Service - ok
20:48:22.0629 0840 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:48:22.0629 0840 RpcEptMapper - ok
20:48:22.0660 0840 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:48:22.0676 0840 RpcLocator - ok
20:48:22.0723 0840 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:48:22.0738 0840 RpcSs - ok
20:48:22.0801 0840 [ D5C3E1629A3F7F0857D27949252B94CE ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
20:48:22.0801 0840 RSPCIESTOR - ok
20:48:22.0863 0840 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:48:22.0863 0840 rspndr - ok
20:48:22.0941 0840 [ A73ED14670220307874AD6BC2F279349 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:48:22.0941 0840 RTL8167 - ok
20:48:23.0003 0840 [ 5FA2F4F658FCA7816A5FF6980B95C5F9 ] RTL8192Ce C:\Windows\system32\DRIVERS\rtl8192Ce.sys
20:48:23.0035 0840 RTL8192Ce - ok
20:48:23.0050 0840 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:48:23.0050 0840 SamSs - ok
20:48:23.0081 0840 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:48:23.0081 0840 sbp2port - ok
20:48:23.0113 0840 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:48:23.0128 0840 SCardSvr - ok
20:48:23.0144 0840 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:48:23.0144 0840 scfilter - ok
20:48:23.0175 0840 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:48:23.0206 0840 Schedule - ok
20:48:23.0222 0840 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:48:23.0222 0840 SCPolicySvc - ok
20:48:23.0269 0840 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
20:48:23.0269 0840 sdbus - ok
20:48:23.0315 0840 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:48:23.0315 0840 SDRSVC - ok
20:48:23.0393 0840 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
20:48:23.0393 0840 SeaPort - ok
20:48:23.0440 0840 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:48:23.0440 0840 secdrv - ok
20:48:23.0456 0840 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:48:23.0471 0840 seclogon - ok
20:48:23.0503 0840 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
20:48:23.0503 0840 SENS - ok
20:48:23.0549 0840 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:48:23.0565 0840 SensrSvc - ok
20:48:23.0581 0840 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
20:48:23.0581 0840 Serenum - ok
20:48:23.0627 0840 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
20:48:23.0643 0840 Serial - ok
20:48:23.0659 0840 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:48:23.0659 0840 sermouse - ok
20:48:23.0705 0840 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:48:23.0721 0840 SessionEnv - ok
20:48:23.0752 0840 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:48:23.0752 0840 sffdisk - ok
20:48:23.0783 0840 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:48:23.0783 0840 sffp_mmc - ok
20:48:23.0799 0840 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:48:23.0799 0840 sffp_sd - ok
20:48:23.0815 0840 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:48:23.0830 0840 sfloppy - ok
20:48:23.0893 0840 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:48:23.0893 0840 SharedAccess - ok
20:48:23.0939 0840 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:48:23.0939 0840 ShellHWDetection - ok
20:48:24.0002 0840 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
20:48:24.0017 0840 SiSRaid2 - ok
20:48:24.0033 0840 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:48:24.0033 0840 SiSRaid4 - ok
20:48:24.0142 0840 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:48:24.0142 0840 SkypeUpdate - ok
20:48:24.0205 0840 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:48:24.0205 0840 Smb - ok
20:48:24.0267 0840 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:48:24.0283 0840 SNMPTRAP - ok
20:48:24.0298 0840 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:48:24.0298 0840 spldr - ok
20:48:24.0345 0840 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:48:24.0361 0840 Spooler - ok
20:48:24.0470 0840 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:48:24.0517 0840 sppsvc - ok
20:48:24.0548 0840 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:48:24.0548 0840 sppuinotify - ok
20:48:24.0579 0840 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:48:24.0595 0840 srv - ok
20:48:24.0626 0840 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:48:24.0626 0840 srv2 - ok
20:48:24.0704 0840 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:48:24.0704 0840 SrvHsfHDA - ok
20:48:24.0766 0840 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:48:24.0797 0840 SrvHsfV92 - ok
20:48:24.0829 0840 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:48:24.0844 0840 SrvHsfWinac - ok
20:48:24.0860 0840 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:48:24.0875 0840 srvnet - ok
20:48:24.0922 0840 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:48:24.0922 0840 SSDPSRV - ok
20:48:24.0938 0840 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:48:24.0953 0840 SstpSvc - ok
20:48:25.0047 0840 [ 293A556E04F815477AE93E07B35065E6 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
20:48:25.0063 0840 STacSV - ok
20:48:25.0094 0840 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
20:48:25.0094 0840 stexstor - ok
20:48:25.0172 0840 [ AA3C0336514C239A171F00A6902B59B8 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
20:48:25.0172 0840 STHDA - ok
20:48:25.0250 0840 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:48:25.0265 0840 stisvc - ok
20:48:25.0281 0840 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:48:25.0281 0840 swenum - ok
20:48:25.0359 0840 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:48:25.0375 0840 swprv - ok
20:48:25.0437 0840 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:48:25.0453 0840 SynTP - ok
20:48:25.0515 0840 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:48:25.0546 0840 SysMain - ok
20:48:25.0577 0840 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:48:25.0577 0840 TabletInputService - ok
20:48:25.0609 0840 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:48:25.0609 0840 TapiSrv - ok
20:48:25.0640 0840 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:48:25.0655 0840 TBS - ok
20:48:25.0749 0840 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:48:25.0780 0840 Tcpip - ok
20:48:25.0843 0840 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:48:25.0843 0840 TCPIP6 - ok
20:48:25.0889 0840 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:48:25.0905 0840 tcpipreg - ok
20:48:25.0921 0840 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:48:25.0921 0840 TDPIPE - ok
20:48:25.0952 0840 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:48:25.0967 0840 TDTCP - ok
20:48:26.0014 0840 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:48:26.0014 0840 tdx - ok
20:48:26.0030 0840 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:48:26.0030 0840 TermDD - ok
20:48:26.0092 0840 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:48:26.0108 0840 TermService - ok
20:48:26.0123 0840 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:48:26.0123 0840 Themes - ok
20:48:26.0139 0840 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:48:26.0155 0840 THREADORDER - ok
20:48:26.0201 0840 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:48:26.0201 0840 TrkWks - ok
20:48:26.0248 0840 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:48:26.0264 0840 TrustedInstaller - ok
20:48:26.0279 0840 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:48:26.0279 0840 tssecsrv - ok
20:48:26.0342 0840 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:48:26.0342 0840 TsUsbFlt - ok
20:48:26.0357 0840 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
20:48:26.0357 0840 TsUsbGD - ok
20:48:26.0404 0840 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:48:26.0420 0840 tunnel - ok
20:48:26.0435 0840 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:48:26.0435 0840 uagp35 - ok
20:48:26.0467 0840 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:48:26.0482 0840 udfs - ok
20:48:26.0513 0840 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:48:26.0513 0840 UI0Detect - ok
20:48:26.0545 0840 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:48:26.0560 0840 uliagpkx - ok
20:48:26.0607 0840 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:48:26.0607 0840 umbus - ok
20:48:26.0638 0840 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
20:48:26.0638 0840 UmPass - ok
20:48:26.0654 0840 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:48:26.0669 0840 upnphost - ok
20:48:26.0701 0840 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:48:26.0747 0840 USBAAPL64 - ok
20:48:26.0794 0840 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:48:26.0794 0840 usbccgp - ok
20:48:26.0841 0840 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:48:26.0841 0840 usbcir - ok
20:48:26.0857 0840 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:48:26.0872 0840 usbehci - ok
20:48:26.0888 0840 [ 76E2FFAD301490BA27B947C6507752FB ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
20:48:26.0903 0840 usbfilter - ok
20:48:26.0950 0840 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:48:26.0950 0840 usbhub - ok
20:48:26.0981 0840 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:48:26.0981 0840 usbohci - ok
20:48:27.0044 0840 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:48:27.0059 0840 usbprint - ok
20:48:27.0106 0840 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:48:27.0122 0840 usbscan - ok
20:48:27.0137 0840 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:48:27.0137 0840 USBSTOR - ok
20:48:27.0169 0840 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:48:27.0169 0840 usbuhci - ok
20:48:27.0231 0840 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:48:27.0231 0840 usbvideo - ok
20:48:27.0278 0840 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:48:27.0278 0840 UxSms - ok
20:48:27.0309 0840 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:48:27.0309 0840 VaultSvc - ok
20:48:27.0325 0840 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:48:27.0325 0840 vdrvroot - ok
20:48:27.0371 0840 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:48:27.0387 0840 vds - ok
20:48:27.0418 0840 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:48:27.0418 0840 vga - ok
20:48:27.0449 0840 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:48:27.0449 0840 VgaSave - ok
20:48:27.0481 0840 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:48:27.0496 0840 vhdmp - ok
20:48:27.0527 0840 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:48:27.0527 0840 viaide - ok
20:48:27.0559 0840 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:48:27.0559 0840 volmgr - ok
20:48:27.0605 0840 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:48:27.0621 0840 volmgrx - ok
20:48:27.0637 0840 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:48:27.0652 0840 volsnap - ok
20:48:27.0699 0840 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:48:27.0699 0840 vsmraid - ok
20:48:27.0777 0840 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:48:27.0808 0840 VSS - ok
20:48:27.0839 0840 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:48:27.0839 0840 vwifibus - ok
20:48:27.0886 0840 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:48:27.0886 0840 vwififlt - ok
20:48:27.0949 0840 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
20:48:27.0949 0840 vwifimp - ok
20:48:27.0995 0840 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:48:27.0995 0840 W32Time - ok
20:48:28.0027 0840 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:48:28.0027 0840 WacomPen - ok
20:48:28.0089 0840 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:48:28.0089 0840 WANARP - ok
20:48:28.0105 0840 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:48:28.0105 0840 Wanarpv6 - ok
20:48:28.0198 0840 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:48:28.0214 0840 WatAdminSvc - ok
20:48:28.0276 0840 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:48:28.0292 0840 wbengine - ok
20:48:28.0307 0840 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:48:28.0323 0840 WbioSrvc - ok
20:48:28.0354 0840 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:48:28.0354 0840 wcncsvc - ok
20:48:28.0385 0840 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:48:28.0385 0840 WcsPlugInService - ok
20:48:28.0417 0840 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
20:48:28.0417 0840 Wd - ok
20:48:28.0463 0840 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:48:28.0479 0840 Wdf01000 - ok
20:48:28.0510 0840 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:48:28.0510 0840 WdiServiceHost - ok
20:48:28.0526 0840 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:48:28.0526 0840 WdiSystemHost - ok
20:48:28.0557 0840 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:48:28.0557 0840 WebClient - ok
20:48:28.0588 0840 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:48:28.0604 0840 Wecsvc - ok
20:48:28.0604 0840 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:48:28.0619 0840 wercplsupport - ok
20:48:28.0651 0840 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:48:28.0651 0840 WerSvc - ok
20:48:28.0713 0840 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:48:28.0713 0840 WfpLwf - ok
20:48:28.0729 0840 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:48:28.0729 0840 WIMMount - ok
20:48:28.0775 0840 WinDefend - ok
20:48:28.0791 0840 WinHttpAutoProxySvc - ok
20:48:28.0853 0840 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:48:28.0853 0840 Winmgmt - ok
20:48:28.0931 0840 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:48:28.0978 0840 WinRM - ok
20:48:29.0072 0840 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:48:29.0072 0840 WinUsb - ok
20:48:29.0134 0840 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:48:29.0150 0840 Wlansvc - ok
20:48:29.0228 0840 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:48:29.0228 0840 wlcrasvc - ok
20:48:29.0368 0840 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:48:29.0415 0840 wlidsvc - ok
20:48:29.0446 0840 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:48:29.0446 0840 WmiAcpi - ok
20:48:29.0477 0840 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:48:29.0477 0840 wmiApSrv - ok
20:48:29.0540 0840 WMPNetworkSvc - ok
20:48:29.0587 0840 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:48:29.0602 0840 WPCSvc - ok
20:48:29.0618 0840 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:48:29.0633 0840 WPDBusEnum - ok
20:48:29.0649 0840 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:48:29.0649 0840 ws2ifsl - ok
20:48:29.0680 0840 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
20:48:29.0696 0840 wscsvc - ok
20:48:29.0711 0840 WSearch - ok
20:48:29.0805 0840 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:48:29.0836 0840 wuauserv - ok
20:48:29.0852 0840 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:48:29.0852 0840 WudfPf - ok
20:48:29.0899 0840 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:48:29.0899 0840 WUDFRd - ok
20:48:29.0930 0840 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:48:29.0930 0840 wudfsvc - ok
20:48:29.0961 0840 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:48:29.0977 0840 WwanSvc - ok
20:48:30.0023 0840 ================ Scan global ===============================
20:48:30.0055 0840 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:48:30.0086 0840 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:48:30.0117 0840 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:48:30.0148 0840 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:48:30.0179 0840 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:48:30.0179 0840 [Global] - ok
20:48:30.0179 0840 ================ Scan MBR ==================================
20:48:30.0195 0840 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:48:30.0601 0840 \Device\Harddisk0\DR0 - ok
20:48:30.0601 0840 ================ Scan VBR ==================================
20:48:30.0616 0840 [ 8C5F8C9B4D6DF9A28DF09F875155850C ] \Device\Harddisk0\DR0\Partition1
20:48:30.0616 0840 \Device\Harddisk0\DR0\Partition1 - ok
20:48:30.0632 0840 [ 8928F9D0C08DDE5731763D8FA7E6F33E ] \Device\Harddisk0\DR0\Partition2
20:48:30.0632 0840 \Device\Harddisk0\DR0\Partition2 - ok
20:48:30.0663 0840 [ 9901BE464F99B10B6BA600E55E96CF99 ] \Device\Harddisk0\DR0\Partition3
20:48:30.0679 0840 \Device\Harddisk0\DR0\Partition3 - ok
20:48:30.0694 0840 [ 3069CEA2809D2F5D8A88C799AA2F741A ] \Device\Harddisk0\DR0\Partition4
20:48:30.0694 0840 \Device\Harddisk0\DR0\Partition4 - ok
20:48:30.0694 0840 ============================================================
20:48:30.0694 0840 Scan finished
20:48:30.0694 0840 ============================================================
20:48:30.0725 5040 Detected object count: 0
20:48:30.0725 5040 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-29 20:51:16
-----------------------------
20:51:16.552 OS Version: Windows x64 6.1.7601 Service Pack 1
20:51:16.552 Number of processors: 4 586 0x503
20:51:16.552 ComputerName: KUEHL-HP UserName: Kuehl
20:51:18.845 Initialize success
20:54:52.176 AVAST engine defs: 12092901
20:55:20.256 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
20:55:20.256 Disk 0 Vendor: Hitachi_ JE3O Size: 476940MB BusType: 11
20:55:20.287 Disk 0 MBR read successfully
20:55:20.302 Disk 0 MBR scan
20:55:20.302 Disk 0 Windows 7 default MBR code
20:55:20.318 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
20:55:20.396 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 462799 MB offset 409600
20:55:20.505 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13837 MB offset 948221952
20:55:20.599 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
20:55:20.973 Disk 0 scanning C:\Windows\system32\drivers
20:55:42.969 Service scanning
20:56:37.912 Modules scanning
20:56:37.928 Disk 0 trace - called modules:
20:56:38.022 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
20:56:38.037 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004413060]
20:56:38.053 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80042e9ac0]
20:56:38.068 5 amd_xata.sys[fffff8800112e900] -> nt!IofCallDriver -> \Device\0000005c[0xfffffa80042e69c0]
20:56:39.738 AVAST engine scan C:\Windows
20:56:47.132 AVAST engine scan C:\Windows\system32
21:03:27.789 AVAST engine scan C:\Windows\system32\drivers
21:03:54.043 AVAST engine scan C:\Users\Kuehl
21:06:18.783 AVAST engine scan C:\ProgramData
21:08:14.285 Scan finished successfully
21:08:52.614 Disk 0 MBR has been saved successfully to "C:\Users\Family\Desktop\MBR.dat"
21:08:52.630 The log file has been saved successfully to "C:\Users\Family\Desktop\aswMBR.txt"
21:09:54.818 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
21:09:54.834 The log file has been saved successfully to "C:\aswMBR.txt"


C:\Users\Family\AppData\Local\Windows Live Writer\Windows Live\ynitmrsz.dll a variant of Win32/Kryptik.ALZT trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Kuehl\AppData\Local\temp\NODA57C.tmp a variant of Win32/Kryptik.ALZT trojan cleaned by deleting (after the next restart) - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:08 AM

Posted 30 September 2012 - 03:54 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

Launch it and after scan gets completed,post the generated log here.

NOTE: For vista and windows 7 right click on the tool and select run as administrator

#5 sawdog

sawdog
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 30 September 2012 - 12:45 PM

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.30.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Family :: KUEHL-HP [limited]

9/30/2012 10:45:44 AM
mbam-log-2012-09-30 (10-45-44).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 317098
Time elapsed: 57 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)






MiniToolBox by Farbar Version: 23-07-2012
Ran by Family (ATTENTION: The logged in user is not administrator) on 30-09-2012 at 10:16:35
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8188CE 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Kuehl-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : AC-81-12-9B-25-B7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8188CE 802.11b/g/n WiFi Adapter
Physical Address. . . . . . . . . : AC-81-12-9B-25-B7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::343f:3cf3:4fed:52d0%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, September 30, 2012 7:55:14 AM
Lease Expires . . . . . . . . . . : Sunday, September 30, 2012 11:11:49 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 330072338
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-E1-2C-9A-10-1F-74-C5-F4-A4
DNS Servers . . . . . . . . . . . : 24.116.2.50
24.116.2.34
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 10-1F-74-C5-F4-A4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {15662F60-43E2-4342-AEB1-C037F596E3CA}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{6EEB3568-E6C4-4297-B188-300870F9D395}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:2c51:3447:3f57:fffb(Preferred)
Link-local IPv6 Address . . . . . : fe80::2c51:3447:3f57:fffb%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: local2.speedtest.cableone.net
Address: 24.116.2.50

Name: google.com
Addresses: 2607:f8b0:4000:800::1002
74.125.227.102
74.125.227.103
74.125.227.104
74.125.227.105
74.125.227.110
74.125.227.96
74.125.227.97
74.125.227.98
74.125.227.99
74.125.227.100
74.125.227.101


Pinging google.com [74.125.227.101] with 32 bytes of data:
Reply from 74.125.227.101: bytes=32 time=69ms TTL=52
Reply from 74.125.227.101: bytes=32 time=73ms TTL=52

Ping statistics for 74.125.227.101:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 69ms, Maximum = 73ms, Average = 71ms
Server: dns.cableone.net
Address: 24.116.2.50

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=81ms TTL=48
Reply from 98.138.253.109: bytes=32 time=77ms TTL=48

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 77ms, Maximum = 81ms, Average = 79ms
Server: local2.speedtest.cableone.net
Address: 24.116.2.50

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...ac 81 12 9b 25 b7 ......Microsoft Virtual WiFi Miniport Adapter
13...ac 81 12 9b 25 b7 ......Realtek RTL8188CE 802.11b/g/n WiFi Adapter
11...10 1f 74 c5 f4 a4 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.4 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.4 281
192.168.0.4 255.255.255.255 On-link 192.168.0.4 281
192.168.0.255 255.255.255.255 On-link 192.168.0.4 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.4 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.4 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:9d38:953c:2c51:3447:3f57:fffb/128
On-link
13 281 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::2c51:3447:3f57:fffb/128
On-link
13 281 fe80::343f:3cf3:4fed:52d0/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ================================

Could not start eventlog service, could not read events.

System error 5 has occurred.

Access is denied.


=========================== Installed Programs ============================

Adobe AIR (Version: 3.3.0.3650)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.278)
Adobe Flash Player 11 Plugin (Version: 11.4.402.278)
Adobe Reader X (10.1.4) MUI (Version: 10.1.4)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Agatha Christie - Peril at End House (Version: 2.2.0.95)
All_In_One
AMD Fuel (Version: 2011.0228.1151.21177)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.812.0)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bejeweled 3 (Version: 2.2.0.95)
Bing Bar (Version: 7.0.610.0)
Blackhawk Striker 2 (Version: 2.2.0.95)
Blasterball 3 (Version: 2.2.0.95)
Blio (Version: 2.2.6699)
Bonjour (Version: 3.0.0.10)
Bounce Symphony (Version: 2.2.0.95)
Build-a-lot 2 (Version: 2.2.0.95)
Cake Mania (Version: 2.2.0.95)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.0228.1151.21177)
Catalyst Control Center InstallProxy (Version: 2011.0228.1151.21177)
Catalyst Control Center Localization All (Version: 2011.0228.1151.21177)
ccc-core-static (Version: 2011.0228.1151.21177)
ccc-utility64 (Version: 2011.0228.1151.21177)
CCC Help Chinese Standard (Version: 2011.0228.1150.21177)
CCC Help Chinese Traditional (Version: 2011.0228.1150.21177)
CCC Help Czech (Version: 2011.0228.1150.21177)
CCC Help Danish (Version: 2011.0228.1150.21177)
CCC Help Dutch (Version: 2011.0228.1150.21177)
CCC Help English (Version: 2011.0228.1150.21177)
CCC Help Finnish (Version: 2011.0228.1150.21177)
CCC Help French (Version: 2011.0228.1150.21177)
CCC Help German (Version: 2011.0228.1150.21177)
CCC Help Greek (Version: 2011.0228.1150.21177)
CCC Help Hungarian (Version: 2011.0228.1150.21177)
CCC Help Italian (Version: 2011.0228.1150.21177)
CCC Help Japanese (Version: 2011.0228.1150.21177)
CCC Help Korean (Version: 2011.0228.1150.21177)
CCC Help Norwegian (Version: 2011.0228.1150.21177)
CCC Help Polish (Version: 2011.0228.1150.21177)
CCC Help Portuguese (Version: 2011.0228.1150.21177)
CCC Help Russian (Version: 2011.0228.1150.21177)
CCC Help Spanish (Version: 2011.0228.1150.21177)
CCC Help Swedish (Version: 2011.0228.1150.21177)
CCC Help Thai (Version: 2011.0228.1150.21177)
CCC Help Turkish (Version: 2011.0228.1150.21177)
CCleaner (Version: 3.10)
Chuzzle Deluxe (Version: 2.2.0.95)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
CyberLink YouCam (Version: 3.5.1.3922)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dora's World Adventure (Version: 2.2.0.95)
Energy Star Digital Logo (Version: 1.0.1)
ESET Online Scanner v3
ESU for Microsoft Windows 7 (Version: 1.0.0)
Evernote v. 4.2.2 (Version: 4.2.2.3979)
Farm Frenzy (Version: 2.2.0.95)
FATE - The Traitor Soul (Version: 2.2.0.95)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.123)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
HP Auto (Version: 1.0.12494.3472)
HP Client Services (Version: 1.1.12938.3539)
HP Connection Manager (Version: 4.0.45.1)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.1.0.0)
HP Games (Version: 1.0.2.4)
HP MovieStore (Version: 1.0.047)
HP On Screen Display (Version: 1.2.1)
HP Power Manager (Version: 1.2.3)
HP Quick Launch (Version: 2.4.1)
HP Setup (Version: 8.6.4530.3651)
HP Setup Manager (Version: 1.1.13253.3682)
HP Software Framework (Version: 4.0.112.1)
HP Support Assistant (Version: 6.1.12.1)
IDT Audio (Version: 1.0.6319.0)
iTunes (Version: 10.7.0.21)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 31 (64-bit) (Version: 6.0.310)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 15.4.3502.0922)
Legalsounds Download Manager (Version: 1.4.9)
Mah Jong Medley (Version: 2.2.0.95)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Music Manager
Mystery P.I. - Stolen in San Francisco (Version: 2.2.0.95)
Namco All-Stars PAC-MAN (Version: 2.2.0.95)
Penguins! (Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
PlayReady PC Runtime x86 (Version: 1.3.0)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
QuickTime (Version: 7.72.80.56)
RealFlight 6 Demo (Version: 6.00.001)
Realtek Ethernet Controller Driver (Version: 7.34.1130.2010)
Realtek PCIE Card Reader (Version: 6.1.7600.74)
REALTEK Wireless LAN Driver (Version: 1.00.11.0323)
Recovery Manager (Version: 2.0.0)
RoxioNow Player (Version: 1.9.5.103)
Skype™ 5.10 (Version: 5.10.116)
Slingo Supreme (Version: 2.2.0.95)
SpywareBlaster 4.6 (Version: 4.6.0)
Synaptics Pointing Device Driver (Version: 15.3.29.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
Wheel of Fortune 2 (Version: 2.2.0.95)
WildTangent Games App (HP Games) (Version: 4.0.5.31)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinPatrol (Version: 25.0.2012.5)
WMV9/VC-1 Video Playback (Version: 1.00.0000)
WOT for Internet Explorer (Version: 12.8.2.0)
Zuma Deluxe (Version: 2.2.0.95)

========================= Memory info: ===================================

Percentage of memory in use: 57%
Total physical RAM: 3834.9 MB
Available physical RAM: 1628.53 MB
Total Pagefile: 7668 MB
Available Pagefile: 5094.9 MB
Total Virtual: 4095.88 MB
Available Virtual: 3962.68 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:451.95 GB) (Free:324.56 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:13.51 GB) (Free:1.51 GB) NTFS

========================= Users: ========================================

User accounts for \\KUEHL-HP

Administrator Family Guest
Kuehl


**** End of log ****




Farbar Service Scanner Version: 19-09-2012
Ran by Family (ATTENTION: The logged in user is not administrator) on 30-09-2012 at 10:29:32
Running from "C:\Users\Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XFP9M17T"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Nsi Service is not running. Checking service configuration:
The start type of Nsi service is OK.
The ImagePath of Nsi service is OK.
Checking ServiceDll: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.

nsiproxy Service is not running. Checking service configuration:
The start type of nsiproxy service is OK.
The ImagePath of nsiproxy service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Demand. The default start type is Auto.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt: "%systemroot%\system32\svchost.exe -k netsvcs".
The ServiceDll of winmgmt service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.

cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is OK.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

PlugPlay Service is not running. Checking service configuration:
The start type of PlugPlay service is OK.
The ImagePath of PlugPlay service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****




# AdwCleaner v2.003 - Logfile created 09/30/2012 at 10:32:42
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Kuehl - KUEHL-HP
# Boot Mode : Normal
# Running from : C:\Users\Family\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\ProgramData\InstallMate

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\Software\TotalRecipeSearch_14EI
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKU\S-1-5-21-333936093-4108848503-2800413892-1004\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

*************************

AdwCleaner[S1].txt - [1709 octets] - [30/09/2012 10:32:42]

########## EOF - \AdwCleaner[S1].txt - [1769 octets] ##########





Junkware Removal Tool (JRT) by Thisisu
Version: 1.1.8 (09.30.2012)
OS: Windows 7 Home Premium x64
Ran by Family on Sun 09/30/2012 at 11:04:58.96
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
ERROR: Access is denied.

Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
ERROR: Access is denied.

Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\wow6432node\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}



*** Files: 0 Detections



*** Folders: 0 Detections



Removed the following from [PREFS.JS] :



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Sun 09/30/2012 at 11:05:16.87
End of Report

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:08 AM

Posted 30 September 2012 - 12:54 PM

Ran by Family (ATTENTION: The logged in user is not administrator) on 30-09-2012 at 10:29:32


Please run the tools in administrator account and post the log

#7 sawdog

sawdog
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 30 September 2012 - 02:09 PM

Farbar Service Scanner Version: 19-09-2012
Ran by Kuehl (administrator) on 30-09-2012 at 13:07:43
Running from "C:\Users\Kuehl\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Demand. The default start type is Auto.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:08 AM

Posted 30 September 2012 - 09:37 PM

Please run malwarebytes in administrator account and post the log

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
reset file permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Run farbar service scanner again and post the new log


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#9 sawdog

sawdog
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 30 September 2012 - 09:57 PM

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.30.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kuehl :: KUEHL-HP [administrator]

9/30/2012 12:34:28 PM
mbam-log-2012-09-30 (12-34-28).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 380699
Time elapsed: 1 hour(s), 51 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 sawdog

sawdog
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 30 September 2012 - 10:03 PM

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/30/2012 08:58:44 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\SysWOW64\ezSharedSvcHost.exe (PID: 1916) [SFI]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Windows Firewall (MpsSvc) is not Running.
Startup Type set to: Manual

* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 09/30/2012 08:59:15 PM
Execution time: 0 hours(s), 0 minute(s), and 31 seconds(s)

#11 sawdog

sawdog
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 30 September 2012 - 10:44 PM

Farbar Service Scanner Version: 19-09-2012
Ran by Kuehl (administrator) on 30-09-2012 at 21:42:40
Running from "C:\Users\Kuehl\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#12 sawdog

sawdog
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 30 September 2012 - 11:02 PM

Performed autoruns scan. Unable to save as text and copy.

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:08 AM

Posted 30 September 2012 - 11:06 PM

Performed autoruns scan. Unable to save as text and copy.

what happens?

Edited by narenxp, 30 September 2012 - 11:06 PM.


#14 sawdog

sawdog
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 30 September 2012 - 11:13 PM

The autoruns window is open; file is selected however there is no ability to save as. When I search for autoruns.txt nothing appears - only the autoruns window.

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:08 AM

Posted 30 September 2012 - 11:20 PM

I think you may need to look at instructions again

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here


When scan gets completed,you will find READY at left corner.

In Autoruns window,click on FILE and then SAVE

You need to select location to save it and type the filename and save it as text




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users