Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ad.yieldmanager and redirects


  • Please log in to reply
17 replies to this topic

#1 dragoazure

dragoazure

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 08 October 2012 - 03:50 PM

Hello, and thank you in advance for any assistance you can give me.

When I open any webpage I get a popup in the right or left hand bottom corner of the page from ad.yieldmanager.com, also intermittenly I will be redirected to another site when I attempt to click on a link. I am using Internet Explorer and Windows 7.

I have been experiencing these symptoms for the past several months. I have taken the computer to the geek squad as I have a protection plan through them. They thought they fixed the problem, but apparently not. They installed Webroot for me. I also have installed MBAM, Super Anti-Spyware free version, and StopZilla installed as well. All of these were installed within the last 24 hours.

BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 PM

Posted 08 October 2012 - 03:51 PM

Update and do a quick scan with Malwarebytes remove all that it finds and reboot.
http://www.filehippo.com/download_malwarebytes_anti_malware/download/ecf14848530d11a2f09a94b92a69fcfa/

Post the log here,


Update do a quick scan with Superantispyware remove all this finds reboot.
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
post the log here.


Run a scan with Eset.
http://www.eset.com/us/online-scanner/
When the scan finish list found threats save to clipboard copy to notepad Post the log here.




Please download FarbarServiceScanner and run it on the computer with the issue.
http://download.bleepingcomputer.com/farbar/FSS.exe


Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Please download MINITOOLBOX and run it.
http://download.bleepingcomputer.com/farbar/MiniToolBox.exe

Checkmark following boxes:


Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.



Download Adware Cleaner run it as admin Click the delete button allow it to run and post the log it creates.

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

Download Norman Malware Cleaner Run it Go to options then put a tick next to Enable rootkit cleaning. Hit the Full Scan>>>>>>>>Let it finish>>>>>>>>Go to the quarantine Tab>>>>>>> Tick the Select All>>>>>Then the Delete>>>>>>Quit
http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe
A log will appear on your desktop post that here in your next reply.


REBoot after Norman.

Edited by InadequateInfirmity, 08 October 2012 - 03:52 PM.


#3 dragoazure

dragoazure
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 09 October 2012 - 09:37 PM

Malwarebytes log

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.08.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kathleen :: KATHLEEN-HP [administrator]

10/8/2012 12:45:48 AM
mbam-log-2012-10-08 (09-23-58).txt

Scan type: Full scan (C:\|D:\|G:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 410582
Time elapsed: 1 hour(s), 44 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files (x86)\Certblaster\Update.exe (Virtool.Constructor) -> No action taken.

#4 dragoazure

dragoazure
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 09 October 2012 - 09:41 PM

SUPERAntiSpyware Log


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/08/2012 at 01:08 AM

Application Version : 5.6.1008

Core Rules Database Version : 9354
Trace Rules Database Version: 7166

Scan type : Quick Scan
Total Scan Time : 00:10:48

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 642
Memory threats detected : 0
Registry items scanned : 60597
Registry threats detected : 0
File items scanned : 11757
File threats detected : 58

Adware.Tracking Cookie
C:\Users\Kathleen\AppData\Roaming\Microsoft\Windows\Cookies\kathleen@ads.associatedcontent[1].txt [ /ads.associatedcontent ]
C:\Users\Kathleen\AppData\Roaming\Microsoft\Windows\Cookies\kathleen@associatedcontent.112.2o7[1].txt [ /associatedcontent.112.2o7 ]
C:\Users\Kathleen\AppData\Roaming\Microsoft\Windows\Cookies\kathleen@edgeadx[1].txt [ /edgeadx ]
C:\Users\Kathleen\AppData\Roaming\Microsoft\Windows\Cookies\kathleen@invitemedia[1].txt [ /invitemedia ]
C:\Users\Kathleen\AppData\Roaming\Microsoft\Windows\Cookies\kathleen@mediabrandsww[1].txt [ /mediabrandsww ]
C:\Users\Kathleen\AppData\Roaming\Microsoft\Windows\Cookies\kathleen@pbteen[2].txt [ /pbteen ]
C:\Users\Kathleen\AppData\Roaming\Microsoft\Windows\Cookies\kathleen@www.hrsacc

#5 dragoazure

dragoazure
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 09 October 2012 - 09:43 PM

ESET Log


C:\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined

#6 dragoazure

dragoazure
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 09 October 2012 - 09:45 PM

FSS log


Farbar Service Scanner Version: 07-10-2012
Ran by Kathleen (administrator) on 08-10-2012 at 23:34:40
Running from "C:\Users\Kathleen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I50K9923"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit

#7 dragoazure

dragoazure
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 09 October 2012 - 09:51 PM

MiniToolBox log


MiniToolBox by Farbar Version: 23-07-2012
Ran by Kathleen (administrator) on 08-10-2012 at 23:35:50
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

::1 localhost

68.168.222.227 www.google-analytics.com.
68.168.222.227 ad-emea.doubleclick.net.
68.168.222.227 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 4313GN 802.11b/g/n 1x1 Wi-Fi Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Kathleen-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : AC-81-12-46-53-93
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 4313GN 802.11b/g/n 1x1 Wi-Fi Adapter
Physical Address. . . . . . . . . : AC-81-12-46-53-93
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f15a:3682:47b3:f911%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.8(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, October 08, 2012 5:45:03 PM
Lease Expires . . . . . . . . . . : Tuesday, October 09, 2012 5:45:07 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 330072338
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-18-D6-45-98-4B-E1-BF-B7-8D
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 00415.geek.local
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 98-4B-E1-BF-B7-8D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{DEEC9531-2381-4A95-8F19-965D21805BD7}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:4b9:f02:bdab:9577(Preferred)
Link-local IPv6 Address . . . . . : fe80::4b9:f02:bdab:9577%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{43A38D79-1CC1-4D85-9C35-ACCAA300EA5F}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4009:800::1007
74.125.225.41
74.125.225.46
74.125.225.32
74.125.225.33
74.125.225.34
74.125.225.35
74.125.225.36
74.125.225.37
74.125.225.38
74.125.225.39
74.125.225.40


Pinging google.com [74.125.225.39] with 32 bytes of data:
Reply from 74.125.225.39: bytes=32 time=105ms TTL=51
Reply from 74.125.225.39: bytes=32 time=128ms TTL=51

Ping statistics for 74.125.225.39:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 105ms, Maximum = 128ms, Average = 116ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=145ms TTL=52
Reply from 98.139.183.24: bytes=32 time=151ms TTL=52

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 145ms, Maximum = 151ms, Average = 148ms
Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...ac 81 12 46 53 93 ......Microsoft Virtual WiFi Miniport Adapter
12...ac 81 12 46 53 93 ......Broadcom 4313GN 802.11b/g/n 1x1 Wi-Fi Adapter
10...98 4b e1 bf b7 8d ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.8 40
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.8 296
192.168.1.8 255.255.255.255 On-link 192.168.1.8 296
192.168.1.255 255.255.255.255 On-link 192.168.1.8 296
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.8 296
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.8 296
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
15 58 ::/0 On-link
1 306 ::1/128 On-link
15 58 2001::/32 On-link
15 306 2001:0:4137:9e76:4b9:f02:bdab:9577/128
On-link
12 296 fe80::/64 On-link
15 306 fe80::/64 On-link
15 306 fe80::4b9:f02:bdab:9577/128
On-link
12 296 fe80::f15a:3682:47b3:f911/128
On-link
1 306 ff00::/8 On-link
15 306 ff00::/8 On-link
12 296 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/08/2012 05:50:42 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)NT AUTHORITY
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (10/08/2012 05:50:42 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)NT AUTHORITY
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (10/08/2012 05:39:32 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)NT AUTHORITY
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (10/08/2012 05:39:32 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)NT AUTHORITY
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (10/08/2012 10:17:13 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)NT AUTHORITY
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (10/08/2012 10:17:13 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)NT AUTHORITY
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (10/08/2012 09:33:12 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)NT AUTHORITY
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (10/08/2012 09:33:12 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)NT AUTHORITY
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (09/30/2012 10:29:00 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)NT AUTHORITY
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (09/30/2012 10:29:00 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)NT AUTHORITY
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


System errors:
=============
Error: (10/08/2012 11:23:59 PM) (Source: DCOM) (User: Kathleen-HP)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Kathleen-HPKathleenS-1-5-21-996533269-2558026005-1105143815-1002LocalHost (Using LRPC)

Error: (10/08/2012 05:45:39 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (10/08/2012 05:45:07 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
is3srv

Error: (10/08/2012 05:37:32 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (10/08/2012 05:33:00 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

Error: (10/08/2012 05:32:21 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
is3srv

Error: (10/08/2012 05:32:08 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:30:37 PM on ?10/?8/?2012 was unexpected.

Error: (10/08/2012 10:08:56 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/08/2012 08:26:50 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AMD FUEL Service service.

Error: (10/07/2012 10:53:00 PM) (Source: Service Control Manager) (User: )
Description: The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (10/08/2012 05:50:42 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)NT AUTHORITY
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (10/08/2012 05:50:42 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)NT AUTHORITY
Description: Performance1637070000000000000000000009030000

Error: (10/08/2012 05:39:32 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)NT AUTHORITY
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (10/08/2012 05:39:32 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)NT AUTHORITY
Description: Performance1637070000000000000000000009030000

Error: (10/08/2012 10:17:13 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)NT AUTHORITY
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (10/08/2012 10:17:13 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)NT AUTHORITY
Description: Performance1637070000000000000000000009030000

Error: (10/08/2012 09:33:12 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)NT AUTHORITY
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (10/08/2012 09:33:12 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)NT AUTHORITY
Description: Performance1637070000000000000000000009030000

Error: (09/30/2012 10:29:00 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)NT AUTHORITY
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (09/30/2012 10:29:00 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)NT AUTHORITY
Description: Performance1637070000000000000000000009030000


=========================== Installed Programs ============================

Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.278)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Agatha Christie - Peril at End House (Version: 2.2.0.95)
AMD Fuel (Version: 2010.1209.2324.42008)
ATI Catalyst Install Manager (Version: 3.0.804.0)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bing Rewards Client Installer (Version: 16.0.345.0)
Blackhawk Striker 2 (Version: 2.2.0.95)
Blasterball 3 (Version: 2.2.0.95)
Blio (Version: 2.2.7689)
Bounce Symphony (Version: 2.2.0.95)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.100.82.86)
Build-a-lot 2 (Version: 2.2.0.95)
Cake Mania (Version: 2.2.0.95)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.1209.2324.42008)
Catalyst Control Center InstallProxy (Version: 2010.1209.2324.42008)
Catalyst Control Center Localization All (Version: 2010.1209.2324.42008)
ccc-core-static (Version: 2010.1209.2324.42008)
ccc-utility64 (Version: 2010.1209.2324.42008)
CCC Help Chinese Standard (Version: 2010.1209.2323.42008)
CCC Help Chinese Traditional (Version: 2010.1209.2323.42008)
CCC Help Czech (Version: 2010.1209.2323.42008)
CCC Help Danish (Version: 2010.1209.2323.42008)
CCC Help Dutch (Version: 2010.1209.2323.42008)
CCC Help English (Version: 2010.1209.2323.42008)
CCC Help Finnish (Version: 2010.1209.2323.42008)
CCC Help French (Version: 2010.1209.2323.42008)
CCC Help German (Version: 2010.1209.2323.42008)
CCC Help Greek (Version: 2010.1209.2323.42008)
CCC Help Hungarian (Version: 2010.1209.2323.42008)
CCC Help Italian (Version: 2010.1209.2323.42008)
CCC Help Japanese (Version: 2010.1209.2323.42008)
CCC Help Korean (Version: 2010.1209.2323.42008)
CCC Help Norwegian (Version: 2010.1209.2323.42008)
CCC Help Polish (Version: 2010.1209.2323.42008)
CCC Help Portuguese (Version: 2010.1209.2323.42008)
CCC Help Russian (Version: 2010.1209.2323.42008)
CCC Help Spanish (Version: 2010.1209.2323.42008)
CCC Help Swedish (Version: 2010.1209.2323.42008)
CCC Help Thai (Version: 2010.1209.2323.42008)
Certblaster CompTIA Network+ (2009 Edition) (Version: 5.0.0)
Chuzzle Deluxe (Version: 2.2.0.95)
Cradle Of Egypt Collector's Edition (Version: 2.2.0.98)
CyberLink DVD Suite (Version: 7.0.3525)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Design Manager
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dora's World Adventure (Version: 2.2.0.95)
Enchanted Cavern 2 (Version: 2.2.0.98)
Energy Star Digital Logo (Version: 1.0.1)
EPSON Printer Software
Escape Rosecliff Island (Version: 2.2.0.95)
ESET Online Scanner v3
ESU for Microsoft Windows 7 (Version: 1.0.0)
Farm Frenzy (Version: 2.2.0.95)
FATE (Version: 2.2.0.95)
Final Drive Nitro (Version: 2.2.0.95)
GIMP 2.6.11 (Version: 2.6.11)
Google SketchUp 8 (Version: 3.0.4811)
Heroes of Hellas 2 - Olympia (Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
HP Auto (Version: 1.0.12494.3472)
HP Client Services (Version: 1.0.12656.3472)
HP CloudDrive
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Documentation (Version: 1.1.0.0)
HP Games (Version: 1.0.3.0)
HP MovieStore (Version: 1.0.036)
HP MovieStore (Version: 2.0)
HP On Screen Display (Version: 1.2.2)
HP Power Manager (Version: 1.4.7)
HP Quick Launch (Version: 2.7.2)
HP Setup (Version: 8.4.4487.3576)
HP Setup Manager (Version: 1.0.12845.3522)
HP Software Framework (Version: 4.1.13.1)
HP Support Assistant (Version: 6.1.12.1)
HP Wireless Assistant (Version: 4.0.10.0)
IDT Audio (Version: 1.0.6341.0)
Integrated Accounting 7th Ed (Version: 7.00.000)
Isla Dorada - Episode 1: The sands of Ephranis (Version: 2.2.0.98)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 22 (64-bit) (Version: 6.0.220)
Java™ 6 Update 29 (Version: 6.0.290)
Jewel Quest Solitaire
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
LabelPrint (Version: 2.5.3429)
LG USB Modem driver
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 14.0.6106.5001)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Visio 2010 (Version: 14.0.6029.1000)
Microsoft Office Visio MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft PowerPoint Viewer (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Premium 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mystery P.I. - The London Caper (Version: 2.2.0.95)
Nick Jr Bingo (Version: 2.2.0.98)
Penguins! (Version: 2.2.0.95)
Personal Ancestral File 5
PictureMover (Version: 3.5.0.35)
Plants vs. Zombies (Version: 2.2.0.95)
PlayReady PC Runtime x86 (Version: 1.3.0)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Power2Go (Version: 6.1.4725)
Realtek Ethernet Controller Driver (Version: 7.40.126.2011)
Realtek PCIE Card Reader (Version: 6.1.7601.83)
Recovery Manager (Version: 1.0.22)
Reel Deal Slot Quest: The Museum Escape (Version: 2.2.0.98)
RoxioNow Player (Version: 1.9.5.101)
STOPzilla (Version: 6.0.2.2)
SUPERAntiSpyware (Version: 5.6.1008)
Synaptics Pointing Device Driver (Version: 15.3.29.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
Virtual Families (Version: 2.2.0.95)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
Webroot SecureAnywhere (Version: 8.0.2.14)
Wheel of Fortune 2 (Version: 2.2.0.95)
WildTangent Games App (HP Games) (Version: 4.0.5.14)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
WinPcap 4.1.2 (Version: 4.1.0.2001)
Wireshark 1.6.5 (Version: 1.6.5)
WMV9/VC-1 Video Playback (Version: 1.00.0000)
World of Warcraft (Version: 4.1.0.13914)
Zuma Deluxe (Version: 2.2.0.95)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 3834.9 MB
Available physical RAM: 1851.16 MB
Total Pagefile: 7668 MB
Available Pagefile: 5516.54 MB
Total Virtual: 4095.88 MB
Available Virtual: 3962.63 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:451.35 GB) (Free:333.44 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.12 GB) (Free:1.76 GB) NTFS
4 Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

========================= Users: ========================================

User accounts for \\KATHLEEN-HP

Administrator Guest Kathleen


**** End of log ****

#8 dragoazure

dragoazure
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 09 October 2012 - 09:55 PM

I was not able to even begin Adware Cleaner. I got a message saying the site and the download was unsafe and not given the option of install or run the program.

#9 dragoazure

dragoazure
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 09 October 2012 - 09:58 PM

Norman Malware Log


Norman Malware Cleaner v2.05.06
Copyright © 1990 - 2012, Norman ASA.

Norman Scanner Engine Version: 6.08.06
nvcbin.def: Version: 6.08.00, Date: 2012/10/08 09:37:20, Variants: 18833608
nvcmacro.def: Version: 6.08.00, Date: 2011/12/19 05:20:35, Variants: 20465

Operating System: Windows 7 Service Pack 1 x64

Switches: /iagree /cleanrootkit /nosb

Scan started: 2012/10/09 00:07:38

Running pre-scan cleanup routine...
Potentially unwanted registry key: 'HKCR\.exe --> shell'
Remove registry key: HKCR\.exe (--> shell)
Cleaning successful

Number of malicious objects found: 1
Number of malicious objects cleaned: 1
Scanning time: 1s

Scanning running processes and process memory...

Number of objects found: 1113
Number of objects scanned: 1113
Number of objects not scanned: 0
Number of malicious memory objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 1m 27s

Scanning system for FakeAV...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Running full scan...
C:\ProgramData\Microsoft\Application Virtualization Client\SoftGrid Client\sftfs.fsd: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Application Virtualization Client\SoftGrid Client\sftfs.fsG: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.tmp: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-DD907112A6137ED9777B2BDAF575B845DF29F51C.bin.67: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-DD907112A6137ED9777B2BDAF575B845DF29F51C.bin.7E: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-DD907112A6137ED9777B2BDAF575B845DF29F51C.bin.80: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-DD907112A6137ED9777B2BDAF575B845DF29F51C.bin.87: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-DD907112A6137ED9777B2BDAF575B845DF29F51C.bin.A0: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-DD907112A6137ED9777B2BDAF575B845DF29F51C.bin.VE0: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-DD907112A6137ED9777B2BDAF575B845DF29F51C.bin.VE1: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-DD907112A6137ED9777B2BDAF575B845DF29F51C.bin.VE2: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-DD907112A6137ED9777B2BDAF575B845DF29F51C.bin.VF: Error opening file for read: 0x00000020
C:\ProgramData\STOPzilla!\zilla5.log: Error opening file for read: 0x00000020
C:\System Volume Information\Syscache.hve: Error opening file for read: 0x00000020
C:\System Volume Information\Syscache.hve.LOG1: Error opening file for read: 0x00000020
C:\System Volume Information\Syscache.hve.LOG2: Error opening file for read: 0x00000020
C:\Users\Kathleen\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{A221DBBA-1191-11E2-9F96-984BE1BFB78D}.dat: Error opening file for read: 0x00000020
C:\Users\Kathleen\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{B5A82602-11C2-11E2-9F96-984BE1BFB78D}.dat: Error opening file for read: 0x00000020
C:\Users\Kathleen\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{D101665A-11E3-11E2-9F96-984BE1BFB78D}.dat: Error opening file for read: 0x00000020
C:\Users\Kathleen\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{F73B865F-11C1-11E2-9F96-984BE1BFB78D}.dat: Error opening file for read: 0x00000020
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1: Error opening file for read: 0x00000020
C:\Users\Kathleen\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2: Error opening file for read: 0x00000020
C:\Users\Kathleen\AppData\Local\Temp\~DF1D3C05DA0C5E3744.TMP: Error opening file for read: 0x00000020
C:\Users\Kathleen\AppData\Local\Temp\~DF30108A336FCDE168.TMP: Error opening file for read: 0x00000020
C:\Users\Kathleen\AppData\Local\Temp\~DF7D0BE2048CDAD6E7.TMP: Error opening file for read: 0x00000020
C:\Users\Kathleen\AppData\Local\Temp\~DFEFAFF8FE50DBE3C9.TMP: Error opening file for read: 0x00000020
C:\Users\Kathleen\NTUSER.DAT: Error opening file for read: 0x00000020
C:\Users\Kathleen\ntuser.dat.LOG1: Error opening file for read: 0x00000020
C:\Users\Kathleen\ntuser.dat.LOG2: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\70335655ba36c98a4080285607d74351\89352ddf1d1b3e4c533ec0aa88c56494\grouping\db.mdb: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\70335655ba36c98a4080285607d74351\89352ddf1d1b3e4c533ec0aa88c56494\grouping\edb.log: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\70335655ba36c98a4080285607d74351\89352ddf1d1b3e4c533ec0aa88c56494\grouping\tmp.edb: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\catroot2\edb.log: Error opening file for read: 0x00000020
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb: Error opening file for read: 0x00000020
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb: Error opening file for read: 0x00000020
C:\Windows\System32\config\DEFAULT: Error opening file for read: 0x00000020
C:\Windows\System32\config\DEFAULT.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\DEFAULT.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\DEFAULT: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SAM: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SECURITY: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SOFTWARE: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SYSTEM: Error opening file for read: 0x00000020
C:\Windows\System32\config\SAM: Error opening file for read: 0x00000020
C:\Windows\System32\config\SAM.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SAM.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\SECURITY: Error opening file for read: 0x00000020
C:\Windows\System32\config\SECURITY.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SECURITY.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\SOFTWARE: Error opening file for read: 0x00000020
C:\Windows\System32\config\SOFTWARE.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SOFTWARE.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\SYSTEM: Error opening file for read: 0x00000020
C:\Windows\System32\config\SYSTEM.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SYSTEM.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl: Error opening file for read: 0x00000020
C:\Windows\Temp\TMP000009AF7A9213D5F70D858E: Error opening file for read: 0x00000020

Number of files found: 201288
Number of archives unpacked: 5894
Number of objects found: 642830
Number of objects scanned: 642754
Number of objects not scanned: 76
Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 12h 31m 59s

Running post-scan cleanup routine...
Potentially unwanted registry key: 'HKCR\.exe --> shell'
Remove registry key: HKCR\.exe (--> shell)
Cleaning operation failed (Error code: 0x00000005)

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s

Results:
Total number of files found: 201288
Total number of archives unpacked: 5894
Total number of objects found: 643943
Total number of objects scanned: 643867
Total number of objects not scanned: 76
Total number of malicious objects found: 2
Total number of malicious objects cleaned: 1
Total number of malicious files found: 0
Total number of malicious files cleaned: 0
Total number of objects quarantined: 0
Total scanning time: 12h 33m 27s

#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 PM

Posted 10 October 2012 - 06:04 AM

I was not able to even begin Adware Cleaner. I got a message saying the site and the download was unsafe and not given the option of install or run the program.



Which broware are you using?
This program is safe I gurantee you that.
Please download Firefox and use that to download Adware Cleaner.
http://www.mozilla.org/en-US/firefox/new/

Post the Ad-ware cleaner log and we will go from there. :thumbup2:

Also please re-run malwarebytes update and quick scan remove the threats this time please.

Edited by InadequateInfirmity, 10 October 2012 - 10:25 AM.


#11 dragoazure

dragoazure
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 10 October 2012 - 11:09 PM

Ad-ware Cleaner log



# AdwCleaner v2.004 - Logfile created 10/10/2012 at 23:59:11
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Kathleen - KATHLEEN-HP
# Boot Mode : Normal
# Running from : C:\Users\Kathleen\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\Kathleen\AppData\Local\Conduit
Folder Deleted : C:\Users\Kathleen\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Kathleen\AppData\Roaming\iWin

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Kathleen\AppData\Roaming\Mozilla\Firefox\Profiles\fu99kkf3.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2550 octets] - [10/10/2012 23:59:11]

########## EOF - C:\AdwCleaner[S1].txt - [2610 octets] ##########

#12 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 PM

Posted 10 October 2012 - 11:16 PM

Uninstall the programs below.
Java™ 6 Update 22 (64-bit) (Version: 6.0.220)
Java™ 6 Update 29 (Version: 6.0.290)
STOPzilla (Version: 6.0.2.2)

Run the fix it below it will set your hosts file to default.
http://go.microsoft.com/?linkid=9668866




Download tdss killer

http://support.kaspersky.com/downloads/utils/tdsskiller.exe



Right Click it Run as Admin . Click on Change parameters Select TDLFS file system

Hit the Scan button Post the LOG In your next reply

Do not change the default options on scan results



Run the program below as admin hit the scan button allow it to finish then hit the delete button.

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Download Rkill run it post the log.
http://www.bleepingcomputer.com/download/rkill/

Download the junkware removal tool save it to your desktop run it in safe mode post the log.
http://thisisudax.org/downloads/JRT.exe

Download Hitman Pro .
http://dl.surfright.nl/HitmanPro36.exe
Start the scan Go to setings.
Un-tick Scan for tracking Cookies.
Go back to scan Tab
Select ok
Then Next
No I only want to perform a one time scan to check this computer.
Enter your email to register.
Next.
After the scan make sure to select quarantine found threats
.
Then select activate free license then follow the prompts.
Reboot your machine.


Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe After the scan is finished then click on File>>>>>>>>>>>Save The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option. in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.

http://download.sysinternals.com/files/Autoruns.zip

#13 dragoazure

dragoazure
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 10 October 2012 - 11:54 PM

TDSS Killer Log


00:50:54.0415 4896 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
00:50:55.0211 4896 ============================================================
00:50:55.0211 4896 Current date / time: 2012/10/11 00:50:55.0211
00:50:55.0211 4896 SystemInfo:
00:50:55.0211 4896
00:50:55.0211 4896 OS Version: 6.1.7601 ServicePack: 1.0
00:50:55.0211 4896 Product type: Workstation
00:50:55.0211 4896 ComputerName: KATHLEEN-HP
00:50:55.0211 4896 UserName: Kathleen
00:50:55.0211 4896 Windows directory: C:\Windows
00:50:55.0211 4896 System windows directory: C:\Windows
00:50:55.0211 4896 Running under WOW64
00:50:55.0211 4896 Processor architecture: Intel x64
00:50:55.0211 4896 Number of processors: 2
00:50:55.0211 4896 Page size: 0x1000
00:50:55.0211 4896 Boot type: Normal boot
00:50:55.0211 4896 ============================================================
00:50:57.0691 4896 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:50:57.0691 4896 ============================================================
00:50:57.0691 4896 \Device\Harddisk0\DR0:
00:50:57.0691 4896 MBR partitions:
00:50:57.0691 4896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
00:50:57.0691 4896 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x386B3000
00:50:57.0691 4896 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38717000, BlocksNum 0x1C3B000
00:50:57.0691 4896 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
00:50:57.0691 4896 ============================================================
00:50:57.0738 4896 C: <-> \Device\Harddisk0\DR0\Partition2
00:50:57.0785 4896 D: <-> \Device\Harddisk0\DR0\Partition3
00:50:57.0800 4896 G: <-> \Device\Harddisk0\DR0\Partition4
00:50:57.0800 4896 ============================================================
00:50:57.0800 4896 Initialize success
00:50:57.0800 4896 ============================================================
00:51:21.0684 4656 ============================================================
00:51:21.0684 4656 Scan started
00:51:21.0684 4656 Mode: Manual; TDLFS;
00:51:21.0684 4656 ============================================================
00:51:23.0790 4656 ================ Scan system memory ========================
00:51:23.0790 4656 System memory - ok
00:51:23.0790 4656 ================ Scan services =============================
00:51:23.0884 4656 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
00:51:23.0884 4656 !SASCORE - ok
00:51:24.0071 4656 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
00:51:24.0071 4656 1394ohci - ok
00:51:24.0118 4656 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:51:24.0118 4656 ACPI - ok
00:51:24.0133 4656 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:51:24.0133 4656 AcpiPmi - ok
00:51:24.0258 4656 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:51:24.0258 4656 AdobeARMservice - ok
00:51:24.0383 4656 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:51:24.0399 4656 AdobeFlashPlayerUpdateSvc - ok
00:51:24.0445 4656 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
00:51:24.0445 4656 adp94xx - ok
00:51:24.0477 4656 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
00:51:24.0492 4656 adpahci - ok
00:51:24.0508 4656 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
00:51:24.0523 4656 adpu320 - ok
00:51:24.0555 4656 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:51:24.0555 4656 AeLookupSvc - ok
00:51:24.0601 4656 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
00:51:24.0601 4656 AFD - ok
00:51:24.0648 4656 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:51:24.0664 4656 agp440 - ok
00:51:24.0695 4656 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
00:51:24.0695 4656 ALG - ok
00:51:24.0742 4656 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
00:51:24.0742 4656 aliide - ok
00:51:24.0804 4656 [ 850F0C8034225FA3F50D551A905FA503 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:51:24.0804 4656 AMD External Events Utility - ok
00:51:24.0851 4656 AMD FUEL Service - ok
00:51:24.0898 4656 [ DD27F6C3DE9BFE50635C721E09EDC5DD ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
00:51:24.0913 4656 AMD Reservation Manager - ok
00:51:24.0945 4656 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
00:51:24.0960 4656 amdide - ok
00:51:24.0991 4656 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
00:51:24.0991 4656 amdiox64 - ok
00:51:25.0038 4656 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
00:51:25.0038 4656 AmdK8 - ok
00:51:25.0303 4656 [ 7979BF4A66EFDADF3D00A052409609B1 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
00:51:25.0522 4656 amdkmdag - ok
00:51:25.0600 4656 [ 7D5CDB0161E91951D3DD99E55CEA4D01 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
00:51:25.0600 4656 amdkmdap - ok
00:51:25.0647 4656 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
00:51:25.0647 4656 AmdPPM - ok
00:51:25.0709 4656 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:51:25.0709 4656 amdsata - ok
00:51:25.0740 4656 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
00:51:25.0740 4656 amdsbs - ok
00:51:25.0771 4656 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:51:25.0771 4656 amdxata - ok
00:51:25.0803 4656 [ 08E8A4172C57ABD7693A6915CF1E7A99 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
00:51:25.0803 4656 amd_sata - ok
00:51:25.0818 4656 [ 9866AF4E4AD7F16E810B6C0B8473F9CD ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
00:51:25.0818 4656 amd_xata - ok
00:51:25.0865 4656 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
00:51:25.0881 4656 AppID - ok
00:51:25.0912 4656 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:51:25.0912 4656 AppIDSvc - ok
00:51:25.0959 4656 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
00:51:25.0959 4656 Appinfo - ok
00:51:26.0005 4656 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
00:51:26.0005 4656 arc - ok
00:51:26.0052 4656 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
00:51:26.0052 4656 arcsas - ok
00:51:26.0083 4656 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:51:26.0083 4656 AsyncMac - ok
00:51:26.0130 4656 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
00:51:26.0130 4656 atapi - ok
00:51:26.0193 4656 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
00:51:26.0193 4656 AtiHdmiService - ok
00:51:26.0208 4656 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys
00:51:26.0208 4656 AtiPcie - ok
00:51:26.0271 4656 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:51:26.0286 4656 AudioEndpointBuilder - ok
00:51:26.0302 4656 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:51:26.0317 4656 AudioSrv - ok
00:51:26.0380 4656 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:51:26.0380 4656 AxInstSV - ok
00:51:26.0427 4656 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
00:51:26.0442 4656 b06bdrv - ok
00:51:26.0473 4656 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
00:51:26.0473 4656 b57nd60a - ok
00:51:26.0661 4656 [ 461E574D7967E895640109A371A912A5 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
00:51:26.0707 4656 BCM43XX - ok
00:51:26.0739 4656 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
00:51:26.0739 4656 BDESVC - ok
00:51:26.0754 4656 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
00:51:26.0770 4656 Beep - ok
00:51:26.0832 4656 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
00:51:26.0848 4656 BFE - ok
00:51:26.0895 4656 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
00:51:26.0910 4656 BITS - ok
00:51:26.0941 4656 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:51:26.0941 4656 blbdrive - ok
00:51:27.0004 4656 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:51:27.0004 4656 bowser - ok
00:51:27.0035 4656 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:51:27.0035 4656 BrFiltLo - ok
00:51:27.0051 4656 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:51:27.0051 4656 BrFiltUp - ok
00:51:27.0097 4656 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
00:51:27.0097 4656 Browser - ok
00:51:27.0129 4656 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:51:27.0144 4656 Brserid - ok
00:51:27.0175 4656 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:51:27.0175 4656 BrSerWdm - ok
00:51:27.0191 4656 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:51:27.0191 4656 BrUsbMdm - ok
00:51:27.0207 4656 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:51:27.0207 4656 BrUsbSer - ok
00:51:27.0238 4656 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
00:51:27.0238 4656 BTHMODEM - ok
00:51:27.0285 4656 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
00:51:27.0285 4656 bthserv - ok
00:51:27.0316 4656 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:51:27.0316 4656 cdfs - ok
00:51:27.0378 4656 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
00:51:27.0378 4656 cdrom - ok
00:51:27.0441 4656 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
00:51:27.0441 4656 CertPropSvc - ok
00:51:27.0456 4656 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:51:27.0456 4656 circlass - ok
00:51:27.0503 4656 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
00:51:27.0503 4656 CLFS - ok
00:51:27.0581 4656 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:51:27.0597 4656 clr_optimization_v2.0.50727_32 - ok
00:51:27.0659 4656 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:51:27.0659 4656 clr_optimization_v2.0.50727_64 - ok
00:51:27.0737 4656 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:51:27.0753 4656 clr_optimization_v4.0.30319_32 - ok
00:51:27.0784 4656 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:51:27.0784 4656 clr_optimization_v4.0.30319_64 - ok
00:51:27.0799 4656 clwvd - ok
00:51:27.0831 4656 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:51:27.0831 4656 CmBatt - ok
00:51:27.0862 4656 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:51:27.0862 4656 cmdide - ok
00:51:27.0909 4656 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
00:51:27.0924 4656 CNG - ok
00:51:27.0971 4656 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:51:27.0971 4656 Compbatt - ok
00:51:28.0018 4656 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
00:51:28.0018 4656 CompositeBus - ok
00:51:28.0049 4656 COMSysApp - ok
00:51:28.0080 4656 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
00:51:28.0080 4656 crcdisk - ok
00:51:28.0143 4656 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:51:28.0158 4656 CryptSvc - ok
00:51:28.0236 4656 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
00:51:28.0252 4656 cvhsvc - ok
00:51:28.0330 4656 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:51:28.0330 4656 DcomLaunch - ok
00:51:28.0377 4656 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
00:51:28.0377 4656 defragsvc - ok
00:51:28.0423 4656 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:51:28.0423 4656 DfsC - ok
00:51:28.0486 4656 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
00:51:28.0486 4656 Dhcp - ok
00:51:28.0517 4656 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
00:51:28.0517 4656 discache - ok
00:51:28.0548 4656 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
00:51:28.0548 4656 Disk - ok
00:51:28.0595 4656 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:51:28.0595 4656 Dnscache - ok
00:51:28.0642 4656 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:51:28.0657 4656 dot3svc - ok
00:51:28.0704 4656 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
00:51:28.0704 4656 DPS - ok
00:51:28.0720 4656 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:51:28.0735 4656 drmkaud - ok
00:51:28.0782 4656 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:51:28.0798 4656 DXGKrnl - ok
00:51:28.0829 4656 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
00:51:28.0845 4656 EapHost - ok
00:51:28.0938 4656 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
00:51:29.0032 4656 ebdrv - ok
00:51:29.0079 4656 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
00:51:29.0079 4656 EFS - ok
00:51:29.0157 4656 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:51:29.0172 4656 ehRecvr - ok
00:51:29.0219 4656 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
00:51:29.0219 4656 ehSched - ok
00:51:29.0266 4656 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
00:51:29.0281 4656 elxstor - ok
00:51:29.0359 4656 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
00:51:29.0359 4656 EPSON_PM_RPCV4_01 - ok
00:51:29.0375 4656 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:51:29.0375 4656 ErrDev - ok
00:51:29.0453 4656 esgiguard - ok
00:51:29.0500 4656 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
00:51:29.0500 4656 EventSystem - ok
00:51:29.0531 4656 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
00:51:29.0531 4656 exfat - ok
00:51:29.0562 4656 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:51:29.0562 4656 fastfat - ok
00:51:29.0640 4656 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
00:51:29.0656 4656 Fax - ok
00:51:29.0687 4656 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:51:29.0687 4656 fdc - ok
00:51:29.0718 4656 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
00:51:29.0734 4656 fdPHost - ok
00:51:29.0749 4656 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
00:51:29.0749 4656 FDResPub - ok
00:51:29.0765 4656 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:51:29.0781 4656 FileInfo - ok
00:51:29.0796 4656 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:51:29.0796 4656 Filetrace - ok
00:51:29.0827 4656 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:51:29.0827 4656 flpydisk - ok
00:51:29.0890 4656 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:51:29.0905 4656 FltMgr - ok
00:51:29.0968 4656 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
00:51:29.0983 4656 FontCache - ok
00:51:30.0046 4656 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:51:30.0046 4656 FontCache3.0.0.0 - ok
00:51:30.0077 4656 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:51:30.0077 4656 FsDepends - ok
00:51:30.0124 4656 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:51:30.0124 4656 Fs_Rec - ok
00:51:30.0171 4656 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:51:30.0186 4656 fvevol - ok
00:51:30.0217 4656 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
00:51:30.0217 4656 gagp30kx - ok
00:51:30.0327 4656 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
00:51:30.0327 4656 GamesAppService - ok
00:51:30.0389 4656 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
00:51:30.0405 4656 gpsvc - ok
00:51:30.0436 4656 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:51:30.0436 4656 hcw85cir - ok
00:51:30.0498 4656 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:51:30.0514 4656 HdAudAddService - ok
00:51:30.0529 4656 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
00:51:30.0529 4656 HDAudBus - ok
00:51:30.0561 4656 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
00:51:30.0561 4656 HidBatt - ok
00:51:30.0576 4656 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
00:51:30.0607 4656 HidBth - ok
00:51:30.0623 4656 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:51:30.0623 4656 HidIr - ok
00:51:30.0670 4656 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
00:51:30.0670 4656 hidserv - ok
00:51:30.0732 4656 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:51:30.0732 4656 HidUsb - ok
00:51:30.0763 4656 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:51:30.0763 4656 hkmsvc - ok
00:51:30.0810 4656 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:51:30.0826 4656 HomeGroupListener - ok
00:51:30.0857 4656 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:51:30.0873 4656 HomeGroupProvider - ok
00:51:30.0982 4656 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
00:51:30.0982 4656 HP Support Assistant Service - ok
00:51:31.0060 4656 [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
00:51:31.0060 4656 HP Wireless Assistant Service - ok
00:51:31.0107 4656 [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
00:51:31.0107 4656 HPClientSvc - ok
00:51:31.0169 4656 [ B19FF523B533A3F198B9239E1749C940 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
00:51:31.0169 4656 HPDrvMntSvc.exe - ok
00:51:31.0247 4656 [ 01091B900E15878B4434F9C726C4541D ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
00:51:31.0263 4656 hpqwmiex - ok
00:51:31.0325 4656 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:51:31.0325 4656 HpSAMD - ok
00:51:31.0403 4656 [ 2BEC76BDCD1BC080210325E7B5094834 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
00:51:31.0403 4656 HPWMISVC - ok
00:51:31.0465 4656 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:51:31.0481 4656 HTTP - ok
00:51:31.0528 4656 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:51:31.0528 4656 hwpolicy - ok
00:51:31.0590 4656 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
00:51:31.0590 4656 i8042prt - ok
00:51:31.0621 4656 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:51:31.0637 4656 iaStorV - ok
00:51:31.0762 4656 [ D72BF0AE484F88399E8343E821C10D6A ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
00:51:31.0777 4656 IconMan_R - ok
00:51:31.0840 4656 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:51:31.0871 4656 idsvc - ok
00:51:32.0043 4656 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
00:51:32.0199 4656 igfx - ok
00:51:32.0230 4656 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
00:51:32.0230 4656 iirsp - ok
00:51:32.0292 4656 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
00:51:32.0308 4656 IKEEXT - ok
00:51:32.0339 4656 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
00:51:32.0339 4656 intelide - ok
00:51:32.0370 4656 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:51:32.0370 4656 intelppm - ok
00:51:32.0417 4656 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:51:32.0417 4656 IPBusEnum - ok
00:51:32.0448 4656 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:51:32.0464 4656 IpFilterDriver - ok
00:51:32.0511 4656 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:51:32.0526 4656 iphlpsvc - ok
00:51:32.0573 4656 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:51:32.0573 4656 IPMIDRV - ok
00:51:32.0589 4656 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:51:32.0589 4656 IPNAT - ok
00:51:32.0620 4656 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:51:32.0620 4656 IRENUM - ok
00:51:32.0651 4656 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:51:32.0667 4656 isapnp - ok
00:51:32.0682 4656 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:51:32.0682 4656 iScsiPrt - ok
00:51:32.0713 4656 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:51:32.0713 4656 kbdclass - ok
00:51:32.0760 4656 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:51:32.0760 4656 kbdhid - ok
00:51:32.0776 4656 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
00:51:32.0776 4656 KeyIso - ok
00:51:32.0823 4656 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:51:32.0823 4656 KSecDD - ok
00:51:32.0869 4656 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:51:32.0869 4656 KSecPkg - ok
00:51:32.0901 4656 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:51:32.0901 4656 ksthunk - ok
00:51:32.0932 4656 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
00:51:32.0947 4656 KtmRm - ok
00:51:33.0010 4656 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
00:51:33.0025 4656 LanmanServer - ok
00:51:33.0072 4656 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:51:33.0072 4656 LanmanWorkstation - ok
00:51:33.0119 4656 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:51:33.0119 4656 lltdio - ok
00:51:33.0166 4656 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:51:33.0166 4656 lltdsvc - ok
00:51:33.0197 4656 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:51:33.0197 4656 lmhosts - ok
00:51:33.0228 4656 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
00:51:33.0228 4656 LSI_FC - ok
00:51:33.0259 4656 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
00:51:33.0259 4656 LSI_SAS - ok
00:51:33.0275 4656 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:51:33.0275 4656 LSI_SAS2 - ok
00:51:33.0291 4656 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:51:33.0291 4656 LSI_SCSI - ok
00:51:33.0322 4656 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
00:51:33.0322 4656 luafv - ok
00:51:33.0369 4656 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:51:33.0369 4656 Mcx2Svc - ok
00:51:33.0400 4656 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
00:51:33.0400 4656 megasas - ok
00:51:33.0462 4656 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
00:51:33.0462 4656 MegaSR - ok
00:51:33.0493 4656 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
00:51:33.0493 4656 MMCSS - ok
00:51:33.0525 4656 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
00:51:33.0525 4656 Modem - ok
00:51:33.0556 4656 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:51:33.0556 4656 monitor - ok
00:51:33.0618 4656 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:51:33.0618 4656 mouclass - ok
00:51:33.0649 4656 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:51:33.0649 4656 mouhid - ok
00:51:33.0696 4656 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:51:33.0696 4656 mountmgr - ok
00:51:33.0743 4656 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:51:33.0759 4656 MozillaMaintenance - ok
00:51:33.0790 4656 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
00:51:33.0790 4656 mpio - ok
00:51:33.0837 4656 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:51:33.0837 4656 mpsdrv - ok
00:51:33.0883 4656 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:51:33.0899 4656 MpsSvc - ok
00:51:33.0946 4656 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:51:33.0946 4656 MRxDAV - ok
00:51:33.0993 4656 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:51:33.0993 4656 mrxsmb - ok
00:51:34.0055 4656 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:51:34.0055 4656 mrxsmb10 - ok
00:51:34.0086 4656 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:51:34.0086 4656 mrxsmb20 - ok
00:51:34.0117 4656 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
00:51:34.0117 4656 msahci - ok
00:51:34.0164 4656 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:51:34.0164 4656 msdsm - ok
00:51:34.0195 4656 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
00:51:34.0195 4656 MSDTC - ok
00:51:34.0242 4656 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:51:34.0242 4656 Msfs - ok
00:51:34.0273 4656 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:51:34.0273 4656 mshidkmdf - ok
00:51:34.0289 4656 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:51:34.0289 4656 msisadrv - ok
00:51:34.0336 4656 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:51:34.0336 4656 MSiSCSI - ok
00:51:34.0351 4656 msiserver - ok
00:51:34.0383 4656 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:51:34.0383 4656 MSKSSRV - ok
00:51:34.0398 4656 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:51:34.0398 4656 MSPCLOCK - ok
00:51:34.0414 4656 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:51:34.0414 4656 MSPQM - ok
00:51:34.0461 4656 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:51:34.0461 4656 MsRPC - ok
00:51:34.0507 4656 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
00:51:34.0507 4656 mssmbios - ok
00:51:34.0554 4656 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:51:34.0554 4656 MSTEE - ok
00:51:34.0585 4656 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
00:51:34.0585 4656 MTConfig - ok
00:51:34.0632 4656 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
00:51:34.0632 4656 Mup - ok
00:51:34.0663 4656 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
00:51:34.0679 4656 napagent - ok
00:51:34.0741 4656 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:51:34.0741 4656 NativeWifiP - ok
00:51:34.0804 4656 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:51:34.0819 4656 NDIS - ok
00:51:34.0866 4656 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:51:34.0866 4656 NdisCap - ok
00:51:34.0897 4656 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:51:34.0913 4656 NdisTapi - ok
00:51:34.0944 4656 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:51:34.0944 4656 Ndisuio - ok
00:51:35.0007 4656 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:51:35.0007 4656 NdisWan - ok
00:51:35.0085 4656 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:51:35.0085 4656 NDProxy - ok
00:51:35.0163 4656 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:51:35.0163 4656 NetBIOS - ok
00:51:35.0209 4656 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:51:35.0209 4656 NetBT - ok
00:51:35.0225 4656 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
00:51:35.0225 4656 Netlogon - ok
00:51:35.0287 4656 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
00:51:35.0287 4656 Netman - ok
00:51:35.0319 4656 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
00:51:35.0334 4656 netprofm - ok
00:51:35.0365 4656 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:51:35.0365 4656 NetTcpPortSharing - ok
00:51:35.0521 4656 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
00:51:35.0631 4656 netw5v64 - ok
00:51:35.0677 4656 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
00:51:35.0677 4656 nfrd960 - ok
00:51:35.0724 4656 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:51:35.0724 4656 NlaSvc - ok
00:51:35.0787 4656 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys
00:51:35.0787 4656 NPF - ok
00:51:35.0818 4656 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:51:35.0818 4656 Npfs - ok
00:51:35.0865 4656 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
00:51:35.0865 4656 nsi - ok
00:51:35.0880 4656 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:51:35.0880 4656 nsiproxy - ok
00:51:35.0958 4656 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:51:35.0989 4656 Ntfs - ok
00:51:36.0021 4656 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
00:51:36.0021 4656 Null - ok
00:51:36.0052 4656 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:51:36.0067 4656 nvraid - ok
00:51:36.0083 4656 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:51:36.0083 4656 nvstor - ok
00:51:36.0099 4656 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:51:36.0114 4656 nv_agp - ok
00:51:36.0114 4656 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:51:36.0130 4656 ohci1394 - ok
00:51:36.0145 4656 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:51:36.0161 4656 ose - ok
00:51:36.0317 4656 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:51:36.0426 4656 osppsvc - ok
00:51:36.0473 4656 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:51:36.0473 4656 p2pimsvc - ok
00:51:36.0535 4656 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
00:51:36.0551 4656 p2psvc - ok
00:51:36.0598 4656 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:51:36.0598 4656 Parport - ok
00:51:36.0645 4656 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:51:36.0645 4656 partmgr - ok
00:51:36.0676 4656 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:51:36.0676 4656 PcaSvc - ok
00:51:36.0707 4656 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
00:51:36.0707 4656 pci - ok
00:51:36.0754 4656 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
00:51:36.0754 4656 pciide - ok
00:51:36.0816 4656 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:51:36.0816 4656 pcmcia - ok
00:51:36.0847 4656 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
00:51:36.0847 4656 pcw - ok
00:51:36.0879 4656 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:51:36.0894 4656 PEAUTH - ok
00:51:36.0972 4656 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:51:36.0972 4656 PerfHost - ok
00:51:37.0081 4656 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
00:51:37.0097 4656 pla - ok
00:51:37.0144 4656 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:51:37.0159 4656 PlugPlay - ok
00:51:37.0191 4656 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:51:37.0191 4656 PNRPAutoReg - ok
00:51:37.0206 4656 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:51:37.0206 4656 PNRPsvc - ok
00:51:37.0253 4656 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:51:37.0269 4656 PolicyAgent - ok
00:51:37.0300 4656 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
00:51:37.0300 4656 Power - ok
00:51:37.0347 4656 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:51:37.0362 4656 PptpMiniport - ok
00:51:37.0362 4656 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
00:51:37.0378 4656 Processor - ok
00:51:37.0425 4656 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
00:51:37.0425 4656 ProfSvc - ok
00:51:37.0456 4656 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:51:37.0456 4656 ProtectedStorage - ok
00:51:37.0503 4656 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:51:37.0503 4656 Psched - ok
00:51:37.0581 4656 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
00:51:37.0612 4656 ql2300 - ok
00:51:37.0627 4656 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
00:51:37.0627 4656 ql40xx - ok
00:51:37.0659 4656 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
00:51:37.0674 4656 QWAVE - ok
00:51:37.0690 4656 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:51:37.0690 4656 QWAVEdrv - ok
00:51:37.0705 4656 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:51:37.0705 4656 RasAcd - ok
00:51:37.0752 4656 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:51:37.0752 4656 RasAgileVpn - ok
00:51:37.0768 4656 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
00:51:37.0783 4656 RasAuto - ok
00:51:37.0815 4656 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:51:37.0830 4656 Rasl2tp - ok
00:51:37.0877 4656 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
00:51:37.0877 4656 RasMan - ok
00:51:37.0893 4656 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:51:37.0893 4656 RasPppoe - ok
00:51:37.0955 4656 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:51:37.0955 4656 RasSstp - ok
00:51:38.0033 4656 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:51:38.0049 4656 rdbss - ok
00:51:38.0111 4656 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:51:38.0127 4656 rdpbus - ok
00:51:38.0142 4656 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:51:38.0142 4656 RDPCDD - ok
00:51:38.0205 4656 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:51:38.0205 4656 RDPENCDD - ok
00:51:38.0236 4656 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:51:38.0236 4656 RDPREFMP - ok
00:51:38.0314 4656 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:51:38.0329 4656 RDPWD - ok
00:51:38.0407 4656 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:51:38.0407 4656 rdyboost - ok
00:51:38.0439 4656 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:51:38.0439 4656 RemoteAccess - ok
00:51:38.0485 4656 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:51:38.0485 4656 RemoteRegistry - ok
00:51:38.0563 4656 [ C1568E17039B2EC2B73A4F880DDD51E5 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
00:51:38.0579 4656 RoxioNow Service - ok
00:51:38.0626 4656 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
00:51:38.0641 4656 rpcapd - ok
00:51:38.0704 4656 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:51:38.0704 4656 RpcEptMapper - ok
00:51:38.0766 4656 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
00:51:38.0766 4656 RpcLocator - ok
00:51:38.0813 4656 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
00:51:38.0829 4656 RpcSs - ok
00:51:38.0907 4656 [ 1F5E7AF59B390261A85F5BEDB1BB88B3 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
00:51:38.0907 4656 RSPCIESTOR - ok
00:51:38.0953 4656 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:51:38.0953 4656 rspndr - ok
00:51:39.0016 4656 [ EA5532868BA76923D75BCB2A1448D810 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
00:51:39.0016 4656 RTL8167 - ok
00:51:39.0047 4656 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
00:51:39.0047 4656 SamSs - ok
00:51:39.0094 4656 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
00:51:39.0094 4656 SASDIFSV - ok
00:51:39.0125 4656 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
00:51:39.0125 4656 SASKUTIL - ok
00:51:39.0172 4656 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:51:39.0172 4656 sbp2port - ok
00:51:39.0187 4656 SBRE - ok
00:51:39.0219 4656 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:51:39.0234 4656 SCardSvr - ok
00:51:39.0265 4656 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:51:39.0265 4656 scfilter - ok
00:51:39.0328 4656 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
00:51:39.0359 4656 Schedule - ok
00:51:39.0406 4656 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:51:39.0406 4656 SCPolicySvc - ok
00:51:39.0468 4656 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
00:51:39.0468 4656 sdbus - ok
00:51:39.0499 4656 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:51:39.0499 4656 SDRSVC - ok
00:51:39.0531 4656 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:51:39.0531 4656 secdrv - ok
00:51:39.0577 4656 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
00:51:39.0577 4656 seclogon - ok
00:51:39.0609 4656 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
00:51:39.0609 4656 SENS - ok
00:51:39.0655 4656 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:51:39.0655 4656 SensrSvc - ok
00:51:39.0687 4656 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:51:39.0702 4656 Serenum - ok
00:51:39.0780 4656 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:51:39.0780 4656 Serial - ok
00:51:39.0811 4656 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
00:51:39.0811 4656 sermouse - ok
00:51:39.0858 4656 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
00:51:39.0858 4656 SessionEnv - ok
00:51:39.0905 4656 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:51:39.0905 4656 sffdisk - ok
00:51:39.0936 4656 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:51:39.0936 4656 sffp_mmc - ok
00:51:39.0952 4656 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:51:39.0952 4656 sffp_sd - ok
00:51:39.0967 4656 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
00:51:39.0983 4656 sfloppy - ok
00:51:40.0014 4656 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
00:51:40.0030 4656 Sftfs - ok
00:51:40.0077 4656 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
00:51:40.0092 4656 sftlist - ok
00:51:40.0123 4656 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
00:51:40.0123 4656 Sftplay - ok
00:51:40.0155 4656 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
00:51:40.0155 4656 Sftredir - ok
00:51:40.0186 4656 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
00:51:40.0186 4656 Sftvol - ok
00:51:40.0217 4656 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
00:51:40.0217 4656 sftvsa - ok
00:51:40.0295 4656 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:51:40.0311 4656 SharedAccess - ok
00:51:40.0451 4656 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:51:40.0451 4656 ShellHWDetection - ok
00:51:40.0529 4656 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:51:40.0545 4656 SiSRaid2 - ok
00:51:40.0607 4656 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
00:51:40.0623 4656 SiSRaid4 - ok
00:51:40.0654 4656 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:51:40.0701 4656 Smb - ok
00:51:40.0779 4656 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:51:40.0794 4656 SNMPTRAP - ok
00:51:40.0841 4656 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
00:51:40.0841 4656 spldr - ok
00:51:40.0903 4656 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
00:51:40.0919 4656 Spooler - ok
00:51:41.0106 4656 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
00:51:41.0137 4656 sppsvc - ok
00:51:41.0169 4656 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:51:41.0169 4656 sppuinotify - ok
00:51:41.0200 4656 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
00:51:41.0215 4656 srv - ok
00:51:41.0231 4656 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:51:41.0247 4656 srv2 - ok
00:51:41.0325 4656 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
00:51:41.0340 4656 SrvHsfHDA - ok
00:51:41.0403 4656 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
00:51:41.0434 4656 SrvHsfV92 - ok
00:51:41.0465 4656 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
00:51:41.0465 4656 SrvHsfWinac - ok
00:51:41.0512 4656 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:51:41.0512 4656 srvnet - ok
00:51:41.0559 4656 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:51:41.0559 4656 SSDPSRV - ok
00:51:41.0574 4656 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:51:41.0590 4656 SstpSvc - ok
00:51:41.0668 4656 [ A6B2EC3A2B6AD7C3F7B2F3495CADE4C0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
00:51:41.0668 4656 STacSV - ok
00:51:41.0699 4656 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
00:51:41.0699 4656 stexstor - ok
00:51:41.0730 4656 [ EBA98394A7D58F7552C52192BD8FA7E6 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
00:51:41.0746 4656 STHDA - ok
00:51:41.0855 4656 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
00:51:41.0871 4656 stisvc - ok
00:51:41.0933 4656 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
00:51:41.0933 4656 swenum - ok
00:51:41.0995 4656 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
00:51:42.0027 4656 swprv - ok
00:51:42.0183 4656 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
00:51:42.0183 4656 SynTP - ok
00:51:42.0432 4656 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
00:51:42.0463 4656 SysMain - ok
00:51:42.0495 4656 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:51:42.0510 4656 TabletInputService - ok
00:51:42.0541 4656 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:51:42.0557 4656 TapiSrv - ok
00:51:42.0604 4656 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
00:51:42.0604 4656 TBS - ok
00:51:42.0729 4656 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:51:42.0760 4656 Tcpip - ok
00:51:43.0009 4656 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:51:43.0041 4656 TCPIP6 - ok
00:51:43.0087 4656 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:51:43.0087 4656 tcpipreg - ok
00:51:43.0165 4656 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:51:43.0197 4656 TDPIPE - ok
00:51:43.0290 4656 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:51:43.0306 4656 TDTCP - ok
00:51:43.0384 4656 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:51:43.0415 4656 tdx - ok
00:51:43.0477 4656 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
00:51:43.0477 4656 TermDD - ok
00:51:43.0602 4656 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
00:51:43.0633 4656 TermService - ok
00:51:43.0665 4656 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
00:51:43.0680 4656 Themes - ok
00:51:43.0727 4656 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
00:51:43.0727 4656 THREADORDER - ok
00:51:43.0774 4656 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
00:51:43.0789 4656 TrkWks - ok
00:51:43.0930 4656 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:51:43.0945 4656 TrustedInstaller - ok
00:51:44.0008 4656 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:51:44.0055 4656 tssecsrv - ok
00:51:44.0164 4656 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:51:44.0164 4656 TsUsbFlt - ok
00:51:44.0257 4656 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:51:44.0257 4656 tunnel - ok
00:51:44.0304 4656 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
00:51:44.0320 4656 uagp35 - ok
00:51:44.0382 4656 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:51:44.0398 4656 udfs - ok
00:51:44.0460 4656 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:51:44.0476 4656 UI0Detect - ok
00:51:44.0507 4656 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:51:44.0507 4656 uliagpkx - ok
00:51:44.0585 4656 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
00:51:44.0585 4656 umbus - ok
00:51:44.0632 4656 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
00:51:44.0663 4656 UmPass - ok
00:51:44.0725 4656 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
00:51:44.0741 4656 upnphost - ok
00:51:44.0803 4656 [ A760351AF8B6D9E8D862DB3B657A8BDD ] usbbus C:\Windows\system32\DRIVERS\lgx64bus.sys
00:51:44.0819 4656 usbbus - ok
00:51:44.0850 4656 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:51:44.0866 4656 usbccgp - ok
00:51:44.0944 4656 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:51:44.0975 4656 usbcir - ok
00:51:45.0069 4656 [ 461CC33CE7CC38B696D4F04CD52640E4 ] UsbDiag C:\Windows\system32\DRIVERS\lgx64diag.sys
00:51:45.0100 4656 UsbDiag - ok
00:51:45.0131 4656 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:51:45.0131 4656 usbehci - ok
00:51:45.0162 4656 [ DC2B306861F42EEEB92EF525F4119F08 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
00:51:45.0162 4656 usbfilter - ok
00:51:45.0225 4656 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:51:45.0225 4656 usbhub - ok
00:51:45.0271 4656 [ C51CF486A3AF418561077DD828AB70A1 ] USBModem C:\Windows\system32\DRIVERS\lgx64modem.sys
00:51:45.0271 4656 USBModem - ok
00:51:45.0287 4656 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
00:51:45.0287 4656 usbohci - ok
00:51:45.0318 4656 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:51:45.0318 4656 usbprint - ok
00:51:45.0365 4656 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
00:51:45.0381 4656 usbscan - ok
00:51:45.0396 4656 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:51:45.0396 4656 USBSTOR - ok
00:51:45.0443 4656 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
00:51:45.0443 4656 usbuhci - ok
00:51:45.0505 4656 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
00:51:45.0521 4656 usbvideo - ok
00:51:45.0537 4656 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
00:51:45.0552 4656 UxSms - ok
00:51:45.0568 4656 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
00:51:45.0568 4656 VaultSvc - ok
00:51:45.0599 4656 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:51:45.0599 4656 vdrvroot - ok
00:51:45.0693 4656 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
00:51:45.0708 4656 vds - ok
00:51:45.0739 4656 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:51:45.0739 4656 vga - ok
00:51:45.0771 4656 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
00:51:45.0771 4656 VgaSave - ok
00:51:45.0802 4656 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:51:45.0817 4656 vhdmp - ok
00:51:45.0849 4656 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
00:51:45.0849 4656 viaide - ok
00:51:45.0880 4656 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:51:45.0880 4656 volmgr - ok
00:51:45.0942 4656 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:51:45.0958 4656 volmgrx - ok
00:51:45.0989 4656 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:51:45.0989 4656 volsnap - ok
00:51:46.0020 4656 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
00:51:46.0036 4656 vsmraid - ok
00:51:46.0114 4656 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
00:51:46.0129 4656 VSS - ok
00:51:46.0161 4656 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
00:51:46.0192 4656 vwifibus - ok
00:51:46.0254 4656 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
00:51:46.0270 4656 vwififlt - ok
00:51:46.0317 4656 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
00:51:46.0317 4656 vwifimp - ok
00:51:46.0410 4656 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
00:51:46.0426 4656 W32Time - ok
00:51:46.0488 4656 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
00:51:46.0488 4656 WacomPen - ok
00:51:46.0566 4656 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:51:46.0566 4656 WANARP - ok
00:51:46.0582 4656 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:51:46.0582 4656 Wanarpv6 - ok
00:51:46.0675 4656 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
00:51:46.0707 4656 WatAdminSvc - ok
00:51:46.0785 4656 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
00:51:46.0800 4656 wbengine - ok
00:51:46.0863 4656 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:51:46.0878 4656 WbioSrvc - ok
00:51:46.0925 4656 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:51:46.0925 4656 wcncsvc - ok
00:51:46.0941 4656 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:51:46.0941 4656 WcsPlugInService - ok
00:51:46.0987 4656 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
00:51:46.0987 4656 Wd - ok
00:51:47.0034 4656 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:51:47.0050 4656 Wdf01000 - ok
00:51:47.0081 4656 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:51:47.0081 4656 WdiServiceHost - ok
00:51:47.0097 4656 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:51:47.0097 4656 WdiSystemHost - ok
00:51:47.0143 4656 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
00:51:47.0159 4656 WebClient - ok
00:51:47.0190 4656 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:51:47.0190 4656 Wecsvc - ok
00:51:47.0221 4656 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:51:47.0237 4656 wercplsupport - ok
00:51:47.0268 4656 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
00:51:47.0284 4656 WerSvc - ok
00:51:47.0299 4656 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:51:47.0299 4656 WfpLwf - ok
00:51:47.0346 4656 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:51:47.0346 4656 WIMMount - ok
00:51:47.0377 4656 WinDefend - ok
00:51:47.0393 4656 WinHttpAutoProxySvc - ok
00:51:47.0471 4656 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:51:47.0471 4656 Winmgmt - ok
00:51:47.0736 4656 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
00:51:47.0752 4656 WinRM - ok
00:51:47.0830 4656 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
00:51:47.0845 4656 WinUsb - ok
00:51:47.0923 4656 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
00:51:47.0939 4656 Wlansvc - ok
00:51:47.0986 4656 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:51:47.0986 4656 wlcrasvc - ok
00:51:48.0111 4656 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:51:48.0111 4656 wlidsvc - ok
00:51:48.0157 4656 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:51:48.0157 4656 WmiAcpi - ok
00:51:48.0204 4656 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:51:48.0204 4656 wmiApSrv - ok
00:51:48.0251 4656 WMPNetworkSvc - ok
00:51:48.0345 4656 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
00:51:48.0345 4656 WMZuneComm - ok
00:51:48.0391 4656 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:51:48.0391 4656 WPCSvc - ok
00:51:48.0423 4656 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:51:48.0423 4656 WPDBusEnum - ok
00:51:48.0469 4656 [ 540E102FC25AEACD5AD95B16A67C10E0 ] WRkrn C:\Windows\system32\drivers\WRkrn.sys
00:51:48.0485 4656 WRkrn - ok
00:51:48.0641 4656 [ 9EDFB82B5D97856ED95556A859FB77CD ] WRSVC C:\Program Files (x86)\Webroot\WRSA.exe
00:51:48.0657 4656 WRSVC - ok
00:51:48.0719 4656 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:51:48.0735 4656 ws2ifsl - ok
00:51:48.0813 4656 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
00:51:48.0828 4656 wscsvc - ok
00:51:48.0844 4656 WSearch - ok
00:51:49.0125 4656 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
00:51:49.0203 4656 wuauserv - ok
00:51:49.0265 4656 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:51:49.0265 4656 WudfPf - ok
00:51:49.0312 4656 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:51:49.0312 4656 WUDFRd - ok
00:51:49.0374 4656 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:51:49.0390 4656 wudfsvc - ok
00:51:49.0437 4656 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
00:51:49.0437 4656 WwanSvc - ok
00:51:49.0499 4656 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
00:51:49.0561 4656 yukonw7 - ok
00:51:49.0873 4656 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
00:51:50.0092 4656 ZuneNetworkSvc - ok
00:51:50.0154 4656 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
00:51:50.0170 4656 ZuneWlanCfgSvc - ok
00:51:50.0201 4656 ================ Scan global ===============================
00:51:50.0217 4656 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:51:50.0248 4656 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
00:51:50.0248 4656 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
00:51:50.0295 4656 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:51:50.0326 4656 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:51:50.0326 4656 [Global] - ok
00:51:50.0326 4656 ================ Scan MBR ==================================
00:51:50.0341 4656 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:51:50.0747 4656 \Device\Harddisk0\DR0 - ok
00:51:50.0747 4656 ================ Scan VBR ==================================
00:51:50.0747 4656 [ 7590EB63F0416F756B52D53DF7D9340D ] \Device\Harddisk0\DR0\Partition1
00:51:50.0747 4656 \Device\Harddisk0\DR0\Partition1 - ok
00:51:50.0778 4656 [ E95C661E73FF32881A4A9E8DFFF36EC9 ] \Device\Harddisk0\DR0\Partition2
00:51:50.0778 4656 \Device\Harddisk0\DR0\Partition2 - ok
00:51:50.0809 4656 [ FCE933EFD30CF6FDC64F461D20094D21 ] \Device\Harddisk0\DR0\Partition3
00:51:50.0809 4656 \Device\Harddisk0\DR0\Partition3 - ok
00:51:50.0841 4656 [ 2ED322CD19E109B78C7F148D05332E1C ] \Device\Harddisk0\DR0\Partition4
00:51:50.0856 4656 \Device\Harddisk0\DR0\Partition4 - ok
00:51:50.0856 4656 ============================================================
00:51:50.0856 4656 Scan finished
00:51:50.0856 4656 ============================================================
00:51:50.0872 3524 Detected object count: 0
00:51:50.0872 3524 Actual detected object count: 0

#14 dragoazure

dragoazure
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 11 October 2012 - 12:00 AM

RKill log


Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/11/2012 12:58:44 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Kathleen\Desktop\rkill\rkill-10-11-2012-12-58-47.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.exe\shell found and deleted!

* HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
* HKCU\SOFTWARE\Classes\.exe has been deleted!
* HKCU\SOFTWARE\Classes\exefile has been deleted!


Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost
68.168.222.227 www.google-analytics.com.
68.168.222.227 ad-emea.doubleclick.net.
68.168.222.227 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.

Program finished at: 10/11/2012 12:58:56 AM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)

#15 dragoazure

dragoazure
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 11 October 2012 - 09:14 AM

Junkware removal tool worked, but I accidentally deleted the log. I can rerun it if I need to.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users