Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

tdss killer


  • Please log in to reply
27 replies to this topic

#1 miztrniceguy

miztrniceguy

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 04 November 2012 - 09:50 AM

My friends computer was infected with a rootkit. I successfully removed it (i think) using TDSSKILLER.exe. Before it was crashing with BSOD and was only able to run in safe mode. It also wouldn't run windows update or MSE Security Essentials. After removal and multiple scans with MBAM I was able to get Win Update repaired using sfc /scannow command. It fixed some problems, and now shows clean scan. However, still cannot get MSE to run. I get an error message: 0x80096001. I have tried uninstalling, then reinstalling MSE with same result. All Win7 updates are done.

I have tried various MS FIXIT tools, none successful so far. So, I am asking for help insuring computer is clean and restoring MSE to a working state.
Your help is much appreciated!

Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


BC AdBot (Login to Remove)

 


#2 miztrniceguy

miztrniceguy
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 04 November 2012 - 09:58 AM

here is a link to Speccy report I uploaded to BOX to share

My link

Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:47 PM

Posted 04 November 2012 - 10:25 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#4 miztrniceguy

miztrniceguy
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 04 November 2012 - 10:46 AM

TDSS report: 09:43:31.0938 1108 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
09:43:32.0297 1108 ============================================================
09:43:32.0297 1108 Current date / time: 2012/11/04 09:43:32.0297
09:43:32.0297 1108 SystemInfo:
09:43:32.0297 1108
09:43:32.0297 1108 OS Version: 6.1.7601 ServicePack: 1.0
09:43:32.0297 1108 Product type: Workstation
09:43:32.0297 1108 ComputerName: LINDALOU889-PC
09:43:32.0297 1108 UserName: lindalou889
09:43:32.0297 1108 Windows directory: C:\Windows
09:43:32.0297 1108 System windows directory: C:\Windows
09:43:32.0297 1108 Running under WOW64
09:43:32.0297 1108 Processor architecture: Intel x64
09:43:32.0297 1108 Number of processors: 4
09:43:32.0297 1108 Page size: 0x1000
09:43:32.0297 1108 Boot type: Normal boot
09:43:32.0297 1108 ============================================================
09:43:33.0374 1108 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:43:33.0389 1108 ============================================================
09:43:33.0389 1108 \Device\Harddisk0\DR0:
09:43:33.0389 1108 MBR partitions:
09:43:33.0389 1108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A03C22, BlocksNum 0x32FCD
09:43:33.0389 1108 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A36BEF, BlocksNum 0x3894EC41
09:43:33.0389 1108 ============================================================
09:43:33.0670 1108 C: <-> \Device\Harddisk0\DR0\Partition2
09:43:33.0670 1108 ============================================================
09:43:33.0670 1108 Initialize success
09:43:33.0670 1108 ============================================================
09:44:16.0320 2576 ============================================================
09:44:16.0320 2576 Scan started
09:44:16.0320 2576 Mode: Manual; TDLFS;
09:44:16.0320 2576 ============================================================
09:44:16.0586 2576 ================ Scan system memory ========================
09:44:16.0586 2576 System memory - ok
09:44:16.0586 2576 ================ Scan services =============================
09:44:16.0742 2576 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:44:16.0757 2576 1394ohci - ok
09:44:16.0788 2576 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:44:16.0788 2576 ACPI - ok
09:44:16.0820 2576 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:44:16.0835 2576 AcpiPmi - ok
09:44:16.0976 2576 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:44:16.0976 2576 AdobeARMservice - ok
09:44:17.0116 2576 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:44:17.0132 2576 AdobeFlashPlayerUpdateSvc - ok
09:44:17.0194 2576 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:44:17.0256 2576 adp94xx - ok
09:44:17.0943 2576 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:44:17.0958 2576 adpahci - ok
09:44:17.0974 2576 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:44:18.0005 2576 adpu320 - ok
09:44:18.0036 2576 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:44:18.0036 2576 AeLookupSvc - ok
09:44:18.0099 2576 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:44:18.0114 2576 AFD - ok
09:44:18.0146 2576 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:44:18.0146 2576 agp440 - ok
09:44:18.0177 2576 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:44:18.0177 2576 ALG - ok
09:44:18.0192 2576 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:44:18.0208 2576 aliide - ok
09:44:18.0224 2576 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:44:18.0224 2576 amdide - ok
09:44:18.0270 2576 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:44:18.0302 2576 AmdK8 - ok
09:44:18.0302 2576 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:44:18.0317 2576 AmdPPM - ok
09:44:18.0364 2576 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:44:18.0380 2576 amdsata - ok
09:44:18.0411 2576 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:44:18.0442 2576 amdsbs - ok
09:44:18.0458 2576 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:44:18.0458 2576 amdxata - ok
09:44:18.0489 2576 [ 98449A2957778A6F025C418438A380F4 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
09:44:18.0520 2576 ApfiltrService - ok
09:44:18.0582 2576 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:44:18.0582 2576 AppID - ok
09:44:18.0614 2576 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:44:18.0614 2576 AppIDSvc - ok
09:44:18.0645 2576 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:44:18.0645 2576 Appinfo - ok
09:44:18.0676 2576 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
09:44:18.0707 2576 arc - ok
09:44:18.0723 2576 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:44:18.0738 2576 arcsas - ok
09:44:18.0770 2576 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:44:18.0770 2576 AsyncMac - ok
09:44:18.0816 2576 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:44:18.0816 2576 atapi - ok
09:44:18.0879 2576 [ 70260C7C98CC0101316F5B2650C3BB44 ] athr C:\Windows\system32\DRIVERS\athrx.sys
09:44:18.0972 2576 athr - ok
09:44:19.0019 2576 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:44:19.0035 2576 AudioEndpointBuilder - ok
09:44:19.0035 2576 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:44:19.0050 2576 AudioSrv - ok
09:44:19.0097 2576 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:44:19.0097 2576 AxInstSV - ok
09:44:19.0347 2576 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
09:44:19.0394 2576 b06bdrv - ok
09:44:19.0425 2576 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:44:19.0456 2576 b57nd60a - ok
09:44:19.0518 2576 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:44:19.0518 2576 BDESVC - ok
09:44:19.0534 2576 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:44:19.0534 2576 Beep - ok
09:44:19.0596 2576 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
09:44:19.0612 2576 BFE - ok
09:44:19.0659 2576 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
09:44:19.0674 2576 BITS - ok
09:44:19.0706 2576 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:44:19.0721 2576 blbdrive - ok
09:44:19.0768 2576 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:44:19.0768 2576 bowser - ok
09:44:19.0815 2576 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:44:19.0830 2576 BrFiltLo - ok
09:44:19.0846 2576 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:44:19.0862 2576 BrFiltUp - ok
09:44:19.0908 2576 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:44:19.0908 2576 Browser - ok
09:44:19.0924 2576 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:44:19.0955 2576 Brserid - ok
09:44:19.0986 2576 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:44:20.0002 2576 BrSerWdm - ok
09:44:20.0018 2576 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:44:20.0033 2576 BrUsbMdm - ok
09:44:20.0049 2576 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:44:20.0064 2576 BrUsbSer - ok
09:44:20.0080 2576 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:44:20.0096 2576 BTHMODEM - ok
09:44:20.0142 2576 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:44:20.0142 2576 bthserv - ok
09:44:20.0205 2576 [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64 C:\Windows\system32\drivers\BVRPMPR5a64.SYS
09:44:20.0236 2576 BVRPMPR5a64 - ok
09:44:20.0252 2576 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:44:20.0267 2576 cdfs - ok
09:44:20.0330 2576 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
09:44:20.0330 2576 cdrom - ok
09:44:20.0361 2576 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:44:20.0361 2576 CertPropSvc - ok
09:44:20.0408 2576 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:44:20.0423 2576 circlass - ok
09:44:20.0454 2576 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:44:20.0454 2576 CLFS - ok
09:44:20.0532 2576 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:44:20.0532 2576 clr_optimization_v2.0.50727_32 - ok
09:44:20.0579 2576 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:44:20.0579 2576 clr_optimization_v2.0.50727_64 - ok
09:44:20.0626 2576 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:44:20.0626 2576 CmBatt - ok
09:44:20.0642 2576 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:44:20.0657 2576 cmdide - ok
09:44:20.0704 2576 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
09:44:20.0720 2576 CNG - ok
09:44:20.0813 2576 [ C1EE6FA6A870132BB71F2C8830779C59 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
09:44:20.0860 2576 CnxtHdAudService - ok
09:44:20.0907 2576 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:44:20.0907 2576 Compbatt - ok
09:44:20.0954 2576 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:44:20.0954 2576 CompositeBus - ok
09:44:20.0969 2576 COMSysApp - ok
09:44:21.0188 2576 cpuz135 - ok
09:44:21.0219 2576 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:44:21.0234 2576 crcdisk - ok
09:44:21.0281 2576 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:44:21.0281 2576 CryptSvc - ok
09:44:21.0344 2576 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:44:21.0359 2576 DcomLaunch - ok
09:44:21.0437 2576 [ 34AE0DFA3EE3B5B9975042D87332D0B7 ] DefaultTabUpdate C:\Users\lindalou889\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
09:44:21.0437 2576 DefaultTabUpdate - ok
09:44:21.0468 2576 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:44:21.0468 2576 defragsvc - ok
09:44:21.0515 2576 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:44:21.0515 2576 DfsC - ok
09:44:21.0578 2576 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:44:21.0578 2576 Dhcp - ok
09:44:21.0609 2576 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:44:21.0609 2576 discache - ok
09:44:21.0983 2576 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:44:21.0983 2576 Disk - ok
09:44:22.0108 2576 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:44:22.0108 2576 Dnscache - ok
09:44:22.0155 2576 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:44:22.0155 2576 dot3svc - ok
09:44:22.0186 2576 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:44:22.0311 2576 DPS - ok
09:44:22.0436 2576 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:44:22.0436 2576 drmkaud - ok
09:44:22.0467 2576 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:44:22.0482 2576 DXGKrnl - ok
09:44:22.0529 2576 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:44:22.0529 2576 EapHost - ok
09:44:22.0841 2576 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
09:44:22.0935 2576 ebdrv - ok
09:44:23.0153 2576 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:44:23.0153 2576 EFS - ok
09:44:23.0216 2576 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:44:23.0231 2576 ehRecvr - ok
09:44:23.0247 2576 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:44:23.0262 2576 ehSched - ok
09:44:23.0309 2576 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:44:23.0340 2576 elxstor - ok
09:44:23.0465 2576 [ 91C2E6234F6884C6FEEF9658D8EDE6B6 ] ePowerSvc C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
09:44:23.0481 2576 ePowerSvc - ok
09:44:23.0512 2576 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:44:23.0512 2576 ErrDev - ok
09:44:23.0543 2576 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:44:23.0543 2576 EventSystem - ok
09:44:23.0590 2576 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:44:23.0590 2576 exfat - ok
09:44:23.0621 2576 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:44:23.0621 2576 fastfat - ok
09:44:23.0684 2576 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:44:23.0684 2576 Fax - ok
09:44:23.0715 2576 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:44:23.0730 2576 fdc - ok
09:44:23.0793 2576 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:44:23.0793 2576 fdPHost - ok
09:44:23.0824 2576 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:44:23.0824 2576 FDResPub - ok
09:44:23.0871 2576 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:44:23.0871 2576 FileInfo - ok
09:44:23.0886 2576 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:44:23.0886 2576 Filetrace - ok
09:44:23.0918 2576 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:44:23.0933 2576 flpydisk - ok
09:44:24.0167 2576 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:44:24.0167 2576 FltMgr - ok
09:44:24.0214 2576 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
09:44:24.0261 2576 FontCache - ok
09:44:24.0308 2576 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:44:24.0308 2576 FontCache3.0.0.0 - ok
09:44:24.0339 2576 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:44:24.0339 2576 FsDepends - ok
09:44:24.0370 2576 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:44:24.0370 2576 Fs_Rec - ok
09:44:24.0401 2576 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:44:24.0401 2576 fvevol - ok
09:44:24.0432 2576 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:44:24.0448 2576 gagp30kx - ok
09:44:24.0479 2576 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:44:24.0479 2576 gpsvc - ok
09:44:24.0526 2576 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
09:44:24.0526 2576 GREGService - ok
09:44:24.0557 2576 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:44:24.0557 2576 hcw85cir - ok
09:44:24.0604 2576 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:44:24.0604 2576 HdAudAddService - ok
09:44:24.0838 2576 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:44:24.0838 2576 HDAudBus - ok
09:44:24.0900 2576 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
09:44:24.0916 2576 HECIx64 - ok
09:44:24.0963 2576 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:44:24.0963 2576 HidBatt - ok
09:44:24.0978 2576 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:44:24.0994 2576 HidBth - ok
09:44:25.0025 2576 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:44:25.0041 2576 HidIr - ok
09:44:25.0072 2576 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
09:44:25.0072 2576 hidserv - ok
09:44:25.0119 2576 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
09:44:25.0119 2576 HidUsb - ok
09:44:25.0150 2576 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:44:25.0150 2576 hkmsvc - ok
09:44:25.0197 2576 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:44:25.0197 2576 HomeGroupListener - ok
09:44:25.0228 2576 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:44:25.0228 2576 HomeGroupProvider - ok
09:44:25.0259 2576 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:44:25.0275 2576 HpSAMD - ok
09:44:25.0322 2576 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:44:25.0322 2576 HTTP - ok
09:44:25.0353 2576 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:44:25.0353 2576 hwpolicy - ok
09:44:25.0602 2576 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:44:25.0618 2576 i8042prt - ok
09:44:25.0665 2576 [ 42E00996DFC13C46366689C0EA8ABC5E ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:44:25.0665 2576 iaStor - ok
09:44:25.0743 2576 [ 48362E5DB5CB2C000C514EE1F3890ACD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
09:44:25.0743 2576 IAStorDataMgrSvc - ok
09:44:25.0790 2576 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:44:25.0852 2576 iaStorV - ok
09:44:25.0899 2576 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:44:25.0914 2576 idsvc - ok
09:44:26.0133 2576 [ 7467AE8F96EA983423148C62458669FA ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
09:44:26.0523 2576 igfx - ok
09:44:26.0585 2576 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:44:26.0601 2576 iirsp - ok
09:44:26.0663 2576 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:44:26.0694 2576 IKEEXT - ok
09:44:26.0757 2576 [ C48567D80AD357613CD0EEADE18780AE ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
09:44:26.0772 2576 Impcd - ok
09:44:26.0819 2576 [ DA24C1F66EE1B5A92E045376D7A44B58 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
09:44:26.0850 2576 IntcDAud - ok
09:44:26.0897 2576 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:44:26.0913 2576 intelide - ok
09:44:26.0960 2576 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:44:26.0960 2576 intelppm - ok
09:44:26.0991 2576 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:44:27.0006 2576 IPBusEnum - ok
09:44:27.0038 2576 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:44:27.0038 2576 IpFilterDriver - ok
09:44:27.0100 2576 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:44:27.0116 2576 iphlpsvc - ok
09:44:27.0131 2576 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:44:27.0147 2576 IPMIDRV - ok
09:44:27.0194 2576 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:44:27.0194 2576 IPNAT - ok
09:44:27.0225 2576 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:44:27.0225 2576 IRENUM - ok
09:44:27.0240 2576 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:44:27.0240 2576 isapnp - ok
09:44:27.0272 2576 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:44:27.0272 2576 iScsiPrt - ok
09:44:27.0303 2576 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
09:44:27.0303 2576 kbdclass - ok
09:44:27.0334 2576 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:44:27.0334 2576 kbdhid - ok
09:44:27.0365 2576 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:44:27.0365 2576 KeyIso - ok
09:44:27.0396 2576 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:44:27.0396 2576 KSecDD - ok
09:44:27.0428 2576 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:44:27.0428 2576 KSecPkg - ok
09:44:27.0443 2576 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:44:27.0443 2576 ksthunk - ok
09:44:27.0490 2576 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:44:27.0490 2576 KtmRm - ok
09:44:27.0537 2576 [ 48686C29856F46443952A831424F8D6F ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
09:44:27.0537 2576 L1C - ok
09:44:27.0584 2576 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:44:27.0584 2576 LanmanServer - ok
09:44:27.0630 2576 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:44:27.0630 2576 LanmanWorkstation - ok
09:44:27.0786 2576 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:44:27.0896 2576 lltdio - ok
09:44:27.0927 2576 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:44:27.0927 2576 lltdsvc - ok
09:44:28.0208 2576 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:44:28.0208 2576 lmhosts - ok
09:44:28.0270 2576 [ 7485FBCEF9136F530953575E2977859D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
09:44:28.0270 2576 LMS - ok
09:44:28.0301 2576 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:44:28.0317 2576 LSI_FC - ok
09:44:28.0364 2576 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:44:28.0379 2576 LSI_SAS - ok
09:44:28.0395 2576 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:44:28.0410 2576 LSI_SAS2 - ok
09:44:28.0426 2576 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:44:28.0442 2576 LSI_SCSI - ok
09:44:28.0457 2576 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:44:28.0457 2576 luafv - ok
09:44:28.0488 2576 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:44:28.0488 2576 Mcx2Svc - ok
09:44:28.0520 2576 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:44:28.0535 2576 megasas - ok
09:44:28.0551 2576 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:44:28.0582 2576 MegaSR - ok
09:44:28.0629 2576 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:44:28.0629 2576 MMCSS - ok
09:44:28.0660 2576 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:44:28.0660 2576 Modem - ok
09:44:28.0691 2576 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:44:28.0691 2576 monitor - ok
09:44:28.0738 2576 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
09:44:28.0738 2576 mouclass - ok
09:44:28.0785 2576 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:44:28.0785 2576 mouhid - ok
09:44:28.0832 2576 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:44:28.0832 2576 mountmgr - ok
09:44:29.0066 2576 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
09:44:29.0066 2576 MpFilter - ok
09:44:29.0144 2576 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:44:29.0144 2576 mpio - ok
09:44:29.0190 2576 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:44:29.0190 2576 mpsdrv - ok
09:44:29.0284 2576 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:44:29.0300 2576 MpsSvc - ok
09:44:29.0346 2576 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:44:29.0346 2576 MRxDAV - ok
09:44:29.0378 2576 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:44:29.0378 2576 mrxsmb - ok
09:44:29.0393 2576 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:44:29.0409 2576 mrxsmb10 - ok
09:44:29.0424 2576 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:44:29.0424 2576 mrxsmb20 - ok
09:44:29.0440 2576 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:44:29.0456 2576 msahci - ok
09:44:29.0502 2576 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:44:29.0502 2576 msdsm - ok
09:44:29.0549 2576 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:44:29.0549 2576 MSDTC - ok
09:44:29.0596 2576 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:44:29.0596 2576 Msfs - ok
09:44:29.0627 2576 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:44:29.0627 2576 mshidkmdf - ok
09:44:29.0658 2576 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:44:29.0658 2576 msisadrv - ok
09:44:29.0830 2576 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:44:29.0830 2576 MSiSCSI - ok
09:44:29.0846 2576 msiserver - ok
09:44:29.0877 2576 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:44:29.0877 2576 MSKSSRV - ok
09:44:29.0968 2576 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
09:44:29.0968 2576 MsMpSvc - ok
09:44:30.0008 2576 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:44:30.0008 2576 MSPCLOCK - ok
09:44:30.0028 2576 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:44:30.0028 2576 MSPQM - ok
09:44:30.0058 2576 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:44:30.0068 2576 MsRPC - ok
09:44:30.0108 2576 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:44:30.0108 2576 mssmbios - ok
09:44:30.0118 2576 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:44:30.0128 2576 MSTEE - ok
09:44:30.0128 2576 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:44:30.0138 2576 MTConfig - ok
09:44:30.0168 2576 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:44:30.0168 2576 Mup - ok
09:44:30.0198 2576 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:44:30.0198 2576 napagent - ok
09:44:30.0258 2576 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:44:30.0268 2576 NativeWifiP - ok
09:44:30.0308 2576 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
09:44:30.0328 2576 NDIS - ok
09:44:30.0378 2576 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:44:30.0378 2576 NdisCap - ok
09:44:30.0398 2576 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:44:30.0398 2576 NdisTapi - ok
09:44:30.0638 2576 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:44:30.0654 2576 Ndisuio - ok
09:44:30.0669 2576 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:44:30.0685 2576 NdisWan - ok
09:44:30.0716 2576 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:44:30.0716 2576 NDProxy - ok
09:44:30.0810 2576 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
09:44:30.0919 2576 Nero BackItUp Scheduler 4.0 - ok
09:44:30.0950 2576 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:44:30.0950 2576 NetBIOS - ok
09:44:30.0981 2576 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:44:30.0981 2576 NetBT - ok
09:44:31.0012 2576 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:44:31.0012 2576 Netlogon - ok
09:44:31.0059 2576 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:44:31.0075 2576 Netman - ok
09:44:31.0106 2576 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:44:31.0137 2576 netprofm - ok
09:44:31.0153 2576 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:44:31.0153 2576 NetTcpPortSharing - ok
09:44:31.0215 2576 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:44:31.0215 2576 nfrd960 - ok
09:44:31.0262 2576 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:44:31.0278 2576 NisDrv - ok
09:44:31.0324 2576 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
09:44:31.0324 2576 NisSrv - ok
09:44:31.0387 2576 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:44:31.0387 2576 NlaSvc - ok
09:44:31.0402 2576 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:44:31.0402 2576 Npfs - ok
09:44:31.0434 2576 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:44:31.0434 2576 nsi - ok
09:44:31.0465 2576 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:44:31.0465 2576 nsiproxy - ok
09:44:31.0543 2576 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:44:31.0574 2576 Ntfs - ok
09:44:31.0636 2576 [ 5B3CE960C62DBE864BE9A0BD043A3E30 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
09:44:31.0652 2576 NTI IScheduleSvc - ok
09:44:31.0683 2576 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
09:44:31.0683 2576 NTIDrvr - ok
09:44:31.0699 2576 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:44:31.0699 2576 Null - ok
09:44:31.0730 2576 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:44:31.0746 2576 nvraid - ok
09:44:31.0792 2576 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:44:31.0824 2576 nvstor - ok
09:44:31.0839 2576 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:44:32.0089 2576 nv_agp - ok
09:44:32.0323 2576 [ BA7DAC1B8A86D9402C3E04E1FCAA600D ] ODDPwrSvc C:\Program Files\Gateway\Optical Drive Power Management\ODDPWRSvc.exe
09:44:32.0323 2576 ODDPwrSvc - ok
09:44:32.0401 2576 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:44:32.0401 2576 odserv - ok
09:44:32.0650 2576 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:44:32.0650 2576 ohci1394 - ok
09:44:32.0713 2576 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:44:32.0713 2576 ose - ok
09:44:32.0744 2576 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:44:32.0744 2576 p2pimsvc - ok
09:44:32.0791 2576 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:44:32.0791 2576 p2psvc - ok
09:44:33.0025 2576 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:44:33.0056 2576 Parport - ok
09:44:33.0087 2576 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:44:33.0087 2576 partmgr - ok
09:44:33.0118 2576 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:44:33.0118 2576 PcaSvc - ok
09:44:33.0274 2576 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:44:33.0274 2576 pci - ok
09:44:33.0399 2576 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:44:33.0399 2576 pciide - ok
09:44:33.0430 2576 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:44:33.0462 2576 pcmcia - ok
09:44:33.0477 2576 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:44:33.0477 2576 pcw - ok
09:44:33.0508 2576 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:44:33.0508 2576 PEAUTH - ok
09:44:33.0618 2576 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:44:33.0618 2576 PerfHost - ok
09:44:33.0696 2576 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:44:33.0742 2576 pla - ok
09:44:33.0805 2576 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:44:33.0805 2576 PlugPlay - ok
09:44:33.0836 2576 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:44:33.0836 2576 PNRPAutoReg - ok
09:44:33.0867 2576 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:44:33.0867 2576 PNRPsvc - ok
09:44:33.0898 2576 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:44:33.0914 2576 PolicyAgent - ok
09:44:33.0961 2576 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:44:33.0961 2576 Power - ok
09:44:33.0992 2576 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:44:33.0992 2576 PptpMiniport - ok
09:44:34.0023 2576 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:44:34.0039 2576 Processor - ok
09:44:34.0086 2576 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:44:34.0086 2576 ProfSvc - ok
09:44:34.0101 2576 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:44:34.0101 2576 ProtectedStorage - ok
09:44:34.0148 2576 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:44:34.0148 2576 Psched - ok
09:44:34.0413 2576 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:44:34.0476 2576 ql2300 - ok
09:44:34.0522 2576 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:44:34.0554 2576 ql40xx - ok
09:44:34.0585 2576 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:44:34.0585 2576 QWAVE - ok
09:44:34.0600 2576 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:44:34.0600 2576 QWAVEdrv - ok
09:44:34.0616 2576 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:44:34.0616 2576 RasAcd - ok
09:44:34.0663 2576 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:44:34.0663 2576 RasAgileVpn - ok
09:44:34.0694 2576 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:44:34.0694 2576 RasAuto - ok
09:44:34.0725 2576 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:44:34.0725 2576 Rasl2tp - ok
09:44:34.0772 2576 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:44:34.0788 2576 RasMan - ok
09:44:34.0803 2576 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:44:34.0803 2576 RasPppoe - ok
09:44:34.0819 2576 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:44:34.0834 2576 RasSstp - ok
09:44:35.0068 2576 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:44:35.0068 2576 rdbss - ok
09:44:35.0084 2576 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:44:35.0100 2576 rdpbus - ok
09:44:35.0146 2576 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:44:35.0146 2576 RDPCDD - ok
09:44:35.0146 2576 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:44:35.0146 2576 RDPENCDD - ok
09:44:35.0178 2576 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:44:35.0178 2576 RDPREFMP - ok
09:44:35.0256 2576 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:44:35.0256 2576 RDPWD - ok
09:44:35.0334 2576 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:44:35.0334 2576 rdyboost - ok
09:44:35.0365 2576 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:44:35.0365 2576 RemoteAccess - ok
09:44:35.0396 2576 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:44:35.0396 2576 RemoteRegistry - ok
09:44:35.0427 2576 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:44:35.0521 2576 RpcEptMapper - ok
09:44:35.0646 2576 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:44:35.0646 2576 RpcLocator - ok
09:44:35.0692 2576 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
09:44:35.0692 2576 RpcSs - ok
09:44:35.0739 2576 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:44:35.0739 2576 rspndr - ok
09:44:35.0770 2576 [ 79BAD3E977966AF21DF982DEF5A99C76 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
09:44:35.0786 2576 RSUSBSTOR - ok
09:44:35.0802 2576 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:44:35.0802 2576 SamSs - ok
09:44:35.0817 2576 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:44:35.0848 2576 sbp2port - ok
09:44:35.0864 2576 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:44:35.0880 2576 SCardSvr - ok
09:44:35.0911 2576 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:44:35.0911 2576 scfilter - ok
09:44:35.0958 2576 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:44:36.0004 2576 Schedule - ok
09:44:36.0020 2576 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:44:36.0020 2576 SCPolicySvc - ok
09:44:36.0051 2576 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:44:36.0051 2576 SDRSVC - ok
09:44:36.0098 2576 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:44:36.0114 2576 secdrv - ok
09:44:36.0145 2576 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:44:36.0145 2576 seclogon - ok
09:44:36.0192 2576 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
09:44:36.0192 2576 SENS - ok
09:44:36.0207 2576 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:44:36.0207 2576 SensrSvc - ok
09:44:36.0223 2576 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:44:36.0238 2576 Serenum - ok
09:44:36.0270 2576 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:44:36.0285 2576 Serial - ok
09:44:36.0316 2576 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:44:36.0332 2576 sermouse - ok
09:44:36.0363 2576 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:44:36.0363 2576 SessionEnv - ok
09:44:36.0394 2576 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:44:36.0394 2576 sffdisk - ok
09:44:36.0410 2576 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:44:36.0410 2576 sffp_mmc - ok
09:44:36.0410 2576 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:44:36.0410 2576 sffp_sd - ok
09:44:36.0441 2576 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:44:36.0457 2576 sfloppy - ok
09:44:36.0472 2576 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:44:36.0488 2576 SharedAccess - ok
09:44:36.0535 2576 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:44:36.0535 2576 ShellHWDetection - ok
09:44:36.0566 2576 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:44:36.0582 2576 SiSRaid2 - ok
09:44:36.0613 2576 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:44:36.0613 2576 SiSRaid4 - ok
09:44:36.0628 2576 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:44:36.0644 2576 Smb - ok
09:44:36.0675 2576 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:44:36.0675 2576 SNMPTRAP - ok
09:44:36.0691 2576 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:44:36.0691 2576 spldr - ok
09:44:36.0722 2576 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
09:44:36.0722 2576 Spooler - ok
09:44:36.0831 2576 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:44:36.0925 2576 sppsvc - ok
09:44:36.0956 2576 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:44:36.0956 2576 sppuinotify - ok
09:44:36.0987 2576 [ 76C4B0E95D6EFBA7A48E24038691286A ] SQTECH900C C:\Windows\system32\Drivers\Capt900C.sys
09:44:37.0018 2576 SQTECH900C - ok
09:44:37.0050 2576 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:44:37.0065 2576 srv - ok
09:44:37.0081 2576 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:44:37.0096 2576 srv2 - ok
09:44:37.0128 2576 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:44:37.0128 2576 srvnet - ok
09:44:37.0174 2576 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:44:37.0174 2576 SSDPSRV - ok
09:44:37.0190 2576 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:44:37.0190 2576 SstpSvc - ok
09:44:37.0221 2576 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:44:37.0237 2576 stexstor - ok
09:44:37.0284 2576 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:44:37.0299 2576 stisvc - ok
09:44:37.0346 2576 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
09:44:37.0362 2576 swenum - ok
09:44:37.0408 2576 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:44:37.0424 2576 swprv - ok
09:44:37.0486 2576 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:44:37.0549 2576 SysMain - ok
09:44:37.0564 2576 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:44:37.0580 2576 TabletInputService - ok
09:44:37.0596 2576 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:44:37.0596 2576 TapiSrv - ok
09:44:37.0627 2576 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:44:37.0627 2576 TBS - ok
09:44:37.0720 2576 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:44:37.0767 2576 Tcpip - ok
09:44:37.0814 2576 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:44:37.0814 2576 TCPIP6 - ok
09:44:37.0845 2576 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:44:37.0845 2576 tcpipreg - ok
09:44:37.0892 2576 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:44:37.0892 2576 TDPIPE - ok
09:44:38.0157 2576 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:44:38.0157 2576 TDTCP - ok
09:44:38.0188 2576 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:44:38.0188 2576 tdx - ok
09:44:38.0220 2576 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:44:38.0220 2576 TermDD - ok
09:44:38.0469 2576 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:44:38.0485 2576 TermService - ok
09:44:38.0516 2576 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:44:38.0516 2576 Themes - ok
09:44:38.0532 2576 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:44:38.0532 2576 THREADORDER - ok
09:44:38.0563 2576 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:44:38.0563 2576 TrkWks - ok
09:44:38.0610 2576 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:44:38.0625 2576 TrustedInstaller - ok
09:44:38.0656 2576 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:44:38.0656 2576 tssecsrv - ok
09:44:38.0719 2576 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:44:38.0719 2576 TsUsbFlt - ok
09:44:38.0766 2576 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:44:38.0766 2576 tunnel - ok
09:44:38.0797 2576 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:44:38.0812 2576 uagp35 - ok
09:44:38.0844 2576 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
09:44:38.0844 2576 UBHelper - ok
09:44:38.0875 2576 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:44:38.0890 2576 udfs - ok
09:44:38.0922 2576 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:44:38.0922 2576 UI0Detect - ok
09:44:38.0953 2576 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:44:38.0953 2576 uliagpkx - ok
09:44:39.0000 2576 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
09:44:39.0000 2576 umbus - ok
09:44:39.0031 2576 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:44:39.0046 2576 UmPass - ok
09:44:39.0202 2576 [ 765F2DD351BA064F657751D8D75E58C0 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
09:44:39.0265 2576 UNS - ok
09:44:39.0312 2576 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
09:44:39.0312 2576 Updater Service - ok
09:44:39.0343 2576 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:44:39.0343 2576 upnphost - ok
09:44:39.0374 2576 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:44:39.0374 2576 usbccgp - ok
09:44:39.0405 2576 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:44:39.0421 2576 usbcir - ok
09:44:39.0436 2576 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
09:44:39.0436 2576 usbehci - ok
09:44:39.0483 2576 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:44:39.0483 2576 usbhub - ok
09:44:39.0499 2576 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:44:39.0499 2576 usbohci - ok
09:44:39.0546 2576 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:44:39.0546 2576 usbprint - ok
09:44:39.0608 2576 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:44:39.0624 2576 usbscan - ok
09:44:39.0639 2576 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
09:44:39.0655 2576 USBSTOR - ok
09:44:39.0670 2576 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:44:39.0670 2576 usbuhci - ok
09:44:39.0733 2576 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:44:39.0733 2576 usbvideo - ok
09:44:39.0764 2576 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:44:39.0764 2576 UxSms - ok
09:44:39.0780 2576 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:44:39.0780 2576 VaultSvc - ok
09:44:39.0811 2576 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:44:39.0811 2576 vdrvroot - ok
09:44:39.0858 2576 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:44:39.0873 2576 vds - ok
09:44:39.0889 2576 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:44:39.0889 2576 vga - ok
09:44:39.0920 2576 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:44:39.0920 2576 VgaSave - ok
09:44:39.0951 2576 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:44:39.0951 2576 vhdmp - ok
09:44:39.0982 2576 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:44:39.0998 2576 viaide - ok
09:44:40.0029 2576 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:44:40.0029 2576 volmgr - ok
09:44:40.0060 2576 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:44:40.0060 2576 volmgrx - ok
09:44:40.0076 2576 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:44:40.0076 2576 volsnap - ok
09:44:40.0123 2576 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:44:40.0154 2576 vsmraid - ok
09:44:40.0216 2576 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:44:40.0263 2576 VSS - ok
09:44:40.0279 2576 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:44:40.0294 2576 vwifibus - ok
09:44:40.0294 2576 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:44:40.0294 2576 vwififlt - ok
09:44:40.0357 2576 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:44:40.0372 2576 W32Time - ok
09:44:40.0404 2576 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:44:40.0419 2576 WacomPen - ok
09:44:40.0450 2576 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:44:40.0450 2576 WANARP - ok
09:44:40.0450 2576 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:44:40.0450 2576 Wanarpv6 - ok
09:44:40.0731 2576 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:44:41.0028 2576 WatAdminSvc - ok
09:44:41.0090 2576 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:44:41.0121 2576 wbengine - ok
09:44:41.0152 2576 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:44:41.0152 2576 WbioSrvc - ok
09:44:41.0184 2576 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:44:41.0184 2576 wcncsvc - ok
09:44:41.0215 2576 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:44:41.0215 2576 WcsPlugInService - ok
09:44:41.0230 2576 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:44:41.0246 2576 Wd - ok
09:44:41.0277 2576 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:44:41.0277 2576 Wdf01000 - ok
09:44:41.0293 2576 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:44:41.0293 2576 WdiServiceHost - ok
09:44:41.0308 2576 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:44:41.0308 2576 WdiSystemHost - ok
09:44:41.0324 2576 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:44:41.0340 2576 WebClient - ok
09:44:41.0371 2576 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:44:41.0371 2576 Wecsvc - ok
09:44:41.0371 2576 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:44:41.0386 2576 wercplsupport - ok
09:44:41.0402 2576 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:44:41.0402 2576 WerSvc - ok
09:44:41.0449 2576 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:44:41.0449 2576 WfpLwf - ok
09:44:41.0464 2576 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:44:41.0464 2576 WIMMount - ok
09:44:41.0480 2576 WinDefend - ok
09:44:41.0480 2576 WinHttpAutoProxySvc - ok
09:44:41.0542 2576 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:44:41.0558 2576 Winmgmt - ok
09:44:41.0620 2576 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:44:41.0683 2576 WinRM - ok
09:44:41.0745 2576 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:44:41.0761 2576 Wlansvc - ok
09:44:41.0792 2576 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:44:41.0792 2576 WmiAcpi - ok
09:44:41.0823 2576 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:44:41.0823 2576 wmiApSrv - ok
09:44:41.0854 2576 WMPNetworkSvc - ok
09:44:41.0886 2576 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:44:41.0886 2576 WPCSvc - ok
09:44:41.0932 2576 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:44:41.0932 2576 WPDBusEnum - ok
09:44:41.0948 2576 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:44:41.0948 2576 ws2ifsl - ok
09:44:41.0979 2576 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
09:44:41.0979 2576 wscsvc - ok
09:44:41.0979 2576 WSearch - ok
09:44:42.0057 2576 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:44:42.0120 2576 wuauserv - ok
09:44:42.0322 2576 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:44:42.0322 2576 WudfPf - ok
09:44:42.0556 2576 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:44:42.0572 2576 WUDFRd - ok
09:44:42.0588 2576 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:44:42.0603 2576 wudfsvc - ok
09:44:42.0634 2576 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:44:42.0634 2576 WwanSvc - ok
09:44:42.0666 2576 ================ Scan global ===============================
09:44:42.0900 2576 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:44:42.0946 2576 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:44:42.0946 2576 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:44:42.0978 2576 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:44:42.0993 2576 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:44:43.0009 2576 [Global] - ok
09:44:43.0009 2576 ================ Scan MBR ==================================
09:44:43.0024 2576 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:44:43.0867 2576 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:44:43.0867 2576 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:44:43.0867 2576 ================ Scan VBR ==================================
09:44:43.0867 2576 [ 7CC2D4A88D75AE215F29FB40E31C3B9D ] \Device\Harddisk0\DR0\Partition1
09:44:43.0867 2576 \Device\Harddisk0\DR0\Partition1 - ok
09:44:43.0898 2576 [ CEAD0A211B478A558C6813E1AEECA873 ] \Device\Harddisk0\DR0\Partition2
09:44:43.0898 2576 \Device\Harddisk0\DR0\Partition2 - ok
09:44:43.0898 2576 ============================================================
09:44:43.0898 2576 Scan finished
09:44:43.0898 2576 ============================================================
09:44:43.0914 0468 Detected object count: 1
09:44:43.0914 0468 Actual detected object count: 1
09:45:00.0902 0468 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:45:00.0902 0468 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


#5 miztrniceguy

miztrniceguy
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 04 November 2012 - 10:51 AM

aswMBR running. dou you want me to tell it to fix anything when scan is done, or just save the log and post it?

Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


#6 miztrniceguy

miztrniceguy
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 04 November 2012 - 11:28 AM

Asw report:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-04 09:46:28
-----------------------------
09:46:28.296 OS Version: Windows x64 6.1.7601 Service Pack 1
09:46:28.296 Number of processors: 4 586 0x2502
09:46:28.296 ComputerName: LINDALOU889-PC UserName: lindalou889
09:46:29.778 Initialize success
09:48:05.030 AVAST engine defs: 12110400
09:48:06.792 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:48:06.792 Disk 0 Vendor: Size: 0MB BusType: 0
09:48:06.808 Disk 0 MBR read successfully
09:48:06.808 Disk 0 MBR scan
09:48:06.902 Disk 0 Windows 7 default MBR code
09:48:06.902 Disk 0 MBR hidden
09:48:07.058 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13319 MB offset 63
09:48:07.198 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 27278370
09:48:07.229 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463517 MB offset 27487215
09:48:07.292 Disk 0 scanning C:\Windows\system32\drivers
09:48:26.012 Service scanning
09:49:14.493 Modules scanning
09:49:14.509 Disk 0 trace - called modules:
09:49:15.055 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:49:15.055 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006fe0060]
09:49:15.071 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004faf050]
09:49:17.816 AVAST engine scan C:\Windows
09:49:25.772 AVAST engine scan C:\Windows\system32
09:54:02.002 AVAST engine scan C:\Windows\system32\drivers
09:54:23.592 AVAST engine scan C:\Users\lindalou889
09:55:18.848 AVAST engine scan C:\ProgramData
09:55:48.940 Scan finished successfully
10:26:54.664 Disk 0 MBR has been saved successfully to "C:\Users\lindalou889\Desktop\MBR.dat"
10:26:54.664 The log file has been saved successfully to "C:\Users\lindalou889\Desktop\aswMBR.txt"

Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


#7 miztrniceguy

miztrniceguy
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 04 November 2012 - 11:49 AM

Just saved asw log, did not have it do anything. ESET scanning now. Will post after I get back from church.

Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


#8 miztrniceguy

miztrniceguy
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 04 November 2012 - 12:06 PM

C:\TDSSKiller_Quarantine\03.11.2012_20.17.08\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined

Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:47 PM

Posted 04 November 2012 - 12:08 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#10 miztrniceguy

miztrniceguy
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 04 November 2012 - 12:18 PM

MBAM is my regular program but I am running a new scan. Last one earlier today was clean but running a new one. here is the minitoolbox report.

MiniToolBox by Farbar Version: 23-07-2012
Ran by lindalou889 (administrator) on 04-11-2012 at 11:15:37
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Connected)
Atheros AR5B93 Wireless Network Adapter = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : lindalou889-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5B93 Wireless Network Adapter
Physical Address. . . . . . . . . : 78-E4-00-EC-34-BC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 70-5A-B6-F2-CB-EF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b40c:49e9:88:3013%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.224(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, November 04, 2012 8:06:37 AM
Lease Expires . . . . . . . . . . : Monday, November 05, 2012 10:25:58 AM
Default Gateway . . . . . . . . . : fe80::21c4:d70f:36f7:ed74%10
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 242244278
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-4F-25-8D-70-5A-B6-F2-CB-EF
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{85EFCDE4-2A3C-4A3D-8C7A-15E34B417207}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C2CC3C53-87FB-46B7-8A2D-C88C1A08B380}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:2094:293f:3f57:fe1f(Preferred)
Link-local IPv6 Address . . . . . : fe80::2094:293f:3f57:fe1f%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: my.router
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4009:803::100e
74.125.225.128
74.125.225.129
74.125.225.130
74.125.225.131
74.125.225.132
74.125.225.133
74.125.225.134
74.125.225.135
74.125.225.136
74.125.225.137
74.125.225.142


Pinging google.com [74.125.225.142] with 32 bytes of data:
Reply from 74.125.225.142: bytes=32 time=27ms TTL=54
Reply from 74.125.225.142: bytes=32 time=22ms TTL=54

Ping statistics for 74.125.225.142:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 22ms, Maximum = 27ms, Average = 24ms
Server: my.router
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=73ms TTL=52
Reply from 72.30.38.140: bytes=32 time=99ms TTL=52

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 73ms, Maximum = 99ms, Average = 86ms
Server: my.router
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...78 e4 00 ec 34 bc ......Atheros AR5B93 Wireless Network Adapter
10...70 5a b6 f2 cb ef ......Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.224 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.224 266
192.168.1.224 255.255.255.255 On-link 192.168.1.224 266
192.168.1.255 255.255.255.255 On-link 192.168.1.224 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.224 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.224 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
10 266 ::/0 fe80::21c4:d70f:36f7:ed74
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:9d38:6ab8:2094:293f:3f57:fe1f/128
On-link
10 266 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::2094:293f:3f57:fe1f/128
On-link
10 266 fe80::b40c:49e9:88:3013/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
10 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/04/2012 11:09:13 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/04/2012 09:48:35 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/04/2012 09:48:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/04/2012 09:39:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/04/2012 09:39:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/04/2012 09:39:36 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/04/2012 09:39:36 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/04/2012 09:38:57 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (11/04/2012 09:37:53 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/04/2012 08:07:35 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (11/04/2012 10:19:46 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (11/04/2012 10:05:00 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (11/04/2012 10:03:58 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (11/04/2012 09:59:52 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (11/04/2012 09:58:51 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (11/04/2012 09:30:58 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (11/04/2012 09:25:51 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (11/04/2012 09:24:29 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (11/04/2012 09:11:31 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (11/04/2012 08:53:23 AM) (Source: DCOM) (User: )
Description: {216DA6DC-BFD5-4724-817A-05A759C8F9A2}


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Advertising Center (Version: 0.0.0.2)
ALPS Touch Pad Driver (Version: 7.106.2020.110)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.27)
Backup Manager Basic (Version: 2.0.0.60)
CCleaner (Version: 3.24)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HD Audio (Version: 4.121.0.50)
DefaultTab (Version: 1.2.6.0)
ESET Online Scanner v3
Gateway InfoCentre (Version: 3.02.3000)
Gateway MyBackup (Version: 2.0.0.60)
Gateway Power Management (Version: 5.00.3003)
Gateway Recovery Management (Version: 4.05.3011)
Gateway Registration (Version: 1.03.3002)
Gateway ScreenSaver (Version: 1.1.0407.2010)
Gateway Updater (Version: 1.02.3001)
Glowing Touchpad (Version: 1.00.3000)
Identity Card (Version: 1.00.3003)
ImagXpress (Version: 7.0.74.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2057)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.5.6.1001)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 14.0.8089.726)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Windows Debugging Symbols (Version: 7601)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 16.0.2 (x86 en-US) (Version: 16.0.2)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 9 Essentials
Nero ControlCenter (Version: 9.0.0.1)
Nero DiscSpeed (Version: 5.4.13.100)
Nero DiscSpeed Help (Version: 5.4.4.100)
Nero DriveSpeed (Version: 4.4.12.100)
Nero DriveSpeed Help (Version: 4.4.4.100)
Nero Express Help (Version: 9.6.2.101)
Nero InfoTool (Version: 6.4.12.100)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero StartSmart (Version: 9.4.37.100)
Nero StartSmart Help (Version: 9.4.27.100)
Nero StartSmart OEM (Version: 9.4.10.100)
NeroExpress (Version: 9.4.33.100)
neroxml (Version: 1.0.0)
Optical Drive Power Management (Version: 1.01.3007)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30117)
Speccy (Version: 1.18)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Video Web Camera (Version: 1.7.118.312)
Welcome Center (Version: 1.01.3002)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)

========================= Memory info: ===================================

Percentage of memory in use: 54%
Total physical RAM: 3766.66 MB
Available physical RAM: 1716.15 MB
Total Pagefile: 7531.5 MB
Available Pagefile: 5407.9 MB
Total Virtual: 4095.88 MB
Available Virtual: 3972.26 MB

========================= Partitions: =====================================

1 Drive c: (Gateway) (Fixed) (Total:452.65 GB) (Free:411.55 GB) NTFS

========================= Users: ========================================

User accounts for \\LINDALOU889-PC

Administrator Andrew Guest
lindalou889

========================= Restore Points ==================================


**** End of log ****

Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


#11 miztrniceguy

miztrniceguy
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 04 November 2012 - 04:06 PM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.04.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
lindalou889 :: LINDALOU889-PC [limited]

11/4/2012 11:12:51 AM
mbam-log-2012-11-04 (11-12-51).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 409285
Time elapsed: 1 hour(s), 13 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Farbar Service Scanner Version: 04-11-2012
Ran by lindalou889 (administrator) on 04-11-2012 at 15:06:10
Running from "C:\Users\Lindalou889\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


#12 miztrniceguy

miztrniceguy
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 04 November 2012 - 04:08 PM

# AdwCleaner v2.006 - Logfile created 11/04/2012 at 15:09:06
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : lindalou889 - LINDALOU889-PC
# Boot Mode : Normal
# Running from : C:\Users\Lindalou889\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\lindalou889\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\lindalou889\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\lindalou889\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\lindalou889\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F9E44926-2497-46F3-8A25-928136AC079E}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [m3ffxtbr@mywebsearch.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\lindalou889\AppData\Roaming\Mozilla\Firefox\Profiles\y7djnm4u.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\lindalou889\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6606 octets] - [04/11/2012 15:07:47]
AdwCleaner[S1].txt - [5921 octets] - [04/11/2012 15:09:06]

########## EOF - C:\AdwCleaner[S1].txt - [5981 octets] ##########

Edited by miztrniceguy, 04 November 2012 - 04:11 PM.

Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


#13 miztrniceguy

miztrniceguy
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 04 November 2012 - 04:19 PM

Junkware Removal Tool (JRT) by Thisisu
Version: 2.6.2 (11.04.2012)
OS: Windows 7 Home Premium x64
Ran by lindalou889 on Sun 11/04/2012 at 15:12:46.14
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_classes_root\clsid\{7f6afbf1-e065-4627-a2fd-810366367d01}
Successfully deleted: [KEY] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{7f6afbf1-e065-4627-a2fd-810366367d01}
Successfully deleted: [KEY] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired

Removed the following from [prefs.js] :

user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
user_pref("weboftrust.search.google.urlign", "^http(s)?\\:\\/\\/((www|encrypted)\\.)?google\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/(\\+|a\\/|accounts|ad(s|manager|planner|sense|words)|alerts|analytics|apps|appserve|base|calendar|chrome(frame)?|codesearch|comparisonads|corporate|crisisresponse|datacenter|dfp|dictionary|doodle|educators|enterprise|events|experimental|familysafety|finance|flutrends|friendconnect|goog411|googlebooks|googlenotebook|googlevoice|gwt|help|history|hostednews|images|imgres|ime|insights|landing|local|logos|mapmaker|maps|mobile|moon|music|newproducts|news|notebook|patents|phone|postini|powermeter|press|profiles|publicdata|puzzles|onlinechallenge|racing|reader|recaptcha|relief|services|s2|sitesearch|sky|smallbusinessnetwork|squared|submit|support|sync|talk|toolbar|ventures|voice|wallet|web(masters|elements)|intl\\/[^\\/]+\\/.+|search\\\\?.*tbm=isch)");


*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Sun 11/04/2012 at 15:16:54.73
End of Report

Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 


#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:47 PM

Posted 04 November 2012 - 05:41 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#15 miztrniceguy

miztrniceguy
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 04 November 2012 - 05:46 PM

Rkill 2.4.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/04/2012 04:43:00 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\Lindalou889\Downloads\JRT.exe (PID: 3912) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\lindalou889\Desktop\rkill\rkill-11-04-2012-04-43-06.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 11/04/2012 04:43:20 PM
Execution time: 0 hours(s), 0 minute(s), and 20 seconds(s)



"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Acer ePower Management" "ePowerTray" "Acer Incorporated" "c:\program files\gateway\gateway power management\epowertray.exe"
+ "Apoint" "Alps Pointing-device Driver" "Alps Electric Co., Ltd." "c:\program files\apoint2k\apoint.exe"
+ "cAudioFilterAgent" "Conexant High Definition Audio Filter Agent" "Conexant Systems, Inc." "c:\program files\conexant\caudiofilteragent\caudiofilteragent64.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "ODDPwr" "ODDPWR" "Acer Incorporated" "c:\program files\gateway\optical drive power management\oddpwr.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "PLFSetI" "DefaultSettingEXE MFC Application" "" "c:\windows\plfseti.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "BackupManagerTray" "Gateway MyBackup" "NewTech Infosystems, Inc." "c:\program files (x86)\newtech infosystems\gateway mybackup\backupmanagertray.exe"
+ "IAStorIcon" "IAStorIcon" "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\oracle\javafx 2.1 runtime\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\oracle\javafx 2.1 runtime\bin\ssv.dll"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\onbttnie.dll"
"Task Scheduler" "" "" ""
+ "\0" "Internet Explorer" "Microsoft Corporation" "c:\program files (x86)\internet explorer\iexplore.exe"
+ "\4792" "" "" "File not found: C:\Users\LINDAL~1\AppData\Local\Temp\launchie.vbs"
+ "\GoogleUpdateTaskUserS-1-5-21-3631905932-822845258-2509747697-1000Core" "" "" "File not found: C:\Users\lindalou889\AppData\Local\Google\Update\GoogleUpdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-3631905932-822845258-2509747697-1000UA" "" "" "File not found: C:\Users\lindalou889\AppData\Local\Google\Update\GoogleUpdate.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Microsoft Antimalware\MpIdleTask" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\RealUpgradeLogonTaskS-1-5-21-3631905932-822845258-2509747697-1000" "" "" "File not found: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe"
+ "\RealUpgradeScheduledTaskS-1-5-21-3631905932-822845258-2509747697-1000" "" "" "File not found: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "ePowerSvc" "Acer ePower Service" "Acer Incorporated" "c:\program files\gateway\gateway power management\epowersvc.exe"
+ "GREGService" "Global Registration Service" "Acer Incorporated" "c:\program files (x86)\gateway\registration\gregsvc.exe"
+ "IAStorDataMgrSvc" "Provides storage event notification and manages communication between the storage driver and user space applications." "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe"
+ "LMS" "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "Nero BackItUp Scheduler 4.0" "Nero BackItUp Scheduler 4.0 is responsible to control all jobs created using Nero BackItUp. These jobs can create backups of selected files/folders/partitions or complete hard disk to hard disk, network drive, disc or FTP." "Nero AG" "c:\program files (x86)\common files\nero\nero backitup 4\nbservice.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "NTI IScheduleSvc" "NTI IShadow Manage backup/Sync jobs and etc..." "NewTech Infosystems, Inc." "c:\program files (x86)\newtech infosystems\gateway mybackup\ischedulesvc.exe"
+ "ODDPwrSvc" "Acer ODD Power Service" "Acer Incorporated" "c:\program files\gateway\optical drive power management\oddpwrsvc.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"
+ "Updater Service" "Updater Service" "Acer Group" "c:\program files\gateway\gateway updater\updaterservice.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "ApfiltrService" "Alps Touch Pad Driver" "Alps Electric Co., Ltd." "c:\windows\system32\drivers\apfiltr.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "athr" "Atheros Extensible Wireless LAN device driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\athrx.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "BVRPMPR5a64" "BVRP NDIS 5.0 MPR Protocol Driver" "Avanquest Software" "c:\windows\system32\drivers\bvrpmpr5a64.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "CnxtHdAudService" "64-bit High Definition Audio Function Driver" "Conexant Systems Inc." "c:\windows\system32\drivers\chdrt64.sys"
+ "cpuz135" "" "" "File not found: C:\Users\LINDAL~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HECIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "Impcd" "Intel® Turbo Boost Technology Driver" "Intel Corporation" "c:\windows\system32\drivers\impcd.sys"
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys"
+ "L1C" "Atheros L1c PCI-E Gigabit Ethernet Controller" "Atheros Communications, Inc." "c:\windows\system32\drivers\l1c62x64.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "NTIDrvr" "NTI CD-ROM Filter Driver" "NewTech Infosystems, Inc." "c:\windows\system32\drivers\ntidrvr.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RSUSBSTOR" "Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsustor.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "Serial" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\serial.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "SQTECH900C" "Universal Serial Bus Camera Driver" "Service & Quality Technology." "c:\windows\system32\drivers\capt900c.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "UBHelper" "NTI CDROM Filter Driver" "NewTech Infosystems Corporation" "c:\windows\system32\drivers\ubhelper.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "PCL hpf3lw73" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpf3lw73.dll"

Asus P8Z77-V motherboard, Intel i5-3570K unlocked Quad Core cpu, 16GB Corsair Vengeance 1866Mhz ram
CoolerMaster Hyper 212 EVO cpu cooler, Samsung 128GB SSD with Win7 Pro, WD 500GB drive for data
Asus DVD writer, Corsair 600W PSU

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users