Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Firewall wont start


  • Please log in to reply
10 replies to this topic

#1 ogproof

ogproof

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 01 December 2012 - 05:07 PM

Hi, whenever I try to start my firewall it gives me the error message "Windows firewall can't change some of your settings Error code 0x80070424". Haven't tried anything yet.

Here is the TDSSKILLER LOG

17:03:57.0578 7224 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:03:58.0217 7224 ============================================================
17:03:58.0217 7224 Current date / time: 2012/12/01 17:03:58.0217
17:03:58.0217 7224 SystemInfo:
17:03:58.0217 7224
17:03:58.0217 7224 OS Version: 6.1.7601 ServicePack: 1.0
17:03:58.0217 7224 Product type: Workstation
17:03:58.0217 7224 ComputerName: MIKE-PC
17:03:58.0218 7224 UserName: Mike
17:03:58.0218 7224 Windows directory: C:\Windows
17:03:58.0218 7224 System windows directory: C:\Windows
17:03:58.0218 7224 Running under WOW64
17:03:58.0218 7224 Processor architecture: Intel x64
17:03:58.0218 7224 Number of processors: 8
17:03:58.0218 7224 Page size: 0x1000
17:03:58.0218 7224 Boot type: Normal boot
17:03:58.0218 7224 ============================================================
17:03:59.0054 7224 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:03:59.0067 7224 ============================================================
17:03:59.0067 7224 \Device\Harddisk0\DR0:
17:03:59.0068 7224 MBR partitions:
17:03:59.0068 7224 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
17:03:59.0068 7224 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x3A321000
17:03:59.0068 7224 ============================================================
17:03:59.0178 7224 C: <-> \Device\Harddisk0\DR0\Partition2
17:03:59.0178 7224 ============================================================
17:03:59.0179 7224 Initialize success
17:03:59.0179 7224 ============================================================
17:04:26.0046 5692 ============================================================
17:04:26.0046 5692 Scan started
17:04:26.0046 5692 Mode: Manual; TDLFS;
17:04:26.0046 5692 ============================================================
17:04:26.0700 5692 ================ Scan system memory ========================
17:04:26.0700 5692 System memory - ok
17:04:26.0701 5692 ================ Scan services =============================
17:04:28.0277 5692 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
17:04:28.0278 5692 1394ohci - ok
17:04:28.0335 5692 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:04:28.0337 5692 ACPI - ok
17:04:28.0400 5692 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:04:28.0401 5692 AcpiPmi - ok
17:04:28.0672 5692 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:04:28.0672 5692 AdobeARMservice - ok
17:04:30.0161 5692 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:04:30.0162 5692 AdobeFlashPlayerUpdateSvc - ok
17:04:30.0327 5692 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:04:30.0329 5692 adp94xx - ok
17:04:30.0402 5692 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:04:30.0403 5692 adpahci - ok
17:04:30.0448 5692 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:04:30.0449 5692 adpu320 - ok
17:04:30.0528 5692 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:04:30.0529 5692 AeLookupSvc - ok
17:04:30.0619 5692 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:04:30.0621 5692 AFD - ok
17:04:30.0682 5692 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:04:30.0683 5692 agp440 - ok
17:04:30.0705 5692 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:04:30.0705 5692 ALG - ok
17:04:30.0748 5692 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:04:30.0748 5692 aliide - ok
17:04:30.0977 5692 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:04:30.0978 5692 AMD External Events Utility - ok
17:04:31.0023 5692 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:04:31.0023 5692 amdide - ok
17:04:31.0080 5692 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:04:31.0080 5692 AmdK8 - ok
17:04:32.0385 5692 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:04:32.0424 5692 amdkmdag - ok
17:04:32.0493 5692 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:04:32.0494 5692 amdkmdap - ok
17:04:32.0542 5692 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
17:04:32.0543 5692 AmdPPM - ok
17:04:32.0600 5692 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:04:32.0601 5692 amdsata - ok
17:04:32.0684 5692 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
17:04:32.0685 5692 amdsbs - ok
17:04:32.0717 5692 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:04:32.0717 5692 amdxata - ok
17:04:32.0788 5692 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:04:32.0788 5692 AppID - ok
17:04:32.0853 5692 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:04:32.0854 5692 AppIDSvc - ok
17:04:32.0861 5692 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:04:32.0862 5692 Appinfo - ok
17:04:32.0885 5692 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
17:04:32.0886 5692 arc - ok
17:04:32.0935 5692 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:04:32.0936 5692 arcsas - ok
17:04:33.0323 5692 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:04:33.0323 5692 aspnet_state - ok
17:04:33.0403 5692 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:04:33.0403 5692 AsyncMac - ok
17:04:33.0527 5692 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:04:33.0527 5692 atapi - ok
17:04:33.0639 5692 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
17:04:33.0640 5692 AtiHDAudioService - ok
17:04:33.0768 5692 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:04:33.0771 5692 AudioEndpointBuilder - ok
17:04:33.0850 5692 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:04:33.0853 5692 AudioSrv - ok
17:04:33.0927 5692 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:04:33.0927 5692 AxInstSV - ok
17:04:34.0037 5692 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
17:04:34.0039 5692 b06bdrv - ok
17:04:34.0133 5692 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:04:34.0134 5692 b57nd60a - ok
17:04:34.0168 5692 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:04:34.0169 5692 BDESVC - ok
17:04:34.0203 5692 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:04:34.0204 5692 Beep - ok
17:04:34.0301 5692 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
17:04:34.0305 5692 BITS - ok
17:04:34.0358 5692 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:04:34.0359 5692 blbdrive - ok
17:04:34.0443 5692 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:04:34.0444 5692 bowser - ok
17:04:34.0486 5692 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
17:04:34.0487 5692 BrFiltLo - ok
17:04:34.0503 5692 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
17:04:34.0503 5692 BrFiltUp - ok
17:04:34.0624 5692 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:04:34.0625 5692 Browser - ok
17:04:34.0663 5692 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:04:34.0664 5692 Brserid - ok
17:04:34.0667 5692 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:04:34.0667 5692 BrSerWdm - ok
17:04:34.0670 5692 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:04:34.0671 5692 BrUsbMdm - ok
17:04:34.0693 5692 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:04:34.0693 5692 BrUsbSer - ok
17:04:34.0697 5692 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:04:34.0698 5692 BTHMODEM - ok
17:04:34.0765 5692 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:04:34.0766 5692 bthserv - ok
17:04:34.0831 5692 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:04:34.0832 5692 cdfs - ok
17:04:34.0953 5692 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:04:34.0954 5692 cdrom - ok
17:04:34.0972 5692 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:04:34.0972 5692 CertPropSvc - ok
17:04:35.0005 5692 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
17:04:35.0005 5692 circlass - ok
17:04:35.0026 5692 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:04:35.0028 5692 CLFS - ok
17:04:35.0314 5692 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:04:35.0314 5692 clr_optimization_v2.0.50727_32 - ok
17:04:35.0601 5692 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:04:35.0601 5692 clr_optimization_v2.0.50727_64 - ok
17:04:36.0024 5692 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:04:36.0025 5692 clr_optimization_v4.0.30319_32 - ok
17:04:36.0063 5692 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:04:36.0064 5692 clr_optimization_v4.0.30319_64 - ok
17:04:36.0107 5692 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:04:36.0107 5692 CmBatt - ok
17:04:36.0166 5692 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:04:36.0166 5692 cmdide - ok
17:04:36.0273 5692 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:04:36.0276 5692 CNG - ok
17:04:36.0338 5692 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:04:36.0338 5692 Compbatt - ok
17:04:36.0377 5692 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:04:36.0377 5692 CompositeBus - ok
17:04:36.0404 5692 COMSysApp - ok
17:04:36.0448 5692 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:04:36.0448 5692 crcdisk - ok
17:04:36.0556 5692 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:04:36.0557 5692 CryptSvc - ok
17:04:36.0711 5692 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:04:36.0714 5692 DcomLaunch - ok
17:04:36.0789 5692 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:04:36.0791 5692 defragsvc - ok
17:04:36.0846 5692 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:04:36.0847 5692 DfsC - ok
17:04:36.0907 5692 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:04:36.0909 5692 Dhcp - ok
17:04:36.0937 5692 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:04:36.0937 5692 discache - ok
17:04:36.0996 5692 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
17:04:36.0997 5692 Disk - ok
17:04:37.0023 5692 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:04:37.0024 5692 Dnscache - ok
17:04:37.0064 5692 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:04:37.0065 5692 dot3svc - ok
17:04:37.0137 5692 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:04:37.0138 5692 DPS - ok
17:04:37.0205 5692 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:04:37.0205 5692 drmkaud - ok
17:04:37.0405 5692 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:04:37.0410 5692 DXGKrnl - ok
17:04:37.0454 5692 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:04:37.0454 5692 EapHost - ok
17:04:37.0904 5692 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
17:04:37.0918 5692 ebdrv - ok
17:04:37.0993 5692 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:04:37.0994 5692 EFS - ok
17:04:38.0183 5692 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:04:38.0186 5692 ehRecvr - ok
17:04:38.0197 5692 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:04:38.0198 5692 ehSched - ok
17:04:38.0403 5692 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:04:38.0406 5692 elxstor - ok
17:04:38.0454 5692 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:04:38.0455 5692 ErrDev - ok
17:04:38.0653 5692 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:04:38.0655 5692 EventSystem - ok
17:04:38.0758 5692 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:04:38.0759 5692 exfat - ok
17:04:38.0803 5692 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:04:38.0804 5692 fastfat - ok
17:04:39.0015 5692 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:04:39.0019 5692 Fax - ok
17:04:39.0058 5692 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
17:04:39.0059 5692 fdc - ok
17:04:39.0068 5692 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:04:39.0068 5692 fdPHost - ok
17:04:39.0074 5692 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:04:39.0074 5692 FDResPub - ok
17:04:39.0157 5692 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:04:39.0157 5692 FileInfo - ok
17:04:39.0167 5692 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:04:39.0167 5692 Filetrace - ok
17:04:39.0406 5692 [ 8669BE94F63944E4F899C3950B520241 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:04:39.0411 5692 FLEXnet Licensing Service - ok
17:04:39.0414 5692 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
17:04:39.0414 5692 flpydisk - ok
17:04:39.0483 5692 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:04:39.0485 5692 FltMgr - ok
17:04:39.0632 5692 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:04:39.0637 5692 FontCache - ok
17:04:39.0718 5692 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:04:39.0719 5692 FontCache3.0.0.0 - ok
17:04:39.0731 5692 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:04:39.0732 5692 FsDepends - ok
17:04:39.0858 5692 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:04:39.0858 5692 Fs_Rec - ok
17:04:39.0990 5692 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:04:39.0991 5692 fvevol - ok
17:04:40.0050 5692 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:04:40.0051 5692 gagp30kx - ok
17:04:40.0179 5692 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:04:40.0183 5692 gpsvc - ok
17:04:40.0402 5692 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:04:40.0402 5692 gupdate - ok
17:04:40.0456 5692 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:04:40.0456 5692 gupdatem - ok
17:04:40.0496 5692 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:04:40.0497 5692 hcw85cir - ok
17:04:40.0601 5692 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:04:40.0603 5692 HdAudAddService - ok
17:04:40.0715 5692 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:04:40.0715 5692 HDAudBus - ok
17:04:40.0718 5692 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
17:04:40.0719 5692 HidBatt - ok
17:04:40.0722 5692 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:04:40.0723 5692 HidBth - ok
17:04:40.0810 5692 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
17:04:40.0811 5692 HidIr - ok
17:04:40.0876 5692 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
17:04:40.0877 5692 hidserv - ok
17:04:40.0918 5692 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:04:40.0919 5692 HidUsb - ok
17:04:40.0962 5692 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:04:40.0963 5692 hkmsvc - ok
17:04:41.0000 5692 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:04:41.0001 5692 HomeGroupListener - ok
17:04:41.0108 5692 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:04:41.0110 5692 HomeGroupProvider - ok
17:04:41.0165 5692 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:04:41.0165 5692 HpSAMD - ok
17:04:41.0344 5692 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:04:41.0348 5692 HTTP - ok
17:04:41.0398 5692 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:04:41.0398 5692 hwpolicy - ok
17:04:41.0416 5692 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:04:41.0417 5692 i8042prt - ok
17:04:41.0617 5692 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:04:41.0619 5692 iaStor - ok
17:04:41.0769 5692 [ E79A8E33BD136D14BAE1FA20EB2EF124 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
17:04:41.0769 5692 IAStorDataMgrSvc - ok
17:04:41.0895 5692 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:04:41.0897 5692 iaStorV - ok
17:04:42.0070 5692 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:04:42.0074 5692 idsvc - ok
17:04:42.0149 5692 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:04:42.0149 5692 iirsp - ok
17:04:42.0265 5692 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:04:42.0270 5692 IKEEXT - ok
17:04:42.0630 5692 [ 2CC2F7C5990BB76767038F4B16D17A56 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:04:42.0646 5692 IntcAzAudAddService - ok
17:04:42.0673 5692 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:04:42.0679 5692 intelide - ok
17:04:42.0732 5692 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:04:42.0735 5692 intelppm - ok
17:04:42.0774 5692 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:04:42.0776 5692 IPBusEnum - ok
17:04:42.0821 5692 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:04:42.0825 5692 IpFilterDriver - ok
17:04:42.0972 5692 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:04:42.0978 5692 IPMIDRV - ok
17:04:42.0982 5692 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:04:42.0983 5692 IPNAT - ok
17:04:43.0087 5692 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:04:43.0088 5692 IRENUM - ok
17:04:43.0117 5692 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:04:43.0124 5692 isapnp - ok
17:04:43.0199 5692 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:04:43.0203 5692 iScsiPrt - ok
17:04:43.0299 5692 [ ABE4CA2661C8E90404A16FC543C28723 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
17:04:43.0306 5692 JMCR - ok
17:04:43.0403 5692 [ A4F45625CCD360DE35DA5051FDA0B47F ] JME C:\Windows\system32\DRIVERS\JME.sys
17:04:43.0406 5692 JME - ok
17:04:43.0497 5692 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:04:43.0504 5692 kbdclass - ok
17:04:43.0547 5692 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:04:43.0554 5692 kbdhid - ok
17:04:43.0595 5692 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:04:43.0596 5692 KeyIso - ok
17:04:43.0638 5692 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:04:43.0644 5692 KSecDD - ok
17:04:43.0723 5692 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:04:43.0728 5692 KSecPkg - ok
17:04:43.0773 5692 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:04:43.0775 5692 ksthunk - ok
17:04:43.0870 5692 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:04:43.0911 5692 KtmRm - ok
17:04:43.0957 5692 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:04:43.0960 5692 LanmanServer - ok
17:04:44.0003 5692 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:04:44.0010 5692 LanmanWorkstation - ok
17:04:44.0099 5692 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:04:44.0102 5692 lltdio - ok
17:04:44.0159 5692 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:04:44.0163 5692 lltdsvc - ok
17:04:44.0202 5692 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:04:44.0205 5692 lmhosts - ok
17:04:44.0356 5692 [ 50C7CE53EF461870410355F1F2E7D515 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
17:04:44.0357 5692 LMS - ok
17:04:44.0452 5692 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:04:44.0462 5692 LSI_FC - ok
17:04:44.0515 5692 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:04:44.0522 5692 LSI_SAS - ok
17:04:44.0575 5692 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
17:04:44.0578 5692 LSI_SAS2 - ok
17:04:44.0644 5692 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:04:44.0653 5692 LSI_SCSI - ok
17:04:44.0721 5692 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:04:44.0724 5692 luafv - ok
17:04:44.0763 5692 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:04:44.0770 5692 Mcx2Svc - ok
17:04:44.0811 5692 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
17:04:44.0817 5692 megasas - ok
17:04:44.0915 5692 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
17:04:44.0932 5692 MegaSR - ok
17:04:45.0006 5692 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
17:04:45.0009 5692 MEIx64 - ok
17:04:45.0041 5692 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:04:45.0044 5692 MMCSS - ok
17:04:45.0075 5692 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:04:45.0077 5692 Modem - ok
17:04:45.0185 5692 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:04:45.0186 5692 monitor - ok
17:04:45.0224 5692 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:04:45.0227 5692 mouclass - ok
17:04:45.0296 5692 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:04:45.0301 5692 mouhid - ok
17:04:45.0381 5692 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:04:45.0384 5692 mountmgr - ok
17:04:45.0499 5692 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:04:45.0500 5692 MozillaMaintenance - ok
17:04:45.0552 5692 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:04:45.0554 5692 mpio - ok
17:04:45.0605 5692 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:04:45.0607 5692 mpsdrv - ok
17:04:45.0638 5692 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:04:45.0642 5692 MRxDAV - ok
17:04:45.0740 5692 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:04:45.0781 5692 mrxsmb - ok
17:04:45.0839 5692 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:04:45.0842 5692 mrxsmb10 - ok
17:04:45.0872 5692 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:04:45.0875 5692 mrxsmb20 - ok
17:04:45.0909 5692 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:04:45.0912 5692 msahci - ok
17:04:45.0952 5692 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:04:45.0956 5692 msdsm - ok
17:04:46.0012 5692 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:04:46.0016 5692 MSDTC - ok
17:04:46.0041 5692 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:04:46.0049 5692 Msfs - ok
17:04:46.0133 5692 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:04:46.0133 5692 mshidkmdf - ok
17:04:46.0164 5692 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:04:46.0167 5692 msisadrv - ok
17:04:46.0245 5692 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:04:46.0247 5692 MSiSCSI - ok
17:04:46.0250 5692 msiserver - ok
17:04:46.0316 5692 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:04:46.0324 5692 MSKSSRV - ok
17:04:46.0373 5692 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:04:46.0379 5692 MSPCLOCK - ok
17:04:46.0381 5692 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:04:46.0382 5692 MSPQM - ok
17:04:46.0445 5692 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:04:46.0486 5692 MsRPC - ok
17:04:46.0514 5692 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:04:46.0518 5692 mssmbios - ok
17:04:46.0554 5692 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:04:46.0563 5692 MSTEE - ok
17:04:46.0566 5692 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
17:04:46.0567 5692 MTConfig - ok
17:04:46.0597 5692 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:04:46.0600 5692 Mup - ok
17:04:46.0715 5692 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:04:46.0787 5692 napagent - ok
17:04:46.0871 5692 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:04:46.0879 5692 NativeWifiP - ok
17:04:47.0113 5692 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:04:47.0209 5692 NDIS - ok
17:04:47.0284 5692 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:04:47.0287 5692 NdisCap - ok
17:04:47.0326 5692 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:04:47.0329 5692 NdisTapi - ok
17:04:47.0372 5692 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:04:47.0376 5692 Ndisuio - ok
17:04:47.0411 5692 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:04:47.0415 5692 NdisWan - ok
17:04:47.0452 5692 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:04:47.0455 5692 NDProxy - ok
17:04:47.0512 5692 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:04:47.0519 5692 NetBIOS - ok
17:04:47.0581 5692 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:04:47.0589 5692 NetBT - ok
17:04:47.0720 5692 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:04:47.0721 5692 Netlogon - ok
17:04:47.0832 5692 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:04:47.0837 5692 Netman - ok
17:04:47.0984 5692 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:04:47.0989 5692 NetMsmqActivator - ok
17:04:48.0033 5692 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:04:48.0034 5692 NetPipeActivator - ok
17:04:48.0128 5692 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:04:48.0166 5692 netprofm - ok
17:04:48.0169 5692 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:04:48.0170 5692 NetTcpActivator - ok
17:04:48.0172 5692 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:04:48.0173 5692 NetTcpPortSharing - ok
17:04:48.0252 5692 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:04:48.0258 5692 nfrd960 - ok
17:04:48.0351 5692 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:04:48.0355 5692 NlaSvc - ok
17:04:48.0379 5692 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:04:48.0381 5692 Npfs - ok
17:04:48.0415 5692 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:04:48.0420 5692 nsi - ok
17:04:48.0453 5692 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:04:48.0455 5692 nsiproxy - ok
17:04:48.0707 5692 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:04:48.0766 5692 Ntfs - ok
17:04:48.0832 5692 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:04:48.0837 5692 Null - ok
17:04:48.0892 5692 [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
17:04:48.0899 5692 nusb3hub - ok
17:04:49.0039 5692 [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:04:49.0047 5692 nusb3xhc - ok
17:04:49.0109 5692 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:04:49.0114 5692 nvraid - ok
17:04:49.0179 5692 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:04:49.0183 5692 nvstor - ok
17:04:49.0267 5692 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:04:49.0275 5692 nv_agp - ok
17:04:49.0313 5692 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:04:49.0318 5692 ohci1394 - ok
17:04:49.0369 5692 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:04:49.0373 5692 p2pimsvc - ok
17:04:49.0451 5692 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:04:49.0490 5692 p2psvc - ok
17:04:49.0532 5692 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
17:04:49.0535 5692 Parport - ok
17:04:49.0581 5692 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:04:49.0584 5692 partmgr - ok
17:04:49.0619 5692 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:04:49.0622 5692 PcaSvc - ok
17:04:49.0653 5692 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:04:49.0658 5692 pci - ok
17:04:49.0692 5692 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:04:49.0700 5692 pciide - ok
17:04:49.0774 5692 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:04:49.0782 5692 pcmcia - ok
17:04:49.0830 5692 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:04:49.0832 5692 pcw - ok
17:04:50.0037 5692 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:04:50.0044 5692 PEAUTH - ok
17:04:51.0263 5692 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:04:51.0269 5692 PerfHost - ok
17:04:51.0416 5692 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:04:51.0471 5692 pla - ok
17:04:51.0549 5692 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:04:51.0597 5692 PlugPlay - ok
17:04:51.0608 5692 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:04:51.0609 5692 PNRPAutoReg - ok
17:04:51.0621 5692 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:04:51.0623 5692 PNRPsvc - ok
17:04:51.0707 5692 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:04:51.0764 5692 PolicyAgent - ok
17:04:51.0840 5692 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:04:51.0873 5692 Power - ok
17:04:51.0932 5692 [ CB20BF725AB8A5782EB239E98110618F ] PowerBiosServer C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
17:04:51.0933 5692 PowerBiosServer - ok
17:04:51.0956 5692 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:04:51.0961 5692 PptpMiniport - ok
17:04:52.0001 5692 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
17:04:52.0005 5692 Processor - ok
17:04:52.0032 5692 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:04:52.0036 5692 ProfSvc - ok
17:04:52.0068 5692 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:04:52.0068 5692 ProtectedStorage - ok
17:04:52.0131 5692 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:04:52.0133 5692 Psched - ok
17:04:52.0271 5692 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:04:52.0300 5692 ql2300 - ok
17:04:52.0336 5692 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:04:52.0342 5692 ql40xx - ok
17:04:52.0383 5692 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:04:52.0391 5692 QWAVE - ok
17:04:52.0412 5692 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:04:52.0415 5692 QWAVEdrv - ok
17:04:52.0429 5692 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:04:52.0432 5692 RasAcd - ok
17:04:52.0474 5692 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:04:52.0477 5692 RasAgileVpn - ok
17:04:52.0492 5692 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:04:52.0496 5692 RasAuto - ok
17:04:52.0516 5692 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:04:52.0520 5692 Rasl2tp - ok
17:04:52.0592 5692 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:04:52.0597 5692 RasMan - ok
17:04:52.0621 5692 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:04:52.0624 5692 RasPppoe - ok
17:04:52.0656 5692 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:04:52.0664 5692 RasSstp - ok
17:04:52.0761 5692 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:04:52.0784 5692 rdbss - ok
17:04:52.0815 5692 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
17:04:52.0818 5692 rdpbus - ok
17:04:52.0865 5692 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:04:52.0868 5692 RDPCDD - ok
17:04:52.0905 5692 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:04:52.0910 5692 RDPENCDD - ok
17:04:52.0969 5692 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:04:52.0970 5692 RDPREFMP - ok
17:04:53.0049 5692 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:04:53.0054 5692 RDPWD - ok
17:04:53.0131 5692 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:04:53.0135 5692 rdyboost - ok
17:04:53.0213 5692 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:04:53.0217 5692 RemoteAccess - ok
17:04:53.0361 5692 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:04:53.0366 5692 RemoteRegistry - ok
17:04:53.0402 5692 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:04:53.0411 5692 RpcEptMapper - ok
17:04:53.0450 5692 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:04:53.0451 5692 RpcLocator - ok
17:04:53.0542 5692 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:04:53.0545 5692 RpcSs - ok
17:04:53.0584 5692 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:04:53.0585 5692 rspndr - ok
17:04:53.0766 5692 [ 09A8BA290DB61D2D5C419A06A2E54D20 ] RTL8192Ce C:\Windows\system32\DRIVERS\rtl8192Ce.sys
17:04:53.0791 5692 RTL8192Ce - ok
17:04:53.0833 5692 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:04:53.0834 5692 SamSs - ok
17:04:53.0849 5692 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:04:53.0857 5692 sbp2port - ok
17:04:53.0904 5692 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:04:53.0907 5692 SCardSvr - ok
17:04:53.0989 5692 [ 3A09F31454DFEFBB124BAF378F90B636 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
17:04:53.0995 5692 SCDEmu - ok
17:04:54.0026 5692 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:04:54.0028 5692 scfilter - ok
17:04:54.0144 5692 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:04:54.0172 5692 Schedule - ok
17:04:54.0220 5692 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:04:54.0220 5692 SCPolicySvc - ok
17:04:54.0289 5692 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
17:04:54.0291 5692 sdbus - ok
17:04:54.0397 5692 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:04:54.0401 5692 SDRSVC - ok
17:04:54.0536 5692 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:04:54.0538 5692 secdrv - ok
17:04:54.0573 5692 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:04:54.0575 5692 seclogon - ok
17:04:54.0633 5692 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
17:04:54.0636 5692 SENS - ok
17:04:54.0679 5692 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:04:54.0685 5692 SensrSvc - ok
17:04:54.0720 5692 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
17:04:54.0726 5692 Serenum - ok
17:04:54.0803 5692 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
17:04:54.0810 5692 Serial - ok
17:04:54.0866 5692 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:04:54.0867 5692 sermouse - ok
17:04:54.0891 5692 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:04:54.0895 5692 SessionEnv - ok
17:04:54.0898 5692 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:04:54.0899 5692 sffdisk - ok
17:04:54.0901 5692 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:04:54.0902 5692 sffp_mmc - ok
17:04:54.0905 5692 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:04:54.0906 5692 sffp_sd - ok
17:04:54.0910 5692 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:04:54.0913 5692 sfloppy - ok
17:04:54.0977 5692 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:04:55.0015 5692 ShellHWDetection - ok
17:04:55.0053 5692 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
17:04:55.0057 5692 SiSRaid2 - ok
17:04:55.0093 5692 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:04:55.0101 5692 SiSRaid4 - ok
17:04:55.0215 5692 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:04:55.0216 5692 SkypeUpdate - ok
17:04:55.0305 5692 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:04:55.0313 5692 Smb - ok
17:04:55.0385 5692 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:04:55.0389 5692 SNMPTRAP - ok
17:04:55.0423 5692 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:04:55.0427 5692 spldr - ok
17:04:55.0502 5692 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:04:55.0567 5692 Spooler - ok
17:04:56.0006 5692 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:04:56.0080 5692 sppsvc - ok
17:04:56.0106 5692 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:04:56.0111 5692 sppuinotify - ok
17:04:56.0373 5692 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:04:56.0408 5692 srv - ok
17:04:56.0526 5692 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:04:56.0571 5692 srv2 - ok
17:04:56.0650 5692 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:04:56.0657 5692 srvnet - ok
17:04:56.0743 5692 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:04:56.0749 5692 SSDPSRV - ok
17:04:56.0796 5692 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:04:56.0803 5692 SstpSvc - ok
17:04:56.0925 5692 Steam Client Service - ok
17:04:56.0971 5692 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
17:04:56.0974 5692 stexstor - ok
17:04:57.0079 5692 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:04:57.0126 5692 stisvc - ok
17:04:57.0167 5692 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:04:57.0170 5692 swenum - ok
17:04:57.0256 5692 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:04:57.0321 5692 swprv - ok
17:04:57.0550 5692 [ F4DB1D9E6A42D491F0F8E21854301C0B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:04:57.0601 5692 SynTP - ok
17:04:57.0784 5692 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:04:57.0832 5692 SysMain - ok
17:04:57.0876 5692 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:04:57.0884 5692 TabletInputService - ok
17:04:57.0988 5692 [ B08740047145B9BCE15BF75CA0F9718A ] tap0901t C:\Windows\system32\DRIVERS\tap0901t.sys
17:04:57.0991 5692 tap0901t - ok
17:04:58.0074 5692 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:04:58.0079 5692 TapiSrv - ok
17:04:58.0110 5692 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:04:58.0113 5692 TBS - ok
17:04:58.0486 5692 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:04:58.0539 5692 Tcpip - ok
17:04:58.0804 5692 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:04:58.0812 5692 TCPIP6 - ok
17:04:58.0870 5692 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:04:58.0876 5692 tcpipreg - ok
17:04:58.0925 5692 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:04:58.0932 5692 TDPIPE - ok
17:04:59.0000 5692 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:04:59.0007 5692 TDTCP - ok
17:04:59.0031 5692 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:04:59.0035 5692 tdx - ok
17:04:59.0077 5692 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:04:59.0083 5692 TermDD - ok
17:04:59.0212 5692 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:04:59.0259 5692 TermService - ok
17:04:59.0291 5692 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:04:59.0299 5692 Themes - ok
17:04:59.0347 5692 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:04:59.0348 5692 THREADORDER - ok
17:04:59.0371 5692 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:04:59.0374 5692 TrkWks - ok
17:04:59.0466 5692 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:04:59.0470 5692 TrustedInstaller - ok
17:04:59.0513 5692 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:04:59.0516 5692 tssecsrv - ok
17:04:59.0555 5692 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:04:59.0556 5692 TsUsbFlt - ok
17:04:59.0559 5692 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
17:04:59.0560 5692 TsUsbGD - ok
17:04:59.0644 5692 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:04:59.0647 5692 tunnel - ok
17:04:59.0761 5692 [ 3DB1CE045A552161EF7252988752C65F ] TunngleService C:\Program Files (x86)\Tunngle\TnglCtrl.exe
17:04:59.0795 5692 TunngleService - ok
17:04:59.0825 5692 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:04:59.0828 5692 uagp35 - ok
17:04:59.0907 5692 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:04:59.0911 5692 udfs - ok
17:04:59.0944 5692 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:04:59.0948 5692 UI0Detect - ok
17:05:00.0022 5692 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:05:00.0023 5692 uliagpkx - ok
17:05:00.0090 5692 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:05:00.0099 5692 umbus - ok
17:05:00.0238 5692 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
17:05:00.0242 5692 UmPass - ok
17:05:00.0704 5692 [ 374EBDA379A8F38E0CFC2211611E7167 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
17:05:00.0715 5692 UNS - ok
17:05:00.0833 5692 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:05:00.0837 5692 upnphost - ok
17:05:00.0883 5692 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:05:00.0887 5692 usbccgp - ok
17:05:00.0911 5692 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:05:00.0913 5692 usbcir - ok
17:05:00.0940 5692 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:05:00.0942 5692 usbehci - ok
17:05:00.0985 5692 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:05:00.0989 5692 usbhub - ok
17:05:01.0058 5692 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:05:01.0065 5692 usbohci - ok
17:05:01.0135 5692 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:05:01.0138 5692 usbprint - ok
17:05:01.0178 5692 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:05:01.0186 5692 usbscan - ok
17:05:01.0215 5692 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:05:01.0218 5692 USBSTOR - ok
17:05:01.0248 5692 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:05:01.0251 5692 usbuhci - ok
17:05:01.0285 5692 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:05:01.0290 5692 usbvideo - ok
17:05:01.0324 5692 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:05:01.0328 5692 UxSms - ok
17:05:01.0350 5692 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:05:01.0350 5692 VaultSvc - ok
17:05:01.0401 5692 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:05:01.0407 5692 vdrvroot - ok
17:05:01.0503 5692 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:05:01.0542 5692 vds - ok
17:05:01.0583 5692 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:05:01.0586 5692 vga - ok
17:05:01.0617 5692 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:05:01.0619 5692 VgaSave - ok
17:05:01.0659 5692 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:05:01.0662 5692 vhdmp - ok
17:05:01.0689 5692 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:05:01.0691 5692 viaide - ok
17:05:01.0749 5692 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:05:01.0758 5692 volmgr - ok
17:05:01.0812 5692 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:05:01.0850 5692 volmgrx - ok
17:05:01.0879 5692 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:05:01.0882 5692 volsnap - ok
17:05:01.0919 5692 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:05:01.0922 5692 vsmraid - ok
17:05:02.0069 5692 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:05:02.0103 5692 VSS - ok
17:05:02.0131 5692 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:05:02.0134 5692 vwifibus - ok
17:05:02.0171 5692 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:05:02.0173 5692 vwififlt - ok
17:05:02.0290 5692 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:05:02.0314 5692 W32Time - ok
17:05:02.0354 5692 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:05:02.0362 5692 WacomPen - ok
17:05:02.0449 5692 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:05:02.0457 5692 WANARP - ok
17:05:02.0503 5692 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:05:02.0504 5692 Wanarpv6 - ok
17:05:02.0684 5692 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:05:02.0742 5692 WatAdminSvc - ok
17:05:02.0928 5692 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:05:02.0962 5692 wbengine - ok
17:05:02.0990 5692 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:05:02.0994 5692 WbioSrvc - ok
17:05:03.0089 5692 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:05:03.0113 5692 wcncsvc - ok
17:05:03.0154 5692 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:05:03.0157 5692 WcsPlugInService - ok
17:05:03.0178 5692 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
17:05:03.0182 5692 Wd - ok
17:05:03.0267 5692 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:05:03.0308 5692 Wdf01000 - ok
17:05:03.0348 5692 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:05:03.0351 5692 WdiServiceHost - ok
17:05:03.0353 5692 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:05:03.0354 5692 WdiSystemHost - ok
17:05:03.0394 5692 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:05:03.0402 5692 WebClient - ok
17:05:03.0444 5692 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:05:03.0448 5692 Wecsvc - ok
17:05:03.0478 5692 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:05:03.0485 5692 wercplsupport - ok
17:05:03.0519 5692 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:05:03.0528 5692 WerSvc - ok
17:05:03.0560 5692 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:05:03.0563 5692 WfpLwf - ok
17:05:03.0577 5692 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:05:03.0579 5692 WIMMount - ok
17:05:03.0582 5692 WinHttpAutoProxySvc - ok
17:05:03.0770 5692 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:05:03.0779 5692 Winmgmt - ok
17:05:04.0148 5692 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:05:04.0187 5692 WinRM - ok
17:05:04.0277 5692 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
17:05:04.0280 5692 WinUsb - ok
17:05:04.0367 5692 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:05:04.0405 5692 Wlansvc - ok
17:05:04.0482 5692 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:05:04.0485 5692 WmiAcpi - ok
17:05:04.0531 5692 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:05:04.0534 5692 wmiApSrv - ok
17:05:04.0581 5692 WMPNetworkSvc - ok
17:05:04.0637 5692 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:05:04.0640 5692 WPCSvc - ok
17:05:04.0729 5692 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:05:04.0734 5692 WPDBusEnum - ok
17:05:04.0760 5692 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:05:04.0766 5692 ws2ifsl - ok
17:05:04.0768 5692 WSearch - ok
17:05:05.0002 5692 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:05:05.0273 5692 wuauserv - ok
17:05:05.0316 5692 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:05:05.0323 5692 WudfPf - ok
17:05:05.0383 5692 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:05:05.0385 5692 WUDFRd - ok
17:05:05.0438 5692 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:05:05.0442 5692 wudfsvc - ok
17:05:05.0476 5692 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:05:05.0480 5692 WwanSvc - ok
17:05:05.0606 5692 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
17:05:05.0611 5692 xusb21 - ok
17:05:05.0633 5692 ================ Scan global ===============================
17:05:05.0682 5692 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:05:05.0735 5692 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
17:05:05.0742 5692 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
17:05:05.0762 5692 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:05:05.0845 5692 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:05:05.0895 5692 [Global] - ok
17:05:05.0895 5692 ================ Scan MBR ==================================
17:05:05.0972 5692 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:05:11.0414 5692 \Device\Harddisk0\DR0 - ok
17:05:11.0415 5692 ================ Scan VBR ==================================
17:05:11.0452 5692 [ A00A1A7ACFAC263622D1A79F0D9D77D7 ] \Device\Harddisk0\DR0\Partition1
17:05:11.0460 5692 \Device\Harddisk0\DR0\Partition1 - ok
17:05:11.0498 5692 [ 6D53989718781A3F5B8B11A8A7FC51EE ] \Device\Harddisk0\DR0\Partition2
17:05:11.0500 5692 \Device\Harddisk0\DR0\Partition2 - ok
17:05:11.0500 5692 ============================================================
17:05:11.0500 5692 Scan finished
17:05:11.0500 5692 ============================================================
17:05:11.0505 4876 Detected object count: 0
17:05:11.0505 4876 Actual detected object count: 0

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:14 AM

Posted 01 December 2012 - 05:11 PM

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

#3 ogproof

ogproof
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 01 December 2012 - 06:47 PM

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-01 17:33:06
-----------------------------
17:33:07.003 OS Version: Windows x64 6.1.7601 Service Pack 1
17:33:07.003 Number of processors: 8 586 0x2A07
17:33:07.004 ComputerName: MIKE-PC UserName: Mike
17:33:09.209 Initialize success
17:33:24.186 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:33:24.188 Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3
17:33:24.223 Disk 0 MBR read successfully
17:33:24.224 Disk 0 MBR scan
17:33:24.226 Disk 0 Windows 7 default MBR code
17:33:24.252 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
17:33:24.496 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476738 MB offset 411648
17:33:24.617 Disk 0 scanning C:\Windows\system32\drivers
17:33:33.976 Service scanning
17:33:55.408 Modules scanning
17:33:55.413 Disk 0 trace - called modules:
17:33:55.428 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:33:55.431 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009ca6790]
17:33:55.434 3 CLASSPNP.SYS[fffff88001d5f43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007868050]
17:33:55.443 Scan finished successfully
17:38:53.221 Disk 0 MBR has been saved successfully to "C:\Users\Mike\Desktop\MBR.dat"
17:38:53.225 The log file has been saved successfully to "C:\Users\Mike\Desktop\aswMBR.txt"

-----------------------------------
ESET dindn't find any threats
-----------------------------------

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.01.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mike :: MIKE-PC [administrator]

12/1/2012 5:36:04 PM
mbam-log-2012-12-01 (18-45-44).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 384443
Time elapsed: 46 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\$Recycle.Bin\S-1-5-18\$2e50b06bfcfa374c343c377ce118b688\n (Trojan.0Access) -> No action taken.
C:\$Recycle.Bin\S-1-5-18\$2e50b06bfcfa374c343c377ce118b688\U\00000001.@ (Trojan.0Access) -> No action taken.
C:\$Recycle.Bin\S-1-5-18\$2e50b06bfcfa374c343c377ce118b688\U\80000000.@ (Trojan.0Access) -> No action taken.
C:\$Recycle.Bin\S-1-5-18\$2e50b06bfcfa374c343c377ce118b688\U\800000cb.@ (Trojan.0Access) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-1950884978-743704852-4250891383-1000\$2e50b06bfcfa374c343c377ce118b688\n (Trojan.0Access) -> No action taken.
C:\Users\Mike\AppData\Local\Temp\comver.dll (Adware.GameSpyArcade) -> No action taken.
C:\Users\Mike\Downloads\SpamMe.exe (Hacktool.Spam) -> No action taken.

(end)

#4 ogproof

ogproof
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 02 December 2012 - 12:13 AM

any ideas?

#5 ogproof

ogproof
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 02 December 2012 - 12:26 AM

Hers some other logs from common programs


MiniToolBox by Farbar Version: 25-11-2012
Ran by Mike (administrator) on 02-12-2012 at 00:16:03
Running from "C:\Users\Mike\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: :80

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8188CE Wireless LAN 802.11n COMBO PCI-E NIC = Wireless Network Connection (Connected)
JMicron PCI Express Gigabit Ethernet Adapter = Local Area Connection (Media disconnected)
TAP-Win32 Adapter V9 (Tunngle) = Tunngle (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Mike-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : tb.shawcable.net

Ethernet adapter Tunngle:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9 (Tunngle)
Physical Address. . . . . . . . . : 00-FF-D4-51-B7-9A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : tb.shawcable.net
Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n COMBO PCI-E NIC
Physical Address. . . . . . . . . : 00-1C-7B-A1-1C-76
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9d50:ccd0:749c:9a91%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.127(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, December 01, 2012 6:48:34 PM
Lease Expires . . . . . . . . . . : Sunday, December 02, 2012 6:49:33 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 301997179
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-CF-6E-70-00-90-F5-C3-3D-54
DNS Servers . . . . . . . . . . . : 64.59.176.15
64.59.177.227
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : JMicron PCI Express Gigabit Ethernet Adapter
Physical Address. . . . . . . . . : 00-90-F5-C3-3D-54
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{D451B79A-D627-4B71-94BC-56CA856F30A4}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.tb.shawcable.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: nsc2.nr.wp.shawcable.net
Address: 64.59.176.15

Name: google.com
Addresses: 2001:4860:400a:800::1009
74.125.225.7
74.125.225.2
74.125.225.5
74.125.225.1
74.125.225.0
74.125.225.4
74.125.225.6
74.125.225.3
74.125.225.14
74.125.225.9
74.125.225.8


Pinging google.com [74.125.225.7] with 32 bytes of data:
Reply from 74.125.225.7: bytes=32 time=36ms TTL=57
Reply from 74.125.225.7: bytes=32 time=34ms TTL=57

Ping statistics for 74.125.225.7:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 34ms, Maximum = 36ms, Average = 35ms
Server: nsc2.nr.wp.shawcable.net
Address: 64.59.176.15

Name: yahoo.com
Addresses: 98.139.183.24
98.138.253.109
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=163ms TTL=53
Reply from 98.139.183.24: bytes=32 time=91ms TTL=52

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 91ms, Maximum = 163ms, Average = 127ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...00 ff d4 51 b7 9a ......TAP-Win32 Adapter V9 (Tunngle)
12...00 1c 7b a1 1c 76 ......Realtek RTL8188CE Wireless LAN 802.11n COMBO PCI-E NIC
11...00 90 f5 c3 3d 54 ......JMicron PCI Express Gigabit Ethernet Adapter
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.127 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.127 281
192.168.1.127 255.255.255.255 On-link 192.168.1.127 281
192.168.1.255 255.255.255.255 On-link 192.168.1.127 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.127 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.127 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 281 fe80::/64 On-link
12 281 fe80::9d50:ccd0:749c:9a91/128
On-link
1 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/01/2012 11:41:56 PM) (Source: Application Hang) (User: )
Description: The program soldiers.exe version 1.0.28.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1f48

Start Time: 01cdd04748c964dc

Termination Time: 36

Application Path: C:\Program Files (x86)\Steam\steamapps\common\Soldiers Heroes of World War 2\soldiers.exe

Report Id:

Error: (12/01/2012 06:49:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/01/2012 06:41:41 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/01/2012 04:40:11 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/30/2012 05:23:00 PM) (Source: Application Hang) (User: )
Description: The program FarCry.exe version 1.1.0.1230 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1760

Start Time: 01cdcf4908270915

Termination Time: 8

Application Path: C:\Program Files (x86)\Steam\steamapps\common\FarCry\Bin32\FarCry.exe

Report Id:

Error: (11/30/2012 02:49:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/29/2012 04:16:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/27/2012 08:16:27 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt> with error: The specified server cannot perform the requested operation.
.

Error: (11/27/2012 08:16:27 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt> with error: The specified server cannot perform the requested operation.
.

Error: (11/27/2012 08:16:27 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt> with error: This operation returned because the timeout period expired.
.


System errors:
=============
Error: (12/01/2012 06:48:57 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (12/01/2012 06:47:39 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (12/01/2012 04:19:19 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (12/01/2012 04:19:19 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (12/01/2012 04:19:16 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (12/01/2012 04:19:16 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (12/01/2012 02:02:45 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (12/01/2012 02:02:45 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (12/01/2012 02:02:40 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (12/01/2012 02:02:40 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891


Microsoft Office Sessions:
=========================
Error: (12/01/2012 11:41:56 PM) (Source: Application Hang)(User: )
Description: soldiers.exe1.0.28.01f4801cdd04748c964dc36C:\Program Files (x86)\Steam\steamapps\common\Soldiers Heroes of World War 2\soldiers.exe

Error: (12/01/2012 06:49:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/01/2012 06:41:41 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (12/01/2012 04:40:11 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Mike\Downloads\esetsmartinstaller_enu.exe

Error: (11/30/2012 05:23:00 PM) (Source: Application Hang)(User: )
Description: FarCry.exe1.1.0.1230176001cdcf49082709158C:\Program Files (x86)\Steam\steamapps\common\FarCry\Bin32\FarCry.exe

Error: (11/30/2012 02:49:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/29/2012 04:16:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/27/2012 08:16:27 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crtThe specified server cannot perform the requested operation.

Error: (11/27/2012 08:16:27 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crtThe specified server cannot perform the requested operation.

Error: (11/27/2012 08:16:27 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crtThis operation returned because the timeout period expired.


=========================== Installed Programs ============================

Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
AMD APP SDK Runtime (Version: 2.4.595.10)
Amnesia - The Dark Descent (Version: 1.0.0)
ARMA 2
ARMA 2: Operation Arrowhead
Asheron's Call: Throne of Destiny (Version: 3.11.2646)
ATI Catalyst Install Manager (Version: 3.0.825.0)
AutoHotkey 1.0.48.05 (Version: 1.0.48.05)
BattlEye for OA Uninstall
BattlEye Uninstall
BisonCam (Version: 9.2.1.71.52)
Bitcoin (Version: 0.7.1)
Blockscape Phase 1 (beta)
Borderlands 2
Breath of Death VII
Canon MG6200 series MP Drivers
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.0419.2218.38209)
Catalyst Control Center InstallProxy (Version: 2011.0419.2218.38209)
Catalyst Control Center Localization All (Version: 2011.0419.2218.38209)
ccc-utility64 (Version: 2011.0419.2218.38209)
CCC Help Chinese Standard (Version: 2011.0419.2217.38209)
CCC Help Chinese Traditional (Version: 2011.0419.2217.38209)
CCC Help Czech (Version: 2011.0419.2217.38209)
CCC Help Danish (Version: 2011.0419.2217.38209)
CCC Help Dutch (Version: 2011.0419.2217.38209)
CCC Help English (Version: 2011.0419.2217.38209)
CCC Help Finnish (Version: 2011.0419.2217.38209)
CCC Help French (Version: 2011.0419.2217.38209)
CCC Help German (Version: 2011.0419.2217.38209)
CCC Help Greek (Version: 2011.0419.2217.38209)
CCC Help Hungarian (Version: 2011.0419.2217.38209)
CCC Help Italian (Version: 2011.0419.2217.38209)
CCC Help Japanese (Version: 2011.0419.2217.38209)
CCC Help Korean (Version: 2011.0419.2217.38209)
CCC Help Norwegian (Version: 2011.0419.2217.38209)
CCC Help Polish (Version: 2011.0419.2217.38209)
CCC Help Portuguese (Version: 2011.0419.2217.38209)
CCC Help Russian (Version: 2011.0419.2217.38209)
CCC Help Spanish (Version: 2011.0419.2217.38209)
CCC Help Swedish (Version: 2011.0419.2217.38209)
CCC Help Thai (Version: 2011.0419.2217.38209)
CCC Help Turkish (Version: 2011.0419.2217.38209)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Corpse Tracker (Version: 1.0.0)
Counter-Strike: Global Offensive
Counter-Strike: Source
Darkfall US (Version: 1.0.48)
DayZ Commander (Version: 1.09.74)
Decal 3.0 (2.9.7.0) (Version: 2.9.0700)
Divine Divinity
Dota 2
Dropbox (Version: 1.4.18)
ESET Online Scanner v3
Far Cry
FarCry AMD64 ECU for x32 Edition
GoArrow v3.0.0.0 (Version: 3.0.0)
Google Earth Plug-in (Version: 6.2.2.6613)
Google Update Helper (Version: 1.3.21.123)
Guild Wars 2
Homefront
Hotkey 3.3020 (Version: 3.3020)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Rapid Storage Technology (Version: 10.5.0.1026)
Java 7 Update 7 (64-bit) (Version: 7.0.70)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
JMicron Ethernet Adapter NDIS Driver (Version: 6.0.26.6)
JMicron Flash Media Controller Driver (Version: 1.0.62.0)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (Version: 11.0.50727.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
MiniMap (Version: 1.0.0)
Mozilla Firefox 16.0.2 (x86 en-US) (Version: 16.0.2)
Mozilla Maintenance Service (Version: 16.0.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4 Parser (Version: 1.0.0)
Neverwinter Nights 2: Platinum
Notepad++ (Version: 6.1.8)
NVIDIA PhysX (Version: 9.09.1112)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
PowerISO (Version: 5.4)
Project64 1.6 (Version: 1.6)
Protector Suite 2009 (Version: 5.9.3.6379)
Radar Add-on (Version: 1.0.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6307)
REALTEK Wireless LAN Driver (Version: 1.00.0174)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.30.0)
Risen
Rome: Total War Gold Edition
RuneScape Launcher 1.2.2 (Version: 1.2.2)
S.T.A.L.K.E.R.: Shadow of Chernobyl
Savage 2: A Tortured Soul
Skype™ 5.10 (Version: 5.10.116)
Soldiers: Heroes of World War II
Source SDK Base 2007
SSSort v2.2.0.0 (Version: 2.2.0)
Stalker Complete 2009 v1.4.4
Star Wars Jedi Knight: Dark Forces II
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.1.14.0)
TeamSpeak 3 Client (Version: 3.0.9.2)
THX TruStudio Pro (Version: TAMB-CVS1D-1-LB R07)
Tunngle beta
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
VLC media player 2.0.3 (Version: 2.0.3)
Vuze (Version: 4.7)
War of the Roses Beta
WebCam Installer (Version: 3.32)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
World of Tanks
World of Warcraft (Version: 5.0.5.16135)
Xsyon

========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 8169.48 MB
Available physical RAM: 5747 MB
Total Pagefile: 16337.16 MB
Available Pagefile: 13526.33 MB
Total Virtual: 4095.88 MB
Available Virtual: 3965.84 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.56 GB) (Free:222.65 GB) NTFS

========================= Users: ========================================

User accounts for \\MIKE-PC

Administrator Guest Mike

========================= Restore Points ==================================

23-11-2012 02:52:21 Scheduled Checkpoint
24-11-2012 18:55:18 Installed DirectX
24-11-2012 18:55:58 Installed DirectX
28-11-2012 21:16:49 Windows Update

**** End of log ****















Farbar Service Scanner Version: 01-12-2012 02
Ran by Mike (administrator) on 02-12-2012 at 00:17:21
Running from "C:\Users\Mike\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to retrieve start type of iphlpsvc. The value does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to retrieve ImagePath of iphlpsvc. The value does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to retrieve ServiceDll of iphlpsvc. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****














# AdwCleaner v2.010 - Logfile created 12/02/2012 at 00:18:47
# Updated 29/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Mike - MIKE-PC
# Boot Mode : Normal
# Running from : C:\Users\Mike\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Mike\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\Mike\AppData\Local\Temp\avg@toolbar

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\qbddi2ep.default\prefs.js

Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

*************************

AdwCleaner[S1].txt - [1475 octets] - [02/12/2012 00:18:47]

########## EOF - C:\AdwCleaner[S1].txt - [1535 octets] ##########











~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.7.2 (12.01.2012:2)
OS: Windows 7 Home Premium x64
Ran by Mike on Sun 12/02/2012 at 0:21:47.08
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_local_machine\software\systweak"



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/02/2012 at 0:25:08.00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#6 ogproof

ogproof
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 02 December 2012 - 12:33 AM

Ended up using eset services repair and it fixed it! Sorry for any time wasted

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:14 AM

Posted 02 December 2012 - 11:17 AM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#8 ogproof

ogproof
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 02 December 2012 - 01:40 PM

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/02/2012 01:34:33 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Mike\Desktop\rkill\rkill-12-02-2012-01-35-18.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack]
* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
* C:\$Recycle.Bin\S-1-5-18\$2e50b06bfcfa374c343c377ce118b688\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$2e50b06bfcfa374c343c377ce118b688\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$2e50b06bfcfa374c343c377ce118b688\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$2e50b06bfcfa374c343c377ce118b688\U\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-1950884978-743704852-4250891383-1000\$2e50b06bfcfa374c343c377ce118b688\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-1950884978-743704852-4250891383-1000\$2e50b06bfcfa374c343c377ce118b688\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-1950884978-743704852-4250891383-1000\$2e50b06bfcfa374c343c377ce118b688\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-1950884978-743704852-4250891383-1000\$2e50b06bfcfa374c343c377ce118b688\U\ [ZA Dir]

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 12/02/2012 01:35:32 PM
Execution time: 0 hours(s), 0 minute(s), and 59 seconds(s)








"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "RtHDVCpl" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravcpl64.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
+ "THXCfg64" "" "Creative Technology Ltd." "c:\windows\system32\thxcfg64.dll"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "IAStorIcon" "IAStorIcon" "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe"
+ "NUSB3MON" "USB 3.0 Monitor" "Renesas Electronics Corporation" "c:\program files (x86)\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
+ "ROC_ROC_NT" "" "" "File not found: C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
+ "THX Audio Control Panel" "THXAudio" "Creative Technology Ltd" "c:\program files (x86)\creative\thx trustudio pro\thxaudiocp\thxaudio.exe"
+ "UpdReg" "Creative UpdReg" "Creative Technology Ltd." "c:\windows\updreg.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Hotkey.lnk" "HotKey" "" "c:\program files (x86)\hotkey\hotkey.exe"
"C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Dropbox.lnk" "Dropbox" "Dropbox, Inc." "c:\users\mike\appdata\roaming\dropbox\bin\dropbox.exe"
+ "OpenOffice.org 3.4.1.lnk" "" "" "c:\program files (x86)\openoffice.org 3\program\quickstart.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Skype" "Skype " "Skype Technologies S.A." "c:\program files (x86)\skype\phone\skype.exe"
+ "Steam" "Steam" "Valve Corporation" "c:\program files (x86)\steam\steam.exe"
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\mike\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "ANotepad++64" "ShellHandler for Notepad++ (64 bit)" "" "c:\program files (x86)\notepad++\nppshell_05.dll"
+ "PowerISO" "PowerISOShell DLL" "Power Software Ltd" "c:\program files (x86)\poweriso\pwrisosh.dll"
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR32" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "SafearchiveContextMenu" "PSQL file safe" "UPEK Inc." "c:\program files\protector suite\farchns.dll"
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\mike\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "PowerISO" "PowerISOShell DLL" "Power Software Ltd" "c:\program files (x86)\poweriso\pwrisosh.dll"
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\mike\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "" "File not found: C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "Apache Software Foundation" "c:\program files (x86)\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "PowerISO" "PowerISOShell DLL" "Power Software Ltd" "c:\program files (x86)\poweriso\pwrisosh.dll"
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "WinRAR32" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR32" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\mike\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\mike\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\mike\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "DropboxExt4" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\mike\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "UEAFOverlay" "PSQL file safe" "UPEK Inc." "c:\program files\protector suite\farchns.dll"
+ "UEAFOverlayOpen" "PSQL file safe" "UPEK Inc." "c:\program files\protector suite\farchns.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\mike\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\mike\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\mike\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt4" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\mike\appdata\roaming\dropbox\bin\dropboxext.14.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll"
"Task Scheduler" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.4 r402" "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Acresso Software Inc." "c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "IAStorDataMgrSvc" "Provides storage event notification and manages communication between the storage driver and user space applications." "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe"
+ "LMS" "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "PowerBiosServer" "WMI" "" "c:\program files (x86)\hotkey\powerbiosserver.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe"
+ "Steam Client Service" "Steam Client Service monitors and updates Steam content" "Valve Corporation" "c:\program files (x86)\common files\steam\steamservice.exe"
+ "TunngleService" "Tunngle Service" "Tunngle.net GmbH" "c:\program files (x86)\tunngle\tnglctrl.exe"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "AtiHDAudioService" "AMD High Definition Audio Function Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\atihdw76.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys"
+ "JMCR" "JMicron PCIe Flash Media Controller Driver" "JMicron Technology Corporation" "c:\windows\system32\drivers\jmcr.sys"
+ "JME" "JMicron NDIS6.20 Driver" "JMicron Technology Corp." "c:\windows\system32\drivers\jme.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "MEIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nusb3hub" "USB 3.0 Hub Driver" "Renesas Electronics Corporation" "c:\windows\system32\drivers\nusb3hub.sys"
+ "nusb3xhc" "USB 3.0 Host Controller Driver" "Renesas Electronics Corporation" "c:\windows\system32\drivers\nusb3xhc.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RTL8192Ce" "Realtek RTL81892CE NDIS Driverr" "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtl8192ce.sys"
+ "SCDEmu" "PowerISO Virtual Drive" "Power Software Ltd" "c:\windows\system32\drivers\scdemu.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "tap0901t" "TAP-Win32 Virtual Network Driver" "Tunngle.net" "c:\windows\system32\drivers\tap0901t.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "Provider Object" "Windows Vista Credential Provider" "UPEK Inc." "c:\program files\protector suite\provider.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters" "" "" ""
+ "Provider Filter Object" "Windows Vista Credential Provider" "UPEK Inc." "c:\program files\protector suite\provider.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "psfus" "Logon stub" "UPEK Inc." "c:\program files\protector suite\psqlpwd.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Canon BJ Language Monitor MG6200 series" "IJ Language Monitor" "CANON INC." "c:\windows\system32\cnmlmau.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages" "" "" ""
+ "C:\Program Files\Protector Suite\psqlpwd.dll" "Logon stub" "UPEK Inc." "c:\program files\protector suite\psqlpwd.dll"

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:14 AM

Posted 02 December 2012 - 03:36 PM

Now run RKILL given in previous instructions and post the new log

Edited by narenxp, 02 December 2012 - 07:20 PM.


#10 ogproof

ogproof
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 02 December 2012 - 07:13 PM

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/02/2012 07:12:58 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 12/02/2012 07:13:02 PM
Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s)

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:14 AM

Posted 02 December 2012 - 07:20 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users