Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Text-Enhance Malware and Google search redirect link


  • Please log in to reply
20 replies to this topic

#1 fallenwinters

fallenwinters

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 03 December 2012 - 11:15 AM

Hi,

Whenever I click the results for my google search, it always redirects me to a different site. I have to click the link a couple of times before I'll be sent to the right site.

I also have this "Text-Enhance" in my browsers.

I'm also having problems logging in to different websites.

I might have more malware/viruses in my computer. I just don't know how to remove/clean my system with it.

I'm running Windows 7 Ultimate 32-bit

Edited by fallenwinters, 03 December 2012 - 11:34 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:30 AM

Posted 03 December 2012 - 11:36 AM

Lets scan for adware and also check add ons.

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.





Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.



In IE,Go to tools, manage add ons, toolbars and extentions and disable the I want this extension.
In Google chrome click on the spanner icon,top right of page go to tools and do the same.
Then restart your browser,it should be gone.
Now go to your control panel and remove/un-install the program I Want This

Edited by boopme, 03 December 2012 - 11:36 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 fallenwinters

fallenwinters
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 03 December 2012 - 11:45 AM

# AdwCleaner v2.011 - Logfile created 12/03/2012 at 10:38:16
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Ultimate (32 bits)
# User : ttheberge - TTHEBERGE-PC
# Boot Mode : Normal
# Running from : C:\Users\ttheberge\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16700

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\ttheberge\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [656 octets] - [03/12/2012 10:38:16]

########## EOF - C:\AdwCleaner[S1].txt - [715 octets] ##########

I didn't see any "I want this" extension on both IE and Google Chrome and it is still there.

Edited by fallenwinters, 03 December 2012 - 11:46 AM.


#4 fallenwinters

fallenwinters
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 03 December 2012 - 11:48 AM

I didn't see that you edited your post. Let me try doing it again.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:30 AM

Posted 03 December 2012 - 11:53 AM

Yes runn TDDS
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 fallenwinters

fallenwinters
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 03 December 2012 - 11:59 AM

10:49:52.0033 5456 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:49:52.0470 5456 ============================================================
10:49:52.0470 5456 Current date / time: 2012/12/03 10:49:52.0470
10:49:52.0470 5456 SystemInfo:
10:49:52.0470 5456
10:49:52.0470 5456 OS Version: 6.1.7600 ServicePack: 0.0
10:49:52.0470 5456 Product type: Workstation
10:49:52.0470 5456 ComputerName: TTHEBERGE-PC
10:49:52.0470 5456 UserName: ttheberge
10:49:52.0470 5456 Windows directory: C:\Windows
10:49:52.0470 5456 System windows directory: C:\Windows
10:49:52.0470 5456 Processor architecture: Intel x86
10:49:52.0470 5456 Number of processors: 1
10:49:52.0470 5456 Page size: 0x1000
10:49:52.0470 5456 Boot type: Normal boot
10:49:52.0470 5456 ============================================================
10:49:56.0861 5456 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:49:56.0865 5456 ============================================================
10:49:56.0865 5456 \Device\Harddisk0\DR0:
10:49:56.0866 5456 MBR partitions:
10:49:56.0866 5456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D1B0DCB
10:49:56.0866 5456 ============================================================
10:49:57.0058 5456 C: <-> \Device\Harddisk0\DR0\Partition1
10:49:57.0058 5456 ============================================================
10:49:57.0058 5456 Initialize success
10:49:57.0058 5456 ============================================================
10:50:24.0261 5696 ============================================================
10:50:24.0261 5696 Scan started
10:50:24.0261 5696 Mode: Manual; TDLFS;
10:50:24.0261 5696 ============================================================
10:50:29.0423 5696 ================ Scan system memory ========================
10:50:29.0423 5696 System memory - ok
10:50:29.0423 5696 ================ Scan services =============================
10:50:30.0742 5696 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
10:50:30.0759 5696 1394ohci - ok
10:50:30.0890 5696 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
10:50:30.0894 5696 ACPI - ok
10:50:30.0948 5696 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
10:50:30.0966 5696 AcpiPmi - ok
10:50:31.0338 5696 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:50:31.0364 5696 AdobeARMservice - ok
10:50:31.0793 5696 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:50:31.0793 5696 AdobeFlashPlayerUpdateSvc - ok
10:50:32.0042 5696 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:50:32.0043 5696 adp94xx - ok
10:50:32.0198 5696 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:50:32.0227 5696 adpahci - ok
10:50:32.0336 5696 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:50:32.0358 5696 adpu320 - ok
10:50:32.0445 5696 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:50:32.0471 5696 AeLookupSvc - ok
10:50:32.0645 5696 [ DDC040FDB01EF1712A6B13E52AFB104C ] AFD C:\Windows\system32\drivers\afd.sys
10:50:32.0670 5696 AFD - ok
10:50:32.0753 5696 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
10:50:32.0757 5696 agp440 - ok
10:50:32.0905 5696 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
10:50:32.0907 5696 aic78xx - ok
10:50:33.0026 5696 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
10:50:33.0029 5696 ALG - ok
10:50:33.0086 5696 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
10:50:33.0088 5696 aliide - ok
10:50:33.0123 5696 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
10:50:33.0125 5696 amdagp - ok
10:50:33.0158 5696 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
10:50:33.0492 5696 amdide - ok
10:50:33.0588 5696 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:50:33.0598 5696 AmdK8 - ok
10:50:33.0728 5696 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:50:33.0733 5696 AmdPPM - ok
10:50:33.0804 5696 [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
10:50:33.0822 5696 amdsata - ok
10:50:33.0910 5696 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:50:33.0923 5696 amdsbs - ok
10:50:34.0031 5696 [ B81C2B5616F6420A9941EA093A92B150 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
10:50:34.0051 5696 amdxata - ok
10:50:34.0141 5696 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
10:50:34.0155 5696 AppID - ok
10:50:34.0298 5696 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:50:34.0324 5696 AppIDSvc - ok
10:50:34.0418 5696 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
10:50:34.0419 5696 Appinfo - ok
10:50:34.0460 5696 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
10:50:34.0468 5696 AppMgmt - ok
10:50:34.0522 5696 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
10:50:34.0525 5696 arc - ok
10:50:34.0550 5696 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:50:34.0553 5696 arcsas - ok
10:50:34.0837 5696 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:50:34.0904 5696 aspnet_state - ok
10:50:34.0994 5696 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:50:35.0016 5696 AsyncMac - ok
10:50:35.0071 5696 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
10:50:35.0075 5696 atapi - ok
10:50:35.0184 5696 [ 86ACB6A60C50E99EB8E68710D5A12654 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
10:50:35.0202 5696 Ati External Event Utility - ok
10:50:35.0877 5696 [ 7DB96C2801A78513BDC133C25D07929E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:50:36.0020 5696 atikmdag - ok
10:50:36.0220 5696 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:50:36.0220 5696 AudioEndpointBuilder - ok
10:50:36.0251 5696 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:50:36.0251 5696 Audiosrv - ok
10:50:36.0298 5696 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:50:36.0313 5696 AxInstSV - ok
10:50:36.0391 5696 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
10:50:36.0391 5696 b06bdrv - ok
10:50:36.0438 5696 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
10:50:36.0438 5696 b57nd60x - ok
10:50:36.0519 5696 [ 82DD21BFA8BBE0A3A3833A1BD8E86158 ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys
10:50:36.0542 5696 bcm4sbxp - ok
10:50:36.0627 5696 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
10:50:36.0648 5696 BDESVC - ok
10:50:36.0724 5696 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
10:50:36.0746 5696 Beep - ok
10:50:36.0867 5696 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:50:36.0887 5696 blbdrive - ok
10:50:37.0077 5696 [ FCAFAEF6798D7B51FF029F99A9898961 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:50:37.0080 5696 bowser - ok
10:50:37.0142 5696 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:50:37.0169 5696 BrFiltLo - ok
10:50:37.0211 5696 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:50:37.0231 5696 BrFiltUp - ok
10:50:37.0344 5696 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\Windows\System32\browser.dll
10:50:37.0363 5696 Browser - ok
10:50:37.0550 5696 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:50:37.0581 5696 Brserid - ok
10:50:37.0628 5696 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:50:37.0644 5696 BrSerWdm - ok
10:50:37.0675 5696 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:50:37.0675 5696 BrUsbMdm - ok
10:50:37.0722 5696 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:50:37.0722 5696 BrUsbSer - ok
10:50:37.0769 5696 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:50:37.0800 5696 BTHMODEM - ok
10:50:37.0909 5696 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
10:50:37.0940 5696 bthserv - ok
10:50:37.0987 5696 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:50:37.0987 5696 cdfs - ok
10:50:38.0034 5696 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:50:38.0034 5696 cdrom - ok
10:50:38.0081 5696 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
10:50:38.0096 5696 CertPropSvc - ok
10:50:38.0174 5696 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:50:38.0190 5696 circlass - ok
10:50:38.0221 5696 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
10:50:38.0237 5696 CLFS - ok
10:50:38.0299 5696 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:50:38.0299 5696 clr_optimization_v2.0.50727_32 - ok
10:50:38.0502 5696 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:50:38.0713 5696 clr_optimization_v4.0.30319_32 - ok
10:50:38.0817 5696 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:50:38.0842 5696 CmBatt - ok
10:50:38.0887 5696 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
10:50:38.0908 5696 cmdide - ok
10:50:39.0006 5696 [ 1B675691ED940766149C93E8F4488D68 ] CNG C:\Windows\system32\Drivers\cng.sys
10:50:39.0082 5696 CNG - ok
10:50:39.0125 5696 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:50:39.0144 5696 Compbatt - ok
10:50:39.0230 5696 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
10:50:39.0254 5696 CompositeBus - ok
10:50:39.0298 5696 COMSysApp - ok
10:50:39.0334 5696 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:50:39.0356 5696 crcdisk - ok
10:50:39.0515 5696 [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:50:39.0518 5696 CryptSvc - ok
10:50:39.0691 5696 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
10:50:39.0707 5696 CSC - ok
10:50:39.0863 5696 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
10:50:39.0863 5696 CscService - ok
10:50:39.0972 5696 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
10:50:39.0988 5696 DcomLaunch - ok
10:50:40.0035 5696 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
10:50:40.0035 5696 defragsvc - ok
10:50:40.0082 5696 [ 8E09E52EE2E3CEB199EF3DD99CF9E3FB ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:50:40.0083 5696 DfsC - ok
10:50:40.0246 5696 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
10:50:40.0272 5696 Dhcp - ok
10:50:40.0314 5696 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
10:50:40.0340 5696 discache - ok
10:50:40.0473 5696 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:50:40.0677 5696 Disk - ok
10:50:40.0792 5696 [ D0722E963D3C6145446874241401B209 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:50:40.0951 5696 Dnscache - ok
10:50:41.0053 5696 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
10:50:41.0133 5696 dot3svc - ok
10:50:41.0258 5696 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
10:50:41.0289 5696 DPS - ok
10:50:41.0382 5696 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:50:41.0414 5696 drmkaud - ok
10:50:41.0460 5696 [ B2C3F71B86E25C3DF78339DDB40A7562 ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
10:50:41.0476 5696 dsNcAdpt - ok
10:50:41.0800 5696 [ 5538EED60DC1BC13E9E534D067CC0F40 ] dsNcService C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
10:50:41.0884 5696 dsNcService - ok
10:50:42.0242 5696 [ 8B6C3464D7FAC176500061DBFFF42AD4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:50:42.0261 5696 DXGKrnl - ok
10:50:42.0409 5696 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
10:50:42.0433 5696 EapHost - ok
10:50:42.0614 5696 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
10:50:42.0723 5696 ebdrv - ok
10:50:42.0770 5696 [ F42309C4191C506B71DB5D1126D26318 ] EFS C:\Windows\System32\lsass.exe
10:50:42.0801 5696 EFS - ok
10:50:43.0067 5696 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:50:43.0114 5696 ehRecvr - ok
10:50:43.0172 5696 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
10:50:43.0175 5696 ehSched - ok
10:50:43.0437 5696 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:50:43.0444 5696 elxstor - ok
10:50:43.0489 5696 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
10:50:43.0510 5696 ErrDev - ok
10:50:43.0633 5696 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
10:50:43.0639 5696 EventSystem - ok
10:50:43.0675 5696 evlqqupd - ok
10:50:43.0719 5696 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
10:50:43.0729 5696 exfat - ok
10:50:43.0784 5696 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:50:43.0793 5696 fastfat - ok
10:50:44.0045 5696 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
10:50:44.0117 5696 Fax - ok
10:50:44.0195 5696 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:50:44.0226 5696 fdc - ok
10:50:44.0304 5696 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
10:50:44.0320 5696 fdPHost - ok
10:50:44.0335 5696 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
10:50:44.0335 5696 FDResPub - ok
10:50:44.0382 5696 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:50:44.0382 5696 FileInfo - ok
10:50:44.0444 5696 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:50:44.0444 5696 Filetrace - ok
10:50:44.0491 5696 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:50:44.0491 5696 flpydisk - ok
10:50:44.0522 5696 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:50:44.0538 5696 FltMgr - ok
10:50:44.0569 5696 [ B6512A85815FDC3D560C3705F5BDB93D ] FontCache C:\Windows\system32\FntCache.dll
10:50:44.0570 5696 FontCache - ok
10:50:44.0662 5696 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:50:44.0666 5696 FontCache3.0.0.0 - ok
10:50:44.0694 5696 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:50:44.0697 5696 FsDepends - ok
10:50:44.0754 5696 [ 2ED0BABD4CD98ED820FD0D0BCBE96721 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
10:50:44.0776 5696 fssfltr - ok
10:50:45.0041 5696 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
10:50:45.0093 5696 fsssvc - ok
10:50:45.0130 5696 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:50:45.0133 5696 Fs_Rec - ok
10:50:45.0188 5696 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:50:45.0194 5696 fvevol - ok
10:50:45.0245 5696 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:50:45.0247 5696 gagp30kx - ok
10:50:45.0626 5696 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
10:50:45.0635 5696 gpsvc - ok
10:50:45.0715 5696 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
10:50:45.0717 5696 gupdate - ok
10:50:45.0746 5696 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:50:45.0752 5696 gupdatem - ok
10:50:45.0795 5696 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:50:45.0800 5696 gusvc - ok
10:50:45.0832 5696 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:50:45.0835 5696 hcw85cir - ok
10:50:45.0877 5696 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:50:45.0882 5696 HdAudAddService - ok
10:50:45.0914 5696 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:50:45.0918 5696 HDAudBus - ok
10:50:45.0946 5696 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:50:45.0948 5696 HidBatt - ok
10:50:45.0968 5696 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:50:45.0972 5696 HidBth - ok
10:50:46.0020 5696 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:50:46.0022 5696 HidIr - ok
10:50:46.0055 5696 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
10:50:46.0057 5696 hidserv - ok
10:50:46.0090 5696 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:50:46.0092 5696 HidUsb - ok
10:50:46.0167 5696 [ 47EECE68857817F39C8C6F33A7E5E76C ] hitmanpro36 C:\Windows\system32\drivers\hitmanpro36.sys
10:50:46.0169 5696 hitmanpro36 - ok
10:50:46.0206 5696 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:50:46.0209 5696 hkmsvc - ok
10:50:46.0234 5696 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:50:46.0238 5696 HomeGroupListener - ok
10:50:46.0278 5696 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:50:46.0284 5696 HomeGroupProvider - ok
10:50:46.0373 5696 [ F90DD89E8A482AC976DD4E1029802E49 ] HP LaserJet Service C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
10:50:46.0375 5696 HP LaserJet Service - ok
10:50:46.0433 5696 [ 7330493E27AF4DC73DE0F3293E8B5514 ] HP1210FAX C:\Windows\system32\Drivers\HPM1210FAX.sys
10:50:46.0435 5696 HP1210FAX - ok
10:50:46.0502 5696 [ 1451AB76D18AF31D9BE3176FC90F58D1 ] HPM1210RcvFaxSrvc C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
10:50:46.0506 5696 HPM1210RcvFaxSrvc - ok
10:50:46.0559 5696 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
10:50:46.0565 5696 HpSAMD - ok
10:50:46.0674 5696 [ 86D9F218677E8B9357A5D9309CD495DC ] HPSIService C:\Windows\system32\HPSIsvc.exe
10:50:46.0690 5696 HPSIService - ok
10:50:46.0721 5696 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:50:46.0737 5696 HTTP - ok
10:50:46.0768 5696 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:50:46.0783 5696 hwpolicy - ok
10:50:46.0830 5696 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:50:46.0846 5696 i8042prt - ok
10:50:46.0939 5696 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
10:50:46.0955 5696 iaStorV - ok
10:50:47.0033 5696 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
10:50:47.0033 5696 IDriverT - ok
10:50:47.0142 5696 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:50:47.0161 5696 idsvc - ok
10:50:47.0237 5696 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:50:47.0240 5696 iirsp - ok
10:50:47.0349 5696 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
10:50:47.0366 5696 IKEEXT - ok
10:50:47.0422 5696 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
10:50:47.0425 5696 intelide - ok
10:50:47.0498 5696 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:50:47.0499 5696 intelppm - ok
10:50:47.0516 5696 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:50:47.0519 5696 IPBusEnum - ok
10:50:47.0546 5696 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:50:47.0548 5696 IpFilterDriver - ok
10:50:47.0578 5696 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:50:47.0580 5696 IPMIDRV - ok
10:50:47.0600 5696 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:50:47.0604 5696 IPNAT - ok
10:50:47.0642 5696 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:50:47.0644 5696 IRENUM - ok
10:50:47.0670 5696 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
10:50:47.0672 5696 isapnp - ok
10:50:47.0700 5696 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
10:50:47.0703 5696 iScsiPrt - ok
10:50:47.0739 5696 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:50:47.0741 5696 kbdclass - ok
10:50:47.0773 5696 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:50:47.0774 5696 kbdhid - ok
10:50:47.0796 5696 [ F42309C4191C506B71DB5D1126D26318 ] KeyIso C:\Windows\system32\lsass.exe
10:50:47.0798 5696 KeyIso - ok
10:50:47.0847 5696 [ E36A061EC11B373826905B21BE10948F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:50:47.0857 5696 KSecDD - ok
10:50:47.0898 5696 [ 365C6154BBBC5377173F1CA7BFB6CC59 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:50:47.0904 5696 KSecPkg - ok
10:50:47.0942 5696 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
10:50:47.0955 5696 KtmRm - ok
10:50:48.0013 5696 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll
10:50:48.0019 5696 LanmanServer - ok
10:50:48.0059 5696 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:50:48.0065 5696 LanmanWorkstation - ok
10:50:48.0166 5696 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:50:48.0166 5696 lltdio - ok
10:50:48.0213 5696 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:50:48.0244 5696 lltdsvc - ok
10:50:48.0260 5696 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
10:50:48.0260 5696 lmhosts - ok
10:50:48.0306 5696 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:50:48.0306 5696 LSI_FC - ok
10:50:48.0338 5696 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:50:48.0338 5696 LSI_SAS - ok
10:50:48.0369 5696 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:50:48.0384 5696 LSI_SAS2 - ok
10:50:48.0400 5696 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:50:48.0416 5696 LSI_SCSI - ok
10:50:48.0447 5696 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
10:50:48.0447 5696 luafv - ok
10:50:48.0525 5696 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
10:50:48.0525 5696 MBAMSwissArmy - ok
10:50:48.0556 5696 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:50:48.0572 5696 Mcx2Svc - ok
10:50:48.0603 5696 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:50:48.0603 5696 megasas - ok
10:50:48.0632 5696 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:50:48.0637 5696 MegaSR - ok
10:50:48.0695 5696 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
10:50:48.0698 5696 Microsoft Office Groove Audit Service - ok
10:50:48.0740 5696 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
10:50:48.0743 5696 MMCSS - ok
10:50:48.0807 5696 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
10:50:48.0816 5696 Modem - ok
10:50:48.0872 5696 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:50:48.0873 5696 monitor - ok
10:50:48.0903 5696 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:50:48.0905 5696 mouclass - ok
10:50:48.0937 5696 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:50:48.0939 5696 mouhid - ok
10:50:48.0961 5696 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:50:48.0965 5696 mountmgr - ok
10:50:48.0988 5696 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
10:50:48.0991 5696 mpio - ok
10:50:49.0046 5696 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:50:49.0048 5696 mpsdrv - ok
10:50:49.0080 5696 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:50:49.0083 5696 MRxDAV - ok
10:50:49.0130 5696 [ F1B6AA08497EA86CA6EF6F7A08B0BFB8 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:50:49.0133 5696 mrxsmb - ok
10:50:49.0187 5696 [ 5613358B4050F46F5A9832DA8050D6E4 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:50:49.0190 5696 mrxsmb10 - ok
10:50:49.0215 5696 [ 25C9792778D80FEB4C8201E62281BFDF ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:50:49.0218 5696 mrxsmb20 - ok
10:50:49.0275 5696 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
10:50:49.0278 5696 msahci - ok
10:50:49.0302 5696 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
10:50:49.0304 5696 msdsm - ok
10:50:49.0358 5696 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
10:50:49.0362 5696 MSDTC - ok
10:50:49.0401 5696 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:50:49.0403 5696 Msfs - ok
10:50:49.0451 5696 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:50:49.0452 5696 mshidkmdf - ok
10:50:49.0509 5696 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
10:50:49.0511 5696 msisadrv - ok
10:50:49.0570 5696 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:50:49.0574 5696 MSiSCSI - ok
10:50:49.0588 5696 msiserver - ok
10:50:49.0627 5696 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:50:49.0629 5696 MSKSSRV - ok
10:50:49.0667 5696 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:50:49.0667 5696 MSPCLOCK - ok
10:50:49.0698 5696 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:50:49.0698 5696 MSPQM - ok
10:50:49.0729 5696 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:50:49.0745 5696 MsRPC - ok
10:50:49.0760 5696 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:50:49.0760 5696 mssmbios - ok
10:50:49.0792 5696 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:50:49.0792 5696 MSTEE - ok
10:50:49.0823 5696 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:50:49.0823 5696 MTConfig - ok
10:50:49.0854 5696 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
10:50:49.0854 5696 Mup - ok
10:50:49.0916 5696 [ DA52265242677E1C03B2560A03172612 ] mvusbews C:\Windows\system32\Drivers\mvusbews.sys
10:50:49.0932 5696 mvusbews - ok
10:50:49.0979 5696 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
10:50:49.0979 5696 napagent - ok
10:50:50.0041 5696 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:50:50.0041 5696 NativeWifiP - ok
10:50:50.0088 5696 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:50:50.0104 5696 NDIS - ok
10:50:50.0151 5696 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:50:50.0151 5696 NdisCap - ok
10:50:50.0174 5696 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:50:50.0176 5696 NdisTapi - ok
10:50:50.0227 5696 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:50:50.0229 5696 Ndisuio - ok
10:50:50.0254 5696 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:50:50.0257 5696 NdisWan - ok
10:50:50.0276 5696 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:50:50.0277 5696 NDProxy - ok
10:50:50.0358 5696 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
10:50:50.0361 5696 Net Driver HPZ12 - ok
10:50:50.0395 5696 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:50:50.0397 5696 NetBIOS - ok
10:50:50.0432 5696 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:50:50.0435 5696 NetBT - ok
10:50:50.0461 5696 [ F42309C4191C506B71DB5D1126D26318 ] Netlogon C:\Windows\system32\lsass.exe
10:50:50.0463 5696 Netlogon - ok
10:50:50.0502 5696 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
10:50:50.0508 5696 Netman - ok
10:50:50.0574 5696 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:50:50.0610 5696 NetMsmqActivator - ok
10:50:50.0624 5696 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:50:50.0626 5696 NetPipeActivator - ok
10:50:50.0689 5696 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
10:50:50.0696 5696 netprofm - ok
10:50:50.0793 5696 [ 105A0947E6E01E5A6B76DAD87547CD89 ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
10:50:50.0817 5696 netr28u - ok
10:50:50.0866 5696 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:50:50.0867 5696 NetTcpActivator - ok
10:50:50.0884 5696 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:50:50.0886 5696 NetTcpPortSharing - ok
10:50:50.0944 5696 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:50:50.0946 5696 nfrd960 - ok
10:50:51.0043 5696 [ 6A3F413DBF95F152AF9F8BD2AF2BC48A ] NitroDriverReadSpool2 C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
10:50:51.0046 5696 NitroDriverReadSpool2 - ok
10:50:51.0078 5696 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
10:50:51.0083 5696 NlaSvc - ok
10:50:51.0148 5696 [ 0543FA119CF3FD2203851FD71202FFE1 ] nlsX86cc C:\Windows\system32\NLSSRV32.EXE
10:50:51.0152 5696 nlsX86cc - ok
10:50:51.0173 5696 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:50:51.0177 5696 Npfs - ok
10:50:51.0217 5696 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
10:50:51.0220 5696 nsi - ok
10:50:51.0249 5696 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:50:51.0251 5696 nsiproxy - ok
10:50:51.0313 5696 [ 3795DCD21F740EE799FB7223234215AF ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:50:51.0342 5696 Ntfs - ok
10:50:51.0372 5696 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
10:50:51.0375 5696 Null - ok
10:50:51.0399 5696 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
10:50:51.0402 5696 nvraid - ok
10:50:51.0466 5696 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
10:50:51.0468 5696 nvstor - ok
10:50:51.0493 5696 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
10:50:51.0496 5696 nv_agp - ok
10:50:51.0604 5696 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:50:51.0611 5696 odserv - ok
10:50:51.0640 5696 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
10:50:51.0642 5696 ohci1394 - ok
10:50:51.0678 5696 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:50:51.0682 5696 ose - ok
10:50:51.0766 5696 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:50:51.0772 5696 p2pimsvc - ok
10:50:51.0796 5696 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
10:50:51.0805 5696 p2psvc - ok
10:50:51.0846 5696 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:50:51.0849 5696 Parport - ok
10:50:51.0910 5696 [ FF4218952B51DE44FE910953A3E686B9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:50:51.0914 5696 partmgr - ok
10:50:51.0963 5696 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
10:50:51.0964 5696 Parvdm - ok
10:50:51.0993 5696 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:50:51.0998 5696 PcaSvc - ok
10:50:52.0022 5696 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
10:50:52.0025 5696 pci - ok
10:50:52.0050 5696 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
10:50:52.0052 5696 pciide - ok
10:50:52.0082 5696 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:50:52.0086 5696 pcmcia - ok
10:50:52.0108 5696 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
10:50:52.0111 5696 pcw - ok
10:50:52.0146 5696 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:50:52.0165 5696 PEAUTH - ok
10:50:52.0223 5696 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:50:52.0245 5696 PeerDistSvc - ok
10:50:52.0332 5696 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
10:50:52.0369 5696 pla - ok
10:50:52.0580 5696 [ 2CC2008F1296968FBA162ED9F9AFE328 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:50:52.0615 5696 PlugPlay - ok
10:50:52.0769 5696 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:50:52.0774 5696 Pml Driver HPZ12 - ok
10:50:52.0823 5696 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:50:52.0829 5696 PNRPAutoReg - ok
10:50:52.0849 5696 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:50:52.0853 5696 PNRPsvc - ok
10:50:52.0895 5696 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:50:52.0902 5696 PolicyAgent - ok
10:50:52.0942 5696 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
10:50:52.0947 5696 Power - ok
10:50:52.0985 5696 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:50:52.0987 5696 PptpMiniport - ok
10:50:53.0080 5696 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:50:53.0082 5696 Processor - ok
10:50:53.0177 5696 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll
10:50:53.0182 5696 ProfSvc - ok
10:50:53.0200 5696 [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:50:53.0202 5696 ProtectedStorage - ok
10:50:53.0244 5696 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:50:53.0247 5696 Psched - ok
10:50:53.0323 5696 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:50:53.0347 5696 ql2300 - ok
10:50:53.0377 5696 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:50:53.0379 5696 ql40xx - ok
10:50:53.0415 5696 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
10:50:53.0421 5696 QWAVE - ok
10:50:53.0441 5696 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:50:53.0443 5696 QWAVEdrv - ok
10:50:53.0469 5696 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:50:53.0472 5696 RasAcd - ok
10:50:53.0506 5696 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:50:53.0508 5696 RasAgileVpn - ok
10:50:53.0531 5696 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
10:50:53.0536 5696 RasAuto - ok
10:50:53.0597 5696 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:50:53.0599 5696 Rasl2tp - ok
10:50:53.0632 5696 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
10:50:53.0639 5696 RasMan - ok
10:50:53.0659 5696 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:50:53.0661 5696 RasPppoe - ok
10:50:53.0686 5696 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:50:53.0688 5696 RasSstp - ok
10:50:53.0758 5696 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:50:53.0762 5696 rdbss - ok
10:50:53.0789 5696 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:50:53.0791 5696 rdpbus - ok
10:50:53.0813 5696 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:50:53.0815 5696 RDPCDD - ok
10:50:53.0881 5696 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:50:53.0885 5696 RDPDR - ok
10:50:53.0922 5696 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:50:53.0923 5696 RDPENCDD - ok
10:50:53.0987 5696 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:50:53.0995 5696 RDPREFMP - ok
10:50:54.0042 5696 [ 801371BA9782282892D00AADB08EE367 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:50:54.0048 5696 RDPWD - ok
10:50:54.0082 5696 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:50:54.0085 5696 rdyboost - ok
10:50:54.0106 5696 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
10:50:54.0110 5696 RemoteAccess - ok
10:50:54.0136 5696 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:50:54.0142 5696 RemoteRegistry - ok
10:50:54.0218 5696 [ 0F6756EF8BDA6DFA7BE50465C83132BB ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
10:50:54.0220 5696 RimUsb - ok
10:50:54.0324 5696 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:50:54.0331 5696 RpcEptMapper - ok
10:50:54.0387 5696 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
10:50:54.0390 5696 RpcLocator - ok
10:50:54.0456 5696 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
10:50:54.0461 5696 RpcSs - ok
10:50:54.0506 5696 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:50:54.0508 5696 rspndr - ok
10:50:54.0544 5696 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
10:50:54.0546 5696 s3cap - ok
10:50:54.0565 5696 [ F42309C4191C506B71DB5D1126D26318 ] SamSs C:\Windows\system32\lsass.exe
10:50:54.0568 5696 SamSs - ok
10:50:54.0598 5696 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
10:50:54.0601 5696 sbp2port - ok
10:50:54.0675 5696 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:50:54.0680 5696 SCardSvr - ok
10:50:54.0704 5696 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:50:54.0707 5696 scfilter - ok
10:50:54.0756 5696 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
10:50:54.0779 5696 Schedule - ok
10:50:54.0804 5696 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:50:54.0805 5696 SCPolicySvc - ok
10:50:54.0838 5696 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:50:54.0844 5696 SDRSVC - ok
10:50:54.0880 5696 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:50:54.0883 5696 secdrv - ok
10:50:54.0906 5696 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
10:50:54.0910 5696 seclogon - ok
10:50:54.0938 5696 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
10:50:54.0941 5696 SENS - ok
10:50:55.0004 5696 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:50:55.0009 5696 SensrSvc - ok
10:50:55.0033 5696 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:50:55.0035 5696 Serenum - ok
10:50:55.0053 5696 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:50:55.0056 5696 Serial - ok
10:50:55.0092 5696 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:50:55.0094 5696 sermouse - ok
10:50:55.0171 5696 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
10:50:55.0176 5696 SessionEnv - ok
10:50:55.0240 5696 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
10:50:55.0250 5696 sffdisk - ok
10:50:55.0293 5696 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:50:55.0303 5696 sffp_mmc - ok
10:50:55.0342 5696 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
10:50:55.0345 5696 sffp_sd - ok
10:50:55.0392 5696 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:50:55.0394 5696 sfloppy - ok
10:50:55.0431 5696 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:50:55.0438 5696 ShellHWDetection - ok
10:50:55.0460 5696 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
10:50:55.0463 5696 sisagp - ok
10:50:55.0492 5696 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:50:55.0495 5696 SiSRaid2 - ok
10:50:55.0515 5696 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:50:55.0520 5696 SiSRaid4 - ok
10:50:55.0547 5696 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:50:55.0549 5696 Smb - ok
10:50:55.0600 5696 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:50:55.0608 5696 SNMPTRAP - ok
10:50:55.0654 5696 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
10:50:55.0660 5696 spldr - ok
10:50:55.0742 5696 [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler C:\Windows\System32\spoolsv.exe
10:50:55.0749 5696 Spooler - ok
10:50:55.0841 5696 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
10:50:55.0902 5696 sppsvc - ok
10:50:55.0933 5696 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:50:55.0938 5696 sppuinotify - ok
10:50:55.0976 5696 [ 2DBEDFB1853F06110EC2AA7F3213C89F ] srv C:\Windows\system32\DRIVERS\srv.sys
10:50:55.0981 5696 srv - ok
10:50:56.0009 5696 [ DB37131D1027C50EA7EE21C8BB4536AA ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:50:56.0013 5696 srv2 - ok
10:50:56.0035 5696 [ F5980B74124DB9233B33F86FC5EBBB4F ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:50:56.0039 5696 srvnet - ok
10:50:56.0116 5696 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:50:56.0122 5696 SSDPSRV - ok
10:50:56.0143 5696 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:50:56.0148 5696 SstpSvc - ok
10:50:56.0180 5696 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:50:56.0183 5696 stexstor - ok
10:50:56.0271 5696 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
10:50:56.0280 5696 StillCam - ok
10:50:56.0403 5696 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
10:50:56.0412 5696 StiSvc - ok
10:50:56.0444 5696 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
10:50:56.0447 5696 storflt - ok
10:50:56.0485 5696 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
10:50:56.0487 5696 storvsc - ok
10:50:56.0553 5696 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:50:56.0555 5696 swenum - ok
10:50:56.0744 5696 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:50:56.0755 5696 SwitchBoard - ok
10:50:56.0802 5696 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
10:50:56.0810 5696 swprv - ok
10:50:56.0944 5696 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
10:50:56.0970 5696 SysMain - ok
10:50:57.0001 5696 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:50:57.0007 5696 TabletInputService - ok
10:50:57.0032 5696 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
10:50:57.0039 5696 TapiSrv - ok
10:50:57.0061 5696 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
10:50:57.0066 5696 TBS - ok
10:50:57.0119 5696 [ BB7F39C31C4A4417FD318E7CD184E225 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:50:57.0159 5696 Tcpip - ok
10:50:57.0222 5696 [ BB7F39C31C4A4417FD318E7CD184E225 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:50:57.0232 5696 TCPIP6 - ok
10:50:57.0279 5696 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:50:57.0281 5696 tcpipreg - ok
10:50:57.0325 5696 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:50:57.0327 5696 TDPIPE - ok
10:50:57.0369 5696 [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:50:57.0371 5696 TDTCP - ok
10:50:57.0405 5696 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:50:57.0407 5696 tdx - ok
10:50:57.0487 5696 [ 12EB792F908D263381162D9BB304B520 ] TeamViewer6 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
10:50:57.0538 5696 TeamViewer6 - ok
10:50:57.0573 5696 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:50:57.0575 5696 TermDD - ok
10:50:57.0626 5696 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
10:50:57.0648 5696 TermService - ok
10:50:57.0707 5696 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
10:50:57.0712 5696 Themes - ok
10:50:57.0750 5696 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
10:50:57.0752 5696 THREADORDER - ok
10:50:58.0178 5696 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
10:50:58.0184 5696 TrkWks - ok
10:50:58.0250 5696 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:50:58.0255 5696 TrustedInstaller - ok
10:50:58.0295 5696 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:50:58.0297 5696 tssecsrv - ok
10:50:58.0352 5696 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:50:58.0354 5696 tunnel - ok
10:50:58.0389 5696 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:50:58.0400 5696 uagp35 - ok
10:50:58.0448 5696 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:50:58.0452 5696 udfs - ok
10:50:58.0514 5696 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:50:58.0518 5696 UI0Detect - ok
10:50:58.0542 5696 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
10:50:58.0544 5696 uliagpkx - ok
10:50:58.0580 5696 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:50:58.0583 5696 umbus - ok
10:50:58.0612 5696 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:50:58.0614 5696 UmPass - ok
10:50:58.0657 5696 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
10:50:58.0662 5696 UmRdpService - ok
10:50:58.0702 5696 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
10:50:58.0709 5696 upnphost - ok
10:50:58.0747 5696 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:50:58.0753 5696 usbccgp - ok
10:50:58.0778 5696 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
10:50:58.0780 5696 usbcir - ok
10:50:58.0834 5696 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:50:58.0836 5696 usbehci - ok
10:50:58.0872 5696 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:50:58.0875 5696 usbhub - ok
10:50:58.0894 5696 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
10:50:58.0896 5696 usbohci - ok
10:50:58.0930 5696 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:50:58.0932 5696 usbprint - ok
10:50:58.0994 5696 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:50:58.0996 5696 usbscan - ok
10:50:59.0049 5696 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:50:59.0054 5696 USBSTOR - ok
10:50:59.0095 5696 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:50:59.0097 5696 usbuhci - ok
10:50:59.0137 5696 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
10:50:59.0142 5696 UxSms - ok
10:50:59.0203 5696 [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc C:\Windows\system32\lsass.exe
10:50:59.0205 5696 VaultSvc - ok
10:50:59.0235 5696 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
10:50:59.0238 5696 vdrvroot - ok
10:50:59.0267 5696 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
10:50:59.0278 5696 vds - ok
10:50:59.0361 5696 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:50:59.0361 5696 vga - ok
10:50:59.0392 5696 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
10:50:59.0408 5696 VgaSave - ok
10:50:59.0455 5696 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
10:50:59.0502 5696 vhdmp - ok
10:50:59.0564 5696 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
10:50:59.0564 5696 viaagp - ok
10:50:59.0611 5696 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
10:50:59.0611 5696 ViaC7 - ok
10:50:59.0658 5696 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
10:50:59.0658 5696 viaide - ok
10:50:59.0689 5696 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
10:50:59.0689 5696 vmbus - ok
10:50:59.0767 5696 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
10:50:59.0767 5696 VMBusHID - ok
10:50:59.0798 5696 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
10:50:59.0798 5696 volmgr - ok
10:50:59.0860 5696 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:50:59.0860 5696 volmgrx - ok
10:50:59.0892 5696 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
10:50:59.0892 5696 volsnap - ok
10:50:59.0923 5696 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:50:59.0923 5696 vsmraid - ok
10:50:59.0970 5696 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
10:51:00.0001 5696 VSS - ok
10:51:00.0032 5696 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:51:00.0048 5696 vwifibus - ok
10:51:00.0079 5696 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:51:00.0079 5696 vwififlt - ok
10:51:00.0157 5696 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
10:51:00.0157 5696 W32Time - ok
10:51:00.0204 5696 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:51:00.0204 5696 WacomPen - ok
10:51:00.0297 5696 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:51:00.0297 5696 WANARP - ok
10:51:00.0313 5696 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:51:00.0313 5696 Wanarpv6 - ok
10:51:00.0360 5696 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
10:51:00.0376 5696 wbengine - ok
10:51:00.0427 5696 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:51:00.0433 5696 WbioSrvc - ok
10:51:00.0459 5696 [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:51:00.0467 5696 wcncsvc - ok
10:51:00.0488 5696 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:51:00.0493 5696 WcsPlugInService - ok
10:51:00.0536 5696 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:51:00.0538 5696 Wd - ok
10:51:00.0601 5696 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:51:00.0608 5696 Wdf01000 - ok
10:51:00.0635 5696 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:51:00.0639 5696 WdiServiceHost - ok
10:51:00.0652 5696 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:51:00.0656 5696 WdiSystemHost - ok
10:51:00.0679 5696 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:\Windows\System32\webclnt.dll
10:51:00.0685 5696 WebClient - ok
10:51:00.0708 5696 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:51:00.0714 5696 Wecsvc - ok
10:51:00.0738 5696 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:51:00.0757 5696 wercplsupport - ok
10:51:00.0786 5696 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
10:51:00.0792 5696 WerSvc - ok
10:51:00.0832 5696 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:51:00.0834 5696 WfpLwf - ok
10:51:00.0929 5696 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:51:00.0931 5696 WIMMount - ok
10:51:00.0957 5696 WinHttpAutoProxySvc - ok
10:51:01.0108 5696 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:51:01.0121 5696 Winmgmt - ok
10:51:01.0300 5696 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
10:51:01.0326 5696 WinRM - ok
10:51:01.0944 5696 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:51:02.0037 5696 WinUsb - ok
10:51:02.0193 5696 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:51:02.0209 5696 Wlansvc - ok
10:51:02.0427 5696 [ 5E7C103F8475C4289847D15E129C20F7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:51:02.0474 5696 wlidsvc - ok
10:51:02.0505 5696 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
10:51:02.0505 5696 WmiAcpi - ok
10:51:02.0615 5696 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:51:02.0615 5696 wmiApSrv - ok
10:51:02.0677 5696 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
10:51:02.0802 5696 WMPNetworkSvc - ok
10:51:03.0020 5696 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:51:03.0036 5696 WPCSvc - ok
10:51:03.0083 5696 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:51:03.0083 5696 WPDBusEnum - ok
10:51:03.0114 5696 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:51:03.0114 5696 ws2ifsl - ok
10:51:03.0145 5696 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
10:51:03.0161 5696 wscsvc - ok
10:51:03.0223 5696 WSearch - ok
10:51:03.0286 5696 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:51:03.0286 5696 WudfPf - ok
10:51:03.0566 5696 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:51:03.0566 5696 WUDFRd - ok
10:51:03.0598 5696 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:51:03.0598 5696 wudfsvc - ok
10:51:03.0629 5696 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
10:51:03.0629 5696 WwanSvc - ok
10:51:03.0676 5696 ================ Scan global ===============================
10:51:03.0847 5696 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
10:51:03.0894 5696 [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
10:51:03.0910 5696 [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
10:51:03.0956 5696 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
10:51:04.0034 5696 [ A302BBFF2A7278C0E239EE5D471D86A9 ] C:\Windows\system32\services.exe
10:51:04.0050 5696 C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - infected
10:51:04.0050 5696 C:\Windows\system32\services.exe - detected Virus.Win32.ZAccess.m (0)
10:51:04.0050 5696 ================ Scan MBR ==================================
10:51:04.0066 5696 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:51:05.0608 5696 \Device\Harddisk0\DR0 - ok
10:51:05.0613 5696 ================ Scan VBR ==================================
10:51:05.0645 5696 [ 9FB801928D60F63BF9EBC42D63D6D690 ] \Device\Harddisk0\DR0\Partition1
10:51:05.0648 5696 \Device\Harddisk0\DR0\Partition1 - ok
10:51:05.0653 5696 ============================================================
10:51:05.0653 5696 Scan finished
10:51:05.0653 5696 ============================================================
10:51:05.0675 5688 Detected object count: 1
10:51:05.0675 5688 Actual detected object count: 1
10:52:55.0041 5688 C:\Windows\system32\services.exe - copied to quarantine
10:52:58.0772 5688 C:\Windows\assembly\GAC\desktop.ini - copied to quarantine
10:52:59.0196 5688 C:\Windows\installer\{770ac0d3-dd96-4017-24a1-d8d30b2216e8}\@ - copied to quarantine
10:52:59.0266 5688 C:\Windows\installer\{770ac0d3-dd96-4017-24a1-d8d30b2216e8}\L\00000004.@ - copied to quarantine
10:52:59.0344 5688 C:\Windows\installer\{770ac0d3-dd96-4017-24a1-d8d30b2216e8}\L\1afb2d56 - copied to quarantine
10:52:59.0344 5688 C:\Windows\installer\{770ac0d3-dd96-4017-24a1-d8d30b2216e8}\L\201d3dde - copied to quarantine
10:52:59.0359 5688 C:\Windows\installer\{770ac0d3-dd96-4017-24a1-d8d30b2216e8}\L\4cce1f70 - copied to quarantine
10:52:59.0359 5688 C:\Windows\installer\{770ac0d3-dd96-4017-24a1-d8d30b2216e8}\L\55490ac4 - copied to quarantine
10:52:59.0359 5688 C:\Windows\installer\{770ac0d3-dd96-4017-24a1-d8d30b2216e8}\U\00000004.@ - copied to quarantine
10:52:59.0359 5688 C:\Windows\installer\{770ac0d3-dd96-4017-24a1-d8d30b2216e8}\U\00000008.@ - copied to quarantine
10:52:59.0359 5688 C:\Windows\installer\{770ac0d3-dd96-4017-24a1-d8d30b2216e8}\U\000000cb.@ - copied to quarantine
10:52:59.0359 5688 C:\Windows\installer\{770ac0d3-dd96-4017-24a1-d8d30b2216e8}\U\80000000.@ - copied to quarantine
10:52:59.0375 5688 C:\Windows\installer\{770ac0d3-dd96-4017-24a1-d8d30b2216e8}\U\80000032.@ - copied to quarantine
10:53:20.0683 5688 Backup copy found, using it..
10:53:24.0015 5688 C:\Windows\assembly\GAC\desktop.ini - will be deleted on reboot
10:53:24.0026 5688 C:\Windows\installer\{770ac0d3-dd96-4017-24a1-d8d30b2216e8}\@ - will be deleted on reboot
10:53:24.0028 5688 C:\Windows\installer\{770ac0d3-dd96-4017-24a1-d8d30b2216e8}\U\00000004.@ - will be deleted on reboot
10:53:24.0029 5688 C:\Windows\installer\{770ac0d3-dd96-4017-24a1-d8d30b2216e8}\U\00000008.@ - will be deleted on reboot
10:53:24.0029 5688 C:\Windows\installer\{770ac0d3-dd96-4017-24a1-d8d30b2216e8}\U\000000cb.@ - will be deleted on reboot
10:53:24.0029 5688 C:\Windows\installer\{770ac0d3-dd96-4017-24a1-d8d30b2216e8}\U\80000000.@ - will be deleted on reboot
10:53:24.0029 5688 C:\Windows\installer\{770ac0d3-dd96-4017-24a1-d8d30b2216e8}\U\80000032.@ - will be deleted on reboot
10:53:24.0042 5688 C:\Windows\system32\services.exe - will be cured on reboot
10:53:24.0042 5688 C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - User select action: Cure
10:54:48.0429 5432 Deinitialize success

Do you want me to run Adw Cleaner again?

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:30 AM

Posted 03 December 2012 - 12:12 PM

Yes, reboot if you haven't first/ Run Adware and
Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).



Then MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 fallenwinters

fallenwinters
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 03 December 2012 - 12:19 PM

# AdwCleaner v2.011 - Logfile created 12/03/2012 at 11:15:02
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Ultimate (32 bits)
# User : ttheberge - TTHEBERGE-PC
# Boot Mode : Normal
# Running from : C:\Users\ttheberge\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16700

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\ttheberge\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [783 octets] - [03/12/2012 10:38:16]
AdwCleaner[S2].txt - [715 octets] - [03/12/2012 11:15:02]

########## EOF - C:\AdwCleaner[S2].txt - [774 octets] ##########

still no *I want this* extension/addon

#9 fallenwinters

fallenwinters
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 03 December 2012 - 01:23 PM

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.03.09

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
ttheberge :: TTHEBERGE-PC [administrator]

Protection: Enabled

12/3/2012 11:32:05 AM
mbam-log-2012-12-03 (11-32-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 279963
Time elapsed: 12 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\ttheberge.old\AppData\Local\Temp\124kkk290347.exe (Trojan.Agent.H) -> Quarantined and deleted successfully.

(end)

2012/12/03 11:27:51 -0600 TTHEBERGE-PC ttheberge MESSAGE Starting protection
2012/12/03 11:27:51 -0600 TTHEBERGE-PC ttheberge MESSAGE Protection started successfully
2012/12/03 11:27:51 -0600 TTHEBERGE-PC ttheberge MESSAGE Starting IP protection
2012/12/03 11:27:51 -0600 TTHEBERGE-PC ttheberge ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/12/03 11:27:59 -0600 TTHEBERGE-PC ttheberge MESSAGE Starting database refresh
2012/12/03 11:28:08 -0600 TTHEBERGE-PC ttheberge MESSAGE Database refreshed successfully
2012/12/03 11:34:42 -0600 TTHEBERGE-PC ttheberge MESSAGE Executing scheduled update: Daily
2012/12/03 11:34:43 -0600 TTHEBERGE-PC ttheberge MESSAGE Database already up-to-date
2012/12/03 12:15:45 -0600 TTHEBERGE-PC ttheberge MESSAGE Starting protection
2012/12/03 12:15:45 -0600 TTHEBERGE-PC ttheberge MESSAGE Protection started successfully
2012/12/03 12:15:45 -0600 TTHEBERGE-PC ttheberge MESSAGE Starting IP protection
2012/12/03 12:15:45 -0600 TTHEBERGE-PC ttheberge ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753

#10 fallenwinters

fallenwinters
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 03 December 2012 - 01:25 PM

MiniToolBox by Farbar Version: 25-11-2012
Ran by ttheberge (administrator) on 03-12-2012 at 12:24:26
Running from "C:\Users\ttheberge\Downloads"
Windows 7 Ultimate (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================




========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : TTHEBERGE-PC
Primary Dns Suffix . . . . . . . : WHP.LOCAL
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : WHP.LOCAL

Ethernet adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Juniper Network Connect Virtual Adapter
Physical Address. . . . . . . . . : 00-FF-08-F7-D5-85
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : WHP.LOCAL
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-1A-A0-28-73-51
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c598:ab92:e827:764b%11(Preferred)
IPv4 Address. . . . . . . . . . . : 172.16.20.61(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, December 03, 2012 12:09:32 PM
Lease Expires . . . . . . . . . . : Tuesday, December 04, 2012 12:09:33 PM
Default Gateway . . . . . . . . . : 172.16.20.1
DHCP Server . . . . . . . . . . . : 172.16.20.11
DHCPv6 IAID . . . . . . . . . . . : 234887840
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-C2-FF-63-00-1A-A0-28-73-51
DNS Servers . . . . . . . . . . . : 172.16.20.11
172.16.20.10
Primary WINS Server . . . . . . . : 172.16.20.11
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.WHP.LOCAL:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: whp-srv.whp.local
Address: 172.16.20.11

Name: google.com
Addresses: 2607:f8b0:400d:c02::65
173.194.74.100
173.194.74.139
173.194.74.138
173.194.74.102
173.194.74.101
173.194.74.113


Pinging google.com [173.194.74.100] with 32 bytes of data:
Reply from 173.194.74.100: bytes=32 time=63ms TTL=45
Reply from 173.194.74.100: bytes=32 time=68ms TTL=45

Ping statistics for 173.194.74.100:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 63ms, Maximum = 68ms, Average = 65ms
Server: whp-srv.whp.local
Address: 172.16.20.11

Name: yahoo.com
Addresses: 98.139.183.24
98.138.253.109
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=94ms TTL=47
Reply from 98.139.183.24: bytes=32 time=164ms TTL=47

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 94ms, Maximum = 164ms, Average = 129ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
17...00 ff 08 f7 d5 85 ......Juniper Network Connect Virtual Adapter
11...00 1a a0 28 73 51 ......Broadcom 440x 10/100 Integrated Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.20.1 172.16.20.61 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
172.16.20.0 255.255.255.0 On-link 172.16.20.61 276
172.16.20.61 255.255.255.255 On-link 172.16.20.61 276
172.16.20.255 255.255.255.255 On-link 172.16.20.61 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 172.16.20.61 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 172.16.20.61 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::c598:ab92:e827:764b/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/03/2012 00:15:35 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (12/03/2012 11:16:31 AM) (Source: Microsoft-Windows-Folder Redirection) (User: WHP)
Description: Failed to apply policy and redirect folder "Desktop" to "whp-srv\Home\ttheberge\Desktop".
Redirection options=0x1231.
The following error occurred: "".
Error details: "The specified path is invalid.
".

Error: (12/03/2012 11:16:31 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (12/03/2012 10:56:34 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (12/03/2012 10:56:34 AM) (Source: Microsoft-Windows-Folder Redirection) (User: WHP)
Description: Failed to apply policy and redirect folder "Desktop" to "whp-srv\Home\ttheberge\Desktop".
Redirection options=0x1231.
The following error occurred: "".
Error details: "The specified path is invalid.
".

Error: (12/03/2012 10:40:29 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (12/03/2012 09:54:17 AM) (Source: Microsoft-Windows-Folder Redirection) (User: WHP)
Description: Failed to apply policy and redirect folder "Desktop" to "whp-srv\Home\ttheberge\Desktop".
Redirection options=0x1231.
The following error occurred: "".
Error details: "The specified path is invalid.
".

Error: (12/03/2012 09:54:17 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (12/03/2012 09:10:44 AM) (Source: Microsoft-Windows-Folder Redirection) (User: WHP)
Description: Failed to apply policy and redirect folder "Desktop" to "whp-srv\Home\ttheberge\Desktop".
Redirection options=0x1231.
The following error occurred: "".
Error details: "The specified path is invalid.
".

Error: (12/03/2012 09:10:44 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.


System errors:
=============
Error: (12/03/2012 00:09:37 PM) (Source: Service Control Manager) (User: )
Description: The Security Center service failed to start due to the following error:
%%1079

Error: (12/03/2012 00:09:36 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (12/03/2012 00:09:34 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (12/03/2012 00:09:33 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (12/03/2012 11:16:20 AM) (Source: Service Control Manager) (User: )
Description: The Security Center service failed to start due to the following error:
%%1079

Error: (12/03/2012 11:16:19 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (12/03/2012 11:16:18 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (12/03/2012 11:16:18 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (12/03/2012 10:56:20 AM) (Source: Service Control Manager) (User: )
Description: The Security Center service failed to start due to the following error:
%%1079

Error: (12/03/2012 10:56:15 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.


Microsoft Office Sessions:
=========================
Error: (07/16/2012 02:22:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1887 seconds with 840 seconds of active time. This session ended with a crash.

Error: (02/01/2012 11:04:30 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 487 seconds with 240 seconds of active time. This session ended with a crash.

Error: (05/10/2011 11:03:28 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 81 seconds with 60 seconds of active time. This session ended with a crash.

Error: (05/10/2011 11:01:37 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5778 seconds with 1200 seconds of active time. This session ended with a crash.

Error: (05/06/2011 04:15:41 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7760 seconds with 180 seconds of active time. This session ended with a crash.

Error: (05/04/2011 03:37:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 24459 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/03/2011 04:13:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 23584 seconds with 720 seconds of active time. This session ended with a crash.

Error: (04/29/2011 06:10:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 33723 seconds with 480 seconds of active time. This session ended with a crash.

Error: (04/20/2011 11:11:09 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4654 seconds with 300 seconds of active time. This session ended with a crash.

Error: (04/20/2011 09:53:06 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6715 seconds with 1260 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 8.1.1)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.4)
Adobe AIR (Version: 3.1.0.4880)
Adobe Community Help (Version: 3.4.980)
Adobe Creative Suite 5.5 Design Premium (Version: 5.5)
Adobe CS5.5 Design Premium (x86) (Version: 1.2.0000)
Adobe Download Assistant (Version: 1.0.6)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.110)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
ATI Catalyst Install Manager (Version: 3.0.715.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Full Existing (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Full New (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Light (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Previews Common (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0210.2339.42455)
Catalyst Control Center HydraVision Full (Version: 2010.0210.2339.42455)
Catalyst Control Center InstallProxy (Version: 2010.0210.2339.42455)
Catalyst Control Center Localization All (Version: 2010.0210.2339.42455)
ccc-core-static (Version: 2010.0210.2339.42455)
ccc-utility (Version: 2010.0210.2339.42455)
CCC Help Chinese Standard (Version: 2010.0210.2338.42455)
CCC Help Chinese Traditional (Version: 2010.0210.2338.42455)
CCC Help Czech (Version: 2010.0210.2338.42455)
CCC Help Danish (Version: 2010.0210.2338.42455)
CCC Help Dutch (Version: 2010.0210.2338.42455)
CCC Help English (Version: 2010.0210.2338.42455)
CCC Help Finnish (Version: 2010.0210.2338.42455)
CCC Help French (Version: 2010.0210.2338.42455)
CCC Help German (Version: 2010.0210.2338.42455)
CCC Help Greek (Version: 2010.0210.2338.42455)
CCC Help Hungarian (Version: 2010.0210.2338.42455)
CCC Help Italian (Version: 2010.0210.2338.42455)
CCC Help Japanese (Version: 2010.0210.2338.42455)
CCC Help Korean (Version: 2010.0210.2338.42455)
CCC Help Norwegian (Version: 2010.0210.2338.42455)
CCC Help Polish (Version: 2010.0210.2338.42455)
CCC Help Portuguese (Version: 2010.0210.2338.42455)
CCC Help Russian (Version: 2010.0210.2338.42455)
CCC Help Spanish (Version: 2010.0210.2338.42455)
CCC Help Swedish (Version: 2010.0210.2338.42455)
CCC Help Thai (Version: 2010.0210.2338.42455)
CCC Help Turkish (Version: 2010.0210.2338.42455)
D3DX10 (Version: 15.4.2368.0902)
ESET Online Scanner v3
Google Chrome (Version: 23.0.1271.95)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
HP LaserJet Professional M1130-M1210 MFP Series
HP LaserJet Professional M1210 MFP Series Fax Installer (Version: 1.1.0)
HP LaserJet Professional M1210 MFP Series Toolbox (Version: 1.0.12)
HP LaserJet Toolbox (Version: 2.0.0)
hppLaserJetService (Version: 001.003.000145)
hppM1130M1210SeriesLaserJetService (Version: 001.003.00073)
hppusgM1130M1210Series (Version: 1.0.0.2)
HPSSupply (Version: 2.1.1.0000)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 30 (Version: 6.0.300)
Juniper Networks Network Connect 7.0.0 (Version: 7.0.0.17289)
Junk Mail filter update (Version: 16.4.3505.0912)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.201)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SkyDrive (Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Movie Maker (Version: 16.4.3505.0912)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nitro Pro 7 (Version: 7.3.1.10)
Photo Gallery (Version: 16.4.3505.0912)
PowerDVD
Scan To (Version: 2.0.1)
Skins (Version: 2010.0210.2339.42455)
TeamViewer 6 (Version: 6.0.10124)
WebEx
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live Family Safety (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Mail (Version: 16.4.3505.0912)
Windows Live Messenger (Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
Windows Live Writer (Version: 16.4.3505.0912)
Windows Live Writer Resources (Version: 16.4.3505.0912)

========================= Memory info: ===================================

Percentage of memory in use: 48%
Total physical RAM: 2045.98 MB
Available physical RAM: 1058.07 MB
Total Pagefile: 4091.95 MB
Available Pagefile: 2719.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1931.65 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.85 GB) (Free:40.11 GB) NTFS

========================= Users: ========================================

User accounts for \\TTHEBERGE-PC

Administrator Guest local_admin
whp

========================= Minidump Files ==================================

No minidump file found


**** End of log ****

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:30 AM

Posted 03 December 2012 - 01:48 PM

Lets see if we can kill it with this.

If asked to run Fix or FixMBR do so.

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 fallenwinters

fallenwinters
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 03 December 2012 - 02:18 PM

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-03 12:57:52
-----------------------------
12:57:52.232 OS Version: Windows 6.1.7600
12:57:52.232 Number of processors: 1 586 0x605
12:57:52.236 ComputerName: TTHEBERGE-PC UserName: ttheberge
12:58:08.826 Initialize success
13:00:00.529 AVAST engine defs: 12120300
13:00:13.771 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:00:13.776 Disk 0 Vendor: ST3250312AS JC47 Size: 238475MB BusType: 3
13:00:13.836 Disk 0 MBR read successfully
13:00:13.842 Disk 0 MBR scan
13:00:13.850 Disk 0 Windows 7 default MBR code
13:00:13.857 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238433 MB offset 80325
13:00:13.866 Disk 0 scanning sectors +488392592
13:00:13.949 Disk 0 scanning C:\Windows\system32\drivers
13:00:24.550 Service scanning
13:00:50.374 Modules scanning
13:01:07.572 Module: C:\Windows\System32\user32.dll **SUSPICIOUS**
13:01:08.466 Disk 0 trace - called modules:
13:01:08.490 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys dxgkrnl.sys atikmdag.sys dxgmms1.sys
13:01:08.835 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85808030]
13:01:08.843 3 CLASSPNP.SYS[88dae59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85359908]
13:01:10.716 AVAST engine scan C:\Windows
13:01:13.001 AVAST engine scan C:\Windows\system32
13:04:15.987 AVAST engine scan C:\Windows\system32\drivers
13:04:28.973 AVAST engine scan C:\Users\ttheberge
13:09:39.544 AVAST engine scan C:\ProgramData
13:12:35.639 Scan finished successfully
13:15:43.075 Disk 0 MBR has been saved successfully to "C:\Users\ttheberge\Downloads\MBR.dat"
13:15:43.086 The log file has been saved successfully to "C:\Users\ttheberge\Downloads\aswMBR.txt"

I'll be gone for the day. I'll be reading your reply tomorrow.

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:30 AM

Posted 03 December 2012 - 02:31 PM

Ok do this and let me know how it is now.

Uninstall this thru the ...Control Panel,Add remove programs
Java™ 6 Update 30 (Version: 6.0.300)
and reboot.



Please Download this file, Click Me
Right-click on winsockfix.bat and click on Run as Administrator.


Now Rerun Minitoolbox with only this checked.
List Winsock Entries
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 fallenwinters

fallenwinters
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 04 December 2012 - 10:08 AM

MiniToolBox by Farbar Version: 25-11-2012
Ran by ttheberge (administrator) on 04-12-2012 at 09:07:48
Running from "C:\Users\ttheberge\Downloads"
Windows 7 Ultimate (X86)
Boot Mode: Normal
***************************************************************************
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

**** End of log ****

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:30 AM

Posted 04 December 2012 - 04:03 PM

We still need to fix this..
Download the Complete Internet Repair Tool and run it as admin with all boxes.

Now Rerun Minitoolbox with only this checked.
List Winsock Entries
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users