Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads in Browser Corner, Need to Fix HOSTS File


  • Please log in to reply
7 replies to this topic

#1 slurpeeman86

slurpeeman86

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 16 January 2013 - 07:25 PM

I've got that problem where there are ads in the lower corners of my browsers. I've been reading up on it on the web and ran RogueKiller. The HOSTS report gave it as

127.0.0.1 localhost
::1 localhost
199.193.118.246 www.google-analytics.com.
199.193.118.246 ad-emea.doubleclick.net.
199.193.118.246 www.statcounter.com.
199.193.118.246 connect.facebook.net.
93.115.241.27 www.google-analytics.com.
93.115.241.27 ad-emea.doubleclick.net.
93.115.241.27 www.statcounter.com.
93.115.241.27 connect.facebook.net.

so I need to edit this thing. Problem is that I'm running Windows 7 and tried running notepad as an administrator. I'm getting nothing and frustrated. Scans available upon request.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:34 PM

Posted 16 January 2013 - 07:26 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 slurpeeman86

slurpeeman86
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 17 January 2013 - 11:11 PM

aswMBR crashed on me even in safe mode. I got a log out before it stopped, so I'll put it in here to get as much diagnostic data out as possible.

18:27:16.0694 1108 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:27:17.0171 1108 ============================================================
18:27:17.0171 1108 Current date / time: 2013/01/16 18:27:17.0171
18:27:17.0171 1108 SystemInfo:
18:27:17.0171 1108
18:27:17.0171 1108 OS Version: 6.1.7601 ServicePack: 1.0
18:27:17.0172 1108 Product type: Workstation
18:27:17.0172 1108 ComputerName: MJOLNIRMK04
18:27:17.0172 1108 UserName: A.A. Thomas
18:27:17.0172 1108 Windows directory: C:\Windows
18:27:17.0173 1108 System windows directory: C:\Windows
18:27:17.0173 1108 Running under WOW64
18:27:17.0173 1108 Processor architecture: Intel x64
18:27:17.0173 1108 Number of processors: 4
18:27:17.0173 1108 Page size: 0x1000
18:27:17.0173 1108 Boot type: Normal boot
18:27:17.0173 1108 ============================================================
18:27:18.0389 1108 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:27:18.0406 1108 Drive \Device\Harddisk1\DR1 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:27:18.0423 1108 Drive \Device\Harddisk2\DR2 - Size: 0x2537397000 (148.86 Gb), SectorSize: 0x1000, Cylinders: 0x97D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:27:18.0428 1108 Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:27:18.0430 1108 ============================================================
18:27:18.0430 1108 \Device\Harddisk0\DR0:
18:27:18.0430 1108 MBR partitions:
18:27:18.0430 1108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:27:18.0430 1108 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD5800
18:27:18.0430 1108 \Device\Harddisk1\DR1:
18:27:18.0439 1108 MBR partitions:
18:27:18.0439 1108 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2E933DC1
18:27:18.0439 1108 \Device\Harddisk2\DR2:
18:27:18.0440 1108 MBR partitions:
18:27:18.0440 1108 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x2537357
18:27:18.0440 1108 \Device\Harddisk3\DR3:
18:27:18.0440 1108 MBR partitions:
18:27:18.0440 1108 \Device\Harddisk3\DR3\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
18:27:18.0440 1108 ============================================================
18:27:18.0452 1108 C: <-> \Device\Harddisk0\DR0\Partition2
18:27:18.0620 1108 D: <-> \Device\Harddisk1\DR1\Partition1
18:27:18.0621 1108 G: <-> \Device\Harddisk3\DR3\Partition1
18:27:18.0622 1108 ============================================================
18:27:18.0622 1108 Initialize success
18:27:18.0622 1108 ============================================================
18:27:40.0446 4852 ============================================================
18:27:40.0446 4852 Scan started
18:27:40.0446 4852 Mode: Manual; TDLFS;
18:27:40.0446 4852 ============================================================
18:27:41.0621 4852 ================ Scan system memory ========================
18:27:41.0621 4852 System memory - ok
18:27:41.0622 4852 ================ Scan services =============================
18:27:41.0810 4852 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:27:41.0817 4852 1394ohci - ok
18:27:41.0844 4852 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:27:41.0852 4852 ACPI - ok
18:27:41.0875 4852 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:27:41.0878 4852 AcpiPmi - ok
18:27:41.0969 4852 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:27:41.0971 4852 AdobeARMservice - ok
18:27:42.0099 4852 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:27:42.0104 4852 AdobeFlashPlayerUpdateSvc - ok
18:27:42.0135 4852 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:27:42.0147 4852 adp94xx - ok
18:27:42.0175 4852 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:27:42.0184 4852 adpahci - ok
18:27:42.0213 4852 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:27:42.0218 4852 adpu320 - ok
18:27:42.0254 4852 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:27:42.0257 4852 AeLookupSvc - ok
18:27:42.0311 4852 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:27:42.0323 4852 AFD - ok
18:27:42.0350 4852 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:27:42.0352 4852 agp440 - ok
18:27:42.0368 4852 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:27:42.0370 4852 ALG - ok
18:27:42.0389 4852 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:27:42.0390 4852 aliide - ok
18:27:42.0425 4852 [ E20DDDFBD0DBE7D8EAD4D7A51D654367 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:27:42.0432 4852 AMD External Events Utility - ok
18:27:42.0519 4852 AMD FUEL Service - ok
18:27:42.0546 4852 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:27:42.0548 4852 amdide - ok
18:27:42.0587 4852 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
18:27:42.0590 4852 amdiox64 - ok
18:27:42.0615 4852 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:27:42.0618 4852 AmdK8 - ok
18:27:42.0862 4852 [ 4284FB1240537A33E6EC417EFD87D40F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:27:43.0101 4852 amdkmdag - ok
18:27:43.0157 4852 [ 6C25C497E05EFD0CB6033A0444FC9B51 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:27:43.0165 4852 amdkmdap - ok
18:27:43.0187 4852 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:27:43.0190 4852 AmdPPM - ok
18:27:43.0224 4852 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:27:43.0226 4852 amdsata - ok
18:27:43.0244 4852 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:27:43.0248 4852 amdsbs - ok
18:27:43.0254 4852 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:27:43.0256 4852 amdxata - ok
18:27:43.0294 4852 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:27:43.0296 4852 AODDriver4.1 - ok
18:27:43.0318 4852 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:27:43.0321 4852 AppID - ok
18:27:43.0351 4852 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:27:43.0353 4852 AppIDSvc - ok
18:27:43.0373 4852 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:27:43.0376 4852 Appinfo - ok
18:27:43.0405 4852 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:27:43.0407 4852 Apple Mobile Device - ok
18:27:43.0441 4852 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
18:27:43.0444 4852 AppMgmt - ok
18:27:43.0460 4852 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
18:27:43.0463 4852 arc - ok
18:27:43.0487 4852 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:27:43.0489 4852 arcsas - ok
18:27:43.0513 4852 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:27:43.0515 4852 AsyncMac - ok
18:27:43.0533 4852 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:27:43.0534 4852 atapi - ok
18:27:43.0576 4852 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
18:27:43.0578 4852 AtiHDAudioService - ok
18:27:43.0600 4852 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:27:43.0609 4852 AudioEndpointBuilder - ok
18:27:43.0636 4852 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:27:43.0642 4852 AudioSrv - ok
18:27:43.0665 4852 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:27:43.0667 4852 AxInstSV - ok
18:27:43.0693 4852 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:27:43.0700 4852 b06bdrv - ok
18:27:43.0719 4852 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:27:43.0724 4852 b57nd60a - ok
18:27:43.0768 4852 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
18:27:43.0789 4852 BCM43XX - ok
18:27:43.0812 4852 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:27:43.0814 4852 BDESVC - ok
18:27:43.0820 4852 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:27:43.0821 4852 Beep - ok
18:27:43.0884 4852 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:27:43.0899 4852 BFE - ok
18:27:43.0953 4852 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:27:43.0978 4852 BITS - ok
18:27:43.0997 4852 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:27:43.0999 4852 blbdrive - ok
18:27:44.0046 4852 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:27:44.0055 4852 Bonjour Service - ok
18:27:44.0090 4852 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:27:44.0093 4852 bowser - ok
18:27:44.0116 4852 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:27:44.0118 4852 BrFiltLo - ok
18:27:44.0141 4852 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:27:44.0143 4852 BrFiltUp - ok
18:27:44.0172 4852 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
18:27:44.0176 4852 BridgeMP - ok
18:27:44.0217 4852 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:27:44.0221 4852 Browser - ok
18:27:44.0245 4852 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:27:44.0253 4852 Brserid - ok
18:27:44.0277 4852 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:27:44.0280 4852 BrSerWdm - ok
18:27:44.0295 4852 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:27:44.0298 4852 BrUsbMdm - ok
18:27:44.0316 4852 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:27:44.0318 4852 BrUsbSer - ok
18:27:44.0334 4852 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:27:44.0336 4852 BTHMODEM - ok
18:27:44.0354 4852 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:27:44.0356 4852 bthserv - ok
18:27:44.0377 4852 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:27:44.0379 4852 cdfs - ok
18:27:44.0399 4852 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:27:44.0402 4852 cdrom - ok
18:27:44.0429 4852 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:27:44.0431 4852 CertPropSvc - ok
18:27:44.0451 4852 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
18:27:44.0453 4852 circlass - ok
18:27:44.0474 4852 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:27:44.0480 4852 CLFS - ok
18:27:44.0544 4852 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:27:44.0546 4852 clr_optimization_v2.0.50727_32 - ok
18:27:44.0592 4852 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:27:44.0595 4852 clr_optimization_v2.0.50727_64 - ok
18:27:44.0660 4852 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:27:44.0663 4852 clr_optimization_v4.0.30319_32 - ok
18:27:44.0684 4852 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:27:44.0688 4852 clr_optimization_v4.0.30319_64 - ok
18:27:44.0712 4852 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
18:27:44.0713 4852 CmBatt - ok
18:27:44.0733 4852 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:27:44.0734 4852 cmdide - ok
18:27:44.0773 4852 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:27:44.0780 4852 CNG - ok
18:27:44.0801 4852 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:27:44.0802 4852 Compbatt - ok
18:27:44.0828 4852 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:27:44.0830 4852 CompositeBus - ok
18:27:44.0836 4852 COMSysApp - ok
18:27:44.0850 4852 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:27:44.0852 4852 crcdisk - ok
18:27:44.0890 4852 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:27:44.0893 4852 CryptSvc - ok
18:27:44.0923 4852 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
18:27:44.0929 4852 CSC - ok
18:27:44.0960 4852 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
18:27:44.0967 4852 CscService - ok
18:27:44.0994 4852 [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
18:27:44.0996 4852 dc3d - ok
18:27:45.0028 4852 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:27:45.0035 4852 DcomLaunch - ok
18:27:45.0052 4852 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:27:45.0055 4852 defragsvc - ok
18:27:45.0060 4852 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:27:45.0062 4852 DfsC - ok
18:27:45.0075 4852 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:27:45.0079 4852 Dhcp - ok
18:27:45.0084 4852 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:27:45.0085 4852 discache - ok
18:27:45.0130 4852 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
18:27:45.0134 4852 Disk - ok
18:27:45.0155 4852 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
18:27:45.0159 4852 dmvsc - ok
18:27:45.0187 4852 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:27:45.0193 4852 Dnscache - ok
18:27:45.0214 4852 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:27:45.0221 4852 dot3svc - ok
18:27:45.0239 4852 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:27:45.0245 4852 DPS - ok
18:27:45.0274 4852 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:27:45.0275 4852 drmkaud - ok
18:27:45.0311 4852 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:27:45.0336 4852 DXGKrnl - ok
18:27:45.0365 4852 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:27:45.0368 4852 EapHost - ok
18:27:45.0440 4852 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:27:45.0503 4852 ebdrv - ok
18:27:45.0531 4852 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:27:45.0532 4852 EFS - ok
18:27:45.0588 4852 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:27:45.0599 4852 ehRecvr - ok
18:27:45.0621 4852 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:27:45.0622 4852 ehSched - ok
18:27:45.0652 4852 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:27:45.0660 4852 elxstor - ok
18:27:45.0670 4852 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:27:45.0671 4852 ErrDev - ok
18:27:45.0695 4852 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:27:45.0702 4852 EventSystem - ok
18:27:45.0725 4852 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:27:45.0729 4852 exfat - ok
18:27:45.0751 4852 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:27:45.0755 4852 fastfat - ok
18:27:45.0783 4852 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:27:45.0794 4852 Fax - ok
18:27:45.0804 4852 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
18:27:45.0805 4852 fdc - ok
18:27:45.0823 4852 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:27:45.0825 4852 fdPHost - ok
18:27:45.0840 4852 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:27:45.0841 4852 FDResPub - ok
18:27:45.0858 4852 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:27:45.0860 4852 FileInfo - ok
18:27:45.0871 4852 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:27:45.0873 4852 Filetrace - ok
18:27:45.0889 4852 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:27:45.0890 4852 flpydisk - ok
18:27:45.0911 4852 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:27:45.0915 4852 FltMgr - ok
18:27:45.0975 4852 [ 5B92E2B067F64DC53698EB84966B3F0D ] FontCache C:\Windows\system32\FntCache.dll
18:27:45.0991 4852 FontCache - ok
18:27:46.0046 4852 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:27:46.0048 4852 FontCache3.0.0.0 - ok
18:27:46.0071 4852 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:27:46.0074 4852 FsDepends - ok
18:27:46.0105 4852 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:27:46.0108 4852 Fs_Rec - ok
18:27:46.0126 4852 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:27:46.0132 4852 fvevol - ok
18:27:46.0153 4852 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:27:46.0155 4852 gagp30kx - ok
18:27:46.0177 4852 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:27:46.0178 4852 GEARAspiWDM - ok
18:27:46.0220 4852 [ E80C14B9C6E5B57BB7710B356857A964 ] gfiark C:\Windows\system32\drivers\gfiark.sys
18:27:46.0222 4852 gfiark - ok
18:27:46.0253 4852 [ 14908F4F9005C29DE8F5587E271390EE ] gfibto C:\Windows\system32\drivers\gfibto.sys
18:27:46.0254 4852 gfibto - ok
18:27:46.0283 4852 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:27:46.0294 4852 gpsvc - ok
18:27:46.0348 4852 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:27:46.0351 4852 gupdate - ok
18:27:46.0361 4852 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:27:46.0364 4852 gupdatem - ok
18:27:46.0385 4852 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:27:46.0387 4852 hcw85cir - ok
18:27:46.0415 4852 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:27:46.0420 4852 HdAudAddService - ok
18:27:46.0443 4852 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:27:46.0445 4852 HDAudBus - ok
18:27:46.0465 4852 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:27:46.0466 4852 HidBatt - ok
18:27:46.0487 4852 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:27:46.0490 4852 HidBth - ok
18:27:46.0505 4852 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:27:46.0507 4852 HidIr - ok
18:27:46.0520 4852 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
18:27:46.0522 4852 hidserv - ok
18:27:46.0552 4852 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:27:46.0554 4852 HidUsb - ok
18:27:46.0574 4852 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:27:46.0577 4852 hkmsvc - ok
18:27:46.0592 4852 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:27:46.0597 4852 HomeGroupListener - ok
18:27:46.0613 4852 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:27:46.0617 4852 HomeGroupProvider - ok
18:27:46.0636 4852 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:27:46.0638 4852 HpSAMD - ok
18:27:46.0680 4852 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:27:46.0697 4852 HTTP - ok
18:27:46.0708 4852 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:27:46.0711 4852 hwpolicy - ok
18:27:46.0729 4852 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:27:46.0732 4852 i8042prt - ok
18:27:46.0756 4852 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:27:46.0762 4852 iaStorV - ok
18:27:46.0799 4852 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:27:46.0810 4852 idsvc - ok
18:27:46.0828 4852 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:27:46.0829 4852 iirsp - ok
18:27:46.0876 4852 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:27:46.0899 4852 IKEEXT - ok
18:27:46.0935 4852 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:27:46.0936 4852 intelide - ok
18:27:46.0966 4852 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
18:27:46.0968 4852 intelppm - ok
18:27:46.0989 4852 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:27:46.0992 4852 IPBusEnum - ok
18:27:47.0005 4852 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:27:47.0007 4852 IpFilterDriver - ok
18:27:47.0014 4852 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:27:47.0016 4852 IPMIDRV - ok
18:27:47.0031 4852 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:27:47.0034 4852 IPNAT - ok
18:27:47.0118 4852 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:27:47.0129 4852 iPod Service - ok
18:27:47.0158 4852 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:27:47.0160 4852 IRENUM - ok
18:27:47.0173 4852 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:27:47.0176 4852 isapnp - ok
18:27:47.0203 4852 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:27:47.0208 4852 iScsiPrt - ok
18:27:47.0229 4852 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:27:47.0231 4852 kbdclass - ok
18:27:47.0245 4852 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:27:47.0247 4852 kbdhid - ok
18:27:47.0259 4852 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:27:47.0261 4852 KeyIso - ok
18:27:47.0293 4852 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:27:47.0296 4852 KSecDD - ok
18:27:47.0315 4852 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:27:47.0319 4852 KSecPkg - ok
18:27:47.0333 4852 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:27:47.0335 4852 ksthunk - ok
18:27:47.0353 4852 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:27:47.0360 4852 KtmRm - ok
18:27:47.0410 4852 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
18:27:47.0419 4852 LanmanServer - ok
18:27:47.0445 4852 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:27:47.0453 4852 LanmanWorkstation - ok
18:27:47.0530 4852 [ 584528BF596A54B2BF6BE5067ADDA44A ] Linksys_adapter_H C:\Windows\system32\DRIVERS\AE2500w764.sys
18:27:47.0568 4852 Linksys_adapter_H - ok
18:27:47.0607 4852 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:27:47.0610 4852 lltdio - ok
18:27:47.0638 4852 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:27:47.0647 4852 lltdsvc - ok
18:27:47.0663 4852 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:27:47.0667 4852 lmhosts - ok
18:27:47.0694 4852 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:27:47.0697 4852 LSI_FC - ok
18:27:47.0708 4852 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:27:47.0711 4852 LSI_SAS - ok
18:27:47.0720 4852 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:27:47.0722 4852 LSI_SAS2 - ok
18:27:47.0729 4852 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:27:47.0732 4852 LSI_SCSI - ok
18:27:47.0742 4852 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:27:47.0744 4852 luafv - ok
18:27:47.0768 4852 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:27:47.0770 4852 Mcx2Svc - ok
18:27:47.0780 4852 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
18:27:47.0782 4852 megasas - ok
18:27:47.0797 4852 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:27:47.0801 4852 MegaSR - ok
18:27:47.0819 4852 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:27:47.0821 4852 MMCSS - ok
18:27:47.0837 4852 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:27:47.0838 4852 Modem - ok
18:27:47.0847 4852 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:27:47.0848 4852 monitor - ok
18:27:47.0860 4852 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:27:47.0861 4852 mouclass - ok
18:27:47.0874 4852 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:27:47.0875 4852 mouhid - ok
18:27:47.0894 4852 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:27:47.0895 4852 mountmgr - ok
18:27:47.0909 4852 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:27:47.0912 4852 mpio - ok
18:27:47.0931 4852 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:27:47.0933 4852 mpsdrv - ok
18:27:47.0948 4852 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:27:47.0950 4852 MRxDAV - ok
18:27:47.0981 4852 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:27:47.0983 4852 mrxsmb - ok
18:27:48.0010 4852 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:27:48.0017 4852 mrxsmb10 - ok
18:27:48.0041 4852 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:27:48.0045 4852 mrxsmb20 - ok
18:27:48.0061 4852 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:27:48.0064 4852 msahci - ok
18:27:48.0088 4852 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:27:48.0093 4852 msdsm - ok
18:27:48.0115 4852 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:27:48.0122 4852 MSDTC - ok
18:27:48.0149 4852 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:27:48.0151 4852 Msfs - ok
18:27:48.0168 4852 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:27:48.0169 4852 mshidkmdf - ok
18:27:48.0178 4852 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:27:48.0180 4852 msisadrv - ok
18:27:48.0207 4852 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:27:48.0211 4852 MSiSCSI - ok
18:27:48.0216 4852 msiserver - ok
18:27:48.0238 4852 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:27:48.0239 4852 MSKSSRV - ok
18:27:48.0260 4852 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:27:48.0262 4852 MSPCLOCK - ok
18:27:48.0270 4852 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:27:48.0271 4852 MSPQM - ok
18:27:48.0281 4852 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:27:48.0287 4852 MsRPC - ok
18:27:48.0301 4852 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:27:48.0302 4852 mssmbios - ok
18:27:48.0315 4852 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:27:48.0316 4852 MSTEE - ok
18:27:48.0329 4852 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:27:48.0331 4852 MTConfig - ok
18:27:48.0362 4852 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
18:27:48.0363 4852 MTsensor - ok
18:27:48.0374 4852 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:27:48.0376 4852 Mup - ok
18:27:48.0397 4852 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:27:48.0406 4852 napagent - ok
18:27:48.0432 4852 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:27:48.0436 4852 NativeWifiP - ok
18:27:48.0493 4852 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:27:48.0505 4852 NDIS - ok
18:27:48.0523 4852 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:27:48.0525 4852 NdisCap - ok
18:27:48.0530 4852 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:27:48.0532 4852 NdisTapi - ok
18:27:48.0538 4852 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:27:48.0539 4852 Ndisuio - ok
18:27:48.0552 4852 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:27:48.0555 4852 NdisWan - ok
18:27:48.0559 4852 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:27:48.0561 4852 NDProxy - ok
18:27:48.0569 4852 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:27:48.0570 4852 NetBIOS - ok
18:27:48.0587 4852 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:27:48.0590 4852 NetBT - ok
18:27:48.0603 4852 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:27:48.0604 4852 Netlogon - ok
18:27:48.0634 4852 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:27:48.0643 4852 Netman - ok
18:27:48.0671 4852 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:27:48.0683 4852 netprofm - ok
18:27:48.0707 4852 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:27:48.0709 4852 NetTcpPortSharing - ok
18:27:48.0727 4852 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:27:48.0729 4852 nfrd960 - ok
18:27:48.0775 4852 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:27:48.0781 4852 NlaSvc - ok
18:27:48.0802 4852 [ 3CEEE0BE85D24D911B9C02714817774C ] NPF C:\Windows\system32\drivers\NPF.sys
18:27:48.0804 4852 NPF - ok
18:27:48.0818 4852 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:27:48.0820 4852 Npfs - ok
18:27:48.0858 4852 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:27:48.0861 4852 nsi - ok
18:27:48.0866 4852 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:27:48.0868 4852 nsiproxy - ok
18:27:48.0941 4852 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:27:49.0004 4852 Ntfs - ok
18:27:49.0020 4852 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:27:49.0022 4852 Null - ok
18:27:49.0063 4852 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:27:49.0066 4852 nvraid - ok
18:27:49.0090 4852 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:27:49.0093 4852 nvstor - ok
18:27:49.0120 4852 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:27:49.0123 4852 nv_agp - ok
18:27:49.0144 4852 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:27:49.0147 4852 ohci1394 - ok
18:27:49.0164 4852 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:27:49.0170 4852 p2pimsvc - ok
18:27:49.0194 4852 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:27:49.0202 4852 p2psvc - ok
18:27:49.0223 4852 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:27:49.0225 4852 Parport - ok
18:27:49.0271 4852 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:27:49.0274 4852 partmgr - ok
18:27:49.0295 4852 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:27:49.0303 4852 PcaSvc - ok
18:27:49.0329 4852 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:27:49.0334 4852 pci - ok
18:27:49.0347 4852 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:27:49.0349 4852 pciide - ok
18:27:49.0371 4852 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:27:49.0375 4852 pcmcia - ok
18:27:49.0388 4852 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:27:49.0390 4852 pcw - ok
18:27:49.0408 4852 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:27:49.0417 4852 PEAUTH - ok
18:27:49.0460 4852 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:27:49.0483 4852 PeerDistSvc - ok
18:27:49.0542 4852 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:27:49.0543 4852 PerfHost - ok
18:27:49.0590 4852 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:27:49.0613 4852 pla - ok
18:27:49.0642 4852 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:27:49.0650 4852 PlugPlay - ok
18:27:49.0669 4852 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:27:49.0672 4852 PNRPAutoReg - ok
18:27:49.0682 4852 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:27:49.0686 4852 PNRPsvc - ok
18:27:49.0721 4852 [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64 C:\Windows\system32\DRIVERS\point64.sys
18:27:49.0723 4852 Point64 - ok
18:27:49.0753 4852 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:27:49.0761 4852 PolicyAgent - ok
18:27:49.0797 4852 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:27:49.0801 4852 Power - ok
18:27:49.0818 4852 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:27:49.0820 4852 PptpMiniport - ok
18:27:49.0830 4852 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
18:27:49.0832 4852 Processor - ok
18:27:49.0859 4852 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:27:49.0864 4852 ProfSvc - ok
18:27:49.0875 4852 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:27:49.0877 4852 ProtectedStorage - ok
18:27:49.0898 4852 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:27:49.0901 4852 Psched - ok
18:27:49.0953 4852 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:27:49.0991 4852 ql2300 - ok
18:27:50.0013 4852 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:27:50.0015 4852 ql40xx - ok
18:27:50.0034 4852 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:27:50.0039 4852 QWAVE - ok
18:27:50.0055 4852 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:27:50.0056 4852 QWAVEdrv - ok
18:27:50.0176 4852 [ 62BFCA92E1F08AE3D9ABD26A72E55DB4 ] RapportCerberus_44365 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_44365.sys
18:27:50.0184 4852 RapportCerberus_44365 - ok
18:27:50.0328 4852 [ CEF1691AAAA8B3F291CD241D7B8778C2 ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
18:27:50.0332 4852 RapportEI64 - ok
18:27:50.0385 4852 [ EE86BA861726741F03A786EEC847A0F7 ] RapportIaso c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys
18:27:50.0389 4852 RapportIaso - ok
18:27:50.0426 4852 [ B5D0405FA1106E6F9A9E3FDC3373E4D5 ] RapportKE64 C:\Windows\system32\Drivers\RapportKE64.sys
18:27:50.0432 4852 RapportKE64 - ok
18:27:50.0492 4852 [ 095A3F9074D328B5ABAE2D8BEE39D63F ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
18:27:50.0510 4852 RapportMgmtService - ok
18:27:50.0526 4852 [ 80812ECC5CF0AB1143BD6E59CDB8D8F3 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
18:27:50.0528 4852 RapportPG64 - ok
18:27:50.0552 4852 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:27:50.0553 4852 RasAcd - ok
18:27:50.0568 4852 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:27:50.0569 4852 RasAgileVpn - ok
18:27:50.0583 4852 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:27:50.0586 4852 RasAuto - ok
18:27:50.0607 4852 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:27:50.0609 4852 Rasl2tp - ok
18:27:50.0627 4852 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:27:50.0633 4852 RasMan - ok
18:27:50.0638 4852 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:27:50.0640 4852 RasPppoe - ok
18:27:50.0658 4852 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:27:50.0660 4852 RasSstp - ok
18:27:50.0677 4852 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:27:50.0681 4852 rdbss - ok
18:27:50.0694 4852 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:27:50.0695 4852 rdpbus - ok
18:27:50.0703 4852 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:27:50.0704 4852 RDPCDD - ok
18:27:50.0743 4852 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:27:50.0746 4852 RDPDR - ok
18:27:50.0768 4852 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:27:50.0769 4852 RDPENCDD - ok
18:27:50.0777 4852 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:27:50.0778 4852 RDPREFMP - ok
18:27:50.0840 4852 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:27:50.0846 4852 RDPWD - ok
18:27:50.0872 4852 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:27:50.0878 4852 rdyboost - ok
18:27:50.0904 4852 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:27:50.0910 4852 RemoteAccess - ok
18:27:50.0931 4852 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:27:50.0938 4852 RemoteRegistry - ok
18:27:50.0955 4852 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:27:50.0961 4852 RpcEptMapper - ok
18:27:50.0973 4852 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:27:50.0976 4852 RpcLocator - ok
18:27:51.0005 4852 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:27:51.0011 4852 RpcSs - ok
18:27:51.0031 4852 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:27:51.0033 4852 rspndr - ok
18:27:51.0073 4852 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:27:51.0076 4852 RTL8167 - ok
18:27:51.0096 4852 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:27:51.0098 4852 s3cap - ok
18:27:51.0103 4852 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:27:51.0105 4852 SamSs - ok
18:27:51.0122 4852 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:27:51.0125 4852 sbp2port - ok
18:27:51.0137 4852 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:27:51.0142 4852 SCardSvr - ok
18:27:51.0155 4852 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:27:51.0156 4852 scfilter - ok
18:27:51.0185 4852 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:27:51.0207 4852 Schedule - ok
18:27:51.0232 4852 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:27:51.0234 4852 SCPolicySvc - ok
18:27:51.0253 4852 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:27:51.0258 4852 SDRSVC - ok
18:27:51.0267 4852 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:27:51.0268 4852 secdrv - ok
18:27:51.0284 4852 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:27:51.0287 4852 seclogon - ok
18:27:51.0300 4852 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:27:51.0303 4852 SENS - ok
18:27:51.0314 4852 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:27:51.0317 4852 SensrSvc - ok
18:27:51.0326 4852 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:27:51.0327 4852 Serenum - ok
18:27:51.0342 4852 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:27:51.0344 4852 Serial - ok
18:27:51.0362 4852 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:27:51.0363 4852 sermouse - ok
18:27:51.0376 4852 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:27:51.0379 4852 SessionEnv - ok
18:27:51.0387 4852 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:27:51.0388 4852 sffdisk - ok
18:27:51.0395 4852 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:27:51.0396 4852 sffp_mmc - ok
18:27:51.0400 4852 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:27:51.0401 4852 sffp_sd - ok
18:27:51.0406 4852 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:27:51.0407 4852 sfloppy - ok
18:27:51.0428 4852 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:27:51.0433 4852 ShellHWDetection - ok
18:27:51.0446 4852 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:27:51.0447 4852 SiSRaid2 - ok
18:27:51.0458 4852 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:27:51.0460 4852 SiSRaid4 - ok
18:27:51.0526 4852 [ 01ACB9228C303DE1FFF82B807D28B2B0 ] skfiltv C:\Windows\system32\drivers\skfiltv.sys
18:27:51.0529 4852 skfiltv - ok
18:27:51.0554 4852 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:27:51.0557 4852 Smb - ok
18:27:51.0600 4852 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:27:51.0605 4852 SNMPTRAP - ok
18:27:51.0614 4852 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:27:51.0616 4852 spldr - ok
18:27:51.0659 4852 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:27:51.0667 4852 Spooler - ok
18:27:51.0722 4852 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:27:51.0801 4852 sppsvc - ok
18:27:51.0822 4852 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:27:51.0825 4852 sppuinotify - ok
18:27:51.0850 4852 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:27:51.0855 4852 srv - ok
18:27:51.0872 4852 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:27:51.0877 4852 srv2 - ok
18:27:51.0893 4852 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:27:51.0895 4852 srvnet - ok
18:27:51.0918 4852 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:27:51.0921 4852 SSDPSRV - ok
18:27:51.0932 4852 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:27:51.0934 4852 SstpSvc - ok
18:27:51.0942 4852 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:27:51.0943 4852 stexstor - ok
18:27:51.0970 4852 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:27:51.0977 4852 stisvc - ok
18:27:51.0994 4852 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:27:51.0995 4852 storflt - ok
18:27:52.0014 4852 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
18:27:52.0016 4852 StorSvc - ok
18:27:52.0025 4852 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:27:52.0027 4852 storvsc - ok
18:27:52.0040 4852 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:27:52.0041 4852 swenum - ok
18:27:52.0066 4852 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:27:52.0070 4852 swprv - ok
18:27:52.0103 4852 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:27:52.0139 4852 SysMain - ok
18:27:52.0152 4852 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:27:52.0155 4852 TabletInputService - ok
18:27:52.0174 4852 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:27:52.0179 4852 TapiSrv - ok
18:27:52.0196 4852 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:27:52.0198 4852 TBS - ok
18:27:52.0257 4852 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:27:52.0296 4852 Tcpip - ok
18:27:52.0337 4852 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:27:52.0352 4852 TCPIP6 - ok
18:27:52.0391 4852 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:27:52.0393 4852 tcpipreg - ok
18:27:52.0422 4852 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:27:52.0424 4852 TDPIPE - ok
18:27:52.0462 4852 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:27:52.0463 4852 TDTCP - ok
18:27:52.0480 4852 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:27:52.0482 4852 tdx - ok
18:27:52.0510 4852 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:27:52.0512 4852 TermDD - ok
18:27:52.0538 4852 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:27:52.0549 4852 TermService - ok
18:27:52.0571 4852 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:27:52.0574 4852 Themes - ok
18:27:52.0582 4852 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:27:52.0585 4852 THREADORDER - ok
18:27:52.0599 4852 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:27:52.0603 4852 TrkWks - ok
18:27:52.0628 4852 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:27:52.0630 4852 TrustedInstaller - ok
18:27:52.0652 4852 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:27:52.0654 4852 tssecsrv - ok
18:27:52.0666 4852 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:27:52.0668 4852 TsUsbFlt - ok
18:27:52.0685 4852 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:27:52.0687 4852 TsUsbGD - ok
18:27:52.0722 4852 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:27:52.0725 4852 tunnel - ok
18:27:52.0731 4852 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:27:52.0733 4852 uagp35 - ok
18:27:52.0746 4852 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:27:52.0751 4852 udfs - ok
18:27:52.0773 4852 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:27:52.0776 4852 UI0Detect - ok
18:27:52.0782 4852 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:27:52.0784 4852 uliagpkx - ok
18:27:52.0802 4852 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:27:52.0803 4852 umbus - ok
18:27:52.0816 4852 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
18:27:52.0817 4852 UmPass - ok
18:27:52.0837 4852 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
18:27:52.0843 4852 UmRdpService - ok
18:27:52.0861 4852 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:27:52.0868 4852 upnphost - ok
18:27:52.0911 4852 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:27:52.0913 4852 USBAAPL64 - ok
18:27:52.0942 4852 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:27:52.0945 4852 usbaudio - ok
18:27:52.0971 4852 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:27:52.0973 4852 usbccgp - ok
18:27:52.0989 4852 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:27:52.0991 4852 usbcir - ok
18:27:53.0005 4852 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:27:53.0007 4852 usbehci - ok
18:27:53.0027 4852 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:27:53.0030 4852 usbhub - ok
18:27:53.0048 4852 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:27:53.0049 4852 usbohci - ok
18:27:53.0061 4852 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
18:27:53.0063 4852 usbprint - ok
18:27:53.0067 4852 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:27:53.0069 4852 USBSTOR - ok
18:27:53.0089 4852 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:27:53.0090 4852 usbuhci - ok
18:27:53.0100 4852 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:27:53.0102 4852 UxSms - ok
18:27:53.0114 4852 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:27:53.0116 4852 VaultSvc - ok
18:27:53.0125 4852 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:27:53.0127 4852 vdrvroot - ok
18:27:53.0150 4852 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:27:53.0157 4852 vds - ok
18:27:53.0162 4852 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:27:53.0163 4852 vga - ok
18:27:53.0181 4852 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:27:53.0182 4852 VgaSave - ok
18:27:53.0203 4852 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:27:53.0206 4852 vhdmp - ok
18:27:53.0218 4852 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:27:53.0220 4852 viaide - ok
18:27:53.0251 4852 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:27:53.0253 4852 vmbus - ok
18:27:53.0268 4852 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:27:53.0270 4852 VMBusHID - ok
18:27:53.0289 4852 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:27:53.0291 4852 volmgr - ok
18:27:53.0315 4852 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:27:53.0321 4852 volmgrx - ok
18:27:53.0345 4852 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:27:53.0350 4852 volsnap - ok
18:27:53.0373 4852 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:27:53.0377 4852 vsmraid - ok
18:27:53.0437 4852 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:27:53.0475 4852 VSS - ok
18:27:53.0517 4852 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:27:53.0518 4852 vwifibus - ok
18:27:53.0542 4852 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:27:53.0545 4852 vwififlt - ok
18:27:53.0573 4852 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:27:53.0581 4852 W32Time - ok
18:27:53.0596 4852 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:27:53.0598 4852 WacomPen - ok
18:27:53.0618 4852 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:27:53.0620 4852 WANARP - ok
18:27:53.0625 4852 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:27:53.0627 4852 Wanarpv6 - ok
18:27:53.0689 4852 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:27:53.0729 4852 WatAdminSvc - ok
18:27:53.0805 4852 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:27:53.0857 4852 wbengine - ok
18:27:53.0871 4852 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:27:53.0876 4852 WbioSrvc - ok
18:27:53.0902 4852 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:27:53.0909 4852 wcncsvc - ok
18:27:53.0923 4852 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:27:53.0926 4852 WcsPlugInService - ok
18:27:53.0938 4852 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
18:27:53.0940 4852 Wd - ok
18:27:53.0990 4852 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:27:54.0012 4852 Wdf01000 - ok
18:27:54.0029 4852 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:27:54.0036 4852 WdiServiceHost - ok
18:27:54.0040 4852 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:27:54.0044 4852 WdiSystemHost - ok
18:27:54.0064 4852 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:27:54.0070 4852 WebClient - ok
18:27:54.0093 4852 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:27:54.0098 4852 Wecsvc - ok
18:27:54.0115 4852 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:27:54.0119 4852 wercplsupport - ok
18:27:54.0151 4852 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:27:54.0155 4852 WerSvc - ok
18:27:54.0168 4852 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:27:54.0169 4852 WfpLwf - ok
18:27:54.0185 4852 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:27:54.0187 4852 WIMMount - ok
18:27:54.0237 4852 WinDefend - ok
18:27:54.0250 4852 WinHttpAutoProxySvc - ok
18:27:54.0311 4852 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:27:54.0318 4852 Winmgmt - ok
18:27:54.0390 4852 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:27:54.0455 4852 WinRM - ok
18:27:54.0495 4852 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:27:54.0507 4852 Wlansvc - ok
18:27:54.0523 4852 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:27:54.0524 4852 WmiAcpi - ok
18:27:54.0548 4852 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:27:54.0550 4852 wmiApSrv - ok
18:27:54.0569 4852 WMPNetworkSvc - ok
18:27:54.0585 4852 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:27:54.0587 4852 WPCSvc - ok
18:27:54.0601 4852 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:27:54.0604 4852 WPDBusEnum - ok
18:27:54.0614 4852 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:27:54.0615 4852 ws2ifsl - ok
18:27:54.0630 4852 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
18:27:54.0633 4852 wscsvc - ok
18:27:54.0638 4852 WSearch - ok
18:27:54.0725 4852 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:27:54.0772 4852 wuauserv - ok
18:27:54.0797 4852 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:27:54.0798 4852 WudfPf - ok
18:27:54.0865 4852 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:27:54.0871 4852 WUDFRd - ok
18:27:54.0903 4852 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:27:54.0911 4852 wudfsvc - ok
18:27:54.0938 4852 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:27:54.0949 4852 WwanSvc - ok
18:27:54.0994 4852 ================ Scan global ===============================
18:27:55.0010 4852 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:27:55.0045 4852 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
18:27:55.0055 4852 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
18:27:55.0077 4852 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:27:55.0110 4852 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:27:55.0115 4852 [Global] - ok
18:27:55.0116 4852 ================ Scan MBR ==================================
18:27:55.0144 4852 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:27:55.0426 4852 \Device\Harddisk0\DR0 - ok
18:27:55.0448 4852 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
18:27:59.0099 4852 \Device\Harddisk1\DR1 - ok
18:27:59.0115 4852 [ 349669BFE21C6F7D96616DFAF8497813 ] \Device\Harddisk2\DR2
18:28:09.0783 4852 \Device\Harddisk2\DR2 - ok
18:28:09.0792 4852 [ 8FF255184F078C9C04E6A2CE66117C5C ] \Device\Harddisk3\DR3
18:28:10.0283 4852 \Device\Harddisk3\DR3 - ok
18:28:10.0284 4852 ================ Scan VBR ==================================
18:28:10.0287 4852 [ 8DD3F36CC4F18F5513934605C1744280 ] \Device\Harddisk0\DR0\Partition1
18:28:10.0289 4852 \Device\Harddisk0\DR0\Partition1 - ok
18:28:10.0311 4852 [ 567EAB706C9423B2044524AF90622830 ] \Device\Harddisk0\DR0\Partition2
18:28:10.0313 4852 \Device\Harddisk0\DR0\Partition2 - ok
18:28:10.0334 4852 [ 522038C6C78B73F59BB72C67B8B9C2A1 ] \Device\Harddisk1\DR1\Partition1
18:28:10.0335 4852 \Device\Harddisk1\DR1\Partition1 - ok
18:28:10.0349 4852 [ 897C994748FDE51EBEA45BA38CD6B106 ] \Device\Harddisk2\DR2\Partition1
18:28:10.0351 4852 \Device\Harddisk2\DR2\Partition1 - ok
18:28:10.0355 4852 [ 7EC81D3BC154AFC812104768955901F3 ] \Device\Harddisk3\DR3\Partition1
18:28:10.0357 4852 \Device\Harddisk3\DR3\Partition1 - ok
18:28:10.0358 4852 ============================================================
18:28:10.0358 4852 Scan finished
18:28:10.0358 4852 ============================================================
18:28:10.0372 4636 Detected object count: 0
18:28:10.0372 4636 Actual detected object count: 0
18:29:41.0666 4920 Deinitialize success

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-17 17:23:36
-----------------------------
17:23:36.128 OS Version: Windows x64 6.1.7601 Service Pack 1
17:23:36.128 Number of processors: 4 586 0x502
17:23:36.128 ComputerName: MJOLNIRMK04 UserName: A.A. Thomas
17:23:38.842 Initialize success
17:23:49.404 AVAST engine defs: 13011601
17:24:01.770 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:24:01.770 Disk 0 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
17:24:01.770 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-5
17:24:01.770 Disk 1 Vendor: ST3400620AS 3.AAC Size: 381554MB BusType: 3
17:24:01.801 Disk 0 MBR read successfully
17:24:01.801 Disk 0 MBR scan
17:24:01.817 Disk 0 Windows 7 default MBR code
17:24:01.817 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:24:01.848 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1907627 MB offset 206848
17:24:01.864 Disk 0 scanning C:\Windows\system32\drivers
17:24:14.515 Service scanning
17:24:34.359 Modules scanning
17:24:34.374 Disk 0 trace - called modules:
17:24:34.390
17:24:37.744 AVAST engine scan C:\Windows
17:24:42.252 AVAST engine scan C:\Windows\system32
17:27:40.078 AVAST engine scan C:\Windows\system32\drivers
17:27:54.898 AVAST engine scan C:\Users\A.A. Thomas
17:28:24.756 Disk 0 MBR has been saved successfully to "C:\Users\A.A. Thomas\Downloads\MBR.dat"
17:28:24.756 The log file has been saved successfully to "C:\Users\A.A. Thomas\Downloads\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-17 21:20:30
-----------------------------
21:20:30.849 OS Version: Windows x64 6.1.7601 Service Pack 1
21:20:30.849 Number of processors: 4 586 0x502
21:20:30.850 ComputerName: MJOLNIRMK04 UserName: A.A. Thomas
21:20:33.095 Initialize success
21:20:44.114 AVAST engine defs: 13011601
21:20:49.434 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:20:49.439 Disk 0 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
21:20:49.445 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-5
21:20:49.451 Disk 1 Vendor: ST3400620AS 3.AAC Size: 381554MB BusType: 3
21:20:49.472 Disk 0 MBR read successfully
21:20:49.478 Disk 0 MBR scan
21:20:49.505 Disk 0 Windows 7 default MBR code
21:20:49.509 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:20:49.531 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1907627 MB offset 206848
21:20:49.569 Disk 0 scanning C:\Windows\system32\drivers
21:20:59.396 Service scanning
21:21:19.098 Modules scanning
21:21:19.116 Disk 0 trace - called modules:
21:21:19.157 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:21:19.170 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800473d060]
21:21:19.181 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8004103520]
21:21:19.193 5 ACPI.sys[fffff88000f577a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80040ec060]
21:21:21.632 AVAST engine scan C:\Windows
21:21:26.001 AVAST engine scan C:\Windows\system32
21:24:21.339 AVAST engine scan C:\Windows\system32\drivers
21:24:35.150 AVAST engine scan C:\Users\A.A. Thomas
21:47:19.739 Disk 0 MBR has been saved successfully to "C:\Users\A.A. Thomas\Downloads\MBR.dat"
21:47:19.764 The log file has been saved successfully to "C:\Users\A.A. Thomas\Downloads\aswMBR.txt"

C:\Users\A.A. Thomas\AppData\Local\Temp\0001a10f.exe Win32/Agent.UJK trojan cleaned by deleting - quarantined
C:\Users\A.A. Thomas\AppData\Local\Temp\00021d11.exe Win32/Agent.UJK trojan cleaned by deleting - quarantined
C:\Users\A.A. Thomas\AppData\Local\Temp\1D8D.tmp Win32/Spy.Zbot.AAO trojan cleaned by deleting - quarantined
C:\Users\A.A. Thomas\AppData\Local\Temp\29ED.tmp a variant of Win32/Kryptik.ASHG trojan cleaned by deleting - quarantined
C:\Users\A.A. Thomas\AppData\Local\Temp\554B.tmp a variant of Win32/Kryptik.ASHG trojan cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:34 PM

Posted 18 January 2013 - 09:39 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#5 slurpeeman86

slurpeeman86
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 18 January 2013 - 06:03 PM

Adware cleaner gave me nothing but grief. Here's the rest of them:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.15.15

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16439
A.A. Thomas :: MJOLNIRMK04 [administrator]

1/18/2013 2:04:18 PM
mbam-log-2013-01-18 (14-04-18).txt

Scan type: Full scan (C:\|D:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 564524
Time elapsed: 1 hour(s), 51 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MiniToolBox by Farbar Version:10-01-2013
Ran by A.A. Thomas (administrator) on 18-01-2013 at 16:03:43
Running from "C:\Users\A.A. Thomas\Downloads"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost




Farbar Service Scanner Version: 16-01-2013
Ran by A.A. Thomas (administrator) on 18-01-2013 at 16:05:25
Running from "C:\Users\A.A. Thomas\Downloads"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

# AdwCleaner v2.106 - Logfile created 01/18/2013 at 16:06:34
# Updated 17/01/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : A.A. Thomas - MJOLNIRMK04
# Boot Mode : Normal
# Running from : C:\Users\A.A. Thomas\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\Users\A.A. Thomas\AppData\LocalLow\adawaretb

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16438

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\A.A. Thomas\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [797 octets] - [18/01/2013 16:06:34]

########## EOF - C:\AdwCleaner[S1].txt - [856 octets] ##########

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : A.A. Thomas [Admin rights]
Mode : Scan -- Date : 01/18/2013 16:55:55

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost
199.193.118.246 www.google-analytics.com.
199.193.118.246 ad-emea.doubleclick.net.
199.193.118.246 www.statcounter.com.
199.193.118.246 connect.facebook.net.
93.115.241.27 www.google-analytics.com.
93.115.241.27 ad-emea.doubleclick.net.
93.115.241.27 www.statcounter.com.
93.115.241.27 connect.facebook.net.


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD20EARS-00MVWB0 ATA Device +++++
--- User ---
[MBR] c0370409719c8b54c18793f2fdfd6ee2
[BSP] bac387bd769c41fe824ab7c4a172d87b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3400620AS ATA Device +++++
--- User ---
[MBR] 38c7f55f454fc3e530c08014cd3792d9
[BSP] 569cba14d6b3157bb23838bb42ce57e6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 381543 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: WD 5000AAV External USB Device +++++
--- User ---
[MBR] 2cad1879d3ecde5c7399cdd5593b0c2f
[BSP] 1343860dbef73a961735f1522ff55311 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_01182013_02d1655.txt >>
RKreport[1]_S_01182013_02d1655.txt



"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "IntelliPoint" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft mouse and keyboard center\ipoint.exe"
+ "IntelliType Pro" "IType.exe" "Microsoft Corporation" "c:\program files\microsoft mouse and keyboard center\itype.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "AMD AVT" "" "" "File not found: AMD Accelerated Video Transcoding device initialization"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Google Chrome" "Google Chrome" "Google Inc." "c:\program files (x86)\google\chrome\application\24.0.1312.52\installer\setup.exe"
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "HydraVisionDesktopManager" "HydraDM" "AMD" "c:\program files (x86)\ati technologies\hydravision\hydradm.exe"
+ "NCsoft Launcher" "" "" "File not found: C:\program files (x86)\ncsoft\launcher\NCLauncher.exe /Minimized"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files (x86)\7-zip\7-zip.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files (x86)\7-zip\7-zip.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files (x86)\7-zip\7-zip.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll"
"Task Scheduler" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.5 r502" "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\Microsoft_Hardware_Launch_IPoint_exe" "" "" "File not found: c:\Program Files\Microsoft IntelliPoint\IPoint.exe"
+ "\Microsoft_Hardware_Launch_IType_exe" "" "" "File not found: c:\Program Files\Microsoft IntelliType Pro\IType.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "AMD FUEL Service" "Provides FUEL Functionality" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "RapportMgmtService" "Central Rapport Management and Monitoring Service" "Trusteer Ltd." "c:\program files (x86)\trusteer\rapport\bin\rapportmgmtservice.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdiox64" "AMD IO Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdiox64.sys"
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "AODDriver4.1" "AMD OverDrive Service Driver" "Advanced Micro Devices" "c:\program files\ati technologies\ati.ace\fuel\amd64\aoddriver2.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "AtiHDAudioService" "AMD High Definition Audio Function Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\atihdw76.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl664.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "gfiark" "gfiark64.sys" "GFI Software" "c:\windows\system32\drivers\gfiark.sys"
+ "gfibto" "GFI Boot Time Operations Driver" "GFI Software" "c:\windows\system32\drivers\gfibto.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "Linksys_adapter_H" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\ae2500w764.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "MTsensor" "ATK0110 ACPI Utility" "" "c:\windows\system32\drivers\asacpi.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "NPF" "npf.sys (NT5/6 AMD64) Kernel Driver" "CACE Technologies" "c:\windows\system32\drivers\npf.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RapportCerberus_44365" "" "" "c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\rapportcerberus64_44365.sys"
+ "RapportEI64" "RapportEI" "Trusteer Ltd." "c:\program files (x86)\trusteer\rapport\bin\x64\rapportei64.sys"
+ "RapportIaso" "RapportIaso" "Trusteer Ltd." "c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys"
+ "RapportKE64" "RapportKE" "Trusteer Ltd." "c:\windows\system32\drivers\rapportke64.sys"
+ "RapportPG64" "RapportPG64" "Trusteer Ltd." "c:\program files (x86)\trusteer\rapport\bin\x64\rapportpg64.sys"
+ "RTL8167" "Realtek 8101E/8168/8169 NDIS 6.20 64-bit Driver " "Realtek Corporation " "c:\windows\system32\drivers\rt64win7.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "skfiltv" "Creative Audio Driver" "Creative Technology Ltd." "c:\windows\system32\drivers\skfiltv.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "VIDC.FFDS" "" "" "c:\program files (x86)\combined community codec pack\filters\ffdshow\ff_vfw.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "AMD MJPEG Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG Audio Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG File Writer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG Multiplexer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG Video Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG Video Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI Video Rotation Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI Video Scaler Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "AMD MJPEG Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Audio Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG File Writer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Multiplexer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Video Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Video Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI Ticker" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "ATI Video Rotation Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI Video Scaler Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"
+ "Audible Words Codec" "" "" "File not found: C:\Windows\SysWow64\awrdscdc.ax"
+ "DirectVobSub" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "MPC-HC Team" "c:\program files (x86)\combined community codec pack\filters\vsfilter.dll"
+ "DirectVobSub (auto-loading version)" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "MPC-HC Team" "c:\program files (x86)\combined community codec pack\filters\vsfilter.dll"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\combined community codec pack\filters\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\combined community codec pack\filters\ffdshow\ffdshow.ax"
+ "ffdshow DXVA Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\combined community codec pack\filters\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\combined community codec pack\filters\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\combined community codec pack\filters\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\combined community codec pack\filters\ffdshow\ffdshow.ax"
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files (x86)\combined community codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files (x86)\combined community codec pack\filters\haali\splitter.ax"
+ "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files (x86)\combined community codec pack\filters\haali\splitter.ax"
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files (x86)\combined community codec pack\filters\haali\splitter.ax"
+ "Haali Video Renderer" "" "" "c:\program files (x86)\combined community codec pack\filters\haali\dxr.dll"
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\program files (x86)\combined community codec pack\filters\haali\splitter.ax"
+ "LAV Audio Decoder" "LAV Audio Decoder - DirectShow Audio Decoder" "1f0.de - Hendrik Leppkes" "c:\program files (x86)\combined community codec pack\filters\lavfilters\lavaudio.ax"
+ "LAV Splitter" "LAV Splitter - DirectShow Media Splitter" "1f0.de - Hendrik Leppkes" "c:\program files (x86)\combined community codec pack\filters\lavfilters\lavsplitter.ax"
+ "LAV Splitter Source" "LAV Splitter - DirectShow Media Splitter" "1f0.de - Hendrik Leppkes" "c:\program files (x86)\combined community codec pack\filters\lavfilters\lavsplitter.ax"
+ "LAV Video Decoder" "LAV Video Decoder - DirectShow Video Decoder" "1f0.de - Hendrik Leppkes" "c:\program files (x86)\combined community codec pack\filters\lavfilters\lavvideo.ax"
+ "MMACE Deinterlace" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MPC - MPEG-2 Video Decoder (Gabest)" "MPEG-2 Decoder Filter for DirectShow" "MPC-HC Team" "c:\program files (x86)\combined community codec pack\filters\mpeg2decfilter.ax"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:34 PM

Posted 18 January 2013 - 07:15 PM

.


Edited by narenxp, 12 March 2013 - 12:32 AM.


#7 slurpeeman86

slurpeeman86
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 18 January 2013 - 07:48 PM

MiniToolBox by Farbar Version:10-01-2013
Ran by A.A. Thomas (administrator) on 18-01-2013 at 18:48:34
Running from "C:\Users\A.A. Thomas\Downloads"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================

# ::1 localhost


**** End of log ****

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:34 PM

Posted 18 January 2013 - 08:09 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users