Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI/Greendot with a new wrinkle...


  • Please log in to reply
21 replies to this topic

#1 Gordon C

Gordon C

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:09:09 PM

Posted 28 January 2013 - 07:22 AM

Helping a friend with a Win 7 laptop that got the FBI/Greendot ransomware. The new wrinkle is that when we boot in safe mode with networking (or just safe mode) it immediately is issued a shutdown command so one never gets an opportunity to bring any tools into play.

Thought about trying to insert Rkill into the boot process but an not sure how to do that effectively. Might it be possible to interfere with the shutdown command? or am I wishing in the wind and just need to reinstall Win7?

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:09 PM

Posted 28 January 2013 - 07:26 AM

Can you boot into safemode or safemode with command prompt?

#3 Gordon C

Gordon C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:09:09 PM

Posted 28 January 2013 - 07:33 AM

Safe mode & Save mode with networking both will boot but immediately get a shutdown command. Safe mode with command prompt does boot and does .not. get the shutdown command. This allows me to access a thumb drive. Nice.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:09 PM

Posted 28 January 2013 - 07:34 AM

Please follow my instructions.I do not want you to run any other tools unless instructed

Run these commands in command prompt


Restart the PC and boot into test account.Let me know if that worked.

Edited by narenxp, 28 January 2013 - 07:44 AM.


#5 Gordon C

Gordon C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:09:09 PM

Posted 28 January 2013 - 07:41 AM

We have joy. User test has desktop in normal boot.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:09 PM

Posted 28 January 2013 - 07:43 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#7 Gordon C

Gordon C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:09:09 PM

Posted 28 January 2013 - 07:57 AM

07:51:17.0302 4592 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
07:51:17.0833 4592 ============================================================
07:51:17.0833 4592 Current date / time: 2013/01/28 07:51:17.0833
07:51:17.0833 4592 SystemInfo:
07:51:17.0833 4592
07:51:17.0833 4592 OS Version: 6.1.7601 ServicePack: 1.0
07:51:17.0833 4592 Product type: Workstation
07:51:17.0833 4592 ComputerName: MININT-HVUMN6D
07:51:17.0833 4592 UserName: test
07:51:17.0833 4592 Windows directory: C:\Windows
07:51:17.0833 4592 System windows directory: C:\Windows
07:51:17.0833 4592 Running under WOW64
07:51:17.0833 4592 Processor architecture: Intel x64
07:51:17.0833 4592 Number of processors: 4
07:51:17.0833 4592 Page size: 0x1000
07:51:17.0833 4592 Boot type: Normal boot
07:51:17.0833 4592 ============================================================
07:51:18.0425 4592 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:51:18.0425 4592 ============================================================
07:51:18.0425 4592 \Device\Harddisk0\DR0:
07:51:18.0425 4592 MBR partitions:
07:51:18.0425 4592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x559ED000
07:51:18.0425 4592 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x559ED800, BlocksNum 0x1B58000
07:51:18.0425 4592 ============================================================
07:51:18.0488 4592 C: <-> \Device\Harddisk0\DR0\Partition1
07:51:18.0488 4592 ============================================================
07:51:18.0488 4592 Initialize success
07:51:18.0488 4592 ============================================================
07:51:40.0905 3416 ============================================================
07:51:40.0905 3416 Scan started
07:51:40.0905 3416 Mode: Manual; TDLFS;
07:51:40.0905 3416 ============================================================
07:51:41.0045 3416 ================ Scan system memory ========================
07:51:41.0045 3416 System memory - ok
07:51:41.0045 3416 ================ Scan services =============================
07:51:41.0513 3416 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
07:51:41.0513 3416 1394ohci - ok
07:51:41.0591 3416 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
07:51:41.0591 3416 ACPI - ok
07:51:41.0607 3416 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
07:51:41.0607 3416 AcpiPmi - ok
07:51:41.0747 3416 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:51:41.0747 3416 AdobeARMservice - ok
07:51:41.0966 3416 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:51:42.0122 3416 AdobeFlashPlayerUpdateSvc - ok
07:51:42.0200 3416 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
07:51:42.0200 3416 adp94xx - ok
07:51:42.0231 3416 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
07:51:42.0231 3416 adpahci - ok
07:51:42.0262 3416 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
07:51:42.0262 3416 adpu320 - ok
07:51:42.0340 3416 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:51:42.0340 3416 AeLookupSvc - ok
07:51:42.0449 3416 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
07:51:42.0449 3416 AERTFilters - ok
07:51:42.0481 3416 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
07:51:42.0496 3416 AFD - ok
07:51:42.0512 3416 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
07:51:42.0512 3416 agp440 - ok
07:51:42.0574 3416 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
07:51:42.0574 3416 ALG - ok
07:51:42.0605 3416 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
07:51:42.0605 3416 aliide - ok
07:51:42.0652 3416 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
07:51:42.0652 3416 amdide - ok
07:51:42.0683 3416 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
07:51:42.0683 3416 AmdK8 - ok
07:51:42.0683 3416 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
07:51:42.0683 3416 AmdPPM - ok
07:51:42.0699 3416 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
07:51:42.0699 3416 amdsata - ok
07:51:42.0746 3416 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
07:51:42.0746 3416 amdsbs - ok
07:51:42.0761 3416 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
07:51:42.0761 3416 amdxata - ok
07:51:42.0808 3416 [ 6690E42CED5D067233ABAD42DA141213 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
07:51:42.0808 3416 ApfiltrService - ok
07:51:42.0871 3416 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
07:51:42.0871 3416 AppID - ok
07:51:42.0902 3416 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
07:51:42.0902 3416 AppIDSvc - ok
07:51:42.0933 3416 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
07:51:42.0933 3416 Appinfo - ok
07:51:42.0949 3416 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
07:51:42.0949 3416 arc - ok
07:51:42.0995 3416 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
07:51:42.0995 3416 arcsas - ok
07:51:42.0995 3416 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:51:42.0995 3416 AsyncMac - ok
07:51:43.0027 3416 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
07:51:43.0027 3416 atapi - ok
07:51:43.0073 3416 [ 4119870B90E1B5E7797D6433D21F9216 ] AthDfu C:\Windows\System32\Drivers\AthDfu.sys
07:51:43.0073 3416 AthDfu - ok
07:51:43.0151 3416 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:51:43.0151 3416 AudioEndpointBuilder - ok
07:51:43.0167 3416 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
07:51:43.0167 3416 AudioSrv - ok
07:51:43.0183 3416 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
07:51:43.0198 3416 AxInstSV - ok
07:51:43.0229 3416 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
07:51:43.0229 3416 b06bdrv - ok
07:51:43.0245 3416 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
07:51:43.0245 3416 b57nd60a - ok
07:51:43.0276 3416 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
07:51:43.0292 3416 BDESVC - ok
07:51:43.0307 3416 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
07:51:43.0307 3416 Beep - ok
07:51:43.0417 3416 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
07:51:43.0417 3416 BFE - ok
07:51:43.0541 3416 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
07:51:43.0557 3416 BITS - ok
07:51:43.0573 3416 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
07:51:43.0573 3416 blbdrive - ok
07:51:43.0713 3416 [ C620C59D46F43BEECC556F65E801312B ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
07:51:43.0713 3416 Bluetooth Device Monitor - ok
07:51:43.0807 3416 [ 5E5EDCCEEA4FA3FDF3A907AC204B5828 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
07:51:43.0807 3416 Bluetooth Media Service - ok
07:51:43.0947 3416 [ 826E65C945738CBD64F89EAE4406687F ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
07:51:43.0947 3416 Bluetooth OBEX Service - ok
07:51:43.0978 3416 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:51:43.0978 3416 bowser - ok
07:51:44.0009 3416 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
07:51:44.0009 3416 BrFiltLo - ok
07:51:44.0025 3416 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
07:51:44.0025 3416 BrFiltUp - ok
07:51:44.0025 3416 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
07:51:44.0025 3416 BridgeMP - ok
07:51:44.0056 3416 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
07:51:44.0056 3416 Browser - ok
07:51:44.0087 3416 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
07:51:44.0087 3416 Brserid - ok
07:51:44.0119 3416 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
07:51:44.0119 3416 BrSerWdm - ok
07:51:44.0119 3416 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
07:51:44.0119 3416 BrUsbMdm - ok
07:51:44.0119 3416 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
07:51:44.0119 3416 BrUsbSer - ok
07:51:44.0165 3416 [ A83A91D07D1FE6BBE7A9DB46CA00434B ] BTATH_BUS C:\Windows\system32\drivers\btath_bus.sys
07:51:44.0165 3416 BTATH_BUS - ok
07:51:44.0228 3416 [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP C:\Windows\system32\drivers\btath_hcrp.sys
07:51:44.0228 3416 BTATH_HCRP - ok
07:51:44.0290 3416 [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP C:\Windows\system32\drivers\btath_rcp.sys
07:51:44.0290 3416 BTATH_RCP - ok
07:51:44.0337 3416 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
07:51:44.0337 3416 BthEnum - ok
07:51:44.0353 3416 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
07:51:44.0368 3416 BTHMODEM - ok
07:51:44.0399 3416 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
07:51:44.0399 3416 BthPan - ok
07:51:44.0462 3416 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
07:51:44.0462 3416 BTHPORT - ok
07:51:44.0493 3416 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
07:51:44.0493 3416 bthserv - ok
07:51:44.0493 3416 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
07:51:44.0509 3416 BTHUSB - ok
07:51:44.0524 3416 [ 962BD3689E2C85F0BA97F3D7E7BA540B ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
07:51:44.0540 3416 btmaux - ok
07:51:44.0555 3416 [ EC1220B647F0D995DA5CAD4153454779 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
07:51:44.0571 3416 btmhsf - ok
07:51:44.0602 3416 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
07:51:44.0602 3416 btwavdt - ok
07:51:44.0602 3416 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\Windows\system32\drivers\btwrchid.sys
07:51:44.0602 3416 btwrchid - ok
07:51:44.0602 3416 catchme - ok
07:51:44.0633 3416 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:51:44.0633 3416 cdfs - ok
07:51:44.0696 3416 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
07:51:44.0696 3416 cdrom - ok
07:51:44.0743 3416 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
07:51:44.0743 3416 CertPropSvc - ok
07:51:44.0758 3416 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
07:51:44.0758 3416 circlass - ok
07:51:44.0836 3416 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
07:51:44.0836 3416 CLFS - ok
07:51:44.0930 3416 [ BB86F147B2A7152E4B4D71A2F0A87D41 ] CLKMSVC10_9EC60124 C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
07:51:44.0930 3416 CLKMSVC10_9EC60124 - ok
07:51:45.0086 3416 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:51:45.0117 3416 clr_optimization_v2.0.50727_32 - ok
07:51:45.0211 3416 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:51:45.0211 3416 clr_optimization_v2.0.50727_64 - ok
07:51:45.0335 3416 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:51:45.0367 3416 clr_optimization_v4.0.30319_32 - ok
07:51:45.0413 3416 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:51:45.0413 3416 clr_optimization_v4.0.30319_64 - ok
07:51:45.0445 3416 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
07:51:45.0445 3416 CmBatt - ok
07:51:45.0476 3416 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
07:51:45.0476 3416 cmdide - ok
07:51:45.0569 3416 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
07:51:45.0585 3416 CNG - ok
07:51:45.0616 3416 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
07:51:45.0616 3416 Compbatt - ok
07:51:45.0632 3416 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
07:51:45.0632 3416 CompositeBus - ok
07:51:45.0632 3416 COMSysApp - ok
07:51:45.0679 3416 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
07:51:45.0679 3416 crcdisk - ok
07:51:45.0725 3416 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:51:45.0725 3416 CryptSvc - ok
07:51:45.0757 3416 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
07:51:45.0772 3416 CtClsFlt - ok
07:51:45.0819 3416 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
07:51:45.0819 3416 DcomLaunch - ok
07:51:45.0881 3416 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
07:51:45.0897 3416 defragsvc - ok
07:51:45.0897 3416 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:51:45.0913 3416 DfsC - ok
07:51:45.0944 3416 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
07:51:45.0959 3416 Dhcp - ok
07:51:45.0991 3416 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
07:51:45.0991 3416 discache - ok
07:51:46.0006 3416 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
07:51:46.0006 3416 Disk - ok
07:51:46.0037 3416 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:51:46.0037 3416 Dnscache - ok
07:51:46.0069 3416 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
07:51:46.0084 3416 dot3svc - ok
07:51:46.0115 3416 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
07:51:46.0115 3416 Dot4 - ok
07:51:46.0162 3416 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
07:51:46.0162 3416 Dot4Print - ok
07:51:46.0178 3416 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
07:51:46.0178 3416 dot4usb - ok
07:51:46.0225 3416 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
07:51:46.0225 3416 DPS - ok
07:51:46.0256 3416 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:51:46.0256 3416 drmkaud - ok
07:51:46.0381 3416 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:51:46.0396 3416 DXGKrnl - ok
07:51:46.0427 3416 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
07:51:46.0427 3416 EapHost - ok
07:51:46.0677 3416 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
07:51:46.0724 3416 ebdrv - ok
07:51:46.0771 3416 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
07:51:46.0771 3416 EFS - ok
07:51:46.0880 3416 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
07:51:46.0895 3416 ehRecvr - ok
07:51:46.0942 3416 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
07:51:46.0942 3416 ehSched - ok
07:51:47.0005 3416 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
07:51:47.0005 3416 elxstor - ok
07:51:47.0020 3416 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
07:51:47.0020 3416 ErrDev - ok
07:51:47.0098 3416 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
07:51:47.0098 3416 EventSystem - ok
07:51:47.0145 3416 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
07:51:47.0145 3416 exfat - ok
07:51:47.0192 3416 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:51:47.0192 3416 fastfat - ok
07:51:47.0285 3416 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
07:51:47.0285 3416 Fax - ok
07:51:47.0332 3416 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
07:51:47.0332 3416 fdc - ok
07:51:47.0363 3416 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
07:51:47.0363 3416 fdPHost - ok
07:51:47.0379 3416 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
07:51:47.0379 3416 FDResPub - ok
07:51:47.0395 3416 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:51:47.0395 3416 FileInfo - ok
07:51:47.0410 3416 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:51:47.0410 3416 Filetrace - ok
07:51:47.0441 3416 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
07:51:47.0457 3416 flpydisk - ok
07:51:47.0535 3416 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:51:47.0535 3416 FltMgr - ok
07:51:47.0582 3416 [ 4A8D45A1DE1B1E53F81190CA4E437DD6 ] FLxHCIc C:\Windows\system32\DRIVERS\FLxHCIc.sys
07:51:47.0597 3416 FLxHCIc - ok
07:51:47.0613 3416 [ BB0A3FB710C90D1BC2D78266012C0CF6 ] FLxHCIh C:\Windows\system32\DRIVERS\FLxHCIh.sys
07:51:47.0613 3416 FLxHCIh - ok
07:51:47.0738 3416 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
07:51:47.0753 3416 FontCache - ok
07:51:47.0831 3416 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:51:47.0831 3416 FontCache3.0.0.0 - ok
07:51:47.0847 3416 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
07:51:47.0847 3416 FsDepends - ok
07:51:47.0863 3416 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:51:47.0863 3416 Fs_Rec - ok
07:51:47.0878 3416 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
07:51:47.0878 3416 fvevol - ok
07:51:47.0894 3416 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
07:51:47.0894 3416 gagp30kx - ok
07:51:48.0003 3416 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
07:51:48.0050 3416 gpsvc - ok
07:51:48.0143 3416 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:51:48.0143 3416 gupdate - ok
07:51:48.0143 3416 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:51:48.0143 3416 gupdatem - ok
07:51:48.0206 3416 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
07:51:48.0221 3416 gusvc - ok
07:51:48.0237 3416 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
07:51:48.0253 3416 hcw85cir - ok
07:51:48.0299 3416 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:51:48.0299 3416 HdAudAddService - ok
07:51:48.0315 3416 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
07:51:48.0315 3416 HDAudBus - ok
07:51:48.0346 3416 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
07:51:48.0346 3416 HidBatt - ok
07:51:48.0346 3416 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
07:51:48.0346 3416 HidBth - ok
07:51:48.0346 3416 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
07:51:48.0362 3416 HidIr - ok
07:51:48.0377 3416 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
07:51:48.0393 3416 hidserv - ok
07:51:48.0409 3416 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
07:51:48.0409 3416 HidUsb - ok
07:51:48.0440 3416 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
07:51:48.0455 3416 hkmsvc - ok
07:51:48.0471 3416 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:51:48.0487 3416 HomeGroupListener - ok
07:51:48.0533 3416 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:51:48.0549 3416 HomeGroupProvider - ok
07:51:48.0658 3416 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
07:51:48.0658 3416 hpqcxs08 - ok
07:51:48.0705 3416 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
07:51:48.0705 3416 hpqddsvc - ok
07:51:48.0736 3416 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
07:51:48.0736 3416 HpSAMD - ok
07:51:48.0814 3416 [ D972F48D0CE396759B788693CD665926 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
07:51:48.0814 3416 HPSLPSVC - ok
07:51:48.0908 3416 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:51:48.0939 3416 HTTP - ok
07:51:48.0955 3416 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
07:51:48.0955 3416 hwpolicy - ok
07:51:48.0986 3416 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
07:51:48.0986 3416 i8042prt - ok
07:51:49.0048 3416 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\drivers\iaStor.sys
07:51:49.0064 3416 iaStor - ok
07:51:49.0126 3416 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
07:51:49.0126 3416 iaStorV - ok
07:51:49.0142 3416 [ E44F0B4DC753C14930B8DC48BB7A1644 ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
07:51:49.0142 3416 iBtFltCoex - ok
07:51:49.0267 3416 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:51:49.0282 3416 idsvc - ok
07:51:50.0015 3416 [ 0AC9E321D604BE48A0D72B69BA484BDC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
07:51:50.0171 3416 igfx - ok
07:51:50.0218 3416 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
07:51:50.0218 3416 iirsp - ok
07:51:50.0359 3416 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
07:51:50.0374 3416 IKEEXT - ok
07:51:50.0437 3416 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
07:51:50.0437 3416 Impcd - ok
07:51:50.0639 3416 [ A9853214CC97796579D75B1F59C51DCD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
07:51:50.0655 3416 IntcAzAudAddService - ok
07:51:50.0717 3416 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
07:51:50.0717 3416 IntcDAud - ok
07:51:50.0764 3416 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
07:51:50.0764 3416 intelide - ok
07:51:50.0811 3416 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
07:51:50.0811 3416 intelppm - ok
07:51:50.0842 3416 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:51:50.0842 3416 IPBusEnum - ok
07:51:50.0873 3416 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:51:50.0873 3416 IpFilterDriver - ok
07:51:50.0967 3416 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:51:50.0967 3416 iphlpsvc - ok
07:51:50.0983 3416 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
07:51:50.0983 3416 IPMIDRV - ok
07:51:50.0998 3416 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
07:51:50.0998 3416 IPNAT - ok
07:51:51.0029 3416 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:51:51.0029 3416 IRENUM - ok
07:51:51.0045 3416 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
07:51:51.0045 3416 isapnp - ok
07:51:51.0092 3416 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
07:51:51.0092 3416 iScsiPrt - ok
07:51:51.0107 3416 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
07:51:51.0107 3416 kbdclass - ok
07:51:51.0139 3416 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
07:51:51.0139 3416 kbdhid - ok
07:51:51.0154 3416 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
07:51:51.0154 3416 KeyIso - ok
07:51:51.0201 3416 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:51:51.0201 3416 KSecDD - ok
07:51:51.0217 3416 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
07:51:51.0217 3416 KSecPkg - ok
07:51:51.0248 3416 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
07:51:51.0248 3416 ksthunk - ok
07:51:51.0357 3416 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
07:51:51.0357 3416 KtmRm - ok
07:51:51.0388 3416 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
07:51:51.0388 3416 LanmanServer - ok
07:51:51.0435 3416 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:51:51.0435 3416 LanmanWorkstation - ok
07:51:51.0466 3416 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:51:51.0466 3416 lltdio - ok
07:51:51.0529 3416 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:51:51.0529 3416 lltdsvc - ok
07:51:51.0560 3416 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
07:51:51.0560 3416 lmhosts - ok
07:51:51.0575 3416 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
07:51:51.0575 3416 LSI_FC - ok
07:51:51.0622 3416 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
07:51:51.0622 3416 LSI_SAS - ok
07:51:51.0622 3416 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
07:51:51.0638 3416 LSI_SAS2 - ok
07:51:51.0638 3416 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
07:51:51.0638 3416 LSI_SCSI - ok
07:51:51.0653 3416 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
07:51:51.0653 3416 luafv - ok
07:51:51.0700 3416 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
07:51:51.0700 3416 Mcx2Svc - ok
07:51:51.0747 3416 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
07:51:51.0763 3416 megasas - ok
07:51:51.0778 3416 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
07:51:51.0794 3416 MegaSR - ok
07:51:51.0825 3416 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
07:51:51.0825 3416 MEIx64 - ok
07:51:51.0887 3416 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
07:51:51.0887 3416 MMCSS - ok
07:51:51.0919 3416 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
07:51:51.0934 3416 Modem - ok
07:51:51.0934 3416 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:51:51.0934 3416 monitor - ok
07:51:51.0950 3416 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
07:51:51.0950 3416 mouclass - ok
07:51:51.0997 3416 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys
07:51:51.0997 3416 mouhid - ok
07:51:52.0028 3416 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
07:51:52.0028 3416 mountmgr - ok
07:51:52.0090 3416 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
07:51:52.0090 3416 MpFilter - ok
07:51:52.0137 3416 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
07:51:52.0137 3416 mpio - ok
07:51:52.0168 3416 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:51:52.0168 3416 mpsdrv - ok
07:51:52.0309 3416 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
07:51:52.0340 3416 MpsSvc - ok
07:51:52.0371 3416 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:51:52.0371 3416 MRxDAV - ok
07:51:52.0418 3416 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:51:52.0418 3416 mrxsmb - ok
07:51:52.0465 3416 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:51:52.0465 3416 mrxsmb10 - ok
07:51:52.0465 3416 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:51:52.0465 3416 mrxsmb20 - ok
07:51:52.0511 3416 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
07:51:52.0511 3416 msahci - ok
07:51:52.0574 3416 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
07:51:52.0574 3416 msdsm - ok
07:51:52.0636 3416 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
07:51:52.0636 3416 MSDTC - ok
07:51:52.0683 3416 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:51:52.0683 3416 Msfs - ok
07:51:52.0699 3416 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
07:51:52.0699 3416 mshidkmdf - ok
07:51:52.0730 3416 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
07:51:52.0730 3416 msisadrv - ok
07:51:52.0792 3416 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:51:52.0792 3416 MSiSCSI - ok
07:51:52.0792 3416 msiserver - ok
07:51:52.0839 3416 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:51:52.0839 3416 MSKSSRV - ok
07:51:52.0917 3416 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
07:51:52.0917 3416 MsMpSvc - ok
07:51:52.0948 3416 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:51:52.0948 3416 MSPCLOCK - ok
07:51:52.0995 3416 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:51:52.0995 3416 MSPQM - ok
07:51:53.0011 3416 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:51:53.0011 3416 MsRPC - ok
07:51:53.0026 3416 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
07:51:53.0026 3416 mssmbios - ok
07:51:53.0057 3416 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:51:53.0057 3416 MSTEE - ok
07:51:53.0057 3416 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
07:51:53.0057 3416 MTConfig - ok
07:51:53.0073 3416 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
07:51:53.0073 3416 Mup - ok
07:51:53.0151 3416 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
07:51:53.0151 3416 napagent - ok
07:51:53.0198 3416 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:51:53.0198 3416 NativeWifiP - ok
07:51:53.0276 3416 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
07:51:53.0276 3416 NDIS - ok
07:51:53.0323 3416 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
07:51:53.0323 3416 NdisCap - ok
07:51:53.0338 3416 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:51:53.0338 3416 NdisTapi - ok
07:51:53.0354 3416 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:51:53.0354 3416 Ndisuio - ok
07:51:53.0401 3416 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
07:51:53.0401 3416 NdisWan - ok
07:51:53.0432 3416 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:51:53.0432 3416 NDProxy - ok
07:51:53.0479 3416 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
07:51:53.0479 3416 Net Driver HPZ12 - ok
07:51:53.0494 3416 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:51:53.0494 3416 NetBIOS - ok
07:51:53.0541 3416 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
07:51:53.0541 3416 NetBT - ok
07:51:53.0557 3416 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
07:51:53.0557 3416 Netlogon - ok
07:51:53.0619 3416 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
07:51:53.0619 3416 Netman - ok
07:51:53.0635 3416 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
07:51:53.0635 3416 netprofm - ok
07:51:53.0681 3416 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:51:53.0681 3416 NetTcpPortSharing - ok
07:51:54.0368 3416 [ 5D262402B0634C998F8CBCEAD7DD8676 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
07:51:54.0508 3416 NETwNs64 - ok
07:51:54.0539 3416 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
07:51:54.0555 3416 nfrd960 - ok
07:51:54.0571 3416 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
07:51:54.0571 3416 NisDrv - ok
07:51:54.0649 3416 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
07:51:54.0664 3416 NisSrv - ok
07:51:54.0695 3416 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
07:51:54.0695 3416 NlaSvc - ok
07:51:54.0711 3416 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:51:54.0711 3416 Npfs - ok
07:51:54.0742 3416 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
07:51:54.0742 3416 nsi - ok
07:51:54.0773 3416 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:51:54.0773 3416 nsiproxy - ok
07:51:54.0867 3416 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:51:54.0914 3416 Ntfs - ok
07:51:54.0945 3416 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
07:51:54.0945 3416 Null - ok
07:51:54.0976 3416 [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys
07:51:54.0976 3416 nusb3hub - ok
07:51:55.0007 3416 [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys
07:51:55.0023 3416 nusb3xhc - ok
07:51:55.0054 3416 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
07:51:55.0054 3416 nvraid - ok
07:51:55.0054 3416 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
07:51:55.0054 3416 nvstor - ok
07:51:55.0054 3416 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
07:51:55.0070 3416 nv_agp - ok
07:51:55.0070 3416 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
07:51:55.0085 3416 ohci1394 - ok
07:51:55.0132 3416 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
07:51:55.0132 3416 p2pimsvc - ok
07:51:55.0163 3416 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
07:51:55.0163 3416 p2psvc - ok
07:51:55.0195 3416 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
07:51:55.0195 3416 Parport - ok
07:51:55.0241 3416 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:51:55.0241 3416 partmgr - ok
07:51:55.0304 3416 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
07:51:55.0304 3416 PcaSvc - ok
07:51:55.0351 3416 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
07:51:55.0351 3416 pci - ok
07:51:55.0382 3416 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
07:51:55.0382 3416 pciide - ok
07:51:55.0444 3416 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
07:51:55.0460 3416 pcmcia - ok
07:51:55.0460 3416 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
07:51:55.0460 3416 pcw - ok
07:51:55.0507 3416 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:51:55.0522 3416 PEAUTH - ok
07:51:55.0787 3416 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
07:51:55.0803 3416 PerfHost - ok
07:51:55.0990 3416 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
07:51:56.0021 3416 pla - ok
07:51:56.0084 3416 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:51:56.0084 3416 PlugPlay - ok
07:51:56.0115 3416 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
07:51:56.0131 3416 Pml Driver HPZ12 - ok
07:51:56.0177 3416 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
07:51:56.0177 3416 PNRPAutoReg - ok
07:51:56.0255 3416 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
07:51:56.0255 3416 PNRPsvc - ok
07:51:56.0318 3416 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:51:56.0318 3416 PolicyAgent - ok
07:51:56.0349 3416 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
07:51:56.0349 3416 Power - ok
07:51:56.0380 3416 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:51:56.0380 3416 PptpMiniport - ok
07:51:56.0411 3416 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
07:51:56.0411 3416 Processor - ok
07:51:56.0443 3416 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
07:51:56.0458 3416 ProfSvc - ok
07:51:56.0474 3416 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:51:56.0474 3416 ProtectedStorage - ok
07:51:56.0489 3416 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
07:51:56.0489 3416 Psched - ok
07:51:56.0521 3416 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
07:51:56.0521 3416 PxHlpa64 - ok
07:51:56.0723 3416 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
07:51:56.0755 3416 ql2300 - ok
07:51:56.0770 3416 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
07:51:56.0770 3416 ql40xx - ok
07:51:56.0817 3416 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
07:51:56.0833 3416 QWAVE - ok
07:51:56.0848 3416 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:51:56.0848 3416 QWAVEdrv - ok
07:51:56.0879 3416 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:51:56.0879 3416 RasAcd - ok
07:51:56.0926 3416 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
07:51:56.0926 3416 RasAgileVpn - ok
07:51:56.0957 3416 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
07:51:56.0957 3416 RasAuto - ok
07:51:56.0973 3416 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:51:56.0989 3416 Rasl2tp - ok
07:51:57.0020 3416 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
07:51:57.0035 3416 RasMan - ok
07:51:57.0035 3416 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:51:57.0035 3416 RasPppoe - ok
07:51:57.0051 3416 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:51:57.0051 3416 RasSstp - ok
07:51:57.0098 3416 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:51:57.0098 3416 rdbss - ok
07:51:57.0113 3416 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
07:51:57.0113 3416 rdpbus - ok
07:51:57.0129 3416 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
07:51:57.0129 3416 RDPCDD - ok
07:51:57.0129 3416 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
07:51:57.0129 3416 RDPENCDD - ok
07:51:57.0145 3416 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
07:51:57.0145 3416 RDPREFMP - ok
07:51:57.0191 3416 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:51:57.0191 3416 RDPWD - ok
07:51:57.0269 3416 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
07:51:57.0269 3416 rdyboost - ok
07:51:57.0332 3416 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
07:51:57.0332 3416 RemoteAccess - ok
07:51:57.0410 3416 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:51:57.0410 3416 RemoteRegistry - ok
07:51:57.0472 3416 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
07:51:57.0472 3416 RFCOMM - ok
07:51:57.0800 3416 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
07:51:57.0815 3416 RoxMediaDB12OEM - ok
07:51:57.0878 3416 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
07:51:57.0893 3416 RoxWatch12 - ok
07:51:57.0925 3416 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
07:51:57.0925 3416 RpcEptMapper - ok
07:51:57.0987 3416 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
07:51:57.0987 3416 RpcLocator - ok
07:51:58.0065 3416 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
07:51:58.0065 3416 RpcSs - ok
07:51:58.0112 3416 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:51:58.0112 3416 rspndr - ok
07:51:58.0174 3416 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
07:51:58.0174 3416 RSUSBSTOR - ok
07:51:58.0252 3416 [ A73ED14670220307874AD6BC2F279349 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
07:51:58.0252 3416 RTL8167 - ok
07:51:58.0268 3416 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
07:51:58.0268 3416 SamSs - ok
07:51:58.0299 3416 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
07:51:58.0299 3416 sbp2port - ok
07:51:58.0361 3416 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:51:58.0377 3416 SCardSvr - ok
07:51:58.0408 3416 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
07:51:58.0408 3416 scfilter - ok
07:51:58.0549 3416 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
07:51:58.0580 3416 Schedule - ok
07:51:58.0627 3416 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
07:51:58.0627 3416 SCPolicySvc - ok
07:51:58.0673 3416 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:51:58.0673 3416 SDRSVC - ok
07:51:58.0705 3416 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:51:58.0705 3416 secdrv - ok
07:51:58.0736 3416 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
07:51:58.0736 3416 seclogon - ok
07:51:58.0767 3416 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
07:51:58.0767 3416 SENS - ok
07:51:58.0798 3416 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
07:51:58.0798 3416 SensrSvc - ok
07:51:58.0814 3416 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
07:51:58.0814 3416 Serenum - ok
07:51:58.0829 3416 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
07:51:58.0845 3416 Serial - ok
07:51:58.0876 3416 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
07:51:58.0876 3416 sermouse - ok
07:51:58.0923 3416 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
07:51:58.0923 3416 SessionEnv - ok
07:51:58.0970 3416 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
07:51:58.0970 3416 sffdisk - ok
07:51:58.0970 3416 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
07:51:58.0970 3416 sffp_mmc - ok
07:51:58.0985 3416 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
07:51:58.0985 3416 sffp_sd - ok
07:51:58.0985 3416 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
07:51:59.0001 3416 sfloppy - ok
07:51:59.0219 3416 [ 4215C271D6E6898C3F4DABAB4F387DC9 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
07:51:59.0251 3416 SftService - ok
07:51:59.0344 3416 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
07:51:59.0344 3416 SharedAccess - ok
07:51:59.0422 3416 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:51:59.0422 3416 ShellHWDetection - ok
07:51:59.0469 3416 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
07:51:59.0469 3416 SiSRaid2 - ok
07:51:59.0485 3416 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
07:51:59.0500 3416 SiSRaid4 - ok
07:51:59.0500 3416 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
07:51:59.0500 3416 Smb - ok
07:51:59.0531 3416 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:51:59.0531 3416 SNMPTRAP - ok
07:51:59.0578 3416 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
07:51:59.0594 3416 spldr - ok
07:51:59.0687 3416 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
07:51:59.0687 3416 Spooler - ok
07:51:59.0953 3416 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
07:52:00.0015 3416 sppsvc - ok
07:52:00.0046 3416 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
07:52:00.0046 3416 sppuinotify - ok
07:52:00.0062 3416 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
07:52:00.0077 3416 srv - ok
07:52:00.0109 3416 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:52:00.0109 3416 srv2 - ok
07:52:00.0109 3416 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:52:00.0109 3416 srvnet - ok
07:52:00.0187 3416 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:52:00.0187 3416 SSDPSRV - ok
07:52:00.0202 3416 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:52:00.0202 3416 SstpSvc - ok
07:52:00.0218 3416 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
07:52:00.0218 3416 stexstor - ok
07:52:00.0327 3416 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
07:52:00.0343 3416 stisvc - ok
07:52:00.0405 3416 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
07:52:00.0436 3416 stllssvr - ok
07:52:00.0467 3416 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
07:52:00.0467 3416 swenum - ok
07:52:00.0530 3416 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
07:52:00.0530 3416 swprv - ok
07:52:00.0701 3416 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
07:52:00.0733 3416 SysMain - ok
07:52:00.0764 3416 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:52:00.0764 3416 TabletInputService - ok
07:52:00.0826 3416 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
07:52:00.0826 3416 TapiSrv - ok
07:52:00.0857 3416 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
07:52:00.0857 3416 TBS - ok
07:52:01.0045 3416 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
07:52:01.0076 3416 Tcpip - ok
07:52:01.0247 3416 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
07:52:01.0247 3416 TCPIP6 - ok
07:52:01.0294 3416 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
07:52:01.0294 3416 tcpipreg - ok
07:52:01.0341 3416 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
07:52:01.0341 3416 TDPIPE - ok
07:52:01.0372 3416 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
07:52:01.0372 3416 TDTCP - ok
07:52:01.0419 3416 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
07:52:01.0419 3416 tdx - ok
07:52:01.0435 3416 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
07:52:01.0435 3416 TermDD - ok
07:52:01.0481 3416 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
07:52:01.0481 3416 TermService - ok
07:52:01.0513 3416 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
07:52:01.0513 3416 Themes - ok
07:52:01.0528 3416 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
07:52:01.0528 3416 THREADORDER - ok
07:52:01.0559 3416 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
07:52:01.0559 3416 TrkWks - ok
07:52:01.0637 3416 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:52:01.0637 3416 TrustedInstaller - ok
07:52:01.0653 3416 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
07:52:01.0653 3416 tssecsrv - ok
07:52:01.0684 3416 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
07:52:01.0684 3416 TsUsbFlt - ok
07:52:01.0731 3416 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
07:52:01.0731 3416 TsUsbGD - ok
07:52:01.0747 3416 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
07:52:01.0747 3416 tunnel - ok
07:52:01.0762 3416 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
07:52:01.0762 3416 uagp35 - ok
07:52:01.0809 3416 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
07:52:01.0825 3416 udfs - ok
07:52:01.0840 3416 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
07:52:01.0840 3416 UI0Detect - ok
07:52:01.0871 3416 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
07:52:01.0871 3416 uliagpkx - ok
07:52:01.0887 3416 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
07:52:01.0903 3416 umbus - ok
07:52:01.0903 3416 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
07:52:01.0903 3416 UmPass - ok
07:52:01.0934 3416 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
07:52:01.0934 3416 upnphost - ok
07:52:01.0949 3416 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
07:52:01.0949 3416 usbccgp - ok
07:52:01.0981 3416 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
07:52:01.0981 3416 usbcir - ok
07:52:02.0012 3416 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
07:52:02.0012 3416 usbehci - ok
07:52:02.0074 3416 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
07:52:02.0074 3416 usbhub - ok
07:52:02.0105 3416 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
07:52:02.0105 3416 usbohci - ok
07:52:02.0137 3416 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
07:52:02.0137 3416 usbprint - ok
07:52:02.0183 3416 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
07:52:02.0183 3416 usbscan - ok
07:52:02.0215 3416 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:52:02.0215 3416 USBSTOR - ok
07:52:02.0277 3416 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
07:52:02.0277 3416 usbuhci - ok
07:52:02.0339 3416 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
07:52:02.0339 3416 usbvideo - ok
07:52:02.0371 3416 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
07:52:02.0371 3416 UxSms - ok
07:52:02.0386 3416 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
07:52:02.0386 3416 VaultSvc - ok
07:52:02.0433 3416 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
07:52:02.0433 3416 vdrvroot - ok
07:52:02.0480 3416 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
07:52:02.0495 3416 vds - ok
07:52:02.0495 3416 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
07:52:02.0495 3416 vga - ok
07:52:02.0527 3416 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
07:52:02.0527 3416 VgaSave - ok
07:52:02.0558 3416 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
07:52:02.0558 3416 vhdmp - ok
07:52:02.0558 3416 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
07:52:02.0558 3416 viaide - ok
07:52:02.0589 3416 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
07:52:02.0589 3416 volmgr - ok
07:52:02.0620 3416 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
07:52:02.0636 3416 volmgrx - ok
07:52:02.0667 3416 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
07:52:02.0667 3416 volsnap - ok
07:52:02.0714 3416 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
07:52:02.0714 3416 vsmraid - ok
07:52:02.0776 3416 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
07:52:02.0823 3416 VSS - ok
07:52:02.0839 3416 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
07:52:02.0839 3416 vwifibus - ok
07:52:02.0854 3416 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
07:52:02.0870 3416 vwififlt - ok
07:52:02.0885 3416 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
07:52:02.0885 3416 W32Time - ok
07:52:02.0917 3416 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
07:52:02.0917 3416 WacomPen - ok
07:52:02.0932 3416 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
07:52:02.0932 3416 WANARP - ok
07:52:02.0948 3416 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
07:52:02.0948 3416 Wanarpv6 - ok
07:52:03.0229 3416 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
07:52:03.0260 3416 WatAdminSvc - ok
07:52:03.0369 3416 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
07:52:03.0385 3416 wbengine - ok
07:52:03.0463 3416 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
07:52:03.0463 3416 WbioSrvc - ok
07:52:03.0509 3416 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
07:52:03.0509 3416 wcncsvc - ok
07:52:03.0525 3416 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:52:03.0525 3416 WcsPlugInService - ok
07:52:03.0556 3416 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
07:52:03.0556 3416 Wd - ok
07:52:03.0665 3416 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
07:52:03.0681 3416 Wdf01000 - ok
07:52:03.0712 3416 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
07:52:03.0712 3416 WdiServiceHost - ok
07:52:03.0712 3416 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
07:52:03.0712 3416 WdiSystemHost - ok
07:52:03.0759 3416 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
07:52:03.0759 3416 WebClient - ok
07:52:03.0806 3416 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
07:52:03.0806 3416 Wecsvc - ok
07:52:03.0821 3416 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
07:52:03.0837 3416 wercplsupport - ok
07:52:03.0837 3416 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
07:52:03.0853 3416 WerSvc - ok
07:52:03.0884 3416 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
07:52:03.0884 3416 WfpLwf - ok
07:52:03.0946 3416 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
07:52:03.0946 3416 WimFltr - ok
07:52:03.0962 3416 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
07:52:03.0962 3416 WIMMount - ok
07:52:03.0977 3416 WinDefend - ok
07:52:03.0977 3416 WinHttpAutoProxySvc - ok
07:52:04.0055 3416 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
07:52:04.0055 3416 Winmgmt - ok
07:52:04.0227 3416 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
07:52:04.0274 3416 WinRM - ok
07:52:04.0367 3416 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
07:52:04.0367 3416 Wlansvc - ok
07:52:04.0711 3416 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:52:04.0757 3416 wlidsvc - ok
07:52:04.0789 3416 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
07:52:04.0789 3416 WmiAcpi - ok
07:52:04.0835 3416 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
07:52:04.0835 3416 wmiApSrv - ok
07:52:04.0882 3416 WMPNetworkSvc - ok
07:52:04.0929 3416 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
07:52:04.0929 3416 WPCSvc - ok
07:52:04.0945 3416 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
07:52:04.0945 3416 WPDBusEnum - ok
07:52:04.0976 3416 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
07:52:04.0976 3416 ws2ifsl - ok
07:52:05.0007 3416 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
07:52:05.0007 3416 wscsvc - ok
07:52:05.0007 3416 WSearch - ok
07:52:05.0101 3416 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
07:52:05.0147 3416 wuauserv - ok
07:52:05.0179 3416 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
07:52:05.0179 3416 WudfPf - ok
07:52:05.0210 3416 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
07:52:05.0210 3416 WUDFRd - ok
07:52:05.0241 3416 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
07:52:05.0241 3416 wudfsvc - ok
07:52:05.0303 3416 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
07:52:05.0303 3416 WwanSvc - ok
07:52:05.0303 3416 ================ Scan global ===============================
07:52:05.0350 3416 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
07:52:05.0413 3416 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
07:52:05.0428 3416 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
07:52:05.0459 3416 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
07:52:05.0537 3416 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
07:52:05.0553 3416 [Global] - ok
07:52:05.0553 3416 ================ Scan MBR ==================================
07:52:05.0584 3416 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:52:08.0954 3416 \Device\Harddisk0\DR0 - ok
07:52:08.0954 3416 ================ Scan VBR ==================================
07:52:08.0985 3416 [ 12679ECC4CE6E0C990661A6CDB0A961B ] \Device\Harddisk0\DR0\Partition1
07:52:08.0985 3416 \Device\Harddisk0\DR0\Partition1 - ok
07:52:09.0032 3416 [ 16BC459AFD23EB073EA72016CDAA4F1D ] \Device\Harddisk0\DR0\Partition2
07:52:09.0032 3416 \Device\Harddisk0\DR0\Partition2 - ok
07:52:09.0032 3416 ============================================================
07:52:09.0032 3416 Scan finished
07:52:09.0032 3416 ============================================================
07:52:09.0032 5720 Detected object count: 0
07:52:09.0032 5720 Actual detected object count: 0

#8 Gordon C

Gordon C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:09:09 PM

Posted 28 January 2013 - 08:15 AM

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-28 08:00:15
-----------------------------
08:00:15.144 OS Version: Windows x64 6.1.7601 Service Pack 1
08:00:15.144 Number of processors: 4 586 0x2A07
08:00:15.144 ComputerName: MININT-HVUMN6D UserName: test
08:00:16.782 Initialize success
08:07:04.859 AVAST engine defs: 13012800
08:08:12.298 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:08:12.298 Disk 0 Vendor: WDC_WD75 03.0 Size: 715404MB BusType: 3
08:08:12.298 Disk 0 MBR read successfully
08:08:12.298 Disk 0 MBR scan
08:08:12.298 Disk 0 Windows 7 default MBR code
08:08:12.298 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 701402 MB offset 2048
08:08:12.329 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 14000 MB offset 1436473344
08:08:12.376 Disk 0 scanning C:\Windows\system32\drivers
08:08:21.393 Service scanning
08:08:44.855 Modules scanning
08:08:44.855 Disk 0 trace - called modules:
08:08:44.886 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
08:08:44.886 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80095ac060]
08:08:45.401 3 CLASSPNP.SYS[fffff88001b4d43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007796050]
08:08:47.117 AVAST engine scan C:\Windows
08:08:52.749 AVAST engine scan C:\Windows\system32
08:11:29.045 AVAST engine scan C:\Windows\system32\drivers
08:11:40.293 AVAST engine scan C:\Users\test
08:11:56.689 AVAST engine scan C:\ProgramData
08:13:20.976 Scan finished successfully
08:14:17.713 Disk 0 MBR has been saved successfully to "C:\Users\test\Documents\MBR.dat"
08:14:17.760 The log file has been saved successfully to "C:\Users\test\Documents\aswMBR.txt"

#9 Gordon C

Gordon C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:09:09 PM

Posted 28 January 2013 - 09:01 AM

C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting (after the next restart) - quarantined
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\DA19.tmp.vir Win64/Olmarik.AO trojan cleaned by deleting - quarantined
C:\Users\tommy\AppData\Local\Google\Chrome\User Data\Default\Default\aadhdigdgfdedgdidbdjdhdjdegcdfdc\background.js Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting - quarantined

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:09 PM

Posted 28 January 2013 - 09:33 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#11 Gordon C

Gordon C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:09:09 PM

Posted 28 January 2013 - 11:05 AM

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.28.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
tommy :: MININT-HVUMN6D [administrator]

1/28/2013 10:03:22 AM
mbam-log-2013-01-28 (10-03-22).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 394273
Time elapsed: 27 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#12 Gordon C

Gordon C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:09:09 PM

Posted 28 January 2013 - 11:09 AM

MiniToolBox by Farbar Version:10-01-2013
Ran by tommy (administrator) on 28-01-2013 at 11:07:52
Running from "E:\"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® Centrino® Wireless-N 1030 = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : MININT-HVUMN6D
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 4C-EB-42-10-9C-39
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 84-8F-69-C3-1C-D4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 1030
Physical Address. . . . . . . . . : 4C-EB-42-10-9C-35
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::cd35:ab2:23fd:943b%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.141(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, January 28, 2013 9:12:34 AM
Lease Expires . . . . . . . . . . : Tuesday, January 29, 2013 9:12:39 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 189590338
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-B2-E7-16-84-8F-69-C3-1C-D4
DNS Servers . . . . . . . . . . . : 192.168.0.1
207.14.235.234
67.238.98.162
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:184c:3aae:3f57:ff72(Preferred)
Link-local IPv6 Address . . . . . : fe80::184c:3aae:3f57:ff72%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{F5391E9E-6BD4-4281-8EDF-760E35FDAC88}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.

Pinging google.com [74.125.137.101] with 32 bytes of data:
Reply from 74.125.137.101: bytes=32 time=36ms TTL=48
Reply from 74.125.137.101: bytes=32 time=37ms TTL=48

Ping statistics for 74.125.137.101:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 36ms, Maximum = 37ms, Average = 36ms
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=98ms TTL=51
Reply from 98.138.253.109: bytes=32 time=157ms TTL=51

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 98ms, Maximum = 157ms, Average = 127ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...4c eb 42 10 9c 39 ......Bluetooth Device (Personal Area Network)
12...84 8f 69 c3 1c d4 ......Realtek PCIe FE Family Controller
11...4c eb 42 10 9c 35 ......Intel® Centrino® Wireless-N 1030
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.141 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.141 281
192.168.0.141 255.255.255.255 On-link 192.168.0.141 281
192.168.0.255 255.255.255.255 On-link 192.168.0.141 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.141 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.141 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
15 58 ::/0 On-link
1 306 ::1/128 On-link
15 58 2001::/32 On-link
15 306 2001:0:9d38:6ab8:184c:3aae:3f57:ff72/128
On-link
11 281 fe80::/64 On-link
15 306 fe80::/64 On-link
15 306 fe80::184c:3aae:3f57:ff72/128
On-link
11 281 fe80::cd35:ab2:23fd:943b/128
On-link
1 306 ff00::/8 On-link
15 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/28/2013 10:58:15 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/28/2013 10:57:31 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (01/28/2013 09:56:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (01/28/2013 09:14:14 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2013 09:08:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2013 08:16:18 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/28/2013 08:16:08 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/28/2013 08:16:08 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/28/2013 07:59:52 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/28/2013 07:40:56 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/28/2013 09:11:52 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/28/2013 09:11:52 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/28/2013 09:11:45 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/28/2013 09:11:45 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/28/2013 09:11:45 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/28/2013 09:11:45 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/28/2013 09:11:45 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/28/2013 09:11:45 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/28/2013 09:11:45 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/28/2013 09:11:45 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (01/28/2013 10:58:15 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\test\downloads\esetsmartinstaller_enu.exe

Error: (01/28/2013 10:57:31 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (01/28/2013 09:56:30 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\tommy\AppData\Local\TNT2\2.0.0.1267\TNT2User.exe

Error: (01/28/2013 09:14:14 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2013 09:08:42 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/28/2013 08:16:18 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\test\Downloads\esetsmartinstaller_enu.exe

Error: (01/28/2013 08:16:08 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\test\Downloads\esetsmartinstaller_enu.exe

Error: (01/28/2013 08:16:08 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\test\Downloads\esetsmartinstaller_enu.exe

Error: (01/28/2013 07:59:52 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\test\Downloads\esetsmartinstaller_enu.exe

Error: (01/28/2013 07:40:56 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2012-12-07 07:19:00.337
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-07 07:19:00.321
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-07 07:19:00.306
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-07 07:19:00.290
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-06 18:29:18.701
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-06 18:29:18.686
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

4500_G510gm_Help (Version: 000.0.439.000)
4500G510gm (Version: 000.0.423.000)
4500G510gm_Software_Min (Version: 000.0.423.000)
64 Bit HP CIO Components Installer (Version: 6.2.1)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)
Adobe Reader X (10.1.5) (Version: 10.1.5)
Advanced Audio FX Engine (Version: 1.12.05)
BufferChm (Version: 130.0.331.000)
CyberLink PowerDVD 9.6 (Version: 9.6.1.4418)
D3DX10 (Version: 15.4.2368.0902)
Dell DataSafe Local Backup - Support Software (Version: 9.4.67)
Dell DataSafe Local Backup (Version: 9.4.67)
Dell Support Center (Version: 3.1.5907.16)
Dell Touchpad (Version: 7.1207.101.225)
Dell Webcam Central (Version: 1.40.05)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.372.000)
DirectX 9 Runtime (Version: 1.00.0000)
DocMgr (Version: 130.0.000.000)
DocProc (Version: 13.0.0.0)
ESET Online Scanner v3
Fax (Version: 130.0.418.000)
Google Chrome (Version: 24.0.1312.56)
Google Earth (Version: 7.0.2.8415)
Google Update Helper (Version: 1.3.21.123)
GPBaseService2 (Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet 4500 G510g-m (Version: 13.0)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 4.000.011.006)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
Intel® Processor Graphics (Version: 8.15.10.2253)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 1.0.1.0489)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Junk Mail filter update (Version: 15.4.3502.0922)
Live! Cam Avatar Creator (Version: 4.6.3009.1)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network64 (Version: 130.0.374.000)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
OpenOffice.org 3.1 (Version: 3.1.9399)
PhotoShowExpress (Version: 2.0.063)
Quickset64 (Version: 11.0.10)
RBVirtualFolder64Inst (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.6267)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.3)
Roxio Burn (Version: 1.8)
Roxio Creator Starter (Version: 1.0.439)
Roxio Creator Starter (Version: 12.1.77.0)
Roxio Creator Starter (Version: 5.0.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Scan (Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
SmartWebPrinting (Version: 130.0.373.000)
SolutionCenter (Version: 130.0.373.000)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Status (Version: 130.0.373.000)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.376.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
WebReg (Version: 130.0.132.017)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Yahoo! Toolbar
Yontoo 1.10.02 (Version: 1.10.02)

========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 8086.17 MB
Available physical RAM: 5921.77 MB
Total Pagefile: 16170.53 MB
Available Pagefile: 14003.18 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.25 MB

========================= Partitions: =====================================

1 Drive c: (OSDisk) (Fixed) (Total:684.96 GB) (Free:644.55 GB) NTFS
3 Drive e: () (Removable) (Total:1.87 GB) (Free:1.76 GB) FAT

========================= Users: ========================================

User accounts for \\MININT-HVUMN6D

Administrator Guest test
tommy

========================= Restore Points ==================================


**** End of log ****

#13 Gordon C

Gordon C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:09:09 PM

Posted 28 January 2013 - 11:16 AM

Farbar Service Scanner Version: 16-01-2013
Ran by tommy (administrator) on 28-01-2013 at 11:12:11
Running from "C:\Users\tommy\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#14 Gordon C

Gordon C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:09:09 PM

Posted 28 January 2013 - 11:22 AM

# AdwCleaner v2.109 - Logfile created 01/28/2013 at 11:18:29
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : tommy - MININT-HVUMN6D
# Boot Mode : Normal
# Running from : C:\Users\tommy\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\Tarma Installer

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.56

File : C:\Users\tommy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3346 octets] - [28/01/2013 11:18:29]

########## EOF - C:\AdwCleaner[S1].txt - [3406 octets] ##########

#15 Gordon C

Gordon C
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC
  • Local time:09:09 PM

Posted 28 January 2013 - 11:25 AM

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/28/2013 11:24:15 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 01/28/2013 11:24:26 AM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users