Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Frequent BSOD. possible infection?


  • Please log in to reply
9 replies to this topic

#1 anadig12

anadig12

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 22 February 2013 - 10:27 PM

I've had blue screen shut downs on and off for about 6 months and they've become more frequent.

I own an Asus K53E-DH31 and posted in the Windows 7 forum and was referred here after installing Speccy, MiniToolBox, and SecurityCheck.exe and posting the contents there as I was advised.



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:16 PM

Posted 22 February 2013 - 10:39 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters




  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now




  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue




  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.



  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.



  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the   button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results


 



#3 anadig12

anadig12
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 24 February 2013 - 02:26 PM

14:48:58.0110 6768  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:48:58.0720 6768  ============================================================
14:48:58.0720 6768  Current date / time: 2013/02/23 14:48:58.0720
14:48:58.0720 6768  SystemInfo:
14:48:58.0720 6768  
14:48:58.0720 6768  OS Version: 6.1.7601 ServicePack: 1.0
14:48:58.0721 6768  Product type: Workstation
14:48:58.0721 6768  ComputerName: ANASTACIAA-PC
14:48:58.0721 6768  UserName: Anastacia A
14:48:58.0721 6768  Windows directory: C:\Windows
14:48:58.0721 6768  System windows directory: C:\Windows
14:48:58.0721 6768  Running under WOW64
14:48:58.0721 6768  Processor architecture: Intel x64
14:48:58.0721 6768  Number of processors: 4
14:48:58.0721 6768  Page size: 0x1000
14:48:58.0721 6768  Boot type: Normal boot
14:48:58.0721 6768  ============================================================
14:48:58.0926 6768  BG loaded
14:48:59.0559 6768  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:48:59.0567 6768  ============================================================
14:48:59.0567 6768  \Device\Harddisk0\DR0:
14:48:59.0570 6768  MBR partitions:
14:48:59.0570 6768  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1749C000
14:48:59.0595 6768  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A69D000, BlocksNum 0x1FCE8800
14:48:59.0595 6768  ============================================================
14:48:59.0649 6768  C: <-> \Device\Harddisk0\DR0\Partition1
14:48:59.0679 6768  D: <-> \Device\Harddisk0\DR0\Partition2
14:48:59.0680 6768  ============================================================
14:48:59.0680 6768  Initialize success
14:48:59.0680 6768  ============================================================
14:53:26.0003 3800  Deinitialize success
 
 
 
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-24 11:54:12
-----------------------------
11:54:12.259    OS Version: Windows x64 6.1.7601 Service Pack 1
11:54:12.259    Number of processors: 4 586 0x2A07
11:54:12.259    ComputerName: ANASTACIAA-PC  UserName: Anastacia A
11:54:18.702    Initialize success
11:54:31.088    AVAST engine defs: 13022400
11:55:07.718    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:55:07.734    Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
11:55:07.734    Device \Driver\iaStor -> MajorFunction fffffa80077065e8
11:55:07.734    Disk 0 MBR read successfully
11:55:07.749    Disk 0 MBR scan
11:55:07.749    Disk 0 Windows 7 default MBR code
11:55:07.765    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    25600 MB offset 2048
11:55:07.796    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       190776 MB offset 52430848
11:55:07.812    Disk 0 Partition - 00     0F Extended LBA            260562 MB offset 443140096
11:55:07.827    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       260561 MB offset 443142144
11:55:07.874    Disk 0 scanning C:\Windows\system32\drivers
11:55:22.506    Service scanning
11:55:51.101    Modules scanning
11:55:51.631    Disk 0 trace - called modules:
11:55:51.647    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80077065e8]<<
11:55:51.647    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a85060]
11:55:51.663    3 CLASSPNP.SYS[fffff88001f6143f] -> nt!IofCallDriver -> [0xfffffa8003c78800]
11:55:51.678    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004beb050]
11:55:51.678    \Driver\iaStor[0xfffffa80077173f0] -> IRP_MJ_CREATE -> 0xfffffa80077065e8
11:55:52.411    AVAST engine scan C:\Windows
11:55:54.580    AVAST engine scan C:\Windows\system32
11:57:57.791    File: C:\Windows\assembly\GAC_32\Desktop.ini  **INFECTED** Win32:Sirefef-PL [Rtk]
11:58:00.762    File: C:\Windows\assembly\GAC_64\Desktop.ini  **INFECTED** Win32:Sirefef-PL [Rtk]
11:59:40.545    AVAST engine scan C:\Windows\system32\drivers
12:00:09.221    AVAST engine scan C:\Users\Anastacia A
12:04:03.714    AVAST engine scan C:\ProgramData
12:05:45.446    Scan finished successfully
12:06:15.856    Disk 0 MBR has been saved successfully to "C:\Users\Anastacia A\Desktop\MBR.dat"
12:06:15.866    The log file has been saved successfully to "C:\Users\Anastacia A\Desktop\aswMBR.txt"
 
 
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\36f72d39-69f9a890    multiple threats    
C:\ctfmon.lnk    Win32/Reveton.J trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\16.08.2012_01.02.56\mbr0000\tdlfs0000\tsk0000.dta    Win32/Olmarik.AYI trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\16.08.2012_01.02.56\mbr0000\tdlfs0000\tsk0001.dta    Win64/Olmarik.AK trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\17.07.2012_12.44.09\mbr0000\tdlfs0000\tsk0001.dta    Win64/Olmarik.AK trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.08.2012_21.13.48\mbr0000\tdlfs0000\tsk0000.dta    Win32/Olmarik.AYI trojan    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\18.08.2012_21.13.48\mbr0000\tdlfs0000\tsk0001.dta    Win64/Olmarik.AK trojan    cleaned by deleting - quarantined
C:\Users\Anastacia A\AppData\Local\Google\Chrome\User Data\Default\Default\aadjdjgfdbdgdhgcggdjgcgbdegegbdg\background.js    Win32/TrojanDownloader.Tracur.V trojan    cleaned by deleting - quarantined
C:\Users\Anastacia A\AppData\Local\Google\ElevatedDiagnostics\wjbzwvqyw.dll    Win32/Kryptik.AOSJ.Gen trojan    cleaned by deleting (after the next restart) - quarantined
C:\Users\Anastacia A\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\42923901-20cabe8a    multiple threats    deleted - quarantined
C:\Users\Anastacia A\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\6e5e6b0b-62119f55    multiple threats    deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\36f72d39-69f9a890    multiple threats    deleted - quarantined
D:\618d35fec400369ffe7a\Setup.exe    Win32/Expiro.NAN virus    cleaned - quarantined
D:\618d35fec400369ffe7a\SetupUtility.exe    Win32/Expiro.NAN virus    cleaned - quarantined
 


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:16 PM

Posted 24 February 2013 - 02:39 PM

Please run TDSSkiller once again and post the last few lines of TDSSkiller log

 


Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.  You can also right click on the link and select Save Link As

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Search
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well


===================================================


Junkware Removal Tooll by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply


===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:


  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.


===================================================


Autoruns

--------------------

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log

 



#5 anadig12

anadig12
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 24 February 2013 - 07:08 PM

17:00:54.0537 6040  ================ Scan global ===============================
17:00:54.0562 6040  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:00:54.0592 6040  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:00:54.0611 6040  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:00:54.0644 6040  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:00:54.0682 6040  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:00:54.0705 6040  [Global] - ok
17:00:54.0705 6040  ================ Scan MBR ==================================
17:00:54.0728 6040  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:00:54.0729 6040  Suspicious mbr (Forged): \Device\Harddisk0\DR0
17:00:54.0806 6040  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
17:00:54.0806 6040  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
17:00:54.0807 6040  ================ Scan VBR ==================================
17:00:54.0816 6040  [ 1AC1A0DF5506C185B97E5E631AF78847 ] \Device\Harddisk0\DR0\Partition1
17:00:54.0822 6040  \Device\Harddisk0\DR0\Partition1 - ok
17:00:54.0846 6040  [ 9D90659883B7889CE2CA4DA3BC5EF920 ] \Device\Harddisk0\DR0\Partition2
17:00:54.0850 6040  \Device\Harddisk0\DR0\Partition2 - ok
17:00:54.0851 6040  ============================================================
17:00:54.0851 6040  Scan finished
17:00:54.0851 6040  ============================================================
17:00:54.0876 6032  Detected object count: 1
17:00:54.0876 6032  Actual detected object count: 1
17:01:49.0348 6032  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user
17:01:49.0348 6032  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip 
17:04:00.0118 5924  Deinitialize success
 
 
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.02.24.06
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Anastacia A :: ANASTACIAA-PC [administrator]
 
2/24/2013 5:05:10 PM
mbam-log-2013-02-24 (17-05-10).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210143
Time elapsed: 4 minute(s), 12 second(s)
 
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 5044 -> Delete on reboot.
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
 
(end)
 
 
MiniToolBox by Farbar  Version:10-01-2013
Ran by Anastacia A (administrator) on 24-02-2013 at 17:11:47
Running from "C:\Users\Anastacia A\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : AnastaciaA-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : E0-B9-A5-A8-3C-E2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : E0-B9-A5-A8-3C-E2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::28c0:dd0a:86c2:af68%12(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.0.4(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, February 24, 2013 4:58:27 PM
   Lease Expires . . . . . . . . . . : Monday, February 25, 2013 4:58:26 PM
   Default Gateway . . . . . . . . . : 10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 316717477
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-E7-36-E7-14-DA-E9-C4-86-05
   DNS Servers . . . . . . . . . . . : 10.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 14-DA-E9-C4-86-05
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{DD13FA67-75BD-4775-8699-4A1B752495F8}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  10.0.0.1
 
Name:    google.com
Addresses:  2607:f8b0:4002:c03::8b
      74.125.134.138
      74.125.134.139
      74.125.134.100
      74.125.134.101
      74.125.134.102
      74.125.134.113
 
 
Pinging google.com [74.125.137.138] with 32 bytes of data:
Reply from 74.125.137.138: bytes=32 time=29ms TTL=47
Reply from 74.125.137.138: bytes=32 time=29ms TTL=47
 
Ping statistics for 74.125.137.138:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 29ms, Maximum = 29ms, Average = 29ms
Server:  UnKnown
Address:  10.0.0.1
 
Name:    yahoo.com
Addresses:  206.190.36.45
      98.139.183.24
      98.138.253.109
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=481ms TTL=48
Reply from 98.139.183.24: bytes=32 time=548ms TTL=50
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 481ms, Maximum = 548ms, Average = 514ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...e0 b9 a5 a8 3c e2 ......Microsoft Virtual WiFi Miniport Adapter
 12...e0 b9 a5 a8 3c e2 ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
 11...14 da e9 c4 86 05 ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1         10.0.0.4     25
         10.0.0.0    255.255.255.0         On-link          10.0.0.4    281
         10.0.0.4  255.255.255.255         On-link          10.0.0.4    281
       10.0.0.255  255.255.255.255         On-link          10.0.0.4    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link          10.0.0.4    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link          10.0.0.4    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 12    281 fe80::/64                On-link
 12    281 fe80::28c0:dd0a:86c2:af68/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
 
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
 
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File not found] ()
Catalog9 02 mswsock.dll [File not found] ()
Catalog9 03 mswsock.dll [File not found] ()
Catalog9 04 mswsock.dll [File not found] ()
Catalog9 05 mswsock.dll [File not found] ()
Catalog9 06 mswsock.dll [File not found] ()
Catalog9 07 mswsock.dll [File not found] ()
Catalog9 08 mswsock.dll [File not found] ()
Catalog9 09 mswsock.dll [File not found] ()
Catalog9 10 mswsock.dll [File not found] ()
Catalog9 11 mswsock.dll [File not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
 
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
 
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog9 11 mswsock.dll [File Not found] ()
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (02/24/2013 05:08:25 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.
 
Error: (02/24/2013 00:46:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 564770
 
Error: (02/24/2013 00:46:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 564770
 
Error: (02/24/2013 00:46:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/24/2013 00:46:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 563772
 
Error: (02/24/2013 00:46:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 563772
 
Error: (02/24/2013 00:46:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/24/2013 00:46:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 562774
 
Error: (02/24/2013 00:46:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 562774
 
Error: (02/24/2013 00:46:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (02/24/2013 04:58:37 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147024891
 
Error: (02/24/2013 04:58:37 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
Error: (02/24/2013 04:58:25 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
BHDrvx64
SymIRON
 
Error: (02/24/2013 04:58:19 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
 
Error: (02/24/2013 04:58:18 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
Error: (02/24/2013 04:58:18 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
 
Error: (02/24/2013 04:58:17 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (02/24/2013 00:46:31 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
Error: (02/24/2013 00:46:31 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147024891
 
Error: (02/24/2013 00:46:19 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
 
Microsoft Office Sessions:
=========================
Error: (02/24/2013 05:08:25 PM) (Source: CVHSVC)(User: )
Description: Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.
 
Error: (02/24/2013 00:46:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 564770
 
Error: (02/24/2013 00:46:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 564770
 
Error: (02/24/2013 00:46:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/24/2013 00:46:22 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 563772
 
Error: (02/24/2013 00:46:22 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 563772
 
Error: (02/24/2013 00:46:22 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/24/2013 00:46:21 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 562774
 
Error: (02/24/2013 00:46:21 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 562774
 
Error: (02/24/2013 00:46:21 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
=========================== Installed Programs ============================
 
??????? Windows Live Mesh ActiveX ??(????) (Version: 15.4.5722.2)
??????? Windows Live Mesh ActiveX ??? (Version: 15.4.5722.2)
Adobe AIR (Version: 3.5.0.600)
Adobe Download Assistant (Version: 1.2.5)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.168)
Adobe Flash Player 11 Plugin (Version: 11.5.502.149)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
Alcor Micro USB Card Reader (Version: 1.2.0117.08443)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.12.5.0)
ASUS AI Recovery (Version: 1.0.24)
ASUS FaceLogon (Version: 1.0.0013)
ASUS FancyStart (Version: 1.1.0)
ASUS Live Update (Version: 3.1.2)
ASUS Power4Gear Hybrid (Version: 1.1.50)
ASUS Splendid Video Enhancement Technology (Version: 1.02.0033)
ASUS Virtual Camera (Version: 1.0.21)
ASUS WebStorage (Version: 3.0.84.161)
AsusScr_K3 Series_ENG (Version: 1.0.0001)
AsusVibe2.0 (Version: 2.0.4.617)
ATK Package (Version: 1.0.0010)
BabylonObjectInstaller (Version: 2.0.0.2)
Bing Bar (Version: 7.0.610.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.27)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (Version: 15.4.5722.2)
Control ActiveX de Windows Live Mesh para conexiones remotas (Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (Version: 15.4.5722.2)
CyberLink LabelPrint (Version: 2.5.1908)
CyberLink Power2Go (Version: 6.1.3602c)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ESET Online Scanner v3
Fast Boot (Version: 1.0.10)
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (Version: 15.4.3502.0922)
Google Chrome (Version: 25.0.1364.97)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.135)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2405)
iTunes (Version: 11.0.1.12)
Java™ 6 Update 31 (Version: 6.0.310)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft PowerPoint 2010 (Version: 14.0.6029.1000)
Microsoft PowerPoint Viewer (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Norton Internet Security (Version: 19.1.0.28)
Nuance PDF Reader (Version: 6.00.0041)
Realtek High Definition Audio Driver (Version: 6.0.1.6304)
REALTEK Wireless LAN Driver (Version: 1.00.0175)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.14.0)
Sonic Focus (Version: 1.00.0000)
Speccy (Version: 1.20)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.3.6.0)
syncables desktop SE (Version: 5.5.746.11492)
Trend Micro Titanium Internet Security (Version: 3.00)
Trend Micro Titanium Internet Security (Version: 3.1.1109)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Windows Live ??? (Version: 15.4.3502.0922)
Windows Live ???? (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinFlash (Version: 2.32.3)
Wireless Console 3 (Version: 3.0.25)
 
========================= Devices: ================================
 
Name: BHDrvx64
Description: BHDrvx64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: BHDrvx64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Symantec Iron Driver
Description: Symantec Iron Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SymIRON
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 43%
Total physical RAM: 3873.14 MB
Available physical RAM: 2171.32 MB
Total Pagefile: 7744.48 MB
Available Pagefile: 5735.49 MB
Total Virtual: 4095.88 MB
Available Virtual: 3964.98 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:121.95 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:254.45 GB) (Free:254.03 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\ANASTACIAA-PC
 
Administrator            Anastacia A              Guest                    
 
 
**** End of log ****
 
 
Farbar Service Scanner Version: 20-02-2013
Ran by Anastacia A (administrator) on 24-02-2013 at 17:14:01
Running from "C:\Users\Anastacia A\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is offline
 
 
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
 
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
 
bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
 
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
 
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 
 
# AdwCleaner v2.113 - Logfile created 02/24/2013 at 17:15:12
# Updated 23/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Anastacia A - ANASTACIAA-PC
# Boot Mode : Normal
# Running from : C:\Users\Anastacia A\Desktop\AdwCleaner.exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Found : C:\user.js
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\Complitly
Folder Found : C:\Program Files (x86)\yourfiledownloader
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\Premium
Folder Found : C:\Users\Anastacia A\AppData\Local\APN
Folder Found : C:\Users\Anastacia A\AppData\Local\AskToolbar
Folder Found : C:\Users\Anastacia A\AppData\Local\Conduit
Folder Found : C:\Users\Anastacia A\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Folder Found : C:\Users\Anastacia A\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Anastacia A\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Anastacia A\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Anastacia A\AppData\LocalLow\Conduit
Folder Found : C:\Users\Anastacia A\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Anastacia A\AppData\Roaming\Babylon
Folder Found : C:\Users\Anastacia A\AppData\Roaming\yourfiledownloader
 
***** [Registry] *****
 
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\I Want This
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Babylon
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\YourFileDownloader
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193
Key Found : HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Found : HKLM\Software\YourFileDownloader
Key Found : HKLM\SOFTWARE\DataMngr
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16447
 
[OK] Registry is clean.
 
-\\ Google Chrome v25.0.1364.97
 
File : C:\Users\Anastacia A\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Found [l.1651] : homepage = "hxxp://search.babylon.com/?affID=112555&tt=060612_5_&babsrc=HP_ss&mntrId=2484ebdd000000000000e0b9a5a83ce2",
 
*************************
 
AdwCleaner[R1].txt - [4634 octets] - [24/02/2013 17:15:12]
 
########## EOF - C:\AdwCleaner[R1].txt - [4694 octets] ##########
 
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 7 Home Premium x64
Ran by Anastacia A on Sun 02/24/2013 at 17:51:49.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3499636725-4147656795-1084565976-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?
 
   Val Name      Type   Value Data
   ========      ====   ==========
    ElevatedDiagnostics    REG_SZ    rundll32.exe "C:\Users\Anastacia A\AppData\Local\Google\ElevatedDiagnostics\wjbzwvqyw.dll",DllRegisterServerW
 
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1}
 
 
 
~~~ Files
 
Failed to delete [File] C:\Windows\svchost.exe  [Check for TDL4 Rootkit!]
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
Dumping contents of C:\Users\Anastacia A\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\Anastacia A\appdata\local\Google\Chrome\User Data\Default\Default\aadjdjgfdbdgdhgcggdjgcgbdegegbdg
C:\Users\Anastacia A\appdata\local\Google\Chrome\User Data\Default\Default\aadjdjgfdbdgdhgcggdjgcgbdegegbdg\ContentScript.js
C:\Users\Anastacia A\appdata\local\Google\Chrome\User Data\Default\Default\aadjdjgfdbdgdhgcggdjgcgbdegegbdg\manifest.json
 
Successfully deleted: [Folder] C:\Users\Anastacia A\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\dhkplhfnhceodhffomolpfigojocbpcb
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/24/2013 at 18:35:48.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Rkill 2.4.7 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 02/24/2013 07:01:50 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\SysWOW64\ACEngSvr.exe (PID: 3128) [WD-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]
 
Backup Registry file created at:
 C:\Users\Anastacia A\Desktop\rkill\rkill-02-24-2013-07-01-56.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
 * ALERT: ZEROACCESS rootkit symptoms found!
 
     * HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack]
     * C:\$Recycle.Bin\S-1-5-18\$80aa28bd953b0d79ac5259b01480de54\ [ZA Dir]
     * C:\$Recycle.Bin\S-1-5-18\$80aa28bd953b0d79ac5259b01480de54\@ [ZA File]
     * C:\$Recycle.Bin\S-1-5-18\$80aa28bd953b0d79ac5259b01480de54\L\ [ZA Dir]
     * C:\$Recycle.Bin\S-1-5-18\$80aa28bd953b0d79ac5259b01480de54\L\00000004.@ [ZA File]
     * C:\$Recycle.Bin\S-1-5-18\$80aa28bd953b0d79ac5259b01480de54\L\201d3dde [ZA File]
     * C:\$Recycle.Bin\S-1-5-18\$80aa28bd953b0d79ac5259b01480de54\L\76603ac3 [ZA File]
     * C:\$Recycle.Bin\S-1-5-18\$80aa28bd953b0d79ac5259b01480de54\U\ [ZA Dir]
     * C:\Windows\assembly\GAC_32\Desktop.ini [ZA File]
     * C:\Windows\assembly\GAC_64\Desktop.ini [ZA File]
 
Checking Windows Service Integrity: 
 
 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual
 
 * BFE [Missing Service]
 * BITS [Missing Service]
 * iphlpsvc [Missing Service]
 * MpsSvc [Missing Service]
 * WinDefend [Missing Service]
 * wscsvc [Missing Service]
 * wuauserv [Missing Service]
 
 * SharedAccess [Missing ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 02/24/2013 07:02:12 PM
Execution time: 0 hours(s), 0 minute(s), and 22 seconds(s)
 
 
"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms"    ""    ""    ""
+ "rdpclip"    ""    ""    "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "AmIcoSinglun64"    "Single LUN Icon Utility for VID 058F PID 6366"    "Alcor Micro Corp."    "c:\program files (x86)\amicosinglun\amicosinglun64.exe"
+ "HotKeysCmds"    "hkcmd Module"    "Intel Corporation"    "c:\windows\system32\hkcmd.exe"
+ "IgfxTray"    "igfxTray Module"    "Intel Corporation"    "c:\windows\system32\igfxtray.exe"
+ "Persistence"    "persistence Module"    "Intel Corporation"    "c:\windows\system32\igfxpers.exe"
+ "RtHDVBg"    "HD Audio Background Process"    "Realtek Semiconductor"    "c:\program files\realtek\audio\hda\ravbg64.exe"
+ "Setwallpaper"    ""    ""    "File not found: c:\programdata\SetWallpaper.cmd"
+ "SynAsusAcpi"    "Asus Custom Acpi Monitor Application"    "Synaptics Incorporated"    "c:\program files\synaptics\syntp\synasusacpi.exe"
+ "SynTPEnh"    "Synaptics TouchPad Enhancements"    "Synaptics Incorporated"    "c:\program files\synaptics\syntp\syntpenh.exe"
+ "Trend Micro Client Framework"    "Trend Micro Client Session Agent Monitor"    "Trend Micro Inc."    "c:\program files\trend micro\uniclient\uifrmwrk\uiwatchdog.exe"
+ "Trend Micro Titanium"    "Trend Micro Client Main Console"    "Trend Micro Inc."    "c:\program files\trend micro\titanium\uiframework\uiwinmgr.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "Adobe ARM"    "Adobe Reader and Acrobat Manager"    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "AdobeCS6ServiceManager"    ""    ""    "File not found: C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe"
+ "APSDaemon"    "Apple Push"    "Apple Inc."    "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "ASUSPRP"    "ASUS Product Register Program"    "ASUSTek Computer Inc."    "c:\program files (x86)\asus\aprp\aprp.exe"
+ "ASUSWebStorage"    "AsusWebStorage"    "ecareme"    "c:\program files (x86)\asus\asus webstorage\3.0.84.161\asuswspanel.exe"
+ "ATKMEDIA"    "ATK Media"    "ASUS"    "c:\program files (x86)\asus\atk package\atk media\dmedia.exe"
+ "ATKOSD2"    "ATKOSD2"    "ASUS"    "c:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe"
+ "BCSSync"    "Microsoft Office 2010 component"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office14\bcssync.exe"
+ "HControlUser"    "HControlUser"    "ASUS"    "c:\program files (x86)\asus\atk package\atk hotkey\hcontroluser.exe"
+ "iTunesHelper"    "iTunesHelper"    "Apple Inc."    "c:\program files (x86)\itunes\ituneshelper.exe"
+ "Nuance PDF Reader-reminder"    "Ereg"    "Nuance Communications, Inc."    "c:\program files (x86)\nuance\pdf reader\ereg\ereg.exe"
+ "SonicMasterTray"    "ASUS_MATray.exe"    "Virage Logic Corporation / Sonic Focus"    "c:\program files (x86)\asus\sonic focus\sonicfocustray.exe"
+ "SwitchBoard"    ""    ""    "File not found: C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
+ "UpdateLBPShortCut"    "MUI StartMenu Application"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe"
+ "UpdateP2GoShortCut"    "MUI StartMenu Application"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe"
+ "Wireless Console 3"    "Wireless Console 3"    "ASUS"    "c:\program files (x86)\asus\wireless console 3\wcourier.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce"    ""    ""    ""
+ "Malwarebytes Anti-Malware"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe"
+ "Malwarebytes Anti-Malware (cleanup)"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"    ""    ""    ""
+ "AsusVibeLauncher.lnk"    "AsusVibe Application"    ""    "c:\program files (x86)\asus\asusvibe\asusvibelauncher.exe"
+ "FancyStart daemon.lnk"    ""    ""    "c:\windows\installer\{2b81872b-a054-48da-be3b-fa5c164c303a}\_94e3ce3704fe82fbf49a6a.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"    ""    ""    ""
+ "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components"    ""    ""    ""
+ "Google Chrome"    "Google Chrome"    "Google Inc."    "c:\program files (x86)\google\chrome\application\25.0.1364.97\installer\chrmstp.exe"
+ "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "ElevatedDiagnostics"    ""    ""    "File not found: C:\Users\Anastacia A\AppData\Local\Google\ElevatedDiagnostics\wjbzwvqyw.dll"
+ "Sidebar"    "Windows Desktop Gadgets"    "Microsoft Corporation"    "c:\program files\windows sidebar\sidebar.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter"    ""    ""    ""
+ "text/xml"    "Microsoft Office XML MIME Filter"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler"    ""    ""    ""
+ "tmbp"    "Trend Micro Browser Plug-In (IE)"    "Trend Micro Inc."    "c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\tmbpie64.dll"
+ "tmpx"    "Trend Micro NSC IE Plug-In"    "Trend Micro Inc."    "c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\tmieplg.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "Symantec.Norton.Antivirus.IEContextMenu"    "Symantec Shared Component Shell Extension Module"    "Symantec Corporation"    "c:\program files (x86)\norton internet security\engine64\19.1.0.28\navshext.dll"
+ "TmdshellExt Class"    "Trend Micro Client Shell Extension"    "Trend Micro Inc."    "c:\program files\trend micro\uniclient\uifrmwrk\tmdshell.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "Gadgets"    "Sidebar droptarget"    "Microsoft Corporation"    "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui"    "igfxpph Module"    "Intel Corporation"    "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "Gadgets"    "Sidebar droptarget"    "Microsoft Corporation"    "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers"    ""    ""    ""
+ "PDF Shell Extension"    "PDF Shell Extension"    "Adobe Systems, Inc."    "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "Symantec.Norton.Antivirus.IEContextMenu"    "Symantec Shared Component Shell Extension Module"    "Symantec Corporation"    "c:\program files (x86)\norton internet security\engine64\19.1.0.28\navshext.dll"
+ "TmdshellExt Class"    "Trend Micro Client Shell Extension"    "Trend Micro Inc."    "c:\program files\trend micro\uniclient\uifrmwrk\tmdshell.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"    ""    ""    ""
+ "AsusWSShellExt_B"    "AsusWSShellExt64"    "eCareme Technologies, Inc."    "c:\program files (x86)\asus\asus webstorage\3.0.84.161\asuswsshellext64.dll"
+ "AsusWSShellExt_O"    "AsusWSShellExt64"    "eCareme Technologies, Inc."    "c:\program files (x86)\asus\asus webstorage\3.0.84.161\asuswsshellext64.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""
+ "Google Toolbar Helper"    "Google Toolbar"    "Google Inc."    "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "Google Toolbar Notifier BHO"    "GoogleToolbarNotifier"    "Google Inc."    "c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg64.dll"
+ "Office Document Cache Handler"    "Microsoft Office Document Cache Handler"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\urlredir.dll"
+ "TmBpIeBHO Class"    "Trend Micro Browser Plug-In (IE)"    "Trend Micro Inc."    "c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\tmbpie64.dll"
+ "TmIEPlugInBHO Class"    "Trend Micro NSC IE Plug-In"    "Trend Micro Inc."    "c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\tmieplg.dll"
+ "Windows Live ID Sign-in Helper"    "Microsoft® Windows Live ID Login Helper"    "Microsoft Corp."    "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""
+ "Adobe PDF Link Helper"    "Adobe PDF Helper for Internet Explorer"    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Bing Bar Helper"    "Bing Client Extensions"    "Microsoft Corporation."    "c:\program files (x86)\microsoft\bingbar\bingext.dll"
+ "Google Dictionary Compression sdch"    "Fast Search"    "Google Inc."    "c:\program files (x86)\google\google toolbar\component\fastsearch_b7c5ac242193bb3e.dll"
+ "Google Toolbar Helper"    "Google Toolbar"    "Google Inc."    "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Google Toolbar Notifier BHO"    "GoogleToolbarNotifier"    "Google Inc."    "c:\program files (x86)\google\googletoolbarnotifier\5.2.4204.1700\swg.dll"
+ "Java™ Plug-In 2 SSV Helper"    "Java™ Platform SE binary"    "Sun Microsystems, Inc."    "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper"    "Java™ Platform SE binary"    "Sun Microsystems, Inc."    "c:\program files (x86)\java\jre6\bin\ssv.dll"
+ "Norton Identity Protection"    "coIEPlugIn"    "Symantec Corporation"    "c:\program files (x86)\norton internet security\engine\19.1.0.28\coieplg.dll"
+ "Norton Vulnerability Protection"    "IPS Browser Helper DLL"    "Symantec Corporation"    "c:\program files (x86)\norton internet security\engine\19.1.0.28\ips\ipsbho.dll"
+ "Office Document Cache Handler"    "Microsoft Office Document Cache Handler"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office14\urlredir.dll"
+ "TmBpIeBHO Class"    "Trend Micro Browser Plug-In (IE)"    "Trend Micro Inc."    "c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\tmbpie32.dll"
+ "TmIEPlugInBHO Class"    "Trend Micro NSC IE Plug-In"    "Trend Micro Inc."    "c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\tmieplg32.dll"
+ "Windows Live ID Sign-in Helper"    "Microsoft® Windows Live ID Login Helper"    "Microsoft Corp."    "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar"    ""    ""    ""
+ "Google Toolbar"    "Google Toolbar"    "Google Inc."    "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar"    ""    ""    ""
+ "Bing"    "Bing Client Extensions"    "Microsoft Corporation."    "c:\program files (x86)\microsoft\bingbar\bingext.dll"
+ "Google Toolbar"    "Google Toolbar"    "Google Inc."    "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Norton Toolbar"    "coIEPlugIn"    "Symantec Corporation"    "c:\program files (x86)\norton internet security\engine\19.1.0.28\coieplg.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions"    ""    ""    ""
+ "&Blog This in Windows Live Writer"    "Windows Live Writer Blog This Extension"    "Microsoft Corporation"    "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
"Task Scheduler"    ""    ""    ""
+ "\ACMON"    "ACMON "    "ASUS"    "c:\program files (x86)\asus\splendid\acmon.exe"
+ "\Adobe Flash Player Updater"    "Adobe® Flash® Player Update Service 11.6 r602"    "Adobe Systems Incorporated"    "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "\AIRecoveryRemind"    "AIRecoveryRemind"    "ASUSTek Computer Inc."    "c:\program files (x86)\asus\ai recovery\airecoveryremind.exe"
+ "\Apple\AppleSoftwareUpdate"    "Apple Software Update"    "Apple Inc."    "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\ASUS Live Update"    "ASUS Live Update"    "ASUSTeK Computer Inc."    "c:\program files (x86)\asus\asus live update\liveupdate.exe"
+ "\ASUS P4G"    "Power4Gear Hybrid"    "ASUS"    "c:\program files\asus\p4g\batterylife.exe"
+ "\ASUS SmartLogon Console Sensor"    "FaceLogon Application"    "ASUS"    "c:\program files (x86)\asus\facelogon\sensorsrv.exe"
+ "\At1"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe"
+ "\At10"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe"
+ "\At11"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe"
+ "\At12"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe"
+ "\At13"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe"
+ "\At14"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe"
+ "\At15"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe"
+ "\At16"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe"
+ "\At17"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe"
+ "\At18"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe"
+ "\At19"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe"
+ "\At2"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe"
+ "\At20"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe"
+ "\At21"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe"
+ "\At22"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe"
+ "\At23"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe"
+ "\At24"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe"
+ "\At25"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe_"
+ "\At26"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe_"
+ "\At27"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe_"
+ "\At28"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe_"
+ "\At29"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe_"
+ "\At3"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe"
+ "\At30"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe_"
+ "\At31"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe_"
+ "\At32"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe_"
+ "\At33"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe_"
+ "\At34"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe_"
+ "\At35"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe_"
+ "\At36"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe_"
+ "\At37"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe_"
+ "\At38"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe_"
+ "\At39"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe_"
+ "\At4"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe"
+ "\At40"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe_"
+ "\At41"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe_"
+ "\At42"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe_"
+ "\At43"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe_"
+ "\At44"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe_"
+ "\At45"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe_"
+ "\At46"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe_"
+ "\At47"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe_"
+ "\At48"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe_"
+ "\At5"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe"
+ "\At6"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe"
+ "\At7"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe"
+ "\At8"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe"
+ "\At9"    ""    ""    "File not found: C:\ProgramData\OAun4F83.exe"
+ "\ATKOSD2"    "ATKOSD2"    "ASUS"    "c:\program files (x86)\asus\atk package\atkosd2\atkosd2.exe"
+ "\CCleanerSkipUAC"    "CCleaner"    "Piriform Ltd"    "c:\program files\ccleaner\ccleaner.exe"
+ "\GoogleUpdateTaskMachineCore"    "Google Installer"    "Google Inc."    "c:\program files (x86)\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskMachineUA"    "Google Installer"    "Google Inc."    "c:\program files (x86)\google\update\googleupdate.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task"    "Windows Live Social Object Extractor Engine"    "Microsoft Corporation"    "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo"    ""    ""    "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary"    "Windows Media Player Network Sharing Service Configuration Application"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnscfg.exe"
+ "\Norton Internet Security\Norton Error Analyzer"    "Symantec Error Reporting"    "Symantec Corporation"    "c:\program files (x86)\norton internet security\engine\19.1.0.28\symerr.exe"
+ "\Norton Internet Security\Norton Error Processor"    "Symantec Error Reporting"    "Symantec Corporation"    "c:\program files (x86)\norton internet security\engine\19.1.0.28\symerr.exe"
+ "\Norton WSC Integration"    "WSCStub"    "Symantec Corporation"    "c:\program files (x86)\norton internet security\engine\19.1.0.28\wscstub.exe"
+ "\SidebarExecute"    "Windows Desktop Gadgets"    "Microsoft Corporation"    "c:\program files\windows sidebar\sidebar.exe"
+ "\Your File Updater"    ""    ""    "File not found: C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe"
+ "\{0615BC0C-C50E-470A-96B3-4F49BE08CD71}"    "Microsoft Office 2010"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\options14\msoo.exe"
+ "\{486242C4-5957-4D52-85A5-FAA7498B4245}"    "Microsoft Office 2010"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\options14\msoo.exe"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ "AdobeARMservice"    "Adobe Acrobat Updater keeps your Adobe software up to date."    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc"    "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes."    "Adobe Systems Incorporated"    "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AFBAgent"    "ASUS FastBoot"    "ASUSTeK Computer Inc."    "c:\windows\system32\fbagent.exe"
+ "Amsp"    "Manages Trend Micro security modules"    "Trend Micro Inc."    "c:\program files\trend micro\amsp\coreserviceshell.exe"
+ "Apple Mobile Device"    "Provides the interface to Apple mobile devices."    "Apple Inc."    "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "ASLDRService"    "ASLDR Service"    "ASUS"    "c:\program files (x86)\asus\atk package\atk hotkey\asldrsrv.exe"
+ "ATKGFNEXSrv"    "GFNEXSrv"    "ASUS"    "c:\program files (x86)\asus\atk package\atkgfnex\gfnexsrv.exe"
+ "BBSvc"    "Keeps Bing Bar up-to-date. Disabling this service might prevent updates and expose your computer to security vulnerabilities or functional flaws in Bing Bar."    "Microsoft Corporation."    "c:\program files (x86)\microsoft\bingbar\bbsvc.exe"
+ "Bonjour Service"    "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence."    "Apple Inc."    "c:\program files\bonjour\mdnsresponder.exe"
+ "cvhsvc"    "Client Virtualization Handler Service (unlocalized description)"    "Microsoft Corporation"    "c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe"
+ "fsssvc"    "This service enables Family Safety on the computer. If this service is not running, Family Safety will not work."    "Microsoft Corporation"    "c:\program files (x86)\windows live\family safety\fsssvc.exe"
+ "gupdate"    "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."    "Google Inc."    "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem"    "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."    "Google Inc."    "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc"    "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work."    "Google"    "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "iPod Service"    "iPod hardware management services"    "Apple Inc."    "c:\program files\ipod\bin\ipodservice.exe"
+ "LMS"    "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces."    "Intel Corporation"    "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"
+ "NIS"    "Norton Internet Security"    "Symantec Corporation"    "c:\program files (x86)\norton internet security\engine\19.1.0.28\ccsvchst.exe"
+ "ose"    "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports."    "Microsoft Corporation"    "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc"    "Office Software Protection Platform Service (unlocalized description)"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "pcCMService"    "mcci+McciCMService"    "Alcatel-Lucent"    "c:\program files (x86)\common files\motive\pccmservice.exe"
+ "pcCMService64"    "mcci+McciCMService"    "Alcatel-Lucent"    "c:\program files\common files\motive\pccmservice.exe"
+ "SeaPort"    "Enables the detection, download and installation of up-to-date configuration files for Bing Bar. Also provides server communication for the customer experience improvement program. Stopping or disabling this service may prevent you from getting the latest updates for Bing Bar, which may expose your computer to security vulnerabilities or functional flaws in the Bing Bar."    "Microsoft Corporation"    "c:\program files (x86)\microsoft\bingbar\seaport.exe"
+ "sftlist"    "Streams and manages applications."    "Microsoft Corporation"    "c:\program files (x86)\microsoft application virtualization client\sftlist.exe"
+ "sftvsa"    "Monitors global service events and launches virtual services."    "Microsoft Corporation"    "c:\program files (x86)\microsoft application virtualization client\sftvsa.exe"
+ "SwitchBoard"    "Adobe SwitchBoard"    ""    "File not found: C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
+ "UNS"    "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device."    "Intel Corporation"    "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"
+ "wlidsvc"    "Enables Windows Live ID authentication."    "Microsoft Corp."    "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc"    "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ "adp94xx"    "Adaptec Windows SAS/SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci"    "Adaptec Windows SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320"    "Adaptec StorPort Ultra320 SCSI Driver (X64)"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpu320.sys"
+ "aliide"    "ALi mini IDE Driver"    "Acer Laboratories Inc."    "c:\windows\system32\drivers\aliide.sys"
+ "amdsata"    "AHCI 1.2 Device Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs"    "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform"    "AMD Technologies Inc."    "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata"    "Storage Filter Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdxata.sys"
+ "androidusb"    "ADB Interface"    "Google Inc"    "c:\windows\system32\drivers\ssadadb.sys"
+ "arc"    "Adaptec RAID Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arc.sys"
+ "arcsas"    "Adaptec SAS RAID WS03 Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arcsas.sys"
+ "ASMMAP64"    "Memory mapping Driver"    "ASUS"    "c:\program files (x86)\asus\atk package\atkgfnex\asmmap64.sys"
+ "asmthub3"    "ASMedia USB3 Hub Driver"    "ASMedia Technology Inc"    "c:\windows\system32\drivers\asmthub3.sys"
+ "asmtxhci"    "ASMEDIA XHCI Host Controller Driver"    "ASMedia Technology Inc"    "c:\windows\system32\drivers\asmtxhci.sys"
+ "athr"    "Atheros Extensible Wireless LAN device driver"    "Atheros Communications, Inc."    "c:\windows\system32\drivers\athrx.sys"
+ "ATKWMIACPIIO"    "ATK WMIACPI Utility"    "ASUS"    "c:\program files (x86)\asus\atk package\atk wmiacpi\atkwmiacpi64.sys"
+ "b06bdrv"    "Broadcom NetXtreme II GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a"    "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver."    "Broadcom Corporation"    "c:\windows\system32\drivers\b57nd60a.sys"
+ "BHDrvx64"    "SONAR Engine Driver"    "Symantec Corporation"    "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20110723.001\bhdrvx64.sys"
+ "BrFiltLo"    "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp"    "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid"    "Brotehr Serial I/F Driver (WDM)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm"    "Brother Serial driver (WDM version)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm"    "Brother USB MDM Driver "    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer"    "Brother USB Serial Driver"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbser.sys"
+ "ccSet_NIS"    "Common Client Settings Driver"    "Symantec Corporation"    "c:\windows\system32\drivers\nisx64\1301000.01c\ccsetx64.sys"
+ "cmdide"    "CMD PCI IDE Bus Driver"    "CMD Technology, Inc."    "c:\windows\system32\drivers\cmdide.sys"
+ "cpuz134"    ""    ""    "File not found: C:\Users\ANASTA~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys"
+ "ebdrv"    "Broadcom NetXtreme II 10 GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\evbda.sys"
+ "elxstor"    "Storport Miniport Driver for LightPulse HBAs"    "Emulex"    "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM"    "CD DVD Filter"    "GEAR Software Inc."    "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir"    "Hauppauge WinTV 885 Consumer IR Driver for eHome"    "Hauppauge Computer Works, Inc."    "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD"    "Smart Array SAS/SATA Controller Media Driver"    "Hewlett-Packard Company"    "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor"    "Intel Rapid Storage Technology driver - x64"    "Intel Corporation"    "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV"    "Intel Matrix Storage Manager driver - x64"    "Intel Corporation"    "c:\windows\system32\drivers\iastorv.sys"
+ "IDSVia64"    "Symantec Intrusion Prevention Driver"    "Symantec Corporation"    "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20110726.001\idsvia64.sys"
+ "igfx"    "Intel Graphics Kernel Mode Driver"    "Intel Corporation"    "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp"    "Intel/ICP Raid Storport Driver"    "Intel Corp./ICP vortex GmbH"    "c:\windows\system32\drivers\iirsp.sys"
+ "IntcAzAudAddService"    "Realtek® High Definition Audio Function Driver"    "Realtek Semiconductor Corp."    "c:\windows\system32\drivers\rtkvhd64.sys"
+ "IntcDAud"    "Intel® Display Audio Driver"    "Intel® Corporation"    "c:\windows\system32\drivers\intcdaud.sys"
+ "kbfiltr"    "Keyboard Filter Driver"    " "    "c:\windows\system32\drivers\kbfiltr.sys"
+ "L1C"    "Atheros L1c PCI-E Gigabit Ethernet Controller"    "Atheros Communications, Inc."    "c:\windows\system32\drivers\l1c62x64.sys"
+ "LSI_FC"    "LSI Fusion-MPT FC Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS"    "LSI Fusion-MPT SAS Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2"    "LSI SAS Gen2 Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI"    "LSI Fusion-MPT SCSI Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas"    "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64"    "LSI Corporation"    "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR"    "LSI MegaRAID Software RAID Driver"    "LSI Corporation, Inc."    "c:\windows\system32\drivers\megasr.sys"
+ "MEIx64"    "Intel® Management Engine Interface"    "Intel Corporation"    "c:\windows\system32\drivers\hecix64.sys"
+ "MREMP50"    "PCAUSA NDIS 5.0 MPR Protocol Driver"    "Printing Communications Assoc., Inc. (PCAUSA)"    "c:\program files (x86)\common files\motive\mremp50.sys"
+ "MREMP50a64"    ""    ""    "File not found: C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS"
+ "MREMPR5"    ""    ""    "File not found: C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS"
+ "MRENDIS5"    ""    ""    "File not found: C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS"
+ "MRESP50"    "PCAUSA NDIS 5.0 SPR Protocol Driver"    "Printing Communications Assoc., Inc. (PCAUSA)"    "c:\program files (x86)\common files\motive\mresp50.sys"
+ "MRESP50a64"    ""    ""    "File not found: C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS"
+ "NAVENG"    "AV Engine"    "Symantec Corporation"    "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20121215.006\eng64.sys"
+ "NAVEX15"    "AV Engine"    "Symantec Corporation"    "c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\virusdefs\20121215.006\ex64.sys"
+ "nfrd960"    "IBM ServeRAID Controller Driver"    "IBM Corporation"    "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid"    "NVIDIA® nForce™ RAID Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor"    "NVIDIA® nForce™ Sata Performance Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300"    "QLogic Fibre Channel Stor Miniport Driver"    "QLogic Corporation"    "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx"    "QLogic iSCSI Storport Miniport Driver"    "QLogic Corporation"    "c:\windows\system32\drivers\ql40xx.sys"
+ "RTL8192Ce"    "Realtek RTL81892CE NDIS Driverr"    "Realtek Semiconductor Corporation                           "    "c:\windows\system32\drivers\rtl8192ce.sys"
+ "secdrv"    "Macrovision SECURITY Driver"    "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."    "c:\windows\system32\drivers\secdrv.sys"
+ "SiSGbeLH"    "NDIS 6.0 Miniport Driver for SiS191/SiS190 Ethernet Device"    "Silicon Integrated Systems Corp."    "c:\windows\system32\drivers\sisg664.sys"
+ "SiSRaid2"    "SiS RAID Stor Miniport Driver"    "Silicon Integrated Systems Corp."    "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4"    "SiS AHCI Stor-Miniport Driver"    "Silicon Integrated Systems"    "c:\windows\system32\drivers\sisraid4.sys"
+ "SMR311"    "SMR"    "Symantec Corporation"    "c:\windows\system32\drivers\smr311.sys"
+ "SRTSP"    "Symantec AutoProtect"    "Symantec Corporation"    "c:\windows\system32\drivers\nisx64\1301000.01c\srtsp64.sys"
+ "SRTSPX"    "Symantec AutoProtect"    "Symantec Corporation"    "c:\windows\system32\drivers\nisx64\1301000.01c\srtspx64.sys"
+ "ssadbus"    "SAMSUNG Android USB Composite Device Driver"    "MCCI Corporation"    "c:\windows\system32\drivers\ssadbus.sys"
+ "ssadmdfl"    "SAMSUNG Android USB Modem (Filter)"    "MCCI Corporation"    "c:\windows\system32\drivers\ssadmdfl.sys"
+ "ssadmdm"    "SAMSUNG Android USB Modem Drivers"    "MCCI Corporation"    "c:\windows\system32\drivers\ssadmdm.sys"
+ "ssadserd"    "SAMSUNG Android USB Diagnostic Serial Port (WDM)"    "MCCI Corporation"    "c:\windows\system32\drivers\ssadserd.sys"
+ "stexstor"    "Promise  SuperTrak EX Series Driver for Windows "    "Promise Technology"    "c:\windows\system32\drivers\stexstor.sys"
+ "SymDS"    "Symantec Data Store"    "Symantec Corporation"    "c:\windows\system32\drivers\nisx64\1301000.01c\symds64.sys"
+ "SymEFA"    "Symantec Extended File Attributes"    "Symantec Corporation"    "c:\windows\system32\drivers\nisx64\1301000.01c\symefa64.sys"
+ "SymEvent"    "Symantec Event Library"    "Symantec Corporation"    "c:\windows\system32\drivers\symevent64x86.sys"
+ "SymIRON"    "Iron Driver"    "Symantec Corporation"    "c:\windows\system32\drivers\nisx64\1301000.01c\ironx64.sys"
+ "SymNetS"    "Network Security Driver"    "Symantec Corporation"    "c:\windows\system32\drivers\nisx64\1301000.01c\symnets.sys"
+ "SynTP"    "Synaptics Touchpad Driver"    "Synaptics Incorporated"    "c:\windows\system32\drivers\syntp.sys"
+ "tmactmon"    "Trend Micro Activity Monitor Driver"    "Trend Micro Inc."    "c:\windows\system32\drivers\tmactmon.sys"
+ "tmcomm"    "Trend Micro Common Engine Driver"    "Trend Micro Inc."    "c:\windows\system32\drivers\tmcomm.sys"
+ "tmevtmgr"    "Trend Micro Event Manager Driver"    "Trend Micro Inc."    "c:\windows\system32\drivers\tmevtmgr.sys"
+ "tmtdi"    "Trend Micro TDI Driver (amd64-fre)"    "Trend Micro Inc."    "c:\windows\system32\drivers\tmtdi.sys"
+ "USBAAPL64"    "Apple Mobile Device USB Driver"    "Apple, Inc."    "c:\windows\system32\drivers\usbaapl64.sys"
+ "viaide"    "VIA Generic PCI IDE Bus Driver"    "VIA Technologies, Inc."    "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid"    "VIA RAID DRIVER FOR AMD-X86-64"    "VIA Technologies Inc.,Ltd"    "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid"    "Cinepak® Codec"    "Radius Inc."    "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""
+ "ASUS Color Convert"    "ASUS Color Preview Filter"    "ASUSTek"    "c:\program files (x86)\asus\splendid\rgbtran.ax"
+ "ASUS Color Preview Filter"    "ASUS Color Preview Filter"    "ASUSTek"    "c:\program files (x86)\asus\splendid\rgbtran.ax"
+ "ASUS SplitVCam Pump"    ""    ""    "c:\program files (x86)\asus\virtualcamera\virtualcamera.ax"
+ "ASUS SplitVCam Relayer"    ""    ""    "c:\program files (x86)\asus\virtualcamera\virtualcamera.ax"
+ "ASUS SplitVCam Renderer"    ""    ""    "c:\program files (x86)\asus\virtualcamera\splitvcamrenderer.ax"
+ "ASUS Virtual Camera"    ""    ""    "c:\program files (x86)\asus\virtualcamera\virtualcamera.ax"
+ "Capture File Writer"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "CyberLink Audio Noise Reduction"    "CLAuNR"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gaunrwrapper.ax"
+ "CyberLink Audio Resampler"    "CLAuRsmpl.ax"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gaursmpl.ax"
+ "CyberLink Audio VolumeBooster"    "CyberLink Audio Volume Booster Filter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gvb.ax"
+ "CyberLink AudioCD Filter"    "CyberLink AudioCD Filter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gaudiocd.ax"
+ "Cyberlink Dump Dispatch Filter"    "Cyberlink File Dump Dispatch Filter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gdumpdispatch.ax"
+ "Cyberlink Dump Filter"    "Cyberlink File Dump Filter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gdump.ax"
+ "CyberLink Editing Service 3.0 (Source)"    "CES Kernel"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gedtkrn.dll"
+ "Cyberlink File Reader (Async.)"    "Cyberlink MPEG File Reader"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2greader.ax"
+ "CyberLink Load Image Filter"    "CLImage"    "CyberLink"    "c:\program files (x86)\cyberlink\shared files\climage.ax"
+ "CyberLink M2V Writer"    "CLM2VWriter"    "CyberLink"    "c:\program files (x86)\cyberlink\power2go\p2gm2vwriter.ax"
+ "CyberLink MP3/WAV Wrapper"    "CyberLink MP3 Wrapper"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gmp3wrap.ax"
+ "CyberLink MPEG Decoder"    "CyberLink Video/SP Filter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gmvd.ax"
+ "CyberLink MPEG Muxer"    "MpgMux"    "CyberLink"    "c:\program files (x86)\cyberlink\power2go\p2gmpgmux.ax"
+ "CyberLink MPEG Video Encoder"    "CyberLink MPEG Video Encoder                               "    "CyberLink Corp.                                            "    "c:\program files (x86)\cyberlink\power2go\p2gvidenc.ax"
+ "CyberLink MPEG-1 Splitter"    "CyberLink MPEG Splitter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gm1spliter.ax"
+ "CyberLink MPEG-2 Splitter"    "CyberLink MPEG Splitter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gm2spliter.ax"
+ "CyberLink PCM Wrapper"    "CyberLink PCM Wrapper"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gpcmenc.ax"
+ "CyberLink TimeStretch Filter (CES)"    "CLAuTS.ax"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gauts.ax"
+ "CyberLink TL MPEG Splitter"    "CyberLink MPEG Splitter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gtlmsplter.ax"
+ "CyberLink Video Effect"    "CLVidFx"    "CyberLink"    "c:\program files (x86)\cyberlink\power2go\p2gvidfx.ax"
+ "CyberLink Video Regulator"    "CLRGL"    "Cyberlink"    "c:\program files (x86)\cyberlink\power2go\p2grgl.ax"
+ "CyberLink Video Stabilizer"    "CLVideoDeShaking"    "CyberLink"    "c:\program files (x86)\cyberlink\power2go\p2gvideostabilizer.ax"
+ "Logon Effects"    "SmartLogon Filter"    "ASUS"    "c:\program files (x86)\asus\facelogon\face_filter.ax"
+ "P2G Audio Decoder"    "CyberLink Audio Decoder Filter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gaud.ax"
+ "P2G Audio Encoder"    "CyberLink Audio Encoder Filter"    "Cyberlink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gaudenc.ax"
+ "P2G Video Decoder"    "CyberLink Video/SP Filter"    "CyberLink Corp."    "c:\program files (x86)\cyberlink\power2go\p2gvsd.ax"
+ "P2G Video Regulator"    "CyberLink Video Regulator"    "CyberLink"    "c:\program files (x86)\cyberlink\power2go\p2gresample.ax"
+ "Record Queue"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source"    "Windows Live Video Acquisition Filters"    "Microsoft Corporation"    "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers"    ""    ""    ""
+ "FaceCredentialProvider64"    "FaceLogon Dynamic Link Library"    "ASUS"    "c:\program files (x86)\asus\facelogon\system\facecredentialprovider64.dll"
+ "WLIDCredentialProvider"    "Microsoft® Windows Live ID Credential Provider"    "Microsoft Corp."    "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"    ""    ""    ""
+ "igfxcui"    "igfxdev Module"    "Intel Corporation"    "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries"    ""    ""    ""
+ "mdnsNSP"    "Bonjour Namespace Provider"    "Apple Inc."    "c:\program files (x86)\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP"    "Microsoft® Windows Live ID Namespace Provider"    "Microsoft Corp."    "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP"    "Microsoft® Windows Live ID Namespace Provider"    "Microsoft Corp."    "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64"    ""    ""    ""
+ "mdnsNSP"    "Bonjour Namespace Provider"    "Apple Inc."    "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP"    "Microsoft® Windows Live ID Namespace Provider"    "Microsoft Corp."    "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP"    "Microsoft® Windows Live ID Namespace Provider"    "Microsoft Corp."    "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"C:\Users\Anastacia A\AppData\Local\Microsoft\Windows Sidebar\Settings.ini"    ""    ""    ""
+ "Norton Internet Security"    "Protect your computer against viruses, spyware, and Internet threats."    "Symantec Corporation"    "C:\Program Files\Windows Sidebar\Gadgets\Norton.Gadget\en-US\Gadget.xml"
+ "Power4Gear"    "ASUS Power4Gear Utility"    "ASUSTek Corporation"    "C:\Program Files\Windows Sidebar\Shared Gadgets\P4GUpdate.Gadget\Gadget.xml"
 
 


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:16 PM

Posted 24 February 2013 - 07:12 PM

Run TDSSkiller again and select CURE

 

17:01:49.0348 6032  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip

 

 

Restart the PC,run TDSSkiller again and post the new log

 

Run malwarebytes again and post the clean log

 

Launch Adware cleaner and click on DELETE,post the new log

 

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log
 

 

Now run RKILL given in previous instructions and post the new log
 


Edited by narenxp, 25 February 2013 - 01:33 AM.


#7 anadig12

anadig12
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 24 February 2013 - 11:23 PM

19:53:33.0428 1624  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:53:34.0146 1624  ============================================================
19:53:34.0146 1624  Current date / time: 2013/02/24 19:53:34.0146
19:53:34.0146 1624  SystemInfo:
19:53:34.0146 1624  
19:53:34.0146 1624  OS Version: 6.1.7601 ServicePack: 1.0
19:53:34.0146 1624  Product type: Workstation
19:53:34.0146 1624  ComputerName: ANASTACIAA-PC
19:53:34.0146 1624  UserName: Anastacia A
19:53:34.0146 1624  Windows directory: C:\Windows
19:53:34.0146 1624  System windows directory: C:\Windows
19:53:34.0146 1624  Running under WOW64
19:53:34.0146 1624  Processor architecture: Intel x64
19:53:34.0146 1624  Number of processors: 4
19:53:34.0146 1624  Page size: 0x1000
19:53:34.0146 1624  Boot type: Normal boot
19:53:34.0146 1624  ============================================================
19:53:36.0293 1624  BG loaded
19:53:40.0380 1624  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:53:40.0396 1624  ============================================================
19:53:40.0396 1624  \Device\Harddisk0\DR0:
19:53:40.0396 1624  MBR partitions:
19:53:40.0396 1624  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1749C000
19:53:41.0940 1624  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A69D000, BlocksNum 0x1FCE8800
19:53:41.0940 1624  ============================================================
19:53:42.0330 1624  C: <-> \Device\Harddisk0\DR0\Partition1
19:53:50.0919 1624  D: <-> \Device\Harddisk0\DR0\Partition2
19:53:50.0919 1624  ============================================================
19:53:50.0919 1624  Initialize success
19:53:50.0919 1624  ============================================================
19:54:02.0931 4196  ============================================================
19:54:02.0931 4196  Scan started
19:54:02.0931 4196  Mode: Manual; 
19:54:02.0931 4196  ============================================================
19:54:03.0884 4196  ================ Scan system memory ========================
19:54:03.0884 4196  System memory - ok
19:54:03.0884 4196  ================ Scan services =============================
19:54:05.0522 4196  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:54:05.0537 4196  1394ohci - ok
19:54:05.0600 4196  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:54:05.0631 4196  ACPI - ok
19:54:05.0647 4196  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:54:05.0647 4196  AcpiPmi - ok
19:54:05.0834 4196  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:54:05.0849 4196  AdobeARMservice - ok
19:54:06.0146 4196  [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:54:06.0146 4196  AdobeFlashPlayerUpdateSvc - ok
19:54:06.0239 4196  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:54:06.0271 4196  adp94xx - ok
19:54:06.0302 4196  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:54:06.0317 4196  adpahci - ok
19:54:06.0333 4196  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:54:06.0333 4196  adpu320 - ok
19:54:06.0380 4196  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:54:06.0380 4196  AeLookupSvc - ok
19:54:06.0473 4196  [ 69FD46FAC0D9C4A8ECD522AC6A7481F5 ] AFBAgent        C:\Windows\system32\FBAgent.exe
19:54:06.0473 4196  AFBAgent - ok
19:54:06.0645 4196  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:54:06.0661 4196  AFD - ok
19:54:06.0723 4196  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:54:06.0739 4196  agp440 - ok
19:54:06.0770 4196  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:54:06.0785 4196  ALG - ok
19:54:06.0817 4196  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:54:06.0817 4196  aliide - ok
19:54:06.0832 4196  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:54:06.0832 4196  amdide - ok
19:54:06.0832 4196  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:54:06.0832 4196  AmdK8 - ok
19:54:06.0848 4196  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:54:06.0848 4196  AmdPPM - ok
19:54:06.0895 4196  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:54:06.0895 4196  amdsata - ok
19:54:06.0941 4196  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:54:06.0941 4196  amdsbs - ok
19:54:06.0957 4196  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:54:06.0957 4196  amdxata - ok
19:54:07.0082 4196  [ 18F64623E76FF58009D6F9CB9DEA5D0A ] Amsp            C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
19:54:07.0082 4196  Amsp - ok
19:54:07.0144 4196  [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
19:54:07.0144 4196  androidusb - ok
19:54:07.0207 4196  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:54:07.0222 4196  AppID - ok
19:54:07.0285 4196  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:54:07.0285 4196  AppIDSvc - ok
19:54:07.0331 4196  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
19:54:07.0331 4196  Appinfo - ok
19:54:07.0472 4196  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:54:07.0487 4196  Apple Mobile Device - ok
19:54:07.0550 4196  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
19:54:07.0550 4196  arc - ok
19:54:07.0565 4196  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:54:07.0581 4196  arcsas - ok
19:54:07.0659 4196  [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
19:54:07.0675 4196  ASLDRService - ok
19:54:07.0706 4196  [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
19:54:07.0706 4196  ASMMAP64 - ok
19:54:07.0768 4196  [ 0AA7A996792FB0287B33A57A8093AE44 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
19:54:07.0768 4196  asmthub3 - ok
19:54:07.0831 4196  [ 125DC3ABF5BFCCFE82AD17D078E0B9EC ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
19:54:07.0831 4196  asmtxhci - ok
19:54:07.0909 4196  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:54:07.0909 4196  AsyncMac - ok
19:54:07.0955 4196  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:54:07.0955 4196  atapi - ok
19:54:08.0080 4196  [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
19:54:08.0143 4196  athr - ok
19:54:08.0174 4196  [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
19:54:08.0174 4196  ATKGFNEXSrv - ok
19:54:08.0221 4196  [ AC31727F9946E9009480708E4D1B9986 ] ATKWMIACPIIO    C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
19:54:08.0221 4196  ATKWMIACPIIO - ok
19:54:08.0299 4196  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:54:08.0314 4196  AudioEndpointBuilder - ok
19:54:08.0361 4196  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:54:08.0377 4196  AudioSrv - ok
19:54:08.0408 4196  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:54:08.0423 4196  AxInstSV - ok
19:54:08.0501 4196  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:54:08.0517 4196  b06bdrv - ok
19:54:08.0579 4196  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:54:08.0595 4196  b57nd60a - ok
19:54:08.0689 4196  [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:54:08.0689 4196  BBSvc - ok
19:54:08.0938 4196  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:54:08.0938 4196  BDESVC - ok
19:54:08.0969 4196  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:54:08.0969 4196  Beep - ok
19:54:09.0313 4196  [ C823ADEEDD3AE6F3DB52B6152E5789CF ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110723.001\BHDrvx64.sys
19:54:09.0328 4196  BHDrvx64 - ok
19:54:09.0359 4196  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:54:09.0359 4196  blbdrive - ok
19:54:09.0500 4196  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:54:09.0515 4196  Bonjour Service - ok
19:54:09.0547 4196  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:54:09.0547 4196  bowser - ok
19:54:09.0593 4196  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:54:09.0593 4196  BrFiltLo - ok
19:54:09.0609 4196  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:54:09.0609 4196  BrFiltUp - ok
19:54:09.0640 4196  [ 8EF0D5C41EC907751B8429162B1239ED ] Browser         C:\Windows\System32\browser.dll
19:54:09.0656 4196  Browser - ok
19:54:09.0687 4196  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:54:09.0687 4196  Brserid - ok
19:54:09.0703 4196  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:54:09.0703 4196  BrSerWdm - ok
19:54:09.0718 4196  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:54:09.0718 4196  BrUsbMdm - ok
19:54:09.0718 4196  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:54:09.0734 4196  BrUsbSer - ok
19:54:09.0765 4196  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
19:54:09.0781 4196  BthEnum - ok
19:54:09.0796 4196  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:54:09.0796 4196  BTHMODEM - ok
19:54:09.0827 4196  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
19:54:09.0843 4196  BthPan - ok
19:54:09.0921 4196  [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
19:54:09.0952 4196  BTHPORT - ok
19:54:10.0046 4196  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:54:10.0046 4196  bthserv - ok
19:54:10.0061 4196  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
19:54:10.0077 4196  BTHUSB - ok
19:54:10.0202 4196  [ A8AD33C9DD88C810CAC00ACC7F4329FB ] ccSet_NIS       C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys
19:54:10.0217 4196  ccSet_NIS - ok
19:54:10.0264 4196  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:54:10.0264 4196  cdfs - ok
19:54:10.0327 4196  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:54:10.0327 4196  cdrom - ok
19:54:10.0405 4196  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:54:10.0420 4196  CertPropSvc - ok
19:54:10.0467 4196  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
19:54:10.0467 4196  circlass - ok
19:54:10.0498 4196  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:54:10.0514 4196  CLFS - ok
19:54:10.0654 4196  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:54:10.0654 4196  clr_optimization_v2.0.50727_32 - ok
19:54:10.0748 4196  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:54:10.0748 4196  clr_optimization_v2.0.50727_64 - ok
19:54:10.0904 4196  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:54:10.0951 4196  clr_optimization_v4.0.30319_32 - ok
19:54:11.0013 4196  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:54:11.0013 4196  clr_optimization_v4.0.30319_64 - ok
19:54:11.0060 4196  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:54:11.0060 4196  CmBatt - ok
19:54:11.0075 4196  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:54:11.0075 4196  cmdide - ok
19:54:11.0153 4196  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
19:54:11.0169 4196  CNG - ok
19:54:11.0200 4196  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:54:11.0216 4196  Compbatt - ok
19:54:11.0231 4196  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:54:11.0231 4196  CompositeBus - ok
19:54:11.0247 4196  COMSysApp - ok
19:54:11.0855 4196  cpuz134 - ok
19:54:11.0887 4196  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:54:11.0902 4196  crcdisk - ok
19:54:11.0949 4196  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:54:11.0949 4196  CryptSvc - ok
19:54:12.0136 4196  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:54:12.0152 4196  cvhsvc - ok
19:54:12.0230 4196  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:54:12.0245 4196  DcomLaunch - ok
19:54:12.0308 4196  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:54:12.0308 4196  defragsvc - ok
19:54:12.0339 4196  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:54:12.0339 4196  DfsC - ok
19:54:12.0433 4196  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:54:12.0448 4196  Dhcp - ok
19:54:12.0495 4196  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:54:12.0495 4196  discache - ok
19:54:12.0542 4196  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
19:54:12.0557 4196  Disk - ok
19:54:12.0620 4196  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:54:12.0620 4196  Dnscache - ok
19:54:12.0651 4196  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:54:12.0667 4196  dot3svc - ok
19:54:12.0682 4196  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:54:12.0682 4196  DPS - ok
19:54:12.0729 4196  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:54:12.0745 4196  drmkaud - ok
19:54:12.0838 4196  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:54:12.0854 4196  DXGKrnl - ok
19:54:12.0869 4196  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:54:12.0869 4196  EapHost - ok
19:54:13.0025 4196  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:54:13.0135 4196  ebdrv - ok
19:54:13.0150 4196  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:54:13.0150 4196  EFS - ok
19:54:13.0228 4196  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:54:13.0244 4196  ehRecvr - ok
19:54:13.0275 4196  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:54:13.0275 4196  ehSched - ok
19:54:13.0353 4196  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:54:13.0384 4196  elxstor - ok
19:54:13.0384 4196  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:54:13.0400 4196  ErrDev - ok
19:54:13.0431 4196  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:54:13.0447 4196  EventSystem - ok
19:54:13.0462 4196  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:54:13.0462 4196  exfat - ok
19:54:13.0493 4196  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:54:13.0493 4196  fastfat - ok
19:54:13.0556 4196  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:54:13.0556 4196  Fax - ok
19:54:13.0571 4196  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
19:54:13.0571 4196  fdc - ok
19:54:13.0587 4196  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:54:13.0587 4196  fdPHost - ok
19:54:13.0603 4196  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:54:13.0603 4196  FDResPub - ok
19:54:13.0634 4196  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:54:13.0649 4196  FileInfo - ok
19:54:13.0665 4196  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:54:13.0665 4196  Filetrace - ok
19:54:13.0681 4196  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:54:13.0696 4196  flpydisk - ok
19:54:13.0712 4196  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:54:13.0727 4196  FltMgr - ok
19:54:13.0852 4196  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
19:54:13.0883 4196  FontCache - ok
19:54:13.0961 4196  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:54:13.0961 4196  FontCache3.0.0.0 - ok
19:54:14.0055 4196  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:54:14.0055 4196  FsDepends - ok
19:54:14.0102 4196  [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
19:54:14.0102 4196  fssfltr - ok
19:54:14.0211 4196  [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:54:14.0273 4196  fsssvc - ok
19:54:14.0289 4196  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:54:14.0289 4196  Fs_Rec - ok
19:54:14.0320 4196  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:54:14.0336 4196  fvevol - ok
19:54:14.0351 4196  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:54:14.0367 4196  gagp30kx - ok
19:54:14.0398 4196  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:54:14.0398 4196  GEARAspiWDM - ok
19:54:14.0523 4196  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:54:14.0523 4196  gpsvc - ok
19:54:14.0601 4196  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:54:14.0601 4196  gupdate - ok
19:54:14.0632 4196  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:54:14.0648 4196  gupdatem - ok
19:54:14.0679 4196  [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:54:14.0695 4196  gusvc - ok
19:54:14.0710 4196  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:54:14.0726 4196  hcw85cir - ok
19:54:14.0757 4196  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:54:14.0757 4196  HdAudAddService - ok
19:54:14.0788 4196  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:54:14.0788 4196  HDAudBus - ok
19:54:14.0788 4196  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:54:14.0804 4196  HidBatt - ok
19:54:14.0804 4196  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:54:14.0819 4196  HidBth - ok
19:54:14.0819 4196  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:54:14.0819 4196  HidIr - ok
19:54:14.0851 4196  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:54:14.0851 4196  hidserv - ok
19:54:14.0882 4196  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
19:54:14.0882 4196  HidUsb - ok
19:54:14.0897 4196  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:54:14.0897 4196  hkmsvc - ok
19:54:14.0929 4196  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:54:14.0944 4196  HomeGroupListener - ok
19:54:14.0960 4196  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:54:14.0960 4196  HomeGroupProvider - ok
19:54:14.0991 4196  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:54:14.0991 4196  HpSAMD - ok
19:54:15.0038 4196  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:54:15.0053 4196  HTTP - ok
19:54:15.0116 4196  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:54:15.0116 4196  hwpolicy - ok
19:54:15.0163 4196  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:54:15.0178 4196  i8042prt - ok
19:54:15.0225 4196  [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
19:54:15.0225 4196  iaStor - ok
19:54:15.0287 4196  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:54:15.0287 4196  iaStorV - ok
19:54:15.0443 4196  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:54:15.0459 4196  idsvc - ok
19:54:15.0880 4196  [ 0B97F1A640AD3D159A7B5D2164C42E50 ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSVia64.sys
19:54:15.0896 4196  IDSVia64 - ok
19:54:16.0785 4196  [ 10BB0DC3361C9420CC1B0B2128BB89DB ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
19:54:16.0847 4196  igfx - ok
19:54:16.0894 4196  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:54:16.0894 4196  iirsp - ok
19:54:16.0925 4196  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:54:16.0988 4196  IKEEXT - ok
19:54:17.0144 4196  [ 02C93EBAA4421418411448FE7FDFD815 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:54:17.0222 4196  IntcAzAudAddService - ok
19:54:17.0269 4196  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
19:54:17.0269 4196  IntcDAud - ok
19:54:17.0300 4196  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:54:17.0300 4196  intelide - ok
19:54:17.0331 4196  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:54:17.0331 4196  intelppm - ok
19:54:17.0362 4196  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:54:17.0362 4196  IPBusEnum - ok
19:54:17.0378 4196  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:54:17.0393 4196  IpFilterDriver - ok
19:54:17.0393 4196  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:54:17.0393 4196  IPMIDRV - ok
19:54:17.0425 4196  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:54:17.0425 4196  IPNAT - ok
19:54:17.0565 4196  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:54:17.0581 4196  iPod Service - ok
19:54:17.0612 4196  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:54:17.0612 4196  IRENUM - ok
19:54:17.0627 4196  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:54:17.0643 4196  isapnp - ok
19:54:17.0659 4196  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:54:17.0659 4196  iScsiPrt - ok
19:54:17.0674 4196  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:54:17.0690 4196  kbdclass - ok
19:54:17.0705 4196  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
19:54:17.0705 4196  kbdhid - ok
19:54:17.0737 4196  [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
19:54:17.0737 4196  kbfiltr - ok
19:54:17.0737 4196  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:54:17.0737 4196  KeyIso - ok
19:54:17.0783 4196  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:54:17.0799 4196  KSecDD - ok
19:54:17.0815 4196  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:54:17.0830 4196  KSecPkg - ok
19:54:17.0877 4196  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:54:17.0877 4196  ksthunk - ok
19:54:17.0924 4196  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:54:17.0955 4196  KtmRm - ok
19:54:17.0986 4196  [ 655A5D8E80869781CCE23760ADA7E695 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
19:54:17.0986 4196  L1C - ok
19:54:18.0033 4196  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:54:18.0049 4196  LanmanServer - ok
19:54:18.0080 4196  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:54:18.0095 4196  LanmanWorkstation - ok
19:54:18.0127 4196  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:54:18.0127 4196  lltdio - ok
19:54:18.0485 4196  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:54:18.0485 4196  lltdsvc - ok
19:54:18.0501 4196  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:54:18.0501 4196  lmhosts - ok
19:54:18.0626 4196  [ 7F32D4C47A50E7223491E8FB9359907D ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:54:18.0626 4196  LMS - ok
19:54:18.0719 4196  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:54:18.0735 4196  LSI_FC - ok
19:54:18.0735 4196  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:54:18.0735 4196  LSI_SAS - ok
19:54:18.0766 4196  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:54:18.0766 4196  LSI_SAS2 - ok
19:54:18.0782 4196  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:54:18.0782 4196  LSI_SCSI - ok
19:54:18.0813 4196  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:54:18.0813 4196  luafv - ok
19:54:18.0844 4196  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
19:54:18.0844 4196  MBAMProtector - ok
19:54:18.0938 4196  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:54:18.0953 4196  MBAMScheduler - ok
19:54:19.0000 4196  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:54:19.0016 4196  MBAMService - ok
19:54:19.0031 4196  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:54:19.0047 4196  Mcx2Svc - ok
19:54:19.0063 4196  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:54:19.0063 4196  megasas - ok
19:54:19.0078 4196  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:54:19.0094 4196  MegaSR - ok
19:54:19.0125 4196  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
19:54:19.0125 4196  MEIx64 - ok
19:54:19.0141 4196  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:54:19.0156 4196  MMCSS - ok
19:54:19.0172 4196  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:54:19.0172 4196  Modem - ok
19:54:19.0187 4196  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:54:19.0187 4196  monitor - ok
19:54:19.0219 4196  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:54:19.0219 4196  mouclass - ok
19:54:19.0234 4196  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
19:54:19.0234 4196  mouhid - ok
19:54:19.0250 4196  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:54:19.0265 4196  mountmgr - ok
19:54:19.0281 4196  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:54:19.0281 4196  mpio - ok
19:54:19.0312 4196  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:54:19.0312 4196  mpsdrv - ok
19:54:19.0375 4196  [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50         C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
19:54:19.0390 4196  MREMP50 - ok
19:54:19.0437 4196  MREMP50a64 - ok
19:54:19.0453 4196  MREMPR5 - ok
19:54:19.0453 4196  MRENDIS5 - ok
19:54:19.0468 4196  [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50         C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
19:54:19.0468 4196  MRESP50 - ok
19:54:19.0484 4196  MRESP50a64 - ok
19:54:19.0499 4196  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:54:19.0499 4196  MRxDAV - ok
19:54:19.0531 4196  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:54:19.0531 4196  mrxsmb - ok
19:54:19.0577 4196  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:54:19.0593 4196  mrxsmb10 - ok
19:54:19.0609 4196  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:54:19.0609 4196  mrxsmb20 - ok
19:54:19.0640 4196  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:54:19.0640 4196  msahci - ok
19:54:19.0687 4196  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:54:19.0687 4196  msdsm - ok
19:54:19.0718 4196  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:54:19.0718 4196  MSDTC - ok
19:54:19.0749 4196  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:54:19.0749 4196  Msfs - ok
19:54:19.0796 4196  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:54:19.0796 4196  mshidkmdf - ok
19:54:19.0811 4196  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:54:19.0811 4196  msisadrv - ok
19:54:19.0889 4196  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:54:19.0905 4196  MSiSCSI - ok
19:54:19.0905 4196  msiserver - ok
19:54:19.0936 4196  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:54:19.0936 4196  MSKSSRV - ok
19:54:19.0967 4196  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:54:19.0967 4196  MSPCLOCK - ok
19:54:19.0983 4196  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:54:19.0983 4196  MSPQM - ok
19:54:20.0030 4196  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:54:20.0045 4196  MsRPC - ok
19:54:20.0061 4196  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:54:20.0077 4196  mssmbios - ok
19:54:20.0077 4196  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:54:20.0077 4196  MSTEE - ok
19:54:20.0108 4196  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:54:20.0108 4196  MTConfig - ok
19:54:20.0123 4196  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:54:20.0123 4196  Mup - ok
19:54:20.0170 4196  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:54:20.0170 4196  napagent - ok
19:54:20.0217 4196  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:54:20.0217 4196  NativeWifiP - ok
19:54:20.0279 4196  [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121215.006\ENG64.SYS
19:54:20.0279 4196  NAVENG - ok
19:54:20.0389 4196  [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121215.006\EX64.SYS
19:54:20.0451 4196  NAVEX15 - ok
19:54:20.0513 4196  [ C38B8AE57F78915905064A9A24DC1586 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:54:20.0576 4196  NDIS - ok
19:54:20.0607 4196  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:54:20.0607 4196  NdisCap - ok
19:54:20.0623 4196  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:54:20.0623 4196  NdisTapi - ok
19:54:20.0654 4196  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:54:20.0654 4196  Ndisuio - ok
19:54:20.0685 4196  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:54:20.0685 4196  NdisWan - ok
19:54:20.0732 4196  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:54:20.0732 4196  NDProxy - ok
19:54:20.0763 4196  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:54:20.0763 4196  NetBIOS - ok
19:54:20.0794 4196  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:54:20.0794 4196  NetBT - ok
19:54:20.0810 4196  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:54:20.0810 4196  Netlogon - ok
19:54:20.0857 4196  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:54:20.0857 4196  Netman - ok
19:54:20.0903 4196  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:54:20.0919 4196  netprofm - ok
19:54:20.0950 4196  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:54:20.0950 4196  NetTcpPortSharing - ok
19:54:20.0997 4196  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:54:20.0997 4196  nfrd960 - ok
19:54:21.0091 4196  [ E127420B7FEB65C7F279EAAC183BBC0E ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
19:54:21.0091 4196  NIS - ok
19:54:21.0137 4196  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:54:21.0153 4196  NlaSvc - ok
19:54:21.0184 4196  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:54:21.0184 4196  Npfs - ok
19:54:21.0247 4196  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:54:21.0247 4196  nsi - ok
19:54:21.0262 4196  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:54:21.0278 4196  nsiproxy - ok
19:54:21.0403 4196  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:54:21.0465 4196  Ntfs - ok
19:54:21.0481 4196  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:54:21.0481 4196  Null - ok
19:54:21.0512 4196  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:54:21.0512 4196  nvraid - ok
19:54:21.0543 4196  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:54:21.0559 4196  nvstor - ok
19:54:21.0590 4196  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:54:21.0590 4196  nv_agp - ok
19:54:21.0605 4196  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:54:21.0605 4196  ohci1394 - ok
19:54:21.0637 4196  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:54:21.0652 4196  ose - ok
19:54:21.0995 4196  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:54:22.0011 4196  osppsvc - ok
19:54:22.0073 4196  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:54:22.0089 4196  p2pimsvc - ok
19:54:22.0151 4196  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:54:22.0167 4196  p2psvc - ok
19:54:22.0198 4196  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
19:54:22.0198 4196  Parport - ok
19:54:22.0229 4196  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:54:22.0229 4196  partmgr - ok
19:54:22.0245 4196  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:54:22.0261 4196  PcaSvc - ok
19:54:22.0292 4196  [ BAE04007A679893E975A2B75E9E001E9 ] pcCMService     C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
19:54:22.0307 4196  pcCMService - ok
19:54:22.0354 4196  [ 3BEA1D461531D1D26F5695BB9CA97A18 ] pcCMService64   C:\Program Files\Common Files\Motive\pcCMService.exe
19:54:22.0370 4196  pcCMService64 - ok
19:54:22.0401 4196  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:54:22.0401 4196  pci - ok
19:54:22.0448 4196  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:54:22.0448 4196  pciide - ok
19:54:22.0463 4196  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:54:22.0479 4196  pcmcia - ok
19:54:22.0495 4196  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:54:22.0495 4196  pcw - ok
19:54:22.0526 4196  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:54:22.0526 4196  PEAUTH - ok
19:54:23.0025 4196  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:54:23.0025 4196  PerfHost - ok
19:54:23.0103 4196  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:54:23.0150 4196  pla - ok
19:54:23.0197 4196  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:54:23.0212 4196  PlugPlay - ok
19:54:23.0243 4196  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:54:23.0243 4196  PNRPAutoReg - ok
19:54:23.0275 4196  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:54:23.0275 4196  PNRPsvc - ok
19:54:23.0321 4196  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:54:23.0353 4196  PolicyAgent - ok
19:54:23.0384 4196  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:54:23.0384 4196  Power - ok
19:54:23.0415 4196  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:54:23.0415 4196  PptpMiniport - ok
19:54:23.0446 4196  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
19:54:23.0446 4196  Processor - ok
19:54:23.0477 4196  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:54:23.0477 4196  ProfSvc - ok
19:54:23.0509 4196  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:54:23.0509 4196  ProtectedStorage - ok
19:54:23.0540 4196  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:54:23.0540 4196  Psched - ok
19:54:23.0602 4196  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:54:23.0649 4196  ql2300 - ok
19:54:23.0665 4196  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:54:23.0665 4196  ql40xx - ok
19:54:23.0696 4196  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:54:23.0696 4196  QWAVE - ok
19:54:23.0711 4196  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:54:23.0727 4196  QWAVEdrv - ok
19:54:23.0727 4196  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:54:23.0727 4196  RasAcd - ok
19:54:23.0758 4196  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:54:23.0758 4196  RasAgileVpn - ok
19:54:23.0789 4196  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:54:23.0789 4196  RasAuto - ok
19:54:23.0805 4196  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:54:23.0821 4196  Rasl2tp - ok
19:54:23.0836 4196  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:54:23.0852 4196  RasMan - ok
19:54:23.0867 4196  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:54:23.0867 4196  RasPppoe - ok
19:54:23.0883 4196  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:54:23.0883 4196  RasSstp - ok
19:54:23.0899 4196  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:54:23.0899 4196  rdbss - ok
19:54:23.0930 4196  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
19:54:23.0930 4196  rdpbus - ok
19:54:23.0945 4196  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:54:23.0945 4196  RDPCDD - ok
19:54:23.0977 4196  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:54:23.0977 4196  RDPENCDD - ok
19:54:24.0008 4196  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:54:24.0008 4196  RDPREFMP - ok
19:54:24.0039 4196  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:54:24.0055 4196  RDPWD - ok
19:54:24.0070 4196  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:54:24.0070 4196  rdyboost - ok
19:54:24.0133 4196  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:54:24.0133 4196  RemoteAccess - ok
19:54:24.0164 4196  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:54:24.0179 4196  RemoteRegistry - ok
19:54:24.0211 4196  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
19:54:24.0226 4196  RFCOMM - ok
19:54:24.0226 4196  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:54:24.0242 4196  RpcEptMapper - ok
19:54:24.0273 4196  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:54:24.0273 4196  RpcLocator - ok
19:54:24.0304 4196  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:54:24.0304 4196  RpcSs - ok
19:54:24.0413 4196  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:54:24.0413 4196  rspndr - ok
19:54:24.0491 4196  [ 25AABB94BB2D59F1CA6101290255D2E8 ] RTL8192Ce       C:\Windows\system32\DRIVERS\rtl8192Ce.sys
19:54:24.0507 4196  RTL8192Ce - ok
19:54:24.0554 4196  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:54:24.0554 4196  SamSs - ok
19:54:24.0585 4196  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:54:24.0585 4196  sbp2port - ok
19:54:24.0616 4196  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:54:24.0616 4196  SCardSvr - ok
19:54:24.0632 4196  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:54:24.0632 4196  scfilter - ok
19:54:24.0710 4196  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:54:24.0725 4196  Schedule - ok
19:54:24.0772 4196  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:54:24.0772 4196  SCPolicySvc - ok
19:54:24.0897 4196  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:54:24.0913 4196  SDRSVC - ok
19:54:24.0991 4196  [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:54:25.0006 4196  SeaPort - ok
19:54:25.0037 4196  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:54:25.0037 4196  secdrv - ok
19:54:25.0069 4196  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:54:25.0069 4196  seclogon - ok
19:54:25.0100 4196  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:54:25.0100 4196  SENS - ok
19:54:25.0115 4196  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:54:25.0115 4196  SensrSvc - ok
19:54:25.0147 4196  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
19:54:25.0162 4196  Serenum - ok
19:54:25.0162 4196  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
19:54:25.0178 4196  Serial - ok
19:54:25.0193 4196  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:54:25.0193 4196  sermouse - ok
19:54:25.0225 4196  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:54:25.0240 4196  SessionEnv - ok
19:54:25.0240 4196  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:54:25.0240 4196  sffdisk - ok
19:54:25.0256 4196  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:54:25.0256 4196  sffp_mmc - ok
19:54:25.0256 4196  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:54:25.0256 4196  sffp_sd - ok
19:54:25.0256 4196  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:54:25.0256 4196  sfloppy - ok
19:54:25.0349 4196  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
19:54:25.0349 4196  Sftfs - ok
19:54:25.0552 4196  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:54:25.0552 4196  sftlist - ok
19:54:25.0599 4196  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:54:25.0599 4196  Sftplay - ok
19:54:25.0615 4196  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:54:25.0615 4196  Sftredir - ok
19:54:25.0677 4196  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
19:54:25.0677 4196  Sftvol - ok
19:54:25.0724 4196  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:54:25.0739 4196  sftvsa - ok
19:54:25.0802 4196  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:54:25.0802 4196  ShellHWDetection - ok
19:54:25.0833 4196  [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
19:54:25.0833 4196  SiSGbeLH - ok
19:54:25.0849 4196  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:54:25.0849 4196  SiSRaid2 - ok
19:54:25.0864 4196  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:54:25.0864 4196  SiSRaid4 - ok
19:54:25.0880 4196  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:54:25.0880 4196  Smb - ok
19:54:25.0927 4196  [ D48F87803F3965EE04D9BCB318791AAB ] SMR311          C:\Windows\system32\drivers\SMR311.SYS
19:54:25.0927 4196  SMR311 - ok
19:54:25.0958 4196  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:54:25.0958 4196  SNMPTRAP - ok
19:54:25.0958 4196  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:54:25.0958 4196  spldr - ok
19:54:25.0989 4196  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
19:54:25.0989 4196  Spooler - ok
19:54:26.0114 4196  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:54:26.0129 4196  sppsvc - ok
19:54:26.0161 4196  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:54:26.0161 4196  sppuinotify - ok
19:54:26.0270 4196  [ 1321A6C3C92BBD3F3BBE1292CFF8E91A ] SRTSP           C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS
19:54:26.0301 4196  SRTSP - ok
19:54:26.0332 4196  [ BD129C22C3B8C2E584227269DFA77B09 ] SRTSPX          C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS
19:54:26.0332 4196  SRTSPX - ok
19:54:26.0395 4196  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:54:26.0410 4196  srv - ok
19:54:26.0473 4196  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:54:26.0473 4196  srv2 - ok
19:54:26.0504 4196  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:54:26.0504 4196  srvnet - ok
19:54:26.0551 4196  [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
19:54:26.0551 4196  ssadbus - ok
19:54:26.0566 4196  [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
19:54:26.0566 4196  ssadmdfl - ok
19:54:26.0613 4196  [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
19:54:26.0613 4196  ssadmdm - ok
19:54:26.0660 4196  [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd        C:\Windows\system32\DRIVERS\ssadserd.sys
19:54:26.0660 4196  ssadserd - ok
19:54:26.0707 4196  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:54:26.0722 4196  SSDPSRV - ok
19:54:26.0753 4196  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:54:26.0753 4196  SstpSvc - ok
19:54:26.0769 4196  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:54:26.0769 4196  stexstor - ok
19:54:26.0816 4196  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:54:26.0831 4196  stisvc - ok
19:54:26.0847 4196  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:54:26.0847 4196  swenum - ok
19:54:26.0925 4196  SwitchBoard - ok
19:54:26.0987 4196  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:54:27.0003 4196  swprv - ok
19:54:27.0050 4196  [ 8B2430762099598DA40686F754632EFD ] SymDS           C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS
19:54:27.0050 4196  SymDS - ok
19:54:27.0097 4196  [ FE29B18BF86FFCD55D8733C9B01E5042 ] SymEFA          C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS
19:54:27.0128 4196  SymEFA - ok
19:54:27.0143 4196  [ 36B77F5C9E21F88A8C8EC67AD5415819 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:54:27.0143 4196  SymEvent - ok
19:54:27.0175 4196  [ DD70DA422460FDED831D211DF151D560 ] SymIRON         C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS
19:54:27.0175 4196  SymIRON - ok
19:54:27.0190 4196  [ BCE4EB2EEF05E388959B46FD21388C2D ] SymNetS         C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS
19:54:27.0190 4196  SymNetS - ok
19:54:27.0268 4196  [ 7E8902F9929A5D9FFD0F545332CE0F10 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
19:54:27.0268 4196  SynTP - ok
19:54:27.0362 4196  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:54:27.0393 4196  SysMain - ok
19:54:27.0424 4196  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:54:27.0424 4196  TabletInputService - ok
19:54:27.0455 4196  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:54:27.0471 4196  TapiSrv - ok
19:54:27.0487 4196  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:54:27.0487 4196  TBS - ok
19:54:27.0689 4196  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:54:27.0736 4196  Tcpip - ok
19:54:28.0220 4196  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:54:28.0235 4196  TCPIP6 - ok
19:54:28.0376 4196  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:54:28.0376 4196  tcpipreg - ok
19:54:28.0594 4196  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:54:28.0594 4196  TDPIPE - ok
19:54:28.0672 4196  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:54:28.0672 4196  TDTCP - ok
19:54:28.0735 4196  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:54:28.0735 4196  tdx - ok
19:54:28.0750 4196  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:54:28.0750 4196  TermDD - ok
19:54:28.0891 4196  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:54:28.0922 4196  TermService - ok
19:54:28.0953 4196  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:54:28.0953 4196  Themes - ok
19:54:28.0984 4196  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:54:28.0984 4196  THREADORDER - ok
19:54:29.0047 4196  [ 73AAFFDD2AC3C8814B26C440E5DD9DD4 ] tmactmon        C:\Windows\system32\DRIVERS\tmactmon.sys
19:54:29.0047 4196  tmactmon - ok
19:54:29.0062 4196  [ 360E61217D4E1E333583D0C721057F70 ] tmcomm          C:\Windows\system32\DRIVERS\tmcomm.sys
19:54:29.0062 4196  tmcomm - ok
19:54:29.0109 4196  [ 699D34EB7C670139CA23A65372BD5743 ] tmevtmgr        C:\Windows\system32\DRIVERS\tmevtmgr.sys
19:54:29.0109 4196  tmevtmgr - ok
19:54:29.0156 4196  [ 262198EFB734012BFCD17E7479AE4A09 ] tmtdi           C:\Windows\system32\DRIVERS\tmtdi.sys
19:54:29.0156 4196  tmtdi - ok
19:54:29.0203 4196  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:54:29.0203 4196  TrkWks - ok
19:54:29.0281 4196  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:54:29.0296 4196  TrustedInstaller - ok
19:54:29.0327 4196  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:54:29.0327 4196  tssecsrv - ok
19:54:29.0374 4196  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:54:29.0374 4196  TsUsbFlt - ok
19:54:29.0421 4196  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:54:29.0421 4196  TsUsbGD - ok
19:54:29.0468 4196  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:54:29.0468 4196  tunnel - ok
19:54:29.0483 4196  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:54:29.0483 4196  uagp35 - ok
19:54:29.0546 4196  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:54:29.0577 4196  udfs - ok
19:54:29.0639 4196  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:54:29.0639 4196  UI0Detect - ok
19:54:29.0686 4196  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:54:29.0702 4196  uliagpkx - ok
19:54:29.0733 4196  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:54:29.0733 4196  umbus - ok
19:54:29.0749 4196  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:54:29.0749 4196  UmPass - ok
19:54:30.0123 4196  [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:54:30.0154 4196  UNS - ok
19:54:30.0232 4196  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:54:30.0248 4196  upnphost - ok
19:54:30.0295 4196  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
19:54:30.0295 4196  USBAAPL64 - ok
19:54:30.0341 4196  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:54:30.0341 4196  usbccgp - ok
19:54:30.0388 4196  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:54:30.0388 4196  usbcir - ok
19:54:30.0419 4196  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
19:54:30.0419 4196  usbehci - ok
19:54:30.0482 4196  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:54:30.0497 4196  usbhub - ok
19:54:30.0529 4196  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:54:30.0544 4196  usbohci - ok
19:54:30.0575 4196  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
19:54:30.0575 4196  usbprint - ok
19:54:30.0622 4196  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:54:30.0622 4196  USBSTOR - ok
19:54:30.0638 4196  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:54:30.0653 4196  usbuhci - ok
19:54:30.0685 4196  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
19:54:30.0685 4196  usbvideo - ok
19:54:30.0716 4196  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:54:30.0716 4196  UxSms - ok
19:54:30.0731 4196  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:54:30.0731 4196  VaultSvc - ok
19:54:30.0778 4196  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:54:30.0778 4196  vdrvroot - ok
19:54:30.0919 4196  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:54:30.0934 4196  vds - ok
19:54:30.0981 4196  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:54:30.0997 4196  vga - ok
19:54:31.0059 4196  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:54:31.0059 4196  VgaSave - ok
19:54:31.0090 4196  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:54:31.0090 4196  vhdmp - ok
19:54:31.0121 4196  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:54:31.0137 4196  viaide - ok
19:54:31.0153 4196  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:54:31.0153 4196  volmgr - ok
19:54:31.0215 4196  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:54:31.0231 4196  volmgrx - ok
19:54:31.0262 4196  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:54:31.0262 4196  volsnap - ok
19:54:31.0309 4196  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:54:31.0309 4196  vsmraid - ok
19:54:31.0683 4196  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:54:31.0699 4196  VSS - ok
19:54:31.0792 4196  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:54:31.0792 4196  vwifibus - ok
19:54:31.0855 4196  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:54:31.0855 4196  vwififlt - ok
19:54:31.0901 4196  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
19:54:31.0901 4196  vwifimp - ok
19:54:32.0042 4196  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:54:32.0135 4196  W32Time - ok
19:54:32.0182 4196  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:54:32.0182 4196  WacomPen - ok
19:54:32.0487 4196  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:54:32.0489 4196  WANARP - ok
19:54:32.0500 4196  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:54:32.0502 4196  Wanarpv6 - ok
19:54:32.0877 4196  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:54:32.0886 4196  WatAdminSvc - ok
19:54:33.0817 4196  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:54:33.0840 4196  wbengine - ok
19:54:34.0825 4196  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:54:34.0847 4196  WbioSrvc - ok
19:54:35.0014 4196  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:54:35.0050 4196  wcncsvc - ok
19:54:35.0248 4196  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:54:35.0264 4196  WcsPlugInService - ok
19:54:35.0497 4196  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
19:54:35.0500 4196  Wd - ok
19:54:35.0810 4196  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:54:35.0842 4196  Wdf01000 - ok
19:54:36.0118 4196  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:54:36.0124 4196  WdiServiceHost - ok
19:54:36.0132 4196  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:54:36.0139 4196  WdiSystemHost - ok
19:54:36.0175 4196  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:54:36.0182 4196  WebClient - ok
19:54:36.0208 4196  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:54:36.0214 4196  Wecsvc - ok
19:54:36.0248 4196  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:54:36.0252 4196  wercplsupport - ok
19:54:36.0294 4196  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:54:36.0294 4196  WerSvc - ok
19:54:36.0363 4196  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:54:36.0364 4196  WfpLwf - ok
19:54:36.0568 4196  [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
19:54:36.0765 4196  WimFltr - ok
19:54:36.0794 4196  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:54:36.0798 4196  WIMMount - ok
19:54:36.0802 4196  WinHttpAutoProxySvc - ok
19:54:37.0096 4196  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:54:37.0100 4196  Winmgmt - ok
19:54:37.0344 4196  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:54:37.0603 4196  WinRM - ok
19:54:37.0967 4196  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:54:37.0970 4196  WinUsb - ok
19:54:38.0154 4196  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:54:38.0161 4196  Wlansvc - ok
19:54:38.0496 4196  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:54:38.0498 4196  wlcrasvc - ok
19:54:38.0952 4196  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:54:38.0967 4196  wlidsvc - ok
19:54:39.0002 4196  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:54:39.0003 4196  WmiAcpi - ok
19:54:39.0114 4196  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:54:39.0116 4196  wmiApSrv - ok
19:54:39.0138 4196  WMPNetworkSvc - ok
19:54:39.0183 4196  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:54:39.0187 4196  WPCSvc - ok
19:54:39.0211 4196  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:54:39.0213 4196  WPDBusEnum - ok
19:54:39.0263 4196  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:54:39.0267 4196  ws2ifsl - ok
19:54:39.0271 4196  WSearch - ok
19:54:39.0303 4196  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:54:39.0304 4196  WudfPf - ok
19:54:39.0320 4196  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:54:39.0321 4196  WUDFRd - ok
19:54:39.0354 4196  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:54:39.0360 4196  wudfsvc - ok
19:54:39.0387 4196  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:54:39.0394 4196  WwanSvc - ok
19:54:39.0436 4196  ================ Scan global ===============================
19:54:39.0476 4196  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:54:39.0515 4196  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:54:39.0524 4196  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:54:39.0570 4196  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:54:39.0695 4196  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:54:39.0705 4196  [Global] - ok
19:54:39.0706 4196  ================ Scan MBR ==================================
19:54:39.0730 4196  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:54:43.0348 4196  \Device\Harddisk0\DR0 - ok
19:54:43.0349 4196  ================ Scan VBR ==================================
19:54:43.0465 4196  [ 1AC1A0DF5506C185B97E5E631AF78847 ] \Device\Harddisk0\DR0\Partition1
19:54:43.0469 4196  \Device\Harddisk0\DR0\Partition1 - ok
19:54:43.0513 4196  [ 9D90659883B7889CE2CA4DA3BC5EF920 ] \Device\Harddisk0\DR0\Partition2
19:54:43.0517 4196  \Device\Harddisk0\DR0\Partition2 - ok
19:54:43.0517 4196  ============================================================
19:54:43.0517 4196  Scan finished
19:54:43.0517 4196  ============================================================
19:54:43.0529 1484  Detected object count: 0
19:54:43.0529 1484  Actual detected object count: 0
19:59:57.0537 3308  Deinitialize success
 
 
 
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.02.24.06
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Anastacia A :: ANASTACIAA-PC [administrator]
 
2/24/2013 8:00:34 PM
mbam-log-2013-02-24 (20-00-34).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210221
Time elapsed: 3 minute(s), 33 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
MiniToolBox by Farbar  Version:10-01-2013
Ran by Anastacia A (administrator) on 24-02-2013 at 23:13:10
Running from "C:\Users\Anastacia A\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : AnastaciaA-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : E0-B9-A5-A8-3C-E2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : E0-B9-A5-A8-3C-E2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::28c0:dd0a:86c2:af68%12(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.0.0.4(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, February 24, 2013 9:29:30 PM
   Lease Expires . . . . . . . . . . : Monday, February 25, 2013 9:29:29 PM
   Default Gateway . . . . . . . . . : 10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 316717477
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-E7-36-E7-14-DA-E9-C4-86-05
   DNS Servers . . . . . . . . . . . : 10.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 14-DA-E9-C4-86-05
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{DD13FA67-75BD-4775-8699-4A1B752495F8}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:56:3e39:b391:dcac(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::56:3e39:b391:dcac%13(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.{5C9191EE-A8DA-430F-BA10-88720B1D6089}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{9D3FE11D-5EE5-4836-B48D-D99F7C3AD11D}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  10.0.0.1
 
Name:    google.com
Addresses:  2607:f8b0:4002:c04::8a
      74.125.140.139
      74.125.140.100
      74.125.140.113
      74.125.140.138
      74.125.140.102
      74.125.140.101
 
 
Pinging google.com [173.194.37.37] with 32 bytes of data:
Reply from 173.194.37.37: bytes=32 time=29ms TTL=54
Reply from 173.194.37.37: bytes=32 time=30ms TTL=54
 
Ping statistics for 173.194.37.37:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 29ms, Maximum = 30ms, Average = 29ms
Server:  UnKnown
Address:  10.0.0.1
 
Name:    yahoo.com
Addresses:  206.190.36.45
      98.139.183.24
      98.138.253.109
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=205ms TTL=50
Reply from 98.139.183.24: bytes=32 time=157ms TTL=48
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 157ms, Maximum = 205ms, Average = 181ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...e0 b9 a5 a8 3c e2 ......Microsoft Virtual WiFi Miniport Adapter
 12...e0 b9 a5 a8 3c e2 ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
 11...14 da e9 c4 86 05 ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 30...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1         10.0.0.4     25
         10.0.0.0    255.255.255.0         On-link          10.0.0.4    281
         10.0.0.4  255.255.255.255         On-link          10.0.0.4    281
       10.0.0.255  255.255.255.255         On-link          10.0.0.4    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link          10.0.0.4    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link          10.0.0.4    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:9d38:953c:56:3e39:b391:dcac/128
                                    On-link
 12    281 fe80::/64                On-link
 13    306 fe80::/64                On-link
 13    306 fe80::56:3e39:b391:dcac/128
                                    On-link
 12    281 fe80::28c0:dd0a:86c2:af68/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
 
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
 
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
 
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
 
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (02/24/2013 09:29:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16676
 
Error: (02/24/2013 09:29:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16676
 
Error: (02/24/2013 09:29:23 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/24/2013 09:29:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15678
 
Error: (02/24/2013 09:29:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15678
 
Error: (02/24/2013 09:29:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/24/2013 09:29:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14664
 
Error: (02/24/2013 09:29:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14664
 
Error: (02/24/2013 09:29:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/24/2013 09:29:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13666
 
 
System errors:
=============
Error: (02/24/2013 11:07:12 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (02/24/2013 09:29:31 PM) (Source: Microsoft-Windows-ResourcePublication) (User: NT AUTHORITY)
Description: Element Provider\Microsoft.Base.Publication/Publication\HomeGroup/63b3fb366bf659dd456517e694920376be641d10.HomeGroupClassifier_HomeGroup_Invitation_ID failed to publish.  Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
 
Error: (02/24/2013 09:29:06 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
 
Error: (02/24/2013 09:20:44 PM) (Source: Service Control Manager) (User: )
Description: The Trend Micro Solution Platform service terminated unexpectedly.  It has done this 13 time(s).
 
Error: (02/24/2013 09:15:40 PM) (Source: Service Control Manager) (User: )
Description: The Trend Micro Solution Platform service terminated unexpectedly.  It has done this 12 time(s).
 
Error: (02/24/2013 09:10:36 PM) (Source: Service Control Manager) (User: )
Description: The Trend Micro Solution Platform service terminated unexpectedly.  It has done this 11 time(s).
 
Error: (02/24/2013 09:05:32 PM) (Source: Service Control Manager) (User: )
Description: The Trend Micro Solution Platform service terminated unexpectedly.  It has done this 10 time(s).
 
Error: (02/24/2013 09:00:29 PM) (Source: Service Control Manager) (User: )
Description: The Trend Micro Solution Platform service terminated unexpectedly.  It has done this 9 time(s).
 
Error: (02/24/2013 08:55:25 PM) (Source: Service Control Manager) (User: )
Description: The Trend Micro Solution Platform service terminated unexpectedly.  It has done this 8 time(s).
 
Error: (02/24/2013 08:50:21 PM) (Source: Service Control Manager) (User: )
Description: The Trend Micro Solution Platform service terminated unexpectedly.  It has done this 7 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (02/24/2013 09:29:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16676
 
Error: (02/24/2013 09:29:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16676
 
Error: (02/24/2013 09:29:23 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/24/2013 09:29:22 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15678
 
Error: (02/24/2013 09:29:22 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15678
 
Error: (02/24/2013 09:29:22 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/24/2013 09:29:21 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14664
 
Error: (02/24/2013 09:29:21 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14664
 
Error: (02/24/2013 09:29:21 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/24/2013 09:29:20 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13666
 
 
=========================== Installed Programs ============================
 
??????? Windows Live Mesh ActiveX ??(????) (Version: 15.4.5722.2)
??????? Windows Live Mesh ActiveX ??? (Version: 15.4.5722.2)
Adobe AIR (Version: 3.5.0.600)
Adobe Download Assistant (Version: 1.2.5)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.168)
Adobe Flash Player 11 Plugin (Version: 11.5.502.149)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
Alcor Micro USB Card Reader (Version: 1.2.0117.08443)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.12.5.0)
ASUS AI Recovery (Version: 1.0.24)
ASUS FaceLogon (Version: 1.0.0013)
ASUS FancyStart (Version: 1.1.0)
ASUS Live Update (Version: 3.1.2)
ASUS Power4Gear Hybrid (Version: 1.1.50)
ASUS Splendid Video Enhancement Technology (Version: 1.02.0033)
ASUS Virtual Camera (Version: 1.0.21)
ASUS WebStorage (Version: 3.0.84.161)
AsusScr_K3 Series_ENG (Version: 1.0.0001)
AsusVibe2.0 (Version: 2.0.4.617)
ATK Package (Version: 1.0.0010)
Bing Bar (Version: 7.0.610.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.27)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (Version: 15.4.5722.2)
Control ActiveX de Windows Live Mesh para conexiones remotas (Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (Version: 15.4.5722.2)
CyberLink LabelPrint (Version: 2.5.1908)
CyberLink Power2Go (Version: 6.1.3602c)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ESET Online Scanner v3
Fast Boot (Version: 1.0.10)
Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (Version: 15.4.3502.0922)
Google Chrome (Version: 25.0.1364.97)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.135)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2405)
iTunes (Version: 11.0.1.12)
Java™ 6 Update 31 (Version: 6.0.310)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft PowerPoint 2010 (Version: 14.0.6029.1000)
Microsoft PowerPoint Viewer (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Norton Internet Security (Version: 19.1.0.28)
Nuance PDF Reader (Version: 6.00.0041)
Realtek High Definition Audio Driver (Version: 6.0.1.6304)
REALTEK Wireless LAN Driver (Version: 1.00.0175)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.14.0)
Sonic Focus (Version: 1.00.0000)
Speccy (Version: 1.20)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.3.6.0)
syncables desktop SE (Version: 5.5.746.11492)
Trend Micro Titanium Internet Security (Version: 3.00)
Trend Micro Titanium Internet Security (Version: 3.1.1109)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Windows Live ??? (Version: 15.4.3502.0922)
Windows Live ???? (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinFlash (Version: 2.32.3)
Wireless Console 3 (Version: 3.0.25)
 
========================= Devices: ================================
 
Name: BHDrvx64
Description: BHDrvx64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: BHDrvx64
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Symantec Iron Driver
Description: Symantec Iron Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SymIRON
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 71%
Total physical RAM: 3873.14 MB
Available physical RAM: 1120.42 MB
Total Pagefile: 7744.48 MB
Available Pagefile: 4509.03 MB
Total Virtual: 4095.88 MB
Available Virtual: 3965.06 MB
 
========================= Partitions: =====================================
 
1 Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:120.66 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:254.45 GB) (Free:254.03 GB) NTFS
 
 

========================= Users:
========================================



 



User accounts for \\ANASTACIAA-PC



 



Administrator           
Anastacia A             
Guest                   



 



 



**** End of log ****



 



Rkill 2.4.7 by Lawrence Abrams (Grinler)



http://www.bleepingcomputer.com/



Copyright 2008-2013 BleepingComputer.com



More Information about Rkill can be found at this link:



 http://www.bleepingcomputer.com/forums/topic308364.html



 



Program started at: 02/24/2013 08:38:01 PM in x64 mode.



Windows Version: Windows 7 Home Premium Service Pack 1



 



Checking for Windows services to stop:



 



 * No malware services
found to stop.



 



Checking for processes to terminate:



 



 *
C:\Windows\SysWOW64\ACEngSvr.exe (PID: 3056) [WD-HEUR]



 



1 proccess terminated!



 



Checking Registry for malware related settings:



 



 * No issues found in
the Registry.



 



Resetting .EXE, .COM, & .BAT associations in the Windows
Registry.



 



Performing miscellaneous checks:



 



 * Windows Defender
Disabled



 



  
[HKLM\SOFTWARE\Microsoft\Windows Defender]



  
"DisableAntiSpyware" = dword:00000001



 



Checking Windows Service Integrity:



 



 * Windows Defender
(WinDefend) is not Running.



   Startup Type set
to: Manual



 



Searching for Missing Digital Signatures:



 



 * No issues found.



 



Checking HOSTS File:



 



 * No issues found.



 



Program finished at: 02/24/2013 08:38:22 PM



Execution time: 0 hours(s), 0 minute(s), and 20 seconds(s)

 


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:16 PM

Posted 25 February 2013 - 01:34 AM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

 



#9 anadig12

anadig12
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:16 PM

Posted 26 February 2013 - 04:31 PM

Thanks for all your help :)



#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:16 PM

Posted 26 February 2013 - 10:38 PM

:welcome:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users