Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed Rogue.FakeHDD...unhid everything...computer really slow.


  • Please log in to reply
9 replies to this topic

#1 Tank1968

Tank1968

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 24 March 2013 - 09:17 PM

Hi,

I removed Rogue.FakeHDD, PUM.Disabled.SecurityCenter, and PUM.Hijack.StartMenu using malwaremytes then unhid all the invisible shortcuts etc. with unhide. Computer appears normal again but...is running slowly, and CC cleaner wont work when attempting to clean stuff today. My fear is that my system is still being effected by virus somehow, or I may have messed something up in my attempt to remove, repair, and recover. I would greatly appreciate some help with this.

Thanks in advance for any assistance.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:51 AM

Posted 24 March 2013 - 09:28 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg

  • Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png

  • Click Start Scan and allow the scan process to run
  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg
  • Click Reboot computer
  • Please post the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply
  • Due to forum upgrade you may face issues posting the TDSSkiller log.Just last few lines of log is sufficient

===================================================

RKILL
  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another.) and save it to your desktop:
  • Link 1
  • Link 2

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.

===================================================

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    esetsmartinstaller_enu.png

    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button

===================================================

Junkware Removal Tool by thisisu
  • Please download Junkware Removal Tool
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply.

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • TDSSKiller log
  • RKILL log
  • ESET log
  • Junkware removal tool log


 



#3 Tank1968

Tank1968
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 26 March 2013 - 08:29 AM

HI...and thanks for the quick reply

 

I tried last night to do the TDSSkiller thing.  It would save, but it would not run.  I tried renaming, changing extension, and tried both in safe mode to no avail.  All the while, computer is continuing to act wonky (explore closing, script errors, and the like).  I did not want to mess anything else up, so I will wait for your opinion on what to try next.



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:51 AM

Posted 26 March 2013 - 10:46 AM

.


Edited by narenxp, 26 March 2013 - 11:48 AM.


#5 Tank1968

Tank1968
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 26 March 2013 - 11:48 AM

OK....totally did this out of order, since I could not get TDSS killer to run til I got your newer post. 

 

Order I did it:  RKill, ESET, TDSSkiller (got it to run after fix) then Junkware removal

 

logs attached in order that I ran them:  got no logs from TDSSkiller

 

Rkill

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/26/2013 11:02:23 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * ALERT: ZEROACCESS rootkit symptoms found!

     * HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 [ZA Reg Hijack]
     * C:\Users\Michael\AppData\Local\{0e9b327c-7be3-b5e1-9094-7cb8f3b2c40b}\ [ZA Dir]
     * C:\Users\Michael\AppData\Local\{0e9b327c-7be3-b5e1-9094-7cb8f3b2c40b}\@ [ZA File]
     * C:\Users\Michael\AppData\Local\{0e9b327c-7be3-b5e1-9094-7cb8f3b2c40b}\L\ [ZA Dir]
     * C:\Users\Michael\AppData\Local\{0e9b327c-7be3-b5e1-9094-7cb8f3b2c40b}\L\00000004.@ [ZA File]
     * C:\Users\Michael\AppData\Local\{0e9b327c-7be3-b5e1-9094-7cb8f3b2c40b}\L\1afb2d56 [ZA File]
     * C:\Users\Michael\AppData\Local\{0e9b327c-7be3-b5e1-9094-7cb8f3b2c40b}\U\ [ZA Dir]

Checking Windows Service Integrity:

 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 

 

ESET

 

C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll Win32/Toolbar.MyWebSearch.Q application cleaned by deleting - quarantined
C:\Program Files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Users\Michael\AppData\Local\{0e9b327c-7be3-b5e1-9094-7cb8f3b2c40b}\U\00000004.@ Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\743db7e9-558a2370 a variant of Java/Exploit.Agent.NDH trojan cleaned by deleting - quarantined

C:\Users\Michael\AppData\Roaming\sasapl.dll a variant of Win32/Medfos.BT trojan cleaned by deleting - quarantined
 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Windows 7 Professional x64
Ran by Michael on Tue 03/26/2013 at 11:31:58.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{462be121-2b54-4218-bf00-b9bf8135b23f}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{462be121-2b54-4218-bf00-b9bf8135b23f}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}

 

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\vid-saver_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\vid-saver_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ask"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/26/2013 at 11:39:16.68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:51 AM

Posted 26 March 2013 - 11:49 AM

logs attached in order that I ran them:  got no logs from TDSSkiller

 

Read my instructions

  • Please post the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply

  • Due to forum upgrade you may face issues posting the TDSSkiller log.Just last few lines of log is sufficient


Edited by narenxp, 26 March 2013 - 11:49 AM.


#7 Tank1968

Tank1968
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 26 March 2013 - 12:25 PM

Please know...I am trying to follow your instructions  (teacher...not computer whiz)  This was hard for me to find, but I think this is what you asked for.

 

11:15:32.0299 4560  YahooAUService - ok
11:15:32.0314 4560  ================ Scan global ===============================
11:15:32.0392 4560  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:15:32.0424 4560  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:15:32.0439 4560  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:15:32.0470 4560  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:15:32.0502 4560  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:15:32.0502 4560  [Global] - ok
11:15:32.0502 4560  ================ Scan MBR ==================================
11:15:32.0517 4560  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
11:15:32.0517 4560  Suspicious mbr (Forged): \Device\Harddisk0\DR0
11:15:32.0548 4560  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
11:15:32.0548 4560  \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
11:15:32.0564 4560  ================ Scan VBR ==================================
11:15:32.0585 4560  [ 18AE7C98AE07D726EF8ACE2808FA44C5 ] \Device\Harddisk0\DR0\Partition1
11:15:32.0600 4560  \Device\Harddisk0\DR0\Partition1 - ok
11:15:32.0616 4560  [ 4E49B20DD35FBDFBB3E5BC3983DC6490 ] \Device\Harddisk0\DR0\Partition2
11:15:32.0616 4560  \Device\Harddisk0\DR0\Partition2 - ok
11:15:32.0616 4560  ============================================================
11:15:32.0616 4560  Scan finished
11:15:32.0616 4560  ============================================================
11:15:32.0632 5916  Detected object count: 1
11:15:32.0632 5916  Actual detected object count: 1
11:15:39.0386 5916  \Device\Harddisk0\DR0\# - copied to quarantine
11:15:39.0386 5916  \Device\Harddisk0\DR0 - copied to quarantine
11:15:39.0496 5916  \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
11:15:39.0496 5916  \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
11:15:39.0496 5916  \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
11:15:39.0496 5916  \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
11:15:39.0496 5916  \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
11:15:39.0511 5916  \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
11:15:39.0511 5916  \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
11:15:39.0511 5916  \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
11:15:39.0511 5916  \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
11:15:39.0527 5916  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
11:15:39.0527 5916  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
11:15:39.0527 5916  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
11:15:39.0527 5916  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
11:15:39.0527 5916  \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
11:15:39.0527 5916  \Device\Harddisk0\DR0\TDLFS\tdi32 - copied to quarantine
11:15:39.0527 5916  \Device\Harddisk0\DR0\TDLFS\tdi64 - copied to quarantine
11:15:39.0542 5916  \Device\Harddisk0\DR0\TDLFS\main1 - copied to quarantine
11:15:39.0542 5916  \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
11:15:39.0542 5916  \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
11:15:39.0542 5916  \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
11:15:39.0558 5916  \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
11:15:39.0620 5916  \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
11:15:39.0698 5916  \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
11:15:39.0761 5916  \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
11:15:39.0839 5916  \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
11:15:39.0839 5916  \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
11:15:40.0026 5916  \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
11:15:40.0026 5916  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
11:15:40.0042 5916  \Device\Harddisk0\DR0 - ok
11:15:40.0120 5916  \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
11:15:58.0309 1832  Deinitialize success
 



#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:51 AM

Posted 26 March 2013 - 09:48 PM

Restart the PC,run TDSSkiller (http://www.bleepingcomputer.com/download/tdsskiller/dl/4/) and post the new log

 

Malwarebytes

Please download Malwarebytes Anti-Malware and save it to your desktop. If you already have it installed launch the program and update the database.

  • Make sure you are connected to the Internet and double-click on the it to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

===================================================

Farbar's MiniToolBox
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the MiniToolBox.jpg icon to launch the program
  • Make sure the following options are checked:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply

===================================================

Farbar's Service Scanner

Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

===================================================

AdwCleaner by Xplode - Search for Adware
  • Please download AdwCleaner by Xplode onto your desktop.
  • Security softwares may flag it as malicious.This is a false positive and can be ignored.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • Click YES if you receive a warning for reboot
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well

===================================================

Autoruns
 
  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply



  • Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Autoruns log

 



#9 Tank1968

Tank1968
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 27 March 2013 - 09:37 AM

Malwarebytes was run last night (not by me..but regardless)   so I included the log from last night.    I followed all the other instructions as closely as I could.  Thank you for your patience....at least I am learning and found all logs with np today  :)

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.25.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Michael :: MICHAEL-PC [administrator]

3/26/2013 1:20:18 PM
mbam-log-2013-03-26 (13-20-18).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 386654
Time elapsed: 38 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 11
C:\$Recycle.Bin\S-1-5-21-81725023-1963450536-2919364100-1001\$RFM1Z6I.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\26.03.2013_11.15.03\mbr0000\tdlfs0000\tsk0005.dta (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\26.03.2013_11.15.03\mbr0000\tdlfs0000\tsk0006.dta (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\26.03.2013_11.15.03\mbr0000\tdlfs0000\tsk0007.dta (Rootkit.TDSS.64) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\26.03.2013_11.15.03\mbr0000\tdlfs0000\tsk0008.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\26.03.2013_11.15.03\mbr0000\tdlfs0000\tsk0011.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\26.03.2013_11.15.03\mbr0000\tdlfs0000\tsk0012.dta (Rootkit.TDSS.64) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\26.03.2013_11.15.03\mbr0000\tdlfs0000\tsk0014.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\26.03.2013_11.15.03\mbr0000\tdlfs0000\tsk0015.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Michael\AppData\Local\Temp\C83EE89E-48AC-4F2B-99C4-688773490DD3.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Users\Michael\Downloads\tdssfix.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.

(end)

 

 

 

08:44:39.0622 3092  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:44:40.0137 3092  ============================================================
08:44:40.0137 3092  Current date / time: 2013/03/27 08:44:40.0137
08:44:40.0137 3092  SystemInfo:
08:44:40.0137 3092 
08:44:40.0137 3092  OS Version: 6.1.7601 ServicePack: 1.0
08:44:40.0137 3092  Product type: Workstation
08:44:40.0137 3092  ComputerName: MICHAEL-PC
08:44:40.0137 3092  UserName: Michael
08:44:40.0137 3092  Windows directory: C:\Windows
08:44:40.0137 3092  System windows directory: C:\Windows
08:44:40.0137 3092  Running under WOW64
08:44:40.0137 3092  Processor architecture: Intel x64
08:44:40.0137 3092  Number of processors: 4
08:44:40.0137 3092  Page size: 0x1000
08:44:40.0137 3092  Boot type: Normal boot
08:44:40.0137 3092  ============================================================
08:44:40.0542 3092  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:44:40.0558 3092  ============================================================
08:44:40.0558 3092  \Device\Harddisk0\DR0:
08:44:40.0558 3092  MBR partitions:
08:44:40.0558 3092  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
08:44:40.0558 3092  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x48AF10EB
08:44:40.0558 3092  ============================================================
08:44:40.0589 3092  C: <-> \Device\Harddisk0\DR0\Partition2
08:44:40.0589 3092  ============================================================
08:44:40.0589 3092  Initialize success
08:44:40.0589 3092  ============================================================
08:45:21.0129 2964  ============================================================
08:45:21.0129 2964  Scan started
08:45:21.0129 2964  Mode: Manual;
08:45:21.0129 2964  ============================================================
08:45:21.0472 2964  ================ Scan system memory ========================
08:45:21.0472 2964  System memory - ok
08:45:21.0472 2964  ================ Scan services =============================
08:45:21.0597 2964  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
08:45:21.0597 2964  1394ohci - ok
08:45:21.0628 2964  [ 7A505465BBB1EB8B5AD4D76E8749383B ] Acceler         C:\Windows\system32\DRIVERS\Accelern.sys
08:45:21.0628 2964  Acceler - ok
08:45:21.0675 2964  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
08:45:21.0675 2964  ACPI - ok
08:45:21.0691 2964  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
08:45:21.0706 2964  AcpiPmi - ok
08:45:21.0847 2964  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:45:21.0847 2964  AdobeFlashPlayerUpdateSvc - ok
08:45:21.0893 2964  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
08:45:21.0909 2964  adp94xx - ok
08:45:21.0940 2964  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
08:45:21.0940 2964  adpahci - ok
08:45:21.0956 2964  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
08:45:21.0956 2964  adpu320 - ok
08:45:21.0987 2964  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
08:45:21.0987 2964  AeLookupSvc - ok
08:45:22.0034 2964  [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
08:45:22.0034 2964  AERTFilters - ok
08:45:22.0081 2964  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
08:45:22.0081 2964  AFD - ok
08:45:22.0096 2964  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
08:45:22.0112 2964  agp440 - ok
08:45:22.0127 2964  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
08:45:22.0127 2964  ALG - ok
08:45:22.0143 2964  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
08:45:22.0143 2964  aliide - ok
08:45:22.0174 2964  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
08:45:22.0174 2964  amdide - ok
08:45:22.0205 2964  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
08:45:22.0205 2964  AmdK8 - ok
08:45:22.0237 2964  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
08:45:22.0237 2964  AmdPPM - ok
08:45:22.0252 2964  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
08:45:22.0252 2964  amdsata - ok
08:45:22.0283 2964  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
08:45:22.0283 2964  amdsbs - ok
08:45:22.0299 2964  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
08:45:22.0299 2964  amdxata - ok
08:45:22.0330 2964  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
08:45:22.0330 2964  AppID - ok
08:45:22.0346 2964  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
08:45:22.0346 2964  AppIDSvc - ok
08:45:22.0377 2964  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
08:45:22.0377 2964  Appinfo - ok
08:45:22.0408 2964  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
08:45:22.0408 2964  AppMgmt - ok
08:45:22.0455 2964  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
08:45:22.0455 2964  arc - ok
08:45:22.0471 2964  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
08:45:22.0486 2964  arcsas - ok
08:45:22.0502 2964  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
08:45:22.0502 2964  AsyncMac - ok
08:45:22.0549 2964  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
08:45:22.0549 2964  atapi - ok
08:45:22.0595 2964  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:45:22.0595 2964  AudioEndpointBuilder - ok
08:45:22.0611 2964  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
08:45:22.0627 2964  AudioSrv - ok
08:45:22.0658 2964  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
08:45:22.0658 2964  AxInstSV - ok
08:45:22.0673 2964  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
08:45:22.0689 2964  b06bdrv - ok
08:45:22.0705 2964  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
08:45:22.0720 2964  b57nd60a - ok
08:45:22.0751 2964  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
08:45:22.0751 2964  BDESVC - ok
08:45:22.0783 2964  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
08:45:22.0783 2964  Beep - ok
08:45:22.0814 2964  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
08:45:22.0829 2964  BFE - ok
08:45:22.0907 2964  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
08:45:22.0907 2964  BITS - ok
08:45:22.0923 2964  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
08:45:22.0923 2964  blbdrive - ok
08:45:22.0954 2964  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
08:45:22.0954 2964  bowser - ok
08:45:22.0970 2964  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:45:22.0970 2964  BrFiltLo - ok
08:45:22.0985 2964  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:45:22.0985 2964  BrFiltUp - ok
08:45:23.0017 2964  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
08:45:23.0017 2964  Browser - ok
08:45:23.0032 2964  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
08:45:23.0032 2964  Brserid - ok
08:45:23.0063 2964  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
08:45:23.0063 2964  BrSerWdm - ok
08:45:23.0079 2964  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
08:45:23.0079 2964  BrUsbMdm - ok
08:45:23.0095 2964  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
08:45:23.0095 2964  BrUsbSer - ok
08:45:23.0126 2964  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
08:45:23.0126 2964  BTHMODEM - ok
08:45:23.0173 2964  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
08:45:23.0173 2964  bthserv - ok
08:45:23.0204 2964  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
08:45:23.0204 2964  cdfs - ok
08:45:23.0235 2964  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
08:45:23.0235 2964  cdrom - ok
08:45:23.0266 2964  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
08:45:23.0266 2964  CertPropSvc - ok
08:45:23.0282 2964  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
08:45:23.0282 2964  circlass - ok
08:45:23.0313 2964  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
08:45:23.0313 2964  CLFS - ok
08:45:23.0407 2964  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:45:23.0422 2964  clr_optimization_v2.0.50727_32 - ok
08:45:23.0485 2964  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:45:23.0500 2964  clr_optimization_v2.0.50727_64 - ok
08:45:23.0563 2964  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:45:23.0594 2964  clr_optimization_v4.0.30319_32 - ok
08:45:23.0656 2964  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:45:23.0672 2964  clr_optimization_v4.0.30319_64 - ok
08:45:23.0672 2964  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
08:45:23.0687 2964  CmBatt - ok
08:45:23.0703 2964  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
08:45:23.0703 2964  cmdide - ok
08:45:23.0750 2964  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
08:45:23.0765 2964  CNG - ok
08:45:23.0797 2964  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
08:45:23.0797 2964  Compbatt - ok
08:45:23.0812 2964  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
08:45:23.0828 2964  CompositeBus - ok
08:45:23.0828 2964  COMSysApp - ok
08:45:23.0843 2964  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
08:45:23.0843 2964  crcdisk - ok
08:45:23.0906 2964  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
08:45:23.0921 2964  CryptSvc - ok
08:45:23.0953 2964  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
08:45:23.0968 2964  CSC - ok
08:45:24.0046 2964  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
08:45:24.0046 2964  CscService - ok
08:45:24.0077 2964  [ FBE228ABEAB2BE13B9C3A3A112D4D8DC ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
08:45:24.0077 2964  CtClsFlt - ok
08:45:24.0109 2964  [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
08:45:24.0109 2964  dc3d - ok
08:45:24.0155 2964  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
08:45:24.0171 2964  DcomLaunch - ok
08:45:24.0202 2964  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
08:45:24.0202 2964  defragsvc - ok
08:45:24.0233 2964  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
08:45:24.0233 2964  DfsC - ok
08:45:24.0265 2964  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
08:45:24.0265 2964  Dhcp - ok
08:45:24.0280 2964  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
08:45:24.0280 2964  discache - ok
08:45:24.0311 2964  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
08:45:24.0311 2964  Disk - ok
08:45:24.0358 2964  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
08:45:24.0358 2964  Dnscache - ok
08:45:24.0405 2964  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
08:45:24.0405 2964  dot3svc - ok
08:45:24.0436 2964  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
08:45:24.0436 2964  DPS - ok
08:45:24.0467 2964  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
08:45:24.0467 2964  drmkaud - ok
08:45:24.0514 2964  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
08:45:24.0530 2964  DXGKrnl - ok
08:45:24.0561 2964  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
08:45:24.0561 2964  EapHost - ok
08:45:24.0670 2964  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
08:45:24.0701 2964  ebdrv - ok
08:45:24.0733 2964  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
08:45:24.0733 2964  EFS - ok
08:45:24.0795 2964  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
08:45:24.0811 2964  ehRecvr - ok
08:45:24.0842 2964  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
08:45:24.0842 2964  ehSched - ok
08:45:24.0889 2964  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
08:45:24.0904 2964  elxstor - ok
08:45:24.0935 2964  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
08:45:24.0935 2964  ErrDev - ok
08:45:24.0967 2964  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
08:45:24.0967 2964  EventSystem - ok
08:45:25.0076 2964  [ B56D9602DB5FE1C116B1CA5EFD8E2E50 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
08:45:25.0091 2964  EvtEng - ok
08:45:25.0107 2964  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
08:45:25.0107 2964  exfat - ok
08:45:25.0123 2964  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
08:45:25.0123 2964  fastfat - ok
08:45:25.0169 2964  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
08:45:25.0185 2964  Fax - ok
08:45:25.0216 2964  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
08:45:25.0216 2964  fdc - ok
08:45:25.0232 2964  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
08:45:25.0232 2964  fdPHost - ok
08:45:25.0263 2964  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
08:45:25.0263 2964  FDResPub - ok
08:45:25.0279 2964  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
08:45:25.0294 2964  FileInfo - ok
08:45:25.0310 2964  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
08:45:25.0310 2964  Filetrace - ok
08:45:25.0325 2964  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
08:45:25.0325 2964  flpydisk - ok
08:45:25.0357 2964  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
08:45:25.0372 2964  FltMgr - ok
08:45:25.0466 2964  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
08:45:25.0481 2964  FontCache - ok
08:45:25.0528 2964  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:45:25.0528 2964  FontCache3.0.0.0 - ok
08:45:25.0544 2964  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
08:45:25.0544 2964  FsDepends - ok
08:45:25.0575 2964  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
08:45:25.0575 2964  Fs_Rec - ok
08:45:25.0606 2964  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
08:45:25.0606 2964  fvevol - ok
08:45:25.0637 2964  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
08:45:25.0637 2964  gagp30kx - ok
08:45:25.0715 2964  [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist      C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
08:45:25.0715 2964  GoToAssist - ok
08:45:25.0762 2964  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
08:45:25.0778 2964  gpsvc - ok
08:45:25.0856 2964  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:45:25.0856 2964  gupdate - ok
08:45:25.0887 2964  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:45:25.0887 2964  gupdatem - ok
08:45:25.0918 2964  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
08:45:25.0918 2964  hcw85cir - ok
08:45:25.0934 2964  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
08:45:25.0934 2964  HDAudBus - ok
08:45:25.0965 2964  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
08:45:25.0965 2964  HECIx64 - ok
08:45:25.0981 2964  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
08:45:25.0981 2964  HidBatt - ok
08:45:26.0012 2964  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
08:45:26.0012 2964  HidBth - ok
08:45:26.0027 2964  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
08:45:26.0027 2964  HidIr - ok
08:45:26.0059 2964  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
08:45:26.0059 2964  hidserv - ok
08:45:26.0105 2964  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
08:45:26.0105 2964  HidUsb - ok
08:45:26.0137 2964  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
08:45:26.0137 2964  hkmsvc - ok
08:45:26.0152 2964  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:45:26.0168 2964  HomeGroupListener - ok
08:45:26.0183 2964  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:45:26.0199 2964  HomeGroupProvider - ok
08:45:26.0230 2964  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
08:45:26.0230 2964  HpSAMD - ok
08:45:26.0261 2964  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
08:45:26.0261 2964  HTTP - ok
08:45:26.0277 2964  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
08:45:26.0277 2964  hwpolicy - ok
08:45:26.0324 2964  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
08:45:26.0339 2964  i8042prt - ok
08:45:26.0355 2964  [ ABBF174CB394F5C437410A788B7E404A ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
08:45:26.0371 2964  iaStor - ok
08:45:26.0402 2964  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
08:45:26.0402 2964  iaStorV - ok
08:45:26.0464 2964  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:45:26.0480 2964  idsvc - ok
08:45:26.0683 2964  [ 31569A2E836C12014148BF7342716946 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
08:45:26.0776 2964  igfx - ok
08:45:26.0807 2964  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
08:45:26.0807 2964  iirsp - ok
08:45:26.0854 2964  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
08:45:26.0870 2964  IKEEXT - ok
08:45:26.0901 2964  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
08:45:26.0901 2964  Impcd - ok
08:45:26.0995 2964  [ 491DADCC74327FABC85E0AB80AF8F204 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
08:45:27.0026 2964  IntcAzAudAddService - ok
08:45:27.0057 2964  [ 03C74719D48056A1078F3A51CEB76BAA ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
08:45:27.0057 2964  IntcDAud - ok
08:45:27.0088 2964  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
08:45:27.0088 2964  intelide - ok
08:45:27.0104 2964  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
08:45:27.0119 2964  intelppm - ok
08:45:27.0135 2964  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
08:45:27.0135 2964  IPBusEnum - ok
08:45:27.0166 2964  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:45:27.0166 2964  IpFilterDriver - ok
08:45:27.0213 2964  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
08:45:27.0229 2964  iphlpsvc - ok
08:45:27.0260 2964  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
08:45:27.0260 2964  IPMIDRV - ok
08:45:27.0260 2964  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
08:45:27.0275 2964  IPNAT - ok
08:45:27.0291 2964  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
08:45:27.0291 2964  IRENUM - ok
08:45:27.0307 2964  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
08:45:27.0307 2964  isapnp - ok
08:45:27.0338 2964  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
08:45:27.0338 2964  iScsiPrt - ok
08:45:27.0353 2964  [ 3926C8C55A2CD2C94888BE39B4BEB629 ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
08:45:27.0369 2964  JMCR - ok
08:45:27.0369 2964  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
08:45:27.0369 2964  kbdclass - ok
08:45:27.0400 2964  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
08:45:27.0400 2964  kbdhid - ok
08:45:27.0416 2964  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
08:45:27.0416 2964  KeyIso - ok
08:45:27.0447 2964  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
08:45:27.0447 2964  KSecDD - ok
08:45:27.0478 2964  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
08:45:27.0478 2964  KSecPkg - ok
08:45:27.0494 2964  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
08:45:27.0494 2964  ksthunk - ok
08:45:27.0525 2964  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
08:45:27.0541 2964  KtmRm - ok
08:45:27.0556 2964  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
08:45:27.0572 2964  LanmanServer - ok
08:45:27.0587 2964  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:45:27.0587 2964  LanmanWorkstation - ok
08:45:27.0603 2964  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
08:45:27.0603 2964  lltdio - ok
08:45:27.0634 2964  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
08:45:27.0634 2964  lltdsvc - ok
08:45:27.0665 2964  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
08:45:27.0665 2964  lmhosts - ok
08:45:27.0743 2964  [ 23D990150D56B670A62B21B9ABDD45EE ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
08:45:27.0743 2964  LMS - ok
08:45:27.0759 2964  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
08:45:27.0759 2964  LSI_FC - ok
08:45:27.0775 2964  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
08:45:27.0775 2964  LSI_SAS - ok
08:45:27.0790 2964  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:45:27.0790 2964  LSI_SAS2 - ok
08:45:27.0806 2964  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:45:27.0806 2964  LSI_SCSI - ok
08:45:27.0821 2964  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
08:45:27.0821 2964  luafv - ok
08:45:27.0853 2964  MBAMProtector - ok
08:45:27.0962 2964  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
08:45:27.0962 2964  MBAMScheduler - ok
08:45:28.0040 2964  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
08:45:28.0040 2964  MBAMService - ok
08:45:28.0087 2964  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
08:45:28.0102 2964  Mcx2Svc - ok
08:45:28.0102 2964  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
08:45:28.0118 2964  megasas - ok
08:45:28.0133 2964  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
08:45:28.0133 2964  MegaSR - ok
08:45:28.0165 2964  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
08:45:28.0165 2964  MMCSS - ok
08:45:28.0180 2964  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
08:45:28.0180 2964  Modem - ok
08:45:28.0196 2964  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
08:45:28.0196 2964  monitor - ok
08:45:28.0211 2964  [ 93F5ADCAD940111F6D4D71AE1D9EC7F6 ] motccgp         C:\Windows\system32\DRIVERS\motccgp.sys
08:45:28.0211 2964  motccgp - ok
08:45:28.0243 2964  [ D51E009BAEDA07EBC107D49D224C2414 ] motccgpfl       C:\Windows\system32\DRIVERS\motccgpfl.sys
08:45:28.0243 2964  motccgpfl - ok
08:45:28.0289 2964  [ 36AC4DECEAE4226A5B5DD038C49658E1 ] MotoHelper      C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
08:45:28.0289 2964  MotoHelper - ok
08:45:28.0321 2964  [ EBD05F60CAFC5BBA2602B8D7101082D3 ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
08:45:28.0321 2964  MotoSwitchService - ok
08:45:28.0336 2964  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
08:45:28.0336 2964  mouclass - ok
08:45:28.0367 2964  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
08:45:28.0367 2964  mouhid - ok
08:45:28.0399 2964  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
08:45:28.0399 2964  mountmgr - ok
08:45:28.0414 2964  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
08:45:28.0414 2964  mpio - ok
08:45:28.0445 2964  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
08:45:28.0445 2964  mpsdrv - ok
08:45:28.0477 2964  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
08:45:28.0492 2964  MpsSvc - ok
08:45:28.0523 2964  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
08:45:28.0539 2964  MRxDAV - ok
08:45:28.0601 2964  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
08:45:28.0617 2964  mrxsmb - ok
08:45:28.0648 2964  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:45:28.0648 2964  mrxsmb10 - ok
08:45:28.0664 2964  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:45:28.0664 2964  mrxsmb20 - ok
08:45:28.0695 2964  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
08:45:28.0695 2964  msahci - ok
08:45:28.0726 2964  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
08:45:28.0726 2964  msdsm - ok
08:45:28.0742 2964  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
08:45:28.0742 2964  MSDTC - ok
08:45:28.0773 2964  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
08:45:28.0773 2964  Msfs - ok
08:45:28.0789 2964  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
08:45:28.0789 2964  mshidkmdf - ok
08:45:28.0820 2964  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
08:45:28.0820 2964  msisadrv - ok
08:45:28.0835 2964  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
08:45:28.0851 2964  MSiSCSI - ok
08:45:28.0851 2964  msiserver - ok
08:45:28.0867 2964  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
08:45:28.0867 2964  MSKSSRV - ok
08:45:28.0882 2964  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
08:45:28.0882 2964  MSPCLOCK - ok
08:45:28.0882 2964  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
08:45:28.0882 2964  MSPQM - ok
08:45:28.0913 2964  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
08:45:28.0929 2964  MsRPC - ok
08:45:28.0929 2964  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
08:45:28.0929 2964  mssmbios - ok
08:45:28.0945 2964  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
08:45:28.0960 2964  MSTEE - ok
08:45:28.0960 2964  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
08:45:28.0976 2964  MTConfig - ok
08:45:28.0976 2964  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
08:45:28.0991 2964  Mup - ok
08:45:29.0007 2964  [ A9BC2302FBDF52C8AF4E2FC966288D21 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
08:45:29.0023 2964  MyWiFiDHCPDNS - ok
08:45:29.0054 2964  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
08:45:29.0069 2964  napagent - ok
08:45:29.0101 2964  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
08:45:29.0101 2964  NativeWifiP - ok
08:45:29.0147 2964  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
08:45:29.0163 2964  NDIS - ok
08:45:29.0179 2964  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
08:45:29.0179 2964  NdisCap - ok
08:45:29.0194 2964  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
08:45:29.0194 2964  NdisTapi - ok
08:45:29.0210 2964  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
08:45:29.0225 2964  Ndisuio - ok
08:45:29.0257 2964  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
08:45:29.0257 2964  NdisWan - ok
08:45:29.0288 2964  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
08:45:29.0288 2964  NDProxy - ok
08:45:29.0303 2964  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
08:45:29.0303 2964  NetBIOS - ok
08:45:29.0319 2964  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
08:45:29.0335 2964  NetBT - ok
08:45:29.0350 2964  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
08:45:29.0350 2964  Netlogon - ok
08:45:29.0381 2964  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
08:45:29.0397 2964  Netman - ok
08:45:29.0413 2964  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
08:45:29.0428 2964  netprofm - ok
08:45:29.0444 2964  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:45:29.0444 2964  NetTcpPortSharing - ok
08:45:29.0600 2964  [ 18555F48844C2861D9DCE8F2B7223AE5 ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
08:45:29.0678 2964  NETw5s64 - ok
08:45:29.0693 2964  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
08:45:29.0693 2964  nfrd960 - ok
08:45:29.0740 2964  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
08:45:29.0740 2964  NlaSvc - ok
08:45:29.0756 2964  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
08:45:29.0756 2964  Npfs - ok
08:45:29.0787 2964  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
08:45:29.0787 2964  nsi - ok
08:45:29.0803 2964  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
08:45:29.0803 2964  nsiproxy - ok
08:45:29.0865 2964  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
08:45:29.0881 2964  Ntfs - ok
08:45:29.0912 2964  [ 4C08A14D04E62963E96E0BB57BBC953B ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
08:45:29.0912 2964  NuidFltr - ok
08:45:29.0927 2964  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
08:45:29.0927 2964  Null - ok
08:45:29.0959 2964  [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
08:45:29.0959 2964  nusb3hub - ok
08:45:29.0974 2964  [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
08:45:29.0974 2964  nusb3xhc - ok
08:45:30.0021 2964  [ E20ABD5B229760158F753CA90B97E090 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
08:45:30.0021 2964  NVHDA - ok
08:45:30.0224 2964  [ 011F0596D167D073E6813AE88E7947A9 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:45:30.0286 2964  nvlddmkm - ok
08:45:30.0302 2964  [ 2BCC53E4BA1ACC9B63595C4AE7361AD3 ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
08:45:30.0302 2964  nvpciflt - ok
08:45:30.0333 2964  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
08:45:30.0333 2964  nvraid - ok
08:45:30.0349 2964  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
08:45:30.0349 2964  nvstor - ok
08:45:30.0380 2964  [ E72422F9C55078DFA298AC7AA0A87970 ] nvsvc           C:\Windows\system32\nvvsvc.exe
08:45:30.0380 2964  nvsvc - ok
08:45:30.0458 2964  [ 6DF10645A794878776DC8F5338427388 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
08:45:30.0473 2964  nvUpdatusService - ok
08:45:30.0505 2964  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
08:45:30.0505 2964  nv_agp - ok
08:45:30.0551 2964  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:45:30.0567 2964  odserv - ok
08:45:30.0583 2964  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
08:45:30.0583 2964  ohci1394 - ok
08:45:30.0614 2964  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:45:30.0629 2964  ose - ok
08:45:30.0676 2964  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
08:45:30.0676 2964  p2pimsvc - ok
08:45:30.0707 2964  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
08:45:30.0723 2964  p2psvc - ok
08:45:30.0739 2964  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
08:45:30.0739 2964  Parport - ok
08:45:30.0770 2964  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
08:45:30.0770 2964  partmgr - ok
08:45:30.0785 2964  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
08:45:30.0801 2964  PcaSvc - ok
08:45:30.0817 2964  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
08:45:30.0817 2964  pci - ok
08:45:30.0832 2964  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
08:45:30.0848 2964  pciide - ok
08:45:30.0863 2964  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
08:45:30.0863 2964  pcmcia - ok
08:45:30.0879 2964  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
08:45:30.0879 2964  pcw - ok
08:45:30.0910 2964  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
08:45:30.0910 2964  PEAUTH - ok
08:45:30.0957 2964  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
08:45:30.0988 2964  PeerDistSvc - ok
08:45:31.0051 2964  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
08:45:31.0051 2964  PerfHost - ok
08:45:31.0144 2964  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
08:45:31.0160 2964  pla - ok
08:45:31.0222 2964  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
08:45:31.0238 2964  PlugPlay - ok
08:45:31.0238 2964  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
08:45:31.0253 2964  PNRPAutoReg - ok
08:45:31.0285 2964  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
08:45:31.0285 2964  PNRPsvc - ok
08:45:31.0316 2964  [ B8D8EC78B0F9ED8E220506181274F3D3 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
08:45:31.0316 2964  Point64 - ok
08:45:31.0363 2964  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
08:45:31.0363 2964  PolicyAgent - ok
08:45:31.0409 2964  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
08:45:31.0409 2964  Power - ok
08:45:31.0441 2964  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
08:45:31.0441 2964  PptpMiniport - ok
08:45:31.0472 2964  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
08:45:31.0472 2964  Processor - ok
08:45:31.0503 2964  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
08:45:31.0503 2964  ProfSvc - ok
08:45:31.0519 2964  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:45:31.0519 2964  ProtectedStorage - ok
08:45:31.0565 2964  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
08:45:31.0565 2964  Psched - ok
08:45:31.0597 2964  [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
08:45:31.0612 2964  PxHlpa64 - ok
08:45:31.0628 2964  [ 0928BD20273625622722FE1DE5BBDE57 ] qicflt          C:\Windows\system32\DRIVERS\qicflt.sys
08:45:31.0628 2964  qicflt - ok
08:45:31.0690 2964  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
08:45:31.0706 2964  ql2300 - ok
08:45:31.0721 2964  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
08:45:31.0721 2964  ql40xx - ok
08:45:31.0753 2964  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
08:45:31.0753 2964  QWAVE - ok
08:45:31.0768 2964  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
08:45:31.0768 2964  QWAVEdrv - ok
08:45:31.0784 2964  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
08:45:31.0784 2964  RasAcd - ok
08:45:31.0815 2964  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
08:45:31.0815 2964  RasAgileVpn - ok
08:45:31.0831 2964  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
08:45:31.0831 2964  RasAuto - ok
08:45:31.0877 2964  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
08:45:31.0877 2964  Rasl2tp - ok
08:45:31.0924 2964  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
08:45:31.0924 2964  RasMan - ok
08:45:31.0955 2964  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
08:45:31.0955 2964  RasPppoe - ok
08:45:31.0971 2964  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
08:45:31.0971 2964  RasSstp - ok
08:45:32.0002 2964  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
08:45:32.0002 2964  rdbss - ok
08:45:32.0018 2964  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
08:45:32.0018 2964  rdpbus - ok
08:45:32.0080 2964  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
08:45:32.0080 2964  RDPCDD - ok
08:45:32.0111 2964  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
08:45:32.0111 2964  RDPDR - ok
08:45:32.0127 2964  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
08:45:32.0127 2964  RDPENCDD - ok
08:45:32.0143 2964  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
08:45:32.0143 2964  RDPREFMP - ok
08:45:32.0174 2964  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
08:45:32.0174 2964  RDPWD - ok
08:45:32.0221 2964  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
08:45:32.0221 2964  rdyboost - ok
08:45:32.0299 2964  [ 0AA473966357C4A41B5EB19649EB6E5E ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
08:45:32.0299 2964  RegSrvc - ok
08:45:32.0361 2964  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
08:45:32.0361 2964  RemoteAccess - ok
08:45:32.0392 2964  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
08:45:32.0392 2964  RemoteRegistry - ok
08:45:32.0408 2964  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
08:45:32.0423 2964  RpcEptMapper - ok
08:45:32.0439 2964  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
08:45:32.0439 2964  RpcLocator - ok
08:45:32.0470 2964  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
08:45:32.0470 2964  RpcSs - ok
08:45:32.0501 2964  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
08:45:32.0501 2964  rspndr - ok
08:45:32.0533 2964  [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
08:45:32.0548 2964  RTL8167 - ok
08:45:32.0564 2964  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
08:45:32.0579 2964  s3cap - ok
08:45:32.0595 2964  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
08:45:32.0595 2964  SamSs - ok
08:45:32.0642 2964  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
08:45:32.0642 2964  sbp2port - ok
08:45:32.0689 2964  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
08:45:32.0689 2964  SCardSvr - ok
08:45:32.0720 2964  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
08:45:32.0720 2964  scfilter - ok
08:45:32.0767 2964  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
08:45:32.0782 2964  Schedule - ok
08:45:32.0798 2964  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
08:45:32.0798 2964  SCPolicySvc - ok
08:45:32.0829 2964  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
08:45:32.0845 2964  SDRSVC - ok
08:45:32.0891 2964  [ 16A252022535B680046F6E34E136D378 ] SeaPort         C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
08:45:32.0891 2964  SeaPort - ok
08:45:32.0907 2964  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
08:45:32.0907 2964  secdrv - ok
08:45:32.0938 2964  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
08:45:32.0938 2964  seclogon - ok
08:45:32.0954 2964  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
08:45:32.0954 2964  SENS - ok
08:45:32.0969 2964  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
08:45:32.0969 2964  SensrSvc - ok
08:45:32.0985 2964  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
08:45:32.0985 2964  Serenum - ok
08:45:33.0001 2964  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
08:45:33.0001 2964  Serial - ok
08:45:33.0016 2964  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
08:45:33.0016 2964  sermouse - ok
08:45:33.0047 2964  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
08:45:33.0047 2964  SessionEnv - ok
08:45:33.0079 2964  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
08:45:33.0079 2964  sffdisk - ok
08:45:33.0094 2964  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
08:45:33.0110 2964  sffp_mmc - ok
08:45:33.0110 2964  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
08:45:33.0110 2964  sffp_sd - ok
08:45:33.0141 2964  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
08:45:33.0141 2964  sfloppy - ok
08:45:33.0219 2964  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
08:45:33.0219 2964  SharedAccess - ok
08:45:33.0281 2964  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:45:33.0281 2964  ShellHWDetection - ok
08:45:33.0297 2964  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:45:33.0297 2964  SiSRaid2 - ok
08:45:33.0328 2964  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
08:45:33.0328 2964  SiSRaid4 - ok
08:45:33.0391 2964  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
08:45:33.0391 2964  SkypeUpdate - ok
08:45:33.0422 2964  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
08:45:33.0422 2964  Smb - ok
08:45:33.0469 2964  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
08:45:33.0469 2964  SNMPTRAP - ok
08:45:33.0484 2964  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
08:45:33.0484 2964  spldr - ok
08:45:33.0515 2964  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
08:45:33.0531 2964  Spooler - ok
08:45:33.0640 2964  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
08:45:33.0671 2964  sppsvc - ok
08:45:33.0718 2964  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
08:45:33.0718 2964  sppuinotify - ok
08:45:33.0765 2964  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
08:45:33.0765 2964  srv - ok
08:45:33.0796 2964  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
08:45:33.0796 2964  srv2 - ok
08:45:33.0812 2964  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
08:45:33.0827 2964  srvnet - ok
08:45:33.0874 2964  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
08:45:33.0890 2964  SSDPSRV - ok
08:45:33.0905 2964  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
08:45:33.0905 2964  SstpSvc - ok
08:45:33.0921 2964  [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn        C:\Windows\system32\DRIVERS\stdcfltn.sys
08:45:33.0937 2964  stdcfltn - ok
08:45:33.0983 2964  [ C6539A0CB1EBFF488D3D4B070C4F17F8 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
08:45:33.0983 2964  Stereo Service - ok
08:45:34.0015 2964  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
08:45:34.0015 2964  stexstor - ok
08:45:34.0061 2964  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
08:45:34.0061 2964  stisvc - ok
08:45:34.0093 2964  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
08:45:34.0093 2964  storflt - ok
08:45:34.0124 2964  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
08:45:34.0124 2964  StorSvc - ok
08:45:34.0139 2964  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
08:45:34.0139 2964  storvsc - ok
08:45:34.0186 2964  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
08:45:34.0186 2964  swenum - ok
08:45:34.0217 2964  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
08:45:34.0233 2964  swprv - ok
08:45:34.0280 2964  [ 36F506C894E1EA59C65FAF6398BDF49A ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
08:45:34.0295 2964  SynTP - ok
08:45:34.0358 2964  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
08:45:34.0389 2964  SysMain - ok
08:45:34.0420 2964  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:45:34.0420 2964  TabletInputService - ok
08:45:34.0436 2964  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
08:45:34.0436 2964  TapiSrv - ok
08:45:34.0467 2964  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
08:45:34.0467 2964  TBS - ok
08:45:34.0545 2964  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
08:45:34.0561 2964  Tcpip - ok
08:45:34.0592 2964  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
08:45:34.0607 2964  TCPIP6 - ok
08:45:34.0623 2964  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
08:45:34.0623 2964  tcpipreg - ok
08:45:34.0654 2964  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
08:45:34.0654 2964  TDPIPE - ok
08:45:34.0670 2964  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
08:45:34.0670 2964  TDTCP - ok
08:45:34.0701 2964  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
08:45:34.0701 2964  tdx - ok
08:45:34.0732 2964  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
08:45:34.0732 2964  TermDD - ok
08:45:34.0779 2964  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
08:45:34.0795 2964  TermService - ok
08:45:34.0810 2964  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
08:45:34.0826 2964  Themes - ok
08:45:34.0841 2964  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
08:45:34.0841 2964  THREADORDER - ok
08:45:34.0857 2964  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
08:45:34.0857 2964  TrkWks - ok
08:45:34.0904 2964  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:45:34.0904 2964  TrustedInstaller - ok
08:45:34.0935 2964  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
08:45:34.0935 2964  tssecsrv - ok
08:45:34.0997 2964  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
08:45:34.0997 2964  TsUsbFlt - ok
08:45:35.0029 2964  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
08:45:35.0029 2964  tunnel - ok
08:45:35.0075 2964  [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
08:45:35.0075 2964  TurboB - ok
08:45:35.0107 2964  [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
08:45:35.0107 2964  TurboBoost - ok
08:45:35.0122 2964  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
08:45:35.0122 2964  uagp35 - ok
08:45:35.0153 2964  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
08:45:35.0169 2964  udfs - ok
08:45:35.0200 2964  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
08:45:35.0200 2964  UI0Detect - ok
08:45:35.0216 2964  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
08:45:35.0231 2964  uliagpkx - ok
08:45:35.0247 2964  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
08:45:35.0263 2964  umbus - ok
08:45:35.0278 2964  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
08:45:35.0278 2964  UmPass - ok
08:45:35.0309 2964  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
08:45:35.0309 2964  UmRdpService - ok
08:45:35.0497 2964  [ CBDEE152D73200EE49031A26310B9D3E ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
08:45:35.0528 2964  UNS - ok
08:45:35.0543 2964  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
08:45:35.0543 2964  upnphost - ok
08:45:35.0590 2964  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
08:45:35.0590 2964  usbccgp - ok
08:45:35.0606 2964  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
08:45:35.0606 2964  usbcir - ok
08:45:35.0637 2964  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
08:45:35.0653 2964  usbehci - ok
08:45:35.0668 2964  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
08:45:35.0668 2964  usbhub - ok
08:45:35.0684 2964  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
08:45:35.0684 2964  usbohci - ok
08:45:35.0715 2964  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
08:45:35.0715 2964  usbprint - ok
08:45:35.0731 2964  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:45:35.0731 2964  USBSTOR - ok
08:45:35.0762 2964  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
08:45:35.0762 2964  usbuhci - ok
08:45:35.0762 2964  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
08:45:35.0777 2964  usbvideo - ok
08:45:35.0793 2964  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
08:45:35.0793 2964  UxSms - ok
08:45:35.0809 2964  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
08:45:35.0809 2964  VaultSvc - ok
08:45:35.0824 2964  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
08:45:35.0824 2964  vdrvroot - ok
08:45:35.0855 2964  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
08:45:35.0855 2964  vds - ok
08:45:35.0887 2964  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
08:45:35.0887 2964  vga - ok
08:45:35.0902 2964  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
08:45:35.0902 2964  VgaSave - ok
08:45:35.0933 2964  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
08:45:35.0933 2964  vhdmp - ok
08:45:35.0965 2964  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
08:45:35.0965 2964  viaide - ok
08:45:35.0980 2964  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
08:45:35.0996 2964  vmbus - ok
08:45:35.0996 2964  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
08:45:35.0996 2964  VMBusHID - ok
08:45:36.0027 2964  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
08:45:36.0027 2964  volmgr - ok
08:45:36.0058 2964  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
08:45:36.0058 2964  volmgrx - ok
08:45:36.0074 2964  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
08:45:36.0089 2964  volsnap - ok
08:45:36.0105 2964  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
08:45:36.0105 2964  vsmraid - ok
08:45:36.0152 2964  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
08:45:36.0183 2964  VSS - ok
08:45:36.0199 2964  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
08:45:36.0214 2964  vwifibus - ok
08:45:36.0214 2964  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
08:45:36.0214 2964  vwififlt - ok
08:45:36.0230 2964  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
08:45:36.0230 2964  vwifimp - ok
08:45:36.0261 2964  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
08:45:36.0261 2964  W32Time - ok
08:45:36.0277 2964  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
08:45:36.0292 2964  WacomPen - ok
08:45:36.0308 2964  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
08:45:36.0308 2964  WANARP - ok
08:45:36.0323 2964  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
08:45:36.0323 2964  Wanarpv6 - ok
08:45:36.0386 2964  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
08:45:36.0401 2964  WatAdminSvc - ok
08:45:36.0479 2964  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
08:45:36.0511 2964  wbengine - ok
08:45:36.0526 2964  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
08:45:36.0526 2964  WbioSrvc - ok
08:45:36.0573 2964  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
08:45:36.0573 2964  wcncsvc - ok
08:45:36.0589 2964  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:45:36.0604 2964  WcsPlugInService - ok
08:45:36.0635 2964  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
08:45:36.0635 2964  Wd - ok
08:45:36.0682 2964  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
08:45:36.0682 2964  Wdf01000 - ok
08:45:36.0713 2964  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
08:45:36.0713 2964  WdiServiceHost - ok
08:45:36.0729 2964  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
08:45:36.0729 2964  WdiSystemHost - ok
08:45:36.0745 2964  [ FE31110E39A0B11ABAE1BA43A2DC94F9 ] wdkmd           C:\Windows\system32\DRIVERS\WDKMD.sys
08:45:36.0745 2964  wdkmd - ok
08:45:36.0776 2964  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
08:45:36.0776 2964  WebClient - ok
08:45:36.0823 2964  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
08:45:36.0823 2964  Wecsvc - ok
08:45:36.0838 2964  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
08:45:36.0838 2964  wercplsupport - ok
08:45:36.0869 2964  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
08:45:36.0885 2964  WerSvc - ok
08:45:36.0885 2964  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
08:45:36.0885 2964  WfpLwf - ok
08:45:36.0932 2964  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
08:45:36.0932 2964  WimFltr - ok
08:45:36.0947 2964  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
08:45:36.0947 2964  WIMMount - ok
08:45:36.0963 2964  WinDefend - ok
08:45:36.0979 2964  WinHttpAutoProxySvc - ok
08:45:37.0010 2964  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
08:45:37.0010 2964  Winmgmt - ok
08:45:37.0088 2964  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
08:45:37.0103 2964  WinRM - ok
08:45:37.0166 2964  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
08:45:37.0166 2964  WinUsb - ok
08:45:37.0213 2964  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
08:45:37.0228 2964  Wlansvc - ok
08:45:37.0369 2964  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:45:37.0400 2964  wlidsvc - ok
08:45:37.0431 2964  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
08:45:37.0431 2964  WmiAcpi - ok
08:45:37.0462 2964  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
08:45:37.0478 2964  wmiApSrv - ok
08:45:37.0493 2964  WMPNetworkSvc - ok
08:45:37.0540 2964  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
08:45:37.0540 2964  WPCSvc - ok
08:45:37.0587 2964  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
08:45:37.0587 2964  WPDBusEnum - ok
08:45:37.0618 2964  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
08:45:37.0618 2964  ws2ifsl - ok
08:45:37.0634 2964  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
08:45:37.0649 2964  wscsvc - ok
08:45:37.0696 2964  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
08:45:37.0696 2964  WSDPrintDevice - ok
08:45:37.0712 2964  [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
08:45:37.0712 2964  WSDScan - ok
08:45:37.0727 2964  WSearch - ok
08:45:37.0805 2964  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
08:45:37.0837 2964  wuauserv - ok
08:45:37.0868 2964  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
08:45:37.0868 2964  WudfPf - ok
08:45:37.0883 2964  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
08:45:37.0883 2964  WUDFRd - ok
08:45:37.0930 2964  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
08:45:37.0930 2964  wudfsvc - ok
08:45:37.0961 2964  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
08:45:37.0961 2964  WwanSvc - ok
08:45:38.0055 2964  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
08:45:38.0055 2964  YahooAUService - ok
08:45:38.0086 2964  ================ Scan global ===============================
08:45:38.0149 2964  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:45:38.0180 2964  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
08:45:38.0180 2964  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
08:45:38.0211 2964  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:45:38.0227 2964  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:45:38.0242 2964  [Global] - ok
08:45:38.0242 2964  ================ Scan MBR ==================================
08:45:38.0258 2964  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
08:45:38.0476 2964  \Device\Harddisk0\DR0 - ok
08:45:38.0476 2964  ================ Scan VBR ==================================
08:45:38.0476 2964  [ 18AE7C98AE07D726EF8ACE2808FA44C5 ] \Device\Harddisk0\DR0\Partition1
08:45:38.0476 2964  \Device\Harddisk0\DR0\Partition1 - ok
08:45:38.0507 2964  [ 4E49B20DD35FBDFBB3E5BC3983DC6490 ] \Device\Harddisk0\DR0\Partition2
08:45:38.0507 2964  \Device\Harddisk0\DR0\Partition2 - ok
08:45:38.0507 2964  ============================================================
08:45:38.0507 2964  Scan finished
08:45:38.0507 2964  ============================================================
08:45:38.0523 2036  Detected object count: 0
08:45:38.0523 2036  Actual detected object count: 0
08:47:03.0996 3804  Deinitialize success
 

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.25.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Michael :: MICHAEL-PC [administrator]

3/27/2013 8:48:05 AM
mbam-log-2013-03-27 (08-48-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255745
Time elapsed: 2 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

MiniToolBox by Farbar  Version:05-03-2013
Ran by Michael (administrator) on 27-03-2013 at 08:53:35
Running from "C:\Users\Michael\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Intel® Centrino® Advanced-N 6200 AGN = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="Wireless Network Connection 3" address=192.168.16.2 mask=255.255.255.0


popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Michael-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : 00-27-10-B7-87-0D
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 00-27-10-B7-87-0D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6200 AGN
   Physical Address. . . . . . . . . : 00-27-10-B7-87-0C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::c01:131f:edf7:3ca1%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.102(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, March 27, 2013 8:40:55 AM
   Lease Expires . . . . . . . . . . : Thursday, March 28, 2013 8:40:54 AM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 184559376
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-79-38-4C-F0-4D-A2-58-F4-00
   DNS Servers . . . . . . . . . . . : 24.196.64.53
                                       68.113.206.10
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : eau.wi.charter.com
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : F0-4D-A2-58-F4-00
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{304BC1FC-AF12-4BC6-B7FE-E2D0B0789538}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{7DB03423-6F01-4DD3-82FA-CEE4DF9C4431}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{5F94EEB8-4CF2-44F0-88DF-AE6EAC5873D4}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.eau.wi.charter.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:38f8:79a:bb41:5edc(Preferred)
   Link-local IPv6 Address . . . . . : fe80::38f8:79a:bb41:5edc%17(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  vip01ftbgwi.ftbg.wi.charter.com
Address:  24.196.64.53

Name:    google.com
Addresses:  2607:f8b0:4009:803::1000
   74.125.225.8
   74.125.225.1
   74.125.225.6
   74.125.225.4
   74.125.225.3
   74.125.225.5
   74.125.225.0
   74.125.225.2
   74.125.225.14
   74.125.225.7
   74.125.225.9


Pinging google.com [74.125.225.39] with 32 bytes of data:
Reply from 74.125.225.39: bytes=32 time=25ms TTL=50
Reply from 74.125.225.39: bytes=32 time=24ms TTL=50

Ping statistics for 74.125.225.39:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 24ms, Maximum = 25ms, Average = 24ms
Server:  vip01ftbgwi.ftbg.wi.charter.com
Address:  24.196.64.53

Name:    yahoo.com
Addresses:  98.138.253.109
   98.139.183.24
   206.190.36.45


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=293ms TTL=43
Reply from 98.139.183.24: bytes=32 time=544ms TTL=42

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 293ms, Maximum = 544ms, Average = 418ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...00 27 10 b7 87 0d ......Microsoft Virtual WiFi Miniport Adapter #2
 13...00 27 10 b7 87 0d ......Microsoft Virtual WiFi Miniport Adapter
 12...00 27 10 b7 87 0c ......Intel® Centrino® Advanced-N 6200 AGN
 10...f0 4d a2 58 f4 00 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 36...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 37...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.102     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.102    281
    192.168.0.102  255.255.255.255         On-link     192.168.0.102    281
    192.168.0.255  255.255.255.255         On-link     192.168.0.102    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.102    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.102    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 17     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 17     58 2001::/32                On-link
 17    306 2001:0:4137:9e76:38f8:79a:bb41:5edc/128
                                    On-link
 12    281 fe80::/64                On-link
 17    306 fe80::/64                On-link
 12    281 fe80::c01:131f:edf7:3ca1/128
                                    On-link
 17    306 fe80::38f8:79a:bb41:5edc/128
                                    On-link
  1    306 ff00::/8                 On-link
 17    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============
Error: (03/27/2013 08:42:02 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/27/2013 08:40:44 AM) (Source: Service Control Manager) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
%%2

Error: (03/27/2013 08:40:41 AM) (Source: Service Control Manager) (User: )
Description: The MBAMProtector service failed to start due to the following error:
%%2

Error: (03/26/2013 08:54:47 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/26/2013 08:53:36 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
%%2

Error: (03/26/2013 08:53:30 PM) (Source: Service Control Manager) (User: )
Description: The MBAMProtector service failed to start due to the following error:
%%2

Error: (03/26/2013 02:04:36 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error:
%%2

Error: (03/26/2013 02:04:31 PM) (Source: Service Control Manager) (User: )
Description: The MBAMProtector service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (09/24/2012 06:49:25 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/21/2011 03:23:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 62 seconds with 0 seconds of active time.  This session ended with a crash.


=========================== Installed Programs ============================

 Update for Microsoft Office 2007 (KB2508958)
AccelerometerP11 (Version: 2.00.11.15)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Reader 9.1.2 (Version: 9.1.2)
Advanced Audio FX Engine (Version: 1.12.05)
Apple Application Support (Version: 2.1.5)
Apple Software Update (Version: 2.1.3.127)
Canon MP560 series MP Drivers
CCleaner (Version: 3.21)
Cisco WebEx Meetings
Consumer In-Home Service Agreement (Version: 2.0.0)
D3DX10 (Version: 15.4.2368.0902)
Dell DataSafe Local Backup (Version: 9.4.48)
Dell Driver Download Manager (Version: 2.1.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Webcam Central (Version: 2.00.35)
ESET Online Scanner v3
ffdshow [rev 2527] [2008-12-19] (Version: 1.0)
FileZilla Client 3.5.0 (Version: 3.5.0)
Google Earth (Version: 7.0.3.8542)
Google SketchUp 8 (Version: 3.0.11752)
Google Update Helper (Version: 1.3.21.135)
GoToAssist 8.0.0.514
Intel PROSet Wireless
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2182)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® PROSet/Wireless WiFi Software (Version: 13.02.1000)
Intel® Turbo Boost Technology Monitor (Version: 1.0.186.6)
Intel® Wireless Display (Version: 1.2.20.0)
Internet Explorer (Version: 8)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 21 (64-bit) (Version: 6.0.210)
Java™ 6 Update 29 (Version: 6.0.290)
JMicron Flash Media Controller Driver (Version: 1.0.41.2)
Junk Mail filter update (Version: 15.4.3502.0922)
KONICA MINOLTA C360Series
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.0 (Version: 8.0.225.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Standard 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MotoHelper 2.0.24 Driver 4.7.1 (Version: 2.0.24)
MotoHelper MergeModules (Version: 1.0.0)
Motorola Mobile Drivers Installation 4.7.1 (Version: 4.7.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Display Control Panel (Version: 6.14.12.5939)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.5939)
NVIDIA Updatus (Version: 1.0.3)
Quickset64 (Version: 10.8.5)
QuickTime (Version: 7.71.80.42)
Realtek High Definition Audio Driver (Version: 6.0.1.6194)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.4.0)
Roxio Burn (Version: 1.01)
Skype Toolbars (Version: 1.0.4051)
Skype™ 5.10 (Version: 5.10.116)
Synaptics Pointing Device Driver (Version: 15.1.4.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Wise Disk Cleaner 5.82
Wise PC Engineer 6.3.8
Yahoo! Messenger
Yahoo! Software Update

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 5876.3 MB
Available physical RAM: 4180.55 MB
Total Pagefile: 11750.78 MB
Available Pagefile: 9924.98 MB
Total Virtual: 4095.88 MB
Available Virtual: 3967.71 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:581.47 GB) (Free:520.96 GB) NTFS

========================= Users: ========================================

User accounts for \\MICHAEL-PC

Administrator            Guest                    Michael                 
UpdatusUser             


**** End of log ****

 

Farbar Service Scanner Version: 03-03-2013
Ran by Michael (administrator) on 27-03-2013 at 08:55:40
Running from "C:\Users\Michael\Desktop"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

 

# AdwCleaner v2.115 - Logfile created 03/27/2013 at 08:58:04
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Michael - MICHAEL-PC
# Boot Mode : Normal
# Running from : C:\Users\Michael\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
Folder Deleted : C:\Users\Michael\AppData\Local\PackageAware

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\CouponAlert_2p
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7E7FB02-C4FD-446E-8F5B-463A049935BF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AF08E71-3657-462F-898C-F7E791948F94}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7225F6C9-CF64-4D6D-AE8A-169779FD7B4D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [3413 octets] - [27/03/2013 08:58:04]

########## EOF - C:\AdwCleaner[S1].txt - [3473 octets] ##########

 

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "FreeFallProtection" "FF_Protection MFC Application" "" "c:\program files (x86)\stmicroelectronics\accelerometerp11\ff_protection.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "IntelliPoint" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft intellipoint\ipoint.exe"
+ "IntelWireless" "Intel® PROSet/Wireless Framework" "Intel® Corporation" "c:\program files\common files\intel\wirelesscommon\ifrmewrk.exe"
+ "NVHotkey" "NVIDIA Hotkey Service, Version 259.39" "NVIDIA Corporation" "c:\windows\system32\nvhotkey.dll"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "QuickSet" "QuickSet" "Dell Inc." "c:\program files\dell\quickset\quickset.exe"
+ "RtHDVBg" "HD Audio Background Process" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravbg64.exe"
+ "RTHDVCPL" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\rtkngui64.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "Dell Webcam Central" "WebcamDell2.exe" "Creative Technology Ltd" "c:\program files (x86)\dell webcam\dell webcam central\webcamdell2.exe"
+ "Desktop Disc Tool" "Roxio Burn Launcher" "" "c:\program files (x86)\roxio\roxio burn\roxioburnlauncher.exe"
+ "NUSB3MON" "USB 3.0 Monitor" "Renesas Electronics Corporation" "c:\program files (x86)\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "msnmsgr" "Windows Live Messenger" "Microsoft Corporation" "c:\program files (x86)\windows live\messenger\msnmsgr.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "FileZilla3CopyHook" "fzshellext Dynamic Link Library" "" "c:\program files (x86)\filezilla ftp client\fzshellext_64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "FileZilla3CopyHook" "fzshellext Dynamic Link Library" "" "c:\program files (x86)\filezilla ftp client\fzshellext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
+ "NvCplDesktopContext" "" "NVIDIA Corporation" "c:\windows\system32\nvshext.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "Search Helper" "Search Helper for Internet Explorer" "Microsoft Corporation" "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
+ "Skype add-on for Internet Explorer" "Skype add-on for IE" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
+ "Windows Live Messenger Companion Helper" "Windows Live Messenger Companion Core" "Microsoft Corporation" "c:\program files (x86)\windows live\companion\companioncore.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
+ "Messenger Companion (Ctrl+Shift+C)" "Windows Live Messenger Companion Core" "Microsoft Corporation" "c:\program files (x86)\windows live\companion\companioncore.dll"
+ "Skype add-on for Internet Explorer" "Skype add-on for IE" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\CCleanerSkipUAC" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\Microsoft_Hardware_Launch_IPoint_exe" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft intellipoint\ipoint.exe"
+ "\SidebarExecute" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "\{D1EA195E-6D68-47C7-BFE4-B984BA3EC68F}" "" "" "File not found: C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AERTFilters" "Andrea filters APO access service (64-bit)" "Andrea Electronics Corporation" "c:\program files\realtek\audio\hda\aertsr64.exe"
+ "EvtEng" "Manages the event trace messages for all the Intel® PROSet/Wireless Software components." "Intel® Corporation" "c:\program files\intel\wifi\bin\evteng.exe"
+ "GoToAssist" "Citrix GoToAssist provides remote help to this PC." "Citrix Online, a division of Citrix Systems, Inc." "c:\program files (x86)\citrix\gotoassist\514\g2aservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "LMS" "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "MotoHelper" "MotoHelper Service" "" "c:\program files (x86)\motorola\motohelper\motohelperservice.exe"
+ "MyWiFiDHCPDNS" "Wireless PAN DHCP and DNS Server" "" "c:\program files\intel\wifi\bin\pandhcpdns.exe"
+ "nvsvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvvsvc.exe"
+ "nvUpdatusService" "NVIDIA Settings Update Manager service, used to check new updates from NVIDIA server." "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "RegSrvc" "Provides registry access to all Intel® PROSet/Wireless Software components" "Intel® Corporation" "c:\program files\common files\intel\wirelesscommon\regsrvc.exe"
+ "SeaPort" "Enables the detection, download and installation of up-to-date configuration files for Microsoft Search Enhancement applications. Also provides server communication for the customer experience improvement program. If this service is disabled, search enhancement features such as search history may not work correctly." "Microsoft Corporation" "c:\program files (x86)\microsoft\search enhancement pack\seaport\seaport.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe"
+ "Stereo Service" "Provides system support for NVIDIA Stereoscopic 3D driver" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe"
+ "TurboBoost" "Turbo Boost Monitor Service" "Intel® Corporation" "c:\program files\intel\turboboost\turboboost.exe"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "YahooAUService" "Keeps your favorite Yahoo! software up-to-date with the latest features, tools, and enhancements." "Yahoo! Inc." "c:\program files (x86)\yahoo!\softwareupdate\yahooauservice.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Acceler" "Accelerometer Port I/O" "ST Microelectronics" "c:\windows\system32\drivers\accelern.sys"
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "CtClsFlt" "Video Class Upper Filter Driver (64-bit)" "Creative Technology Ltd." "c:\windows\system32\drivers\ctclsflt.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HECIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "Impcd" "Intel® Turbo Boost Technology Driver" "Intel Corporation" "c:\windows\system32\drivers\impcd.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys"
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys"
+ "JMCR" "JMicron JMB38X Flash Media Controller Driver" "JMicron Technology Corporation" "c:\windows\system32\drivers\jmcr.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "" "" "File not found: C:\Windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "motccgp" "Motorola USB Composite Device Driver" "Motorola" "c:\windows\system32\drivers\motccgp.sys"
+ "motccgpfl" "Motorola USB Composite Filter Driver" "Motorola" "c:\windows\system32\drivers\motccgpfl.sys"
+ "MotoSwitchService" "" "Motorola" "c:\windows\system32\drivers\motswch.sys"
+ "NETw5s64" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netw5s64.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nusb3hub" "USB 3.0 Hub Driver" "Renesas Electronics Corporation" "c:\windows\system32\drivers\nusb3hub.sys"
+ "nusb3xhc" "USB 3.0 Host Controller Driver" "Renesas Electronics Corporation" "c:\windows\system32\drivers\nusb3xhc.sys"
+ "NVHDA" "NVIDIA HDMI Audio Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvhda64v.sys"
+ "nvlddmkm" "NVIDIA Windows Kernel Mode Driver, Version 259.39 " "NVIDIA Corporation" "c:\windows\system32\drivers\nvlddmkm.sys"
+ "nvpciflt" "NVIDIA Windows Kernel Mode Driver, Version 259.39 " "NVIDIA Corporation" "c:\windows\system32\drivers\nvpciflt.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PxHlpa64" "Px Engine Device Driver for 64-bit Windows" "Sonic Solutions" "c:\windows\system32\drivers\pxhlpa64.sys"
+ "qicflt" "Win7 QicFilterDriver-64Bits" "Quanta Computer" "c:\windows\system32\drivers\qicflt.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver                " "Realtek                                            " "c:\windows\system32\drivers\rt64win7.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stdcfltn" "Disk Class Filter Driver for Accelerometer" "ST Microelectronics" "c:\windows\system32\drivers\stdcfltn.sys"
+ "stexstor" "Promise  SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "TurboB" "Turbo Boost UI Monitor driver" "" "c:\windows\system32\drivers\turbob.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "wdkmd" "Intel Wireless Display Solution" "Intel Corporation" "c:\windows\system32\drivers\wdkmd.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "VIDC.FFDS" "" "" "c:\windows\syswow64\ff_vfw.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files (x86)\google\google earth\client\wavdest.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Creative Correct TimeStamp Filter" "Creative Correct TimeStamp Filter" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\ctfrfix.ax"
+ "Creative H264 No Quality Control Filter" "Creative No Quality Control  Filter" "Creative Technology Ltd." "c:\program files (x86)\dell webcam\dell webcam central\cth264noqc.ax"
+ "Creative MJPEG Decoder 2" "Decoder" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\ctmjpgdec2.ax"
+ "Creative Video Processing Filter" "Creative Video Processing Filter" "Creative Technology Ltd." "c:\program files (x86)\creative\shared files\vidprocu.ax"
+ "DS Video Buffer Filter" "WiDiAgent.dll COM object." "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\dsbuffer_video.ax"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "MainConcept AAC Encoder" "AAC audio encoder filter" "MainConcept GmbH" "c:\program files (x86)\common files\intel corporation\mainconcept filters\mc_enc_aac_ds.ax"
+ "MainConcept MPEG Multiplexer-Plus" "MPEG Multiplexer-Plus DS Filter" "MainConcept GmbH" "c:\program files (x86)\common files\intel corporation\mainconcept filters\mcmpeg2mux.ax"
+ "MainConcept Network Renderer" "Network Renderer" "MainConcept GmbH" "c:\program files (x86)\common files\intel corporation\mainconcept filters\mc_net_renderer_ds.ax"
+ "QIC1802 Demux" "QIC1802 Demux" "Quanta Computer Inc." "c:\program files (x86)\dell webcam\dell webcam central\qicdemux.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WD Audio Filter" "WiDi Audio Source Filter." "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\wdaudiofilter.dll"
+ "WDSource Filter" "WiDi Video Source Filter." "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\wdsourcefilter.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
+ "C:\Windows\system32\nvinitx.dll" "NVIDIA Compatible NVIDIA shim initialization dll, Version 259.39 " "NVIDIA Corporation" "c:\windows\system32\nvinitx.dll"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
+ "C:\Windows\SysWOW64\nvinit.dll" "NVIDIA Compatible NVIDIA shim initialization dll, Version 259.39 " "NVIDIA Corporation" "c:\windows\syswow64\nvinit.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "GoToAssist" "" "" "File not found: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll"
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "C360SeriesPCL Language Monitor" "" "" "c:\windows\system32\koaz8j_l.dll"
+ "C360SeriesPS Language Monitor" "" "" "c:\windows\system32\koaz8a_l.dll"
+ "C360SeriesXPS Language Monitor" "" "" "c:\windows\system32\koaz8w_l.dll"
+ "Canon BJ Language Monitor MP560 series" "IJ Language Monitor" "CANON INC." "c:\windows\system32\cnmlma0.dll"
 

 

I hope I did it all right and got the logs posted correctly.  I can't thank you enough for your time and help. 



#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:51 AM

Posted 27 March 2013 - 09:41 AM

That looks good

Remove temporary and junk files

Download Temp file cleaner from HERE.Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode
 

Create a new restore point

Follow this guide to turn off and turn on your restore points

Windows XP

Vista & windows 7

Windows 8

Turn off your system restore-It deletes old infected restore points.Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old versions of java and flash player from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/ & http://www.adobe.com/support/flashplayer/downloads.html

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

Best Practices for Safe Computing - Prevention of Malware Infection

Simple and easy ways to keep your computer safe and secure on the Internet


Safe surfing :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users