Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with Trojan removal


  • Please log in to reply
11 replies to this topic

#1 Supergirl73

Supergirl73

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:30 AM

Posted 04 April 2013 - 05:34 PM

Just had help with my mother's computer for the same thing (coincidentally, she had been using my computer also - hmmm.....) last night, anyway - wanted to start a new post as I'm not sure of the protocol.  Ran malwarebytes and have problem narrowed to box in bottom right notifying repeatedly:  Malwarebytes has blocked and quarantined a threat: C:\Windows\svchost.exeTrogan.Agent

 

Assuming I can follow the same steps as I did for the Trojan removal help I asked for yesterday and will start the same with GMER and TDSSkiller logs below momentarily.  Laptop is Dell Studio XPS with Windows 7.  THANK YOU in advance to whomever helps me....so thankful!!!



BC AdBot (Login to Remove)

 


#2 Supergirl73

Supergirl73
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:30 AM

Posted 04 April 2013 - 05:38 PM

17:35:32.0261 3184  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:35:32.0588 3184  ============================================================
17:35:32.0588 3184  Current date / time: 2013/04/04 17:35:32.0588
17:35:32.0588 3184  SystemInfo:
17:35:32.0588 3184 
17:35:32.0588 3184  OS Version: 6.1.7601 ServicePack: 1.0
17:35:32.0588 3184  Product type: Workstation
17:35:32.0588 3184  ComputerName: TINA-PC
17:35:32.0588 3184  UserName: Tina
17:35:32.0588 3184  Windows directory: C:\Windows
17:35:32.0588 3184  System windows directory: C:\Windows
17:35:32.0588 3184  Running under WOW64
17:35:32.0588 3184  Processor architecture: Intel x64
17:35:32.0588 3184  Number of processors: 8
17:35:32.0588 3184  Page size: 0x1000
17:35:32.0588 3184  Boot type: Normal boot
17:35:32.0588 3184  ============================================================
17:35:33.0758 3184  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:35:33.0774 3184  ============================================================
17:35:33.0774 3184  \Device\Harddisk0\DR0:
17:35:33.0774 3184  MBR partitions:
17:35:33.0774 3184  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x2328000
17:35:33.0774 3184  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x233B9C5, BlocksNum 0xCB400EB
17:35:33.0774 3184  ============================================================
17:35:33.0774 3184  C: <-> \Device\Harddisk0\DR0\Partition2
17:35:33.0774 3184  ============================================================
17:35:33.0774 3184  Initialize success
17:35:33.0774 3184  ============================================================
17:35:47.0549 4204  ============================================================
17:35:47.0549 4204  Scan started
17:35:47.0549 4204  Mode: Manual; TDLFS;
17:35:47.0549 4204  ============================================================
17:35:48.0048 4204  ================ Scan system memory ========================
17:35:48.0048 4204  System memory - ok
17:35:48.0048 4204  ================ Scan services =============================
17:35:48.0110 4204  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:35:48.0126 4204  1394ohci - ok
17:35:48.0126 4204  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:35:48.0126 4204  ACPI - ok
17:35:48.0126 4204  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:35:48.0142 4204  AcpiPmi - ok
17:35:48.0157 4204  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:35:48.0157 4204  AdobeARMservice - ok
17:35:48.0188 4204  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:35:48.0188 4204  AdobeFlashPlayerUpdateSvc - ok
17:35:48.0220 4204  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:35:48.0235 4204  adp94xx - ok
17:35:48.0235 4204  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:35:48.0251 4204  adpahci - ok
17:35:48.0266 4204  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:35:48.0266 4204  adpu320 - ok
17:35:48.0282 4204  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:35:48.0282 4204  AeLookupSvc - ok
17:35:48.0298 4204  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
17:35:48.0298 4204  AESTFilters - ok
17:35:48.0329 4204  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
17:35:48.0329 4204  AFD - ok
17:35:48.0344 4204  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:35:48.0344 4204  agp440 - ok
17:35:48.0360 4204  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
17:35:48.0360 4204  ALG - ok
17:35:48.0360 4204  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:35:48.0376 4204  aliide - ok
17:35:48.0376 4204  [ 3D90CF67DB75823A8480E56BBCD2E028 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:35:48.0376 4204  AMD External Events Utility - ok
17:35:48.0376 4204  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:35:48.0391 4204  amdide - ok
17:35:48.0391 4204  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:35:48.0407 4204  AmdK8 - ok
17:35:48.0500 4204  [ 52679612D742BF74CA1BA6AB86DDF431 ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
17:35:48.0610 4204  amdkmdag - ok
17:35:48.0610 4204  [ 414E0788920A8C856032BE2CBF29F984 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
17:35:48.0625 4204  amdkmdap - ok
17:35:48.0625 4204  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:35:48.0625 4204  AmdPPM - ok
17:35:48.0641 4204  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:35:48.0641 4204  amdsata - ok
17:35:48.0656 4204  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:35:48.0656 4204  amdsbs - ok
17:35:48.0672 4204  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:35:48.0672 4204  amdxata - ok
17:35:48.0672 4204  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
17:35:48.0672 4204  AppID - ok
17:35:48.0688 4204  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:35:48.0688 4204  AppIDSvc - ok
17:35:48.0688 4204  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
17:35:48.0688 4204  Appinfo - ok
17:35:48.0703 4204  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:35:48.0703 4204  Apple Mobile Device - ok
17:35:48.0703 4204  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:35:48.0719 4204  arc - ok
17:35:48.0719 4204  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:35:48.0719 4204  arcsas - ok
17:35:48.0734 4204  ASPI32 - ok
17:35:48.0734 4204  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:35:48.0734 4204  AsyncMac - ok
17:35:48.0750 4204  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
17:35:48.0750 4204  atapi - ok
17:35:48.0750 4204  [ 1941D70C83BDFF19A5F47043A5883678 ] atashost        C:\Windows\SysWOW64\atashost.exe
17:35:48.0766 4204  atashost - ok
17:35:48.0766 4204  [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
17:35:48.0781 4204  AtiHdmiService - ok
17:35:48.0781 4204  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:35:48.0797 4204  AudioEndpointBuilder - ok
17:35:48.0797 4204  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:35:48.0797 4204  AudioSrv - ok
17:35:48.0890 4204  [ 0D8244A9DB70BC6C36E2FB56F6039AB6 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
17:35:48.0922 4204  AVGIDSAgent - ok
17:35:48.0922 4204  [ AC6CB348F67B6B1B75C0EFB8927A8B03 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
17:35:48.0937 4204  AVGIDSDriver - ok
17:35:48.0937 4204  [ 2940FACB6EF92BD1936E4A1E2502468E ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
17:35:48.0937 4204  AVGIDSHA - ok
17:35:48.0953 4204  [ 54B66C4AEEC6C4F742F3569EBA03EBB8 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
17:35:48.0953 4204  Avgldx64 - ok
17:35:48.0984 4204  [ 13667B5D6310228A9FEF2BA5FCD9081F ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
17:35:48.0984 4204  Avgloga - ok
17:35:49.0000 4204  [ BE82F9A1F2CCF4CE746D0C645D94079E ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
17:35:49.0000 4204  Avgmfx64 - ok
17:35:49.0000 4204  [ 5D11620DEF66F9DC9468FEE385A8429B ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
17:35:49.0000 4204  Avgrkx64 - ok
17:35:49.0015 4204  [ 71309F30D4F4565EC611FE3FC33A3A0F ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
17:35:49.0015 4204  Avgtdia - ok
17:35:49.0031 4204  [ 4A175D2D30D31F7DF46F09B9A108E089 ] avgtp           C:\Windows\system32\drivers\avgtpx64.sys
17:35:49.0031 4204  avgtp - ok
17:35:49.0046 4204  [ DC98337F0D2A9F6C0B6FB682297ECE3B ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
17:35:49.0046 4204  avgwd - ok
17:35:49.0046 4204  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:35:49.0046 4204  AxInstSV - ok
17:35:49.0062 4204  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
17:35:49.0062 4204  b06bdrv - ok
17:35:49.0078 4204  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:35:49.0093 4204  b57nd60a - ok
17:35:49.0093 4204  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:35:49.0093 4204  BDESVC - ok
17:35:49.0093 4204  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:35:49.0109 4204  Beep - ok
17:35:49.0124 4204  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
17:35:49.0124 4204  BFE - ok
17:35:49.0140 4204  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
17:35:49.0140 4204  BITS - ok
17:35:49.0156 4204  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:35:49.0156 4204  blbdrive - ok
17:35:49.0171 4204  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:35:49.0171 4204  Bonjour Service - ok
17:35:49.0171 4204  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:35:49.0171 4204  bowser - ok
17:35:49.0171 4204  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:35:49.0187 4204  BrFiltLo - ok
17:35:49.0187 4204  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:35:49.0202 4204  BrFiltUp - ok
17:35:49.0202 4204  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
17:35:49.0202 4204  Browser - ok
17:35:49.0202 4204  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:35:49.0218 4204  Brserid - ok
17:35:49.0218 4204  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:35:49.0234 4204  BrSerWdm - ok
17:35:49.0234 4204  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:35:49.0249 4204  BrUsbMdm - ok
17:35:49.0249 4204  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:35:49.0249 4204  BrUsbSer - ok
17:35:49.0265 4204  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:35:49.0265 4204  BTHMODEM - ok
17:35:49.0265 4204  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
17:35:49.0280 4204  bthserv - ok
17:35:49.0280 4204  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:35:49.0280 4204  cdfs - ok
17:35:49.0296 4204  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
17:35:49.0296 4204  cdrom - ok
17:35:49.0312 4204  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:35:49.0312 4204  CertPropSvc - ok
17:35:49.0312 4204  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:35:49.0327 4204  circlass - ok
17:35:49.0327 4204  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
17:35:49.0327 4204  CLFS - ok
17:35:49.0343 4204  [ FDFF50AF8A708A23B7DE1D69C285A2AE ] CLKMSVC10_9EC60124 c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
17:35:50.0154 4204  CLKMSVC10_9EC60124 - ok
17:35:50.0575 4204  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:35:50.0606 4204  clr_optimization_v2.0.50727_32 - ok
17:35:50.0622 4204  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:35:50.0638 4204  clr_optimization_v2.0.50727_64 - ok
17:35:50.0653 4204  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:35:50.0653 4204  clr_optimization_v4.0.30319_32 - ok
17:35:50.0653 4204  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:35:50.0653 4204  clr_optimization_v4.0.30319_64 - ok
17:35:50.0669 4204  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:35:50.0684 4204  CmBatt - ok
17:35:50.0684 4204  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:35:50.0700 4204  cmdide - ok
17:35:50.0700 4204  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
17:35:50.0716 4204  CNG - ok
17:35:50.0716 4204  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:35:50.0716 4204  Compbatt - ok
17:35:50.0716 4204  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:35:50.0731 4204  CompositeBus - ok
17:35:50.0747 4204  COMSysApp - ok
17:35:50.0747 4204  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:35:50.0747 4204  crcdisk - ok
17:35:50.0762 4204  [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
17:35:50.0778 4204  Creative ALchemy AL6 Licensing Service - ok
17:35:50.0778 4204  [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
17:35:50.0794 4204  Creative Audio Engine Licensing Service - ok
17:35:50.0794 4204  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:35:50.0794 4204  CryptSvc - ok
17:35:50.0809 4204  [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
17:35:50.0825 4204  CTAudSvcService - ok
17:35:50.0825 4204  [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
17:35:50.0840 4204  CtClsFlt - ok
17:35:50.0840 4204  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:35:50.0856 4204  DcomLaunch - ok
17:35:50.0856 4204  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
17:35:50.0856 4204  defragsvc - ok
17:35:50.0856 4204  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:35:50.0856 4204  DfsC - ok
17:35:50.0872 4204  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:35:50.0872 4204  Dhcp - ok
17:35:50.0872 4204  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
17:35:50.0872 4204  discache - ok
17:35:50.0887 4204  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:35:50.0887 4204  Disk - ok
17:35:50.0887 4204  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:35:50.0887 4204  Dnscache - ok
17:35:50.0887 4204  DockLoginService - ok
17:35:50.0903 4204  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:35:50.0903 4204  dot3svc - ok
17:35:50.0903 4204  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
17:35:50.0903 4204  DPS - ok
17:35:50.0903 4204  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:35:50.0918 4204  drmkaud - ok
17:35:50.0934 4204  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:35:50.0950 4204  DXGKrnl - ok
17:35:50.0950 4204  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
17:35:50.0950 4204  EapHost - ok
17:35:50.0981 4204  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
17:35:51.0028 4204  ebdrv - ok
17:35:51.0028 4204  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
17:35:51.0028 4204  EFS - ok
17:35:51.0043 4204  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:35:51.0043 4204  ehRecvr - ok
17:35:51.0059 4204  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
17:35:51.0059 4204  ehSched - ok
17:35:51.0059 4204  [ D38A883309E04B9FBFFE1ACA60EA3BBF ] ElRawDisk       C:\Windows\system32\drivers\ElRawDsk.sys
17:35:51.0059 4204  ElRawDisk - ok
17:35:51.0074 4204  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:35:51.0090 4204  elxstor - ok
17:35:51.0090 4204  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:35:51.0090 4204  ErrDev - ok
17:35:51.0106 4204  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
17:35:51.0106 4204  EventSystem - ok
17:35:51.0121 4204  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
17:35:51.0121 4204  exfat - ok
17:35:51.0137 4204  [ 2C1D443E14F376E8331F52F135DCA9EF ] FACAP           C:\Windows\system32\DRIVERS\facap.sys
17:35:51.0137 4204  FACAP - ok
17:35:51.0184 4204  [ 53E30A6E86AA93C0FFC0BC0439E3E636 ] FAService       C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
17:35:51.0199 4204  FAService - ok
17:35:51.0199 4204  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:35:51.0215 4204  fastfat - ok
17:35:51.0215 4204  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
17:35:51.0230 4204  Fax - ok
17:35:51.0230 4204  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:35:51.0230 4204  fdc - ok
17:35:51.0246 4204  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:35:51.0246 4204  fdPHost - ok
17:35:51.0246 4204  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:35:51.0246 4204  FDResPub - ok
17:35:51.0246 4204  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:35:51.0246 4204  FileInfo - ok
17:35:51.0246 4204  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:35:51.0246 4204  Filetrace - ok
17:35:51.0262 4204  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:35:51.0262 4204  flpydisk - ok
17:35:51.0277 4204  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:35:51.0277 4204  FltMgr - ok
17:35:51.0293 4204  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
17:35:51.0293 4204  FontCache - ok
17:35:51.0293 4204  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:35:51.0324 4204  FontCache3.0.0.0 - ok
17:35:51.0324 4204  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:35:51.0324 4204  FsDepends - ok
17:35:51.0324 4204  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:35:51.0324 4204  Fs_Rec - ok
17:35:51.0340 4204  [ FA169871D8FADCC6539C4E8726610286 ] FTDIBUS         C:\Windows\system32\drivers\ftdibus.sys
17:35:51.0340 4204  FTDIBUS - ok
17:35:51.0340 4204  [ 24237091348D1EFB5635A1CF9649E311 ] FTSER2K         C:\Windows\system32\drivers\ftser2k.sys
17:35:51.0355 4204  FTSER2K - ok
17:35:51.0371 4204  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:35:51.0371 4204  fvevol - ok
17:35:51.0371 4204  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:35:51.0371 4204  gagp30kx - ok
17:35:51.0386 4204  [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
17:35:51.0402 4204  GameConsoleService - ok
17:35:51.0418 4204  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:35:51.0418 4204  GEARAspiWDM - ok
17:35:51.0418 4204  [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist      C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
17:35:51.0433 4204  GoToAssist - ok
17:35:51.0449 4204  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
17:35:51.0449 4204  gpsvc - ok
17:35:51.0449 4204  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:35:51.0464 4204  hcw85cir - ok
17:35:51.0464 4204  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
17:35:51.0464 4204  HDAudBus - ok
17:35:51.0464 4204  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:35:51.0480 4204  HidBatt - ok
17:35:51.0480 4204  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:35:51.0496 4204  HidBth - ok
17:35:51.0496 4204  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:35:51.0496 4204  HidIr - ok
17:35:51.0511 4204  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
17:35:51.0511 4204  hidserv - ok
17:35:51.0511 4204  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:35:51.0511 4204  HidUsb - ok
17:35:51.0527 4204  [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK      C:\Windows\system32\drivers\HipShieldK.sys
17:35:51.0542 4204  HipShieldK - ok
17:35:51.0542 4204  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:35:51.0542 4204  hkmsvc - ok
17:35:51.0558 4204  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:35:51.0558 4204  HomeGroupListener - ok
17:35:51.0558 4204  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:35:51.0558 4204  HomeGroupProvider - ok
17:35:51.0558 4204  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:35:51.0574 4204  HpSAMD - ok
17:35:51.0589 4204  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:35:51.0589 4204  HTTP - ok
17:35:51.0589 4204  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:35:51.0589 4204  hwpolicy - ok
17:35:51.0589 4204  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:35:51.0605 4204  i8042prt - ok
17:35:51.0620 4204  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:35:51.0620 4204  iaStorV - ok
17:35:51.0636 4204  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:35:51.0636 4204  IDriverT - ok
17:35:51.0652 4204  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:35:51.0683 4204  idsvc - ok
17:35:51.0683 4204  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:35:51.0698 4204  iirsp - ok
17:35:51.0714 4204  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:35:51.0714 4204  IKEEXT - ok
17:35:51.0714 4204  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
17:35:51.0730 4204  intelide - ok
17:35:51.0730 4204  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:35:51.0730 4204  intelppm - ok
17:35:51.0745 4204  [ D07AD1A8FDD48E995E73D0732D8795AA ] ioloSystemService C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
17:35:51.0761 4204  ioloSystemService - ok
17:35:51.0761 4204  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:35:51.0761 4204  IPBusEnum - ok
17:35:51.0761 4204  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:35:51.0776 4204  IpFilterDriver - ok
17:35:51.0776 4204  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:35:51.0792 4204  iphlpsvc - ok
17:35:51.0792 4204  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:35:51.0808 4204  IPMIDRV - ok
17:35:51.0808 4204  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:35:51.0808 4204  IPNAT - ok
17:35:51.0823 4204  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:35:51.0823 4204  iPod Service - ok
17:35:51.0823 4204  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:35:51.0823 4204  IRENUM - ok
17:35:51.0823 4204  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:35:51.0839 4204  isapnp - ok
17:35:51.0839 4204  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:35:51.0854 4204  iScsiPrt - ok
17:35:51.0854 4204  [ 8D990A44B4F2B68E2C56A3724EC3EB84 ] itecir          C:\Windows\system32\DRIVERS\itecir.sys
17:35:51.0870 4204  itecir - ok
17:35:51.0870 4204  [ 9D7EA8C7215D8D4AE7BE110EEE61085D ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
17:35:51.0886 4204  k57nd60a - ok
17:35:51.0886 4204  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:35:51.0901 4204  kbdclass - ok
17:35:51.0901 4204  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:35:51.0901 4204  kbdhid - ok
17:35:51.0917 4204  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
17:35:51.0917 4204  KeyIso - ok
17:35:51.0917 4204  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:35:51.0917 4204  KSecDD - ok
17:35:51.0917 4204  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:35:51.0917 4204  KSecPkg - ok
17:35:51.0932 4204  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:35:51.0932 4204  ksthunk - ok
17:35:51.0932 4204  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:35:51.0948 4204  KtmRm - ok
17:35:51.0964 4204  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:35:51.0964 4204  LanmanServer - ok
17:35:51.0964 4204  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:35:51.0964 4204  LanmanWorkstation - ok
17:35:51.0979 4204  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:35:51.0979 4204  lltdio - ok
17:35:51.0979 4204  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:35:51.0995 4204  lltdsvc - ok
17:35:51.0995 4204  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:35:51.0995 4204  lmhosts - ok
17:35:51.0995 4204  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:35:52.0010 4204  LSI_FC - ok
17:35:52.0010 4204  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:35:52.0026 4204  LSI_SAS - ok
17:35:52.0026 4204  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:35:52.0042 4204  LSI_SAS2 - ok
17:35:52.0042 4204  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:35:52.0057 4204  LSI_SCSI - ok
17:35:52.0057 4204  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:35:52.0057 4204  luafv - ok
17:35:52.0057 4204  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:35:52.0057 4204  MBAMProtector - ok
17:35:52.0073 4204  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:35:52.0073 4204  MBAMScheduler - ok
17:35:52.0088 4204  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:35:52.0088 4204  MBAMService - ok
17:35:52.0088 4204  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:35:52.0104 4204  Mcx2Svc - ok
17:35:52.0104 4204  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:35:52.0120 4204  megasas - ok
17:35:52.0120 4204  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:35:52.0135 4204  MegaSR - ok
17:35:52.0135 4204  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
17:35:52.0135 4204  MMCSS - ok
17:35:52.0135 4204  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
17:35:52.0151 4204  Modem - ok
17:35:52.0151 4204  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:35:52.0151 4204  monitor - ok
17:35:52.0151 4204  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:35:52.0166 4204  mouclass - ok
17:35:52.0166 4204  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:35:52.0182 4204  mouhid - ok
17:35:52.0182 4204  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:35:52.0182 4204  mountmgr - ok
17:35:52.0182 4204  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:35:52.0198 4204  mpio - ok
17:35:52.0198 4204  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:35:52.0198 4204  mpsdrv - ok
17:35:52.0213 4204  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:35:52.0213 4204  MpsSvc - ok
17:35:52.0229 4204  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:35:52.0229 4204  MRxDAV - ok
17:35:52.0244 4204  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:35:52.0244 4204  mrxsmb - ok
17:35:52.0244 4204  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:35:52.0244 4204  mrxsmb10 - ok
17:35:52.0260 4204  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:35:52.0260 4204  mrxsmb20 - ok
17:35:52.0260 4204  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:35:52.0260 4204  msahci - ok
17:35:52.0260 4204  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:35:52.0276 4204  msdsm - ok
17:35:52.0276 4204  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
17:35:52.0291 4204  MSDTC - ok
17:35:52.0291 4204  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:35:52.0307 4204  Msfs - ok
17:35:52.0307 4204  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:35:52.0307 4204  mshidkmdf - ok
17:35:52.0307 4204  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:35:52.0307 4204  msisadrv - ok
17:35:52.0322 4204  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:35:52.0322 4204  MSiSCSI - ok
17:35:52.0322 4204  msiserver - ok
17:35:52.0322 4204  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:35:52.0338 4204  MSKSSRV - ok
17:35:52.0338 4204  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:35:52.0354 4204  MSPCLOCK - ok
17:35:52.0354 4204  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:35:52.0354 4204  MSPQM - ok
17:35:52.0369 4204  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:35:52.0369 4204  MsRPC - ok
17:35:52.0369 4204  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:35:52.0369 4204  mssmbios - ok
17:35:52.0385 4204  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:35:52.0385 4204  MSTEE - ok
17:35:52.0385 4204  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:35:52.0400 4204  MTConfig - ok
17:35:52.0400 4204  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:35:52.0400 4204  Mup - ok
17:35:52.0400 4204  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
17:35:52.0416 4204  napagent - ok
17:35:52.0416 4204  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:35:52.0416 4204  NativeWifiP - ok
17:35:52.0432 4204  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:35:52.0432 4204  NDIS - ok
17:35:52.0447 4204  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:35:52.0447 4204  NdisCap - ok
17:35:52.0447 4204  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:35:52.0463 4204  NdisTapi - ok
17:35:52.0463 4204  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:35:52.0463 4204  Ndisuio - ok
17:35:52.0478 4204  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:35:52.0478 4204  NdisWan - ok
17:35:52.0478 4204  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:35:52.0494 4204  NDProxy - ok
17:35:52.0494 4204  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:35:52.0510 4204  NetBIOS - ok
17:35:52.0510 4204  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:35:52.0510 4204  NetBT - ok
17:35:52.0510 4204  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
17:35:52.0525 4204  Netlogon - ok
17:35:52.0525 4204  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
17:35:52.0525 4204  Netman - ok
17:35:52.0541 4204  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
17:35:52.0541 4204  netprofm - ok
17:35:52.0541 4204  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:35:52.0712 4204  NetTcpPortSharing - ok
17:35:52.0790 4204  [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
17:35:52.0868 4204  NETw5s64 - ok
17:35:52.0884 4204  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:35:52.0884 4204  nfrd960 - ok
17:35:52.0900 4204  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:35:52.0900 4204  NlaSvc - ok
17:35:52.0900 4204  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:35:52.0915 4204  Npfs - ok
17:35:52.0915 4204  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
17:35:52.0915 4204  nsi - ok
17:35:52.0915 4204  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:35:52.0915 4204  nsiproxy - ok
17:35:52.0946 4204  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:35:52.0946 4204  Ntfs - ok
17:35:52.0946 4204  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
17:35:52.0962 4204  Null - ok
17:35:52.0962 4204  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:35:52.0978 4204  nvraid - ok
17:35:52.0978 4204  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:35:52.0993 4204  nvstor - ok
17:35:52.0993 4204  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:35:53.0009 4204  nv_agp - ok
17:35:53.0009 4204  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:35:53.0024 4204  ohci1394 - ok
17:35:53.0024 4204  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:35:53.0040 4204  ose - ok
17:35:53.0134 4204  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:35:53.0352 4204  osppsvc - ok
17:35:53.0352 4204  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:35:53.0368 4204  p2pimsvc - ok
17:35:53.0368 4204  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:35:53.0368 4204  p2psvc - ok
17:35:53.0383 4204  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:35:53.0383 4204  Parport - ok
17:35:53.0383 4204  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:35:53.0383 4204  partmgr - ok
17:35:53.0399 4204  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:35:53.0399 4204  PcaSvc - ok
17:35:53.0430 4204  PcdrNdisuio - ok
17:35:53.0430 4204  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
17:35:53.0430 4204  pci - ok
17:35:53.0430 4204  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
17:35:53.0477 4204  pciide - ok
17:35:53.0492 4204  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:35:53.0492 4204  pcmcia - ok
17:35:53.0508 4204  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:35:53.0508 4204  pcw - ok
17:35:53.0508 4204  [ 8570C04D9DBFDDD2CCF655DEB4D84715 ] PDFsFilter      C:\Windows\system32\DRIVERS\PDFsFilter.sys
17:35:53.0508 4204  PDFsFilter - ok
17:35:53.0524 4204  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:35:53.0524 4204  PEAUTH - ok
17:35:53.0524 4204  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:35:53.0524 4204  PerfHost - ok
17:35:53.0555 4204  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
17:35:53.0555 4204  pla - ok
17:35:53.0570 4204  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:35:53.0570 4204  PlugPlay - ok
17:35:53.0570 4204  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:35:53.0570 4204  PNRPAutoReg - ok
17:35:53.0586 4204  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:35:53.0586 4204  PNRPsvc - ok
17:35:53.0602 4204  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:35:53.0602 4204  PolicyAgent - ok
17:35:53.0602 4204  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
17:35:53.0602 4204  Power - ok
17:35:53.0617 4204  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:35:53.0617 4204  PptpMiniport - ok
17:35:53.0633 4204  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:35:53.0633 4204  Processor - ok
17:35:53.0633 4204  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:35:53.0648 4204  ProfSvc - ok
17:35:53.0648 4204  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:35:53.0648 4204  ProtectedStorage - ok
17:35:53.0648 4204  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:35:53.0648 4204  Psched - ok
17:35:53.0664 4204  [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
17:35:53.0664 4204  PxHlpa64 - ok
17:35:53.0680 4204  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:35:53.0695 4204  ql2300 - ok
17:35:53.0711 4204  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:35:53.0711 4204  ql40xx - ok
17:35:53.0726 4204  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
17:35:53.0726 4204  QWAVE - ok
17:35:53.0726 4204  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:35:53.0726 4204  QWAVEdrv - ok
17:35:53.0726 4204  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:35:53.0742 4204  RasAcd - ok
17:35:53.0742 4204  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:35:53.0758 4204  RasAgileVpn - ok
17:35:53.0758 4204  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
17:35:53.0758 4204  RasAuto - ok
17:35:53.0758 4204  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:35:53.0773 4204  Rasl2tp - ok
17:35:53.0773 4204  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
17:35:53.0789 4204  RasMan - ok
17:35:53.0789 4204  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:35:53.0789 4204  RasPppoe - ok
17:35:53.0804 4204  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:35:53.0804 4204  RasSstp - ok
17:35:53.0820 4204  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:35:53.0820 4204  rdbss - ok
17:35:53.0836 4204  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:35:53.0836 4204  rdpbus - ok
17:35:53.0836 4204  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:35:53.0836 4204  RDPCDD - ok
17:35:53.0851 4204  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:35:53.0851 4204  RDPENCDD - ok
17:35:53.0851 4204  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:35:53.0851 4204  RDPREFMP - ok
17:35:53.0851 4204  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:35:53.0867 4204  RDPWD - ok
17:35:53.0867 4204  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:35:53.0867 4204  rdyboost - ok
17:35:53.0882 4204  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:35:53.0882 4204  RemoteAccess - ok
17:35:53.0882 4204  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:35:53.0882 4204  RemoteRegistry - ok
17:35:53.0898 4204  [ E20B1907FC72A3664ECE21E3C20FC63D ] rimspci         C:\Windows\system32\DRIVERS\rimspe64.sys
17:35:53.0898 4204  rimspci - ok
17:35:53.0898 4204  [ A6DA2B0C8F5BB3F9F5423CFF8D6A02D9 ] risdpcie        C:\Windows\system32\DRIVERS\risdpe64.sys
17:35:53.0914 4204  risdpcie - ok
17:35:53.0914 4204  [ 6A1CD4674505E6791390A1AB71DA1FBE ] rixdpcie        C:\Windows\system32\DRIVERS\rixdpe64.sys
17:35:53.0914 4204  rixdpcie - ok
17:35:53.0945 4204  [ 05FC44D32A144925EAE45570029FD6E1 ] RoxMediaDB10    c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
17:35:53.0976 4204  RoxMediaDB10 - ok
17:35:53.0976 4204  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:35:53.0976 4204  RpcEptMapper - ok
17:35:53.0976 4204  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:35:53.0976 4204  RpcLocator - ok
17:35:54.0007 4204  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
17:35:54.0007 4204  RpcSs - ok
17:35:54.0007 4204  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:35:54.0007 4204  rspndr - ok
17:35:54.0007 4204  RxFilter - ok
17:35:54.0023 4204  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
17:35:54.0023 4204  SamSs - ok
17:35:54.0023 4204  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:35:54.0038 4204  sbp2port - ok
17:35:54.0038 4204  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:35:54.0038 4204  SCardSvr - ok
17:35:54.0038 4204  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:35:54.0038 4204  scfilter - ok
17:35:54.0054 4204  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
17:35:54.0070 4204  Schedule - ok
17:35:54.0070 4204  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:35:54.0070 4204  SCPolicySvc - ok
17:35:54.0070 4204  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:35:54.0070 4204  SDRSVC - ok
17:35:54.0085 4204  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:35:54.0085 4204  secdrv - ok
17:35:54.0085 4204  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
17:35:54.0085 4204  seclogon - ok
17:35:54.0085 4204  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
17:35:54.0085 4204  SENS - ok
17:35:54.0101 4204  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:35:54.0101 4204  SensrSvc - ok
17:35:54.0101 4204  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:35:54.0101 4204  Serenum - ok
17:35:54.0116 4204  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:35:54.0116 4204  Serial - ok
17:35:54.0116 4204  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:35:54.0132 4204  sermouse - ok
17:35:54.0132 4204  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:35:54.0148 4204  SessionEnv - ok
17:35:54.0148 4204  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:35:54.0148 4204  sffdisk - ok
17:35:54.0148 4204  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:35:54.0163 4204  sffp_mmc - ok
17:35:54.0163 4204  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:35:54.0179 4204  sffp_sd - ok
17:35:54.0179 4204  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:35:54.0179 4204  sfloppy - ok
17:35:54.0194 4204  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:35:54.0194 4204  SharedAccess - ok
17:35:54.0194 4204  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:35:54.0210 4204  ShellHWDetection - ok
17:35:54.0210 4204  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:35:54.0210 4204  SiSRaid2 - ok
17:35:54.0226 4204  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:35:54.0226 4204  SiSRaid4 - ok
17:35:54.0241 4204  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
17:35:54.0538 4204  SkypeUpdate - ok
17:35:54.0538 4204  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:35:54.0553 4204  Smb - ok
17:35:54.0569 4204  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:35:54.0569 4204  SNMPTRAP - ok
17:35:54.0569 4204  [ 9B24DCA429F819DB314F30EE4C6C80FD ] Sound Blaster X-Fi MB Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
17:35:54.0584 4204  Sound Blaster X-Fi MB Licensing Service - ok
17:35:54.0584 4204  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:35:54.0584 4204  spldr - ok
17:35:54.0600 4204  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
17:35:54.0600 4204  Spooler - ok
17:35:54.0631 4204  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
17:35:54.0662 4204  sppsvc - ok
17:35:54.0662 4204  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:35:54.0662 4204  sppuinotify - ok
17:35:54.0678 4204  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:35:54.0678 4204  srv - ok
17:35:54.0694 4204  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:35:54.0694 4204  srv2 - ok
17:35:54.0694 4204  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:35:54.0694 4204  srvnet - ok
17:35:54.0709 4204  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:35:54.0709 4204  SSDPSRV - ok
17:35:54.0709 4204  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:35:54.0709 4204  SstpSvc - ok
17:35:54.0740 4204  [ DA7702025DFD169B909C4DA3126762CC ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
17:35:54.0740 4204  STacSV - ok
17:35:54.0740 4204  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:35:54.0756 4204  stexstor - ok
17:35:54.0756 4204  [ CAF5A9708671B14B9670260735B22C4E ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
17:35:54.0772 4204  STHDA - ok
17:35:54.0772 4204  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
17:35:54.0787 4204  StillCam - ok
17:35:54.0787 4204  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
17:35:54.0803 4204  stisvc - ok
17:35:54.0803 4204  [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr        c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
17:35:54.0818 4204  stllssvr - ok
17:35:54.0818 4204  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:35:54.0818 4204  swenum - ok
17:35:54.0834 4204  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
17:35:54.0834 4204  swprv - ok
17:35:54.0850 4204  [ 868DFB220A18312A12CEF01BA9AC069B ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
17:35:54.0850 4204  SynTP - ok
17:35:54.0881 4204  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
17:35:54.0881 4204  SysMain - ok
17:35:54.0881 4204  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:35:54.0896 4204  TabletInputService - ok
17:35:54.0896 4204  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:35:54.0896 4204  TapiSrv - ok
17:35:54.0896 4204  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
17:35:54.0896 4204  TBS - ok
17:35:54.0928 4204  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:35:54.0928 4204  Tcpip - ok
17:35:54.0959 4204  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:35:54.0959 4204  TCPIP6 - ok
17:35:54.0974 4204  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:35:54.0974 4204  tcpipreg - ok
17:35:54.0974 4204  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:35:54.0990 4204  TDPIPE - ok
17:35:54.0990 4204  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:35:54.0990 4204  TDTCP - ok
17:35:55.0006 4204  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:35:55.0006 4204  tdx - ok
17:35:55.0021 4204  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:35:55.0021 4204  TermDD - ok
17:35:55.0037 4204  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
17:35:55.0037 4204  TermService - ok
17:35:55.0037 4204  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:35:55.0052 4204  Themes - ok
17:35:55.0052 4204  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
17:35:55.0052 4204  THREADORDER - ok
17:35:55.0052 4204  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:35:55.0052 4204  TrkWks - ok
17:35:55.0068 4204  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:35:55.0068 4204  TrustedInstaller - ok
17:35:55.0068 4204  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:35:55.0068 4204  tssecsrv - ok
17:35:55.0068 4204  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:35:55.0084 4204  TsUsbFlt - ok
17:35:55.0084 4204  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:35:55.0084 4204  tunnel - ok
17:35:55.0099 4204  [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
17:35:55.0099 4204  TurboB - ok
17:35:55.0099 4204  [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
17:35:55.0115 4204  TurboBoost - ok
17:35:55.0115 4204  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:35:55.0130 4204  uagp35 - ok
17:35:55.0130 4204  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:35:55.0146 4204  udfs - ok
17:35:55.0146 4204  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:35:55.0146 4204  UI0Detect - ok
17:35:55.0162 4204  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:35:55.0162 4204  uliagpkx - ok
17:35:55.0162 4204  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
17:35:55.0177 4204  umbus - ok
17:35:55.0177 4204  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:35:55.0193 4204  UmPass - ok
17:35:55.0193 4204  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:35:55.0193 4204  upnphost - ok
17:35:55.0208 4204  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
17:35:55.0208 4204  USBAAPL64 - ok
17:35:55.0224 4204  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:35:55.0224 4204  usbccgp - ok
17:35:55.0224 4204  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:35:55.0240 4204  usbcir - ok
17:35:55.0240 4204  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:35:55.0255 4204  usbehci - ok
17:35:55.0255 4204  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:35:55.0271 4204  usbhub - ok
17:35:55.0271 4204  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:35:55.0286 4204  usbohci - ok
17:35:55.0286 4204  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:35:55.0286 4204  usbprint - ok
17:35:55.0302 4204  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:35:55.0302 4204  usbscan - ok
17:35:55.0302 4204  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:35:55.0318 4204  USBSTOR - ok
17:35:55.0318 4204  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:35:55.0333 4204  usbuhci - ok
17:35:55.0333 4204  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
17:35:55.0349 4204  usbvideo - ok
17:35:55.0349 4204  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
17:35:55.0349 4204  UxSms - ok
17:35:55.0349 4204  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
17:35:55.0349 4204  VaultSvc - ok
17:35:55.0349 4204  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:35:55.0349 4204  vdrvroot - ok
17:35:55.0364 4204  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
17:35:55.0364 4204  vds - ok
17:35:55.0380 4204  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:35:55.0380 4204  vga - ok
17:35:55.0380 4204  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:35:55.0396 4204  VgaSave - ok
17:35:55.0396 4204  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:35:55.0411 4204  vhdmp - ok
17:35:55.0411 4204  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:35:55.0427 4204  viaide - ok
17:35:55.0427 4204  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:35:55.0427 4204  volmgr - ok
17:35:55.0427 4204  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:35:55.0427 4204  volmgrx - ok
17:35:55.0442 4204  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:35:55.0442 4204  volsnap - ok
17:35:55.0442 4204  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:35:55.0458 4204  vsmraid - ok
17:35:55.0474 4204  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
17:35:55.0489 4204  VSS - ok
17:35:55.0505 4204  [ 10B2E2FCA707501600D1DEAB1B71F699 ] vToolbarUpdater15.0.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
17:35:55.0520 4204  vToolbarUpdater15.0.0 - ok
17:35:55.0520 4204  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:35:55.0520 4204  vwifibus - ok
17:35:55.0536 4204  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:35:55.0536 4204  vwififlt - ok
17:35:55.0552 4204  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
17:35:55.0552 4204  vwifimp - ok
17:35:55.0552 4204  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
17:35:55.0552 4204  W32Time - ok
17:35:55.0567 4204  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:35:55.0567 4204  WacomPen - ok
17:35:55.0583 4204  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:35:55.0583 4204  WANARP - ok
17:35:55.0583 4204  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:35:55.0583 4204  Wanarpv6 - ok
17:35:55.0598 4204  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
17:35:55.0739 4204  WatAdminSvc - ok
17:35:55.0754 4204  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
17:35:55.0770 4204  wbengine - ok
17:35:55.0770 4204  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:35:55.0786 4204  WbioSrvc - ok
17:35:55.0786 4204  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:35:55.0786 4204  wcncsvc - ok
17:35:55.0801 4204  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:35:55.0801 4204  WcsPlugInService - ok
17:35:55.0801 4204  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:35:55.0801 4204  Wd - ok
17:35:55.0817 4204  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:35:55.0817 4204  Wdf01000 - ok
17:35:55.0832 4204  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:35:55.0832 4204  WdiServiceHost - ok
17:35:55.0832 4204  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:35:55.0832 4204  WdiSystemHost - ok
17:35:55.0832 4204  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
17:35:55.0848 4204  WebClient - ok
17:35:55.0848 4204  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:35:55.0848 4204  Wecsvc - ok
17:35:55.0848 4204  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:35:55.0864 4204  wercplsupport - ok
17:35:55.0864 4204  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:35:55.0864 4204  WerSvc - ok
17:35:55.0864 4204  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:35:55.0879 4204  WfpLwf - ok
17:35:55.0879 4204  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
17:35:55.0895 4204  WimFltr - ok
17:35:55.0895 4204  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:35:55.0895 4204  WIMMount - ok
17:35:55.0910 4204  WinDefend - ok
17:35:55.0910 4204  WinHttpAutoProxySvc - ok
17:35:55.0926 4204  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:35:55.0926 4204  Winmgmt - ok
17:35:55.0942 4204  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
17:35:55.0957 4204  WinRM - ok
17:35:55.0973 4204  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:35:55.0973 4204  WinUsb - ok
17:35:55.0988 4204  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:35:56.0004 4204  Wlansvc - ok
17:35:56.0020 4204  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:35:56.0035 4204  wlidsvc - ok
17:35:56.0035 4204  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:35:56.0035 4204  WmiAcpi - ok
17:35:56.0051 4204  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:35:56.0051 4204  wmiApSrv - ok
17:35:56.0051 4204  WMPNetworkSvc - ok
17:35:56.0051 4204  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:35:56.0051 4204  WPCSvc - ok
17:35:56.0066 4204  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:35:56.0066 4204  WPDBusEnum - ok
17:35:56.0066 4204  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:35:56.0066 4204  ws2ifsl - ok
17:35:56.0066 4204  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
17:35:56.0082 4204  wscsvc - ok
17:35:56.0082 4204  WSearch - ok
17:35:56.0113 4204  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:35:56.0129 4204  wuauserv - ok
17:35:56.0144 4204  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:35:56.0144 4204  WudfPf - ok
17:35:56.0144 4204  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:35:56.0160 4204  WUDFRd - ok
17:35:56.0160 4204  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:35:56.0160 4204  wudfsvc - ok
17:35:56.0176 4204  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:35:56.0176 4204  WwanSvc - ok
17:35:56.0176 4204  ================ Scan global ===============================
17:35:56.0176 4204  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:35:56.0191 4204  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:35:56.0191 4204  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
17:35:56.0191 4204  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:35:56.0207 4204  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:35:56.0207 4204  [Global] - ok
17:35:56.0207 4204  ================ Scan MBR ==================================
17:35:56.0207 4204  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:35:56.0207 4204  Suspicious mbr (Forged): \Device\Harddisk0\DR0
17:35:56.0207 4204  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
17:35:56.0207 4204  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
17:35:56.0254 4204  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:35:56.0254 4204  \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:35:56.0254 4204  ================ Scan VBR ==================================
17:35:56.0254 4204  [ 2AAEEB6BC7CD5BF45AE4E2585F35019F ] \Device\Harddisk0\DR0\Partition1
17:35:56.0254 4204  \Device\Harddisk0\DR0\Partition1 - ok
17:35:56.0254 4204  [ 46E13144C528FA7DE48B9C3B0F9537B8 ] \Device\Harddisk0\DR0\Partition2
17:35:56.0254 4204  \Device\Harddisk0\DR0\Partition2 - ok
17:35:56.0254 4204  ============================================================
17:35:56.0254 4204  Scan finished
17:35:56.0254 4204  ============================================================
17:35:56.0269 3636  Detected object count: 2
17:35:56.0269 3636  Actual detected object count: 2
17:37:15.0512 3636  \Device\Harddisk0\DR0\# - copied to quarantine
17:37:15.0512 3636  \Device\Harddisk0\DR0 - copied to quarantine
17:37:15.0574 3636  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
17:37:15.0574 3636  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
17:37:15.0590 3636  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:37:15.0590 3636  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:37:15.0590 3636  \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
17:37:15.0605 3636  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
17:37:15.0605 3636  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
17:37:15.0605 3636  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:37:15.0605 3636  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:37:15.0605 3636  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
17:37:15.0605 3636  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
17:37:15.0621 3636  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
17:37:15.0621 3636  \Device\Harddisk0\DR0\TDLFS\cmd32.dll - copied to quarantine
17:37:15.0621 3636  \Device\Harddisk0\DR0\TDLFS\ua - copied to quarantine
17:37:15.0621 3636  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
17:37:15.0621 3636  \Device\Harddisk0\DR0 - ok
17:37:15.0637 3636  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
17:37:15.0637 3636  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:37:15.0637 3636  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
17:37:27.0602 5408  Deinitialize success
 



#3 Supergirl73

Supergirl73
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:30 AM

Posted 04 April 2013 - 06:02 PM

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-04-04 18:01:39
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_SSD_PM800_2.5"_128GB rev.VBM25D1Q 119.24GB
Running: GMER.exe; Driver: C:\Users\Tina\AppData\Local\Temp\pxldipow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                       0000000075fe1465 2 bytes [FE, 75]
.text   C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                      0000000075fe14bb 2 bytes [FE, 75]
.text   ...                                                                                                                                                                                                    * 2
.text   C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe[2548] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                                            0000000075fe1465 2 bytes [FE, 75]
.text   C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe[2548] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                                           0000000075fe14bb 2 bytes [FE, 75]
.text   ...                                                                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                        0000000075fe1465 2 bytes [FE, 75]
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                       0000000075fe14bb 2 bytes [FE, 75]
.text   ...                                                                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe[4616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                         0000000075fe1465 2 bytes [FE, 75]
.text   C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe[4616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                        0000000075fe14bb 2 bytes [FE, 75]
.text   ...                                                                                                                                                                                                    * 2
.text   C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                   0000000075fe1465 2 bytes [FE, 75]
.text   C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                  0000000075fe14bb 2 bytes [FE, 75]
.text   ...                                                                                                                                                                                                    * 2
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                  0000000075fe1465 2 bytes [FE, 75]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe[1896] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                 0000000075fe14bb 2 bytes [FE, 75]
.text   ...                                                                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[484] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                                                 00000000765a2da4 5 bytes JMP 000000016ccd9ebc
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[484] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW                                                                                      00000000765bcbf3 5 bytes JMP 000000016ce28f36
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[484] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                              00000000765bcfca 5 bytes JMP 000000016cc31893
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[484] C:\Windows\syswow64\USER32.dll!DialogBoxParamA                                                                                              00000000765dcb0c 5 bytes JMP 000000016ce28ed1
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[484] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA                                                                                      00000000765dce64 5 bytes JMP 000000016ce28f9b
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[484] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA                                                                                          00000000765efbd1 5 bytes JMP 000000016ce28e58
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[484] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW                                                                                          00000000765efc9d 5 bytes JMP 000000016ce28ddf
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[484] C:\Windows\syswow64\USER32.dll!MessageBoxExA                                                                                                00000000765efcd6 5 bytes JMP 000000016ce28d7b
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[484] C:\Windows\syswow64\USER32.dll!MessageBoxExW                                                                                                00000000765efcfa 5 bytes JMP 000000016ce28d17
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[484] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect                                                                             0000000076e193ec 5 bytes JMP 000000016ce29150
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                     0000000075fe1465 2 bytes [FE, 75]
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                    0000000075fe14bb 2 bytes [FE, 75]
.text   ...                                                                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[484] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW   000000007154388e 5 bytes JMP 000000016ce29000
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[484] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet    00000000715e7922 5 bytes JMP 000000016ce290a8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[484] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW                                                                                              0000000076002694 5 bytes JMP 000000016ce29348
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                                                                                         00000000777325fd 6 bytes JMP 000000016ccf8054
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                                                                                         0000000077742a63 6 bytes JMP 000000016cc9980d
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\kernel32.dll!CreateThread                                                                                              0000000076c534b5 5 bytes JMP 000000016cc975e3
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                             0000000076598a29 5 bytes JMP 000000016cd003df
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                                             000000007659d22e 5 bytes JMP 000000016cca3643
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                                                 00000000765a291f 5 bytes JMP 000000016cc7ddb3
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                                                00000000765a2da4 5 bytes JMP 000000016ccd9ebc
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\USER32.dll!CallNextHookEx                                                                                              00000000765a6285 5 bytes JMP 000000016ccf7ff1
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                           00000000765a7603 5 bytes JMP 000000016ccd25b4
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA                                                                                  00000000765ab029 5 bytes JMP 000000016ce292d8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW                                                                                  00000000765ac63e 5 bytes JMP 000000016ce29310
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\USER32.dll!IsDialogMessage                                                                                             00000000765b50ed 5 bytes JMP 000000016ce299d2
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\USER32.dll!CreateDialogParamA                                                                                          00000000765b5246 5 bytes JMP 000000016ce29268
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\USER32.dll!EndDialog                                                                                                   00000000765bb99c 5 bytes JMP 000000016ce29ca6
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\USER32.dll!IsDialogMessageW                                                                                            00000000765bc701 5 bytes JMP 000000016ce299fa
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW                                                                                     00000000765bcbf3 5 bytes JMP 000000016ce28f36
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                             00000000765bcfca 5 bytes JMP 000000016cc31893
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                                            00000000765beb96 5 bytes JMP 000000016cc7dedd
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                                         00000000765bf52b 5 bytes JMP 000000016cd1ed14
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\USER32.dll!SendInput                                                                                                   00000000765bff4a 5 bytes JMP 000000016ce2a269
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\USER32.dll!CreateDialogParamW                                                                                          00000000765c10dc 5 bytes JMP 000000016ce292a0
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\USER32.dll!SetKeyboardState                                                                                            00000000765c14b2 5 bytes JMP 000000016ce2a2c1
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\USER32.dll!SetCursorPos                                                                                                00000000765d9cfd 5 bytes JMP 000000016ce2a342
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\USER32.dll!DialogBoxParamA                                                                                             00000000765dcb0c 5 bytes JMP 000000016ce28ed1
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA                                                                                     00000000765dce64 5 bytes JMP 000000016ce28f9b
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA                                                                                         00000000765efbd1 5 bytes JMP 000000016ce28e58
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW                                                                                         00000000765efc9d 5 bytes JMP 000000016ce28ddf
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\USER32.dll!MessageBoxExA                                                                                               00000000765efcd6 5 bytes JMP 000000016ce28d7b
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\USER32.dll!MessageBoxExW                                                                                               00000000765efcfa 5 bytes JMP 000000016ce28d17
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\USER32.dll!keybd_event                                                                                                 00000000765f02bf 5 bytes JMP 000000016ce2a226
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\ole32.dll!OleLoadFromStream                                                                                            00000000766d6143 5 bytes JMP 000000016ce29704
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString                                                                                             0000000076db3e59 5 bytes JMP 000000016ce297fc
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\OLEAUT32.dll!VariantClear                                                                                              0000000076db3eae 5 bytes JMP 000000016ce2987a
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen                                                                                     0000000076db4731 5 bytes JMP 000000016ce2976e
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType                                                                                         0000000076db5dee 5 bytes JMP 000000016ce2981a
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect                                                                            0000000076e193ec 5 bytes JMP 000000016ce29150
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                    0000000075fe1465 2 bytes [FE, 75]
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                   0000000075fe14bb 2 bytes [FE, 75]
.text   ...                                                                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW  000000007154388e 5 bytes JMP 000000016ce29000
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet   00000000715e7922 5 bytes JMP 000000016ce290a8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\comdlg32.dll!PrintDlgW                                                                                                 0000000075ff33a3 5 bytes JMP 000000016ce293ec
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW                                                                                             0000000076002694 5 bytes JMP 000000016ce29348
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5732] C:\Windows\syswow64\comdlg32.dll!PrintDlgA                                                                                                 000000007600e8ff 5 bytes JMP 000000016ce294b8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                                                                                         00000000777325fd 6 bytes JMP 000000016ccf8054
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                                                                                         0000000077742a63 6 bytes JMP 000000016cc9980d
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\kernel32.dll!CreateThread                                                                                              0000000076c534b5 5 bytes JMP 000000016cc975e3
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                             0000000076598a29 5 bytes JMP 000000016cd003df
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\USER32.dll!CreateWindowExA                                                                                             000000007659d22e 5 bytes JMP 000000016cca3643
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                                                 00000000765a291f 5 bytes JMP 000000016cc7ddb3
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                                                00000000765a2da4 5 bytes JMP 000000016ccd9ebc
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\USER32.dll!CallNextHookEx                                                                                              00000000765a6285 5 bytes JMP 000000016ccf7ff1
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                           00000000765a7603 5 bytes JMP 000000016ccd25b4
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA                                                                                  00000000765ab029 5 bytes JMP 000000016ce292d8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW                                                                                  00000000765ac63e 5 bytes JMP 000000016ce29310
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\USER32.dll!IsDialogMessage                                                                                             00000000765b50ed 5 bytes JMP 000000016ce299d2
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\USER32.dll!CreateDialogParamA                                                                                          00000000765b5246 5 bytes JMP 000000016ce29268
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\USER32.dll!EndDialog                                                                                                   00000000765bb99c 5 bytes JMP 000000016ce29ca6
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\USER32.dll!IsDialogMessageW                                                                                            00000000765bc701 5 bytes JMP 000000016ce299fa
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW                                                                                     00000000765bcbf3 5 bytes JMP 000000016ce28f36
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                             00000000765bcfca 5 bytes JMP 000000016cc31893
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                                            00000000765beb96 5 bytes JMP 000000016cc7dedd
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                                         00000000765bf52b 5 bytes JMP 000000016cd1ed14
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\USER32.dll!SendInput                                                                                                   00000000765bff4a 5 bytes JMP 000000016ce2a269
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\USER32.dll!CreateDialogParamW                                                                                          00000000765c10dc 5 bytes JMP 000000016ce292a0
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\USER32.dll!SetKeyboardState                                                                                            00000000765c14b2 5 bytes JMP 000000016ce2a2c1
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\USER32.dll!SetCursorPos                                                                                                00000000765d9cfd 5 bytes JMP 000000016ce2a342
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\USER32.dll!DialogBoxParamA                                                                                             00000000765dcb0c 5 bytes JMP 000000016ce28ed1
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA                                                                                     00000000765dce64 5 bytes JMP 000000016ce28f9b
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA                                                                                         00000000765efbd1 5 bytes JMP 000000016ce28e58
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW                                                                                         00000000765efc9d 5 bytes JMP 000000016ce28ddf
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\USER32.dll!MessageBoxExA                                                                                               00000000765efcd6 5 bytes JMP 000000016ce28d7b
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\USER32.dll!MessageBoxExW                                                                                               00000000765efcfa 5 bytes JMP 000000016ce28d17
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\USER32.dll!keybd_event                                                                                                 00000000765f02bf 5 bytes JMP 000000016ce2a226
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\ole32.dll!OleLoadFromStream                                                                                            00000000766d6143 5 bytes JMP 000000016ce29704
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString                                                                                             0000000076db3e59 5 bytes JMP 000000016ce297fc
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\OLEAUT32.dll!VariantClear                                                                                              0000000076db3eae 5 bytes JMP 000000016ce2987a
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen                                                                                     0000000076db4731 5 bytes JMP 000000016ce2976e
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType                                                                                         0000000076db5dee 5 bytes JMP 000000016ce2981a
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect                                                                            0000000076e193ec 5 bytes JMP 000000016ce29150
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                    0000000075fe1465 2 bytes [FE, 75]
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                   0000000075fe14bb 2 bytes [FE, 75]
.text   ...                                                                                                                                                                                                    * 2
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW  000000007154388e 5 bytes JMP 000000016ce29000
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet   00000000715e7922 5 bytes JMP 000000016ce290a8
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\comdlg32.dll!PrintDlgW                                                                                                 0000000075ff33a3 5 bytes JMP 000000016ce293ec
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW                                                                                             0000000076002694 5 bytes JMP 000000016ce29348
.text   C:\Program Files (x86)\Internet Explorer\iexplore.exe[5908] C:\Windows\syswow64\comdlg32.dll!PrintDlgA                                                                                                 000000007600e8ff 5 bytes JMP 000000016ce294b8

---- Devices - GMER 2.1 ----

Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                                                                                                            fffffa8004fae5e8

---- Trace I/O - GMER 2.1 ----

Trace   ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8008bf2050]<< 69819097.sys >>UNKNOWN [0xfffffa8004fae5e8]<<                                                                                      fffffa8004fae5e8
Trace   1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bc5790]                                                                                                                                        fffffa8004bc5790
Trace   3 CLASSPNP.SYS[fffff8800193f43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004972060]                                                                                              fffffa8004972060
Trace   \Driver\atapi[0xfffffa8004f9fe70] -> IRP_MJ_CREATE -> 0xfffffa8004fae5e8                                                                                                                               fffffa8004fae5e8

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute                                                                                                                                      ???k??????????????N??????U?????DDM??????????????????????? ???????j?????k?????k????????????J????????S?????i?k?k?k?k?k????? ??? ???????k???????????|??????????N????????????????????????????????d????????????????????"??t??????p?????????????N??????d?????????????????????k?&???????k??????s????????k???????????????????i??????bu??LegacyDriver????@netrasa.inf,%msft%;Microsoft???t???? ???????j?????k?????k????????????K??????????Y???????????,???????.??? ???????k??????????????????????^???????????????)???? D??????????????????????k?????????????k?&????????????X??????4???4??{00000000-0000-0000-0000-000000000000}?pi.??????????? V??m???????????????????????????|???????????????????????????????l?l????FTDIBUS????????????????????s???????????????????s?4???????????????????d???????????y?~????? ???????j?????k?????k????????????L????????S??????N??????4??????????? ???????k??????????????????????N????????????????f???e??s0???o?y?e????N???????????D?????USBAAPL64?????<??u???6??????? ???????????|?????????k?&??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?
Reg     HKLM\SYSTEM\CurrentControlSet\services\65869872@Type                                                                                                                                                   2
Reg     HKLM\SYSTEM\CurrentControlSet\services\65869872@ErrorControl                                                                                                                                           1
Reg     HKLM\SYSTEM\CurrentControlSet\services\65869872@Start                                                                                                                                                  0
Reg     HKLM\SYSTEM\CurrentControlSet\services\65869872@ImagePath                                                                                                                                              system32\drivers\93382249.sys
Reg     HKLM\SYSTEM\CurrentControlSet\services\65869872@Group                                                                                                                                                  System Reserved
Reg     HKLM\SYSTEM\CurrentControlSet\services\65869872                                                                                                                                                       
Reg     HKLM\SYSTEM\CurrentControlSet\services\PDFsFilter\Parameters\{8acacbd1-b386-11df-8325-806e6f6e6963}@NumCreateFileExtentsSaved                                                                          2249
Reg     HKLM\SYSTEM\CurrentControlSet\services\PDFsFilter\Parameters\{8acacbd1-b386-11df-8325-806e6f6e6963}@NumExtendFileExtentsSaved                                                                          433396
Reg     HKLM\SYSTEM\ControlSet002\Control\Session Manager@BootExecute                                                                                                                                          ???\?????????????????????????????????????????????????????????s????.???????????????s???????L??\????????????y?????????0???????????????AVG??????????.?????????????????????????????e??????X??f???e???2????X?????????????bowser???????????'??????????????????? ??????????????????? 6??_???-??????????????|???Microsoft???????????????????????3?????????y?????????????????????????????????????????????? ??????????????????HIDClass?????????????????????????????????????????????\??????? ???????????????????????????`???`???`??Service??????????`????????????y?????????????HIDClass?M??????????HIDClass?????????`??HIDClass?????f?fos??t???? ???????_???????????\?5???????????? ????????????f?f????13584????????????????????????5??????s???????????? ??????????????DXGKrnl????????????????????????????????????????????????????????????????d??????X??e???????7??? ???????-???????????????f?????????????????????????????????\???\???\????????? ???????\?????\?????\????H?????R???$?????????????????????????R??\??????????????@%SystemRoot%\system32\wlansvc.dll,-4097???

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                                                                                  sector 0: rootkit-like behavior

---- EOF - GMER 2.1 ----


 



#4 Supergirl73

Supergirl73
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:30 AM

Posted 04 April 2013 - 06:23 PM

# AdwCleaner v2.200 - Logfile created 04/04/2013 at 18:14:15
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Tina - TINA-PC
# Boot Mode : Normal
# Running from : C:\Users\Tina\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\Tina\AppData\Local\APN
Folder Deleted : C:\Users\Tina\AppData\Local\Temp\AskSearch

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.43

File : C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.36] : icon_url = "hxxp://www.ask.com/favicon.ico",
Deleted [l.39] : keyword = "ask.com",
Deleted [l.43] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=X-SD&o=13959&locale=en_US[...]
Deleted [l.44] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]

*************************

AdwCleaner[S1].txt - [5183 octets] - [04/04/2013 18:14:15]

########## EOF - C:\AdwCleaner[S1].txt - [5243 octets] ##########

 

 

***These are all of the steps I completed last night removing the same problem from my mother's laptop.  To me, looks to be okay - please let me know if there are any additional steps I need to take.  Thanks again to you guys for all of your help!  Truly appreciated!  :clapping: 



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:30 AM

Posted 05 April 2013 - 08:51 PM

Hello again,,i would like to see these also.
 
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

 

 

  • Please download aswMBR ( 4.5MB ) to your desktop.
    • Double click the aswMBR.exe icon, and click Run.
    • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
    • Click the Scan button to start the scan.
    • On completion of the scan, click the  save log button, save it to your desktop, then copy and paste it in your next reply.

 

 

Please download Rkill by Grinler and save it to your desktop.

Link 1
Link 2

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.

Do not reboot the computer, you will need to run the application again.

 

 


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Supergirl73

Supergirl73
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:30 AM

Posted 06 April 2013 - 08:17 PM

MiniToolBox by Farbar  Version:05-03-2013
Ran by Tina (administrator) on 06-04-2013 at 20:15:53
Running from "C:\Users\Tina\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Intel® WiFi Link 5300 AGN = Wireless Network Connection (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
add address name="Local Area Connection" address=192.168.137.1 mask=255.255.255.0


popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Tina-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : new.rr.com

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 00-21-6A-C6-6D-D3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : F0-4D-A2-49-C3-4A
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : new.rr.com
   Description . . . . . . . . . . . : Intel® WiFi Link 5300 AGN
   Physical Address. . . . . . . . . : 00-21-6A-C6-6D-D2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8c69:5daa:6108:35cf%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, April 06, 2013 8:05:23 PM
   Lease Expires . . . . . . . . . . : Sunday, April 07, 2013 8:05:25 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 184557930
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-0C-3C-E4-F0-4D-A2-49-C3-4A
   DNS Servers . . . . . . . . . . . : 209.18.47.61
                                       209.18.47.62
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.new.rr.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : new.rr.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C0967448-E60A-488E-A5E7-E779F739D5D7}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:38fc:3d70:94f5:9084(Preferred)
   Link-local IPv6 Address . . . . . : fe80::38fc:3d70:94f5:9084%16(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    google.com
Addresses:  2607:f8b0:4009:803::1004
   74.125.225.35
   74.125.225.36
   74.125.225.37
   74.125.225.38
   74.125.225.39
   74.125.225.40
   74.125.225.41
   74.125.225.46
   74.125.225.32
   74.125.225.33
   74.125.225.34


Pinging google.com [74.125.225.68] with 32 bytes of data:
Reply from 74.125.225.68: bytes=32 time=43ms TTL=53
Reply from 74.125.225.68: bytes=32 time=32ms TTL=53

Ping statistics for 74.125.225.68:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 32ms, Maximum = 43ms, Average = 37ms
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    yahoo.com
Addresses:  98.138.253.109
   98.139.183.24
   206.190.36.45


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=306ms TTL=48
Reply from 98.139.183.24: bytes=32 time=458ms TTL=48

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 306ms, Maximum = 458ms, Average = 382ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=20ms TTL=64
Reply from 127.0.0.1: bytes=32 time=6ms TTL=64

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 6ms, Maximum = 20ms, Average = 13ms
===========================================================================
Interface List
 14...00 21 6a c6 6d d3 ......Microsoft Virtual WiFi Miniport Adapter
 11...f0 4d a2 49 c3 4a ......Broadcom NetLink ™ Gigabit Ethernet
 10...00 21 6a c6 6d d2 ......Intel® WiFi Link 5300 AGN
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 30...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.101     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.101    281
    192.168.1.101  255.255.255.255         On-link     192.168.1.101    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.101    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.101    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.101    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 16     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 16     58 2001::/32                On-link
 16    306 2001:0:4137:9e76:38fc:3d70:94f5:9084/128
                                    On-link
 10    281 fe80::/64                On-link
 16    306 fe80::/64                On-link
 16    306 fe80::38fc:3d70:94f5:9084/128
                                    On-link
 10    281 fe80::8c69:5daa:6108:35cf/128
                                    On-link
  1    306 ff00::/8                 On-link
 16    306 ff00::/8                 On-link
 10    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/06/2013 08:09:41 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/06/2013 08:09:41 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/06/2013 03:52:28 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/06/2013 03:52:28 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/05/2013 10:24:50 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/05/2013 10:24:50 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/05/2013 08:23:13 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16470 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 34d0

Start Time: 01ce325799cdef40

Termination Time: 28

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (04/05/2013 06:13:29 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/05/2013 06:13:29 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/04/2013 11:59:31 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.


System errors:
=============
Error: (04/06/2013 08:05:22 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ASPI32
RxFilter

Error: (04/06/2013 08:05:19 PM) (Source: Service Control Manager) (User: )
Description: The Dock Login Service service failed to start due to the following error:
%%2

Error: (04/06/2013 08:04:58 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/06/2013 04:18:14 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (04/06/2013 03:48:11 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ASPI32
RxFilter

Error: (04/06/2013 03:48:09 PM) (Source: Service Control Manager) (User: )
Description: The Dock Login Service service failed to start due to the following error:
%%2

Error: (04/06/2013 03:47:47 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/05/2013 11:42:00 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (04/05/2013 10:20:40 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ASPI32
RxFilter

Error: (04/05/2013 10:20:36 PM) (Source: Service Control Manager) (User: )
Description: The Dock Login Service service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (04/06/2013 08:09:41 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (04/06/2013 08:09:41 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000880200004500000009030000

Error: (04/06/2013 03:52:28 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (04/06/2013 03:52:28 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000880200004500000009030000

Error: (04/05/2013 10:24:50 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (04/05/2013 10:24:50 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000880200004500000009030000

Error: (04/05/2013 08:23:13 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.1647034d001ce325799cdef4028C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (04/05/2013 06:13:29 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (04/05/2013 06:13:29 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000880200004500000009030000

Error: (04/04/2013 11:59:31 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000


=========================== Installed Programs ============================

ABBYY FineReader 6.0 Sprint (Version: 6.00.2146.41621)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
Advanced Audio FX Engine (Version: 1.12.05)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Panorama Maker 4
ATI Catalyst Control Center (Version: 2.010.0122.0857)
AVG 2013 (Version: 13.0.3162)
AVG 2013 (Version: 13.0.3272)
AVG 2013 (Version: 2013.0.3272)
bodybugg Software (Version: 9.0.1.847)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Full Existing (Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Full New (Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Light (Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Previews Common (Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0122.858.16002)
Catalyst Control Center InstallProxy (Version: 2010.0122.858.16002)
Catalyst Control Center Localization All (Version: 2010.0122.858.16002)
CCC Help Chinese Standard (Version: 2010.0122.0857.16002)
CCC Help Chinese Traditional (Version: 2010.0122.0857.16002)
CCC Help Danish (Version: 2010.0122.0857.16002)
CCC Help Dutch (Version: 2010.0122.0857.16002)
CCC Help English (Version: 2010.0122.0857.16002)
CCC Help Finnish (Version: 2010.0122.0857.16002)
CCC Help French (Version: 2010.0122.0857.16002)
CCC Help German (Version: 2010.0122.0857.16002)
CCC Help Italian (Version: 2010.0122.0857.16002)
CCC Help Japanese (Version: 2010.0122.0857.16002)
CCC Help Korean (Version: 2010.0122.0857.16002)
CCC Help Norwegian (Version: 2010.0122.0857.16002)
CCC Help Portuguese (Version: 2010.0122.0857.16002)
CCC Help Russian (Version: 2010.0122.0857.16002)
CCC Help Spanish (Version: 2010.0122.0857.16002)
CCC Help Swedish (Version: 2010.0122.0857.16002)
ccc-core-static (Version: 2010.0122.858.16002)
ccc-utility64 (Version: 2010.0122.858.16002)
Consumer In-Home Service Agreement (Version: 2.0.0)
CyberLink PowerDVD 9.5 (Version: 9.5.0.2829)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Dock (Version: 2.0)
Dell Driver Download Manager (Version: 2.1.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Touchpad (Version: 15.0.18.0)
Dell Webcam Central (Version: 1.40.05)
DirectXInstallService (Version: 9.0.2)
EMC 10 Content (Version: 1.0.035)
EMCGadgets64 (Version: 1.0.302)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
FastAccess (Version: 2.4.95.1)
File Uploader (Version: 1.1.1)
Google Chrome (Version: 26.0.1410.43)
GoToAssist 8.0.0.514
HP FWUpdateEDO2 (Version: 1.2.0.0)
HP Officejet Pro 8600 Basic Device Software (Version: 25.0.619.0)
HP Officejet Pro 8600 Help (Version: 140.0.2.2)
HP Officejet Pro 8600 Product Improvement Study (Version: 25.0.619.0)
HP Update (Version: 5.005.000.002)
HPDiagnosticAlert (Version: 1.00.0000)
I.R.I.S. OCR (Version: 12.3.4.0)
iCloud (Version: 2.1.1.3)
Intel® Turbo Boost Technology Monitor (Version: 1.0.186.6)
iolo technologies' System Mechanic (Version: 11.7.0)
iTunes (Version: 11.0.2.26)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 15.4.3502.0922)
Live! Cam Avatar Creator (Version: 4.6.3009.1)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.58299)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MobileMe Control Panel (Version: 3.1.8.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nikon Message Center (Version: 0.92.000)
Nikon Transfer (Version: 1.3.0)
Quickset64 (Version: 9.6.21)
QuickTime (Version: 7.73.80.64)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.0)
Roxio Central Audio (Version: 3.8.0)
Roxio Central Copy (Version: 3.8.0)
Roxio Central Core (Version: 3.8.0)
Roxio Central Data (Version: 3.8.0)
Roxio Central Tools (Version: 3.8.0)
Roxio Easy CD and DVD Burning (Version: 10.3)
Roxio Easy CD and DVD Burning (Version: 10.3.106)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio File Backup (Version: 1.3.0)
Roxio Update Manager (Version: 6.0.0)
Shared C Run-time for x64 (Version: 10.0.0)
Skins (Version: 2010.0122.858.16002)
Skype Toolbars (Version: 1.0.4051)
Skype™ 5.10 (Version: 5.10.116)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Sound Blaster X-Fi MB (Version: 1.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VD64Inst (Version: 1.00.0000)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
WebEx
WildTangent Games (Version: 1.0.0.71)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

========================= Memory info: ===================================

Percentage of memory in use: 40%
Total physical RAM: 4084.5 MB
Available physical RAM: 2422.22 MB
Total Pagefile: 8167.19 MB
Available Pagefile: 6243.65 MB
Total Virtual: 4095.88 MB
Available Virtual: 3958.28 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:101.63 GB) (Free:47.95 GB) NTFS

========================= Users: ========================================

User accounts for \\TINA-PC

Administrator            ajhnlxhx                 Guest                   
Tina                    


**** End of log ****



#7 Supergirl73

Supergirl73
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:30 AM

Posted 06 April 2013 - 08:26 PM

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-04-06 20:19:43
-----------------------------
20:19:43.538    OS Version: Windows x64 6.1.7601 Service Pack 1
20:19:43.538    Number of processors: 8 586 0x1E05
20:19:43.538    ComputerName: TINA-PC  UserName: Tina
20:19:44.022    Initialize success
20:22:47.286    AVAST engine defs: 13040601
20:22:52.403    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:22:52.403    Disk 0 Vendor: SAMSUNG_SSD_PM800_2.5"_128GB VBM25D1Q Size: 122104MB BusType: 11
20:22:52.434    Disk 0 MBR read successfully
20:22:52.434    Disk 0 MBR scan
20:22:52.449    Disk 0 Windows VISTA default MBR code
20:22:52.449    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
20:22:52.465    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        18000 MB offset 80325
20:22:52.481    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       104064 MB offset 36944325
20:22:52.496    Disk 0 scanning C:\Windows\system32\drivers
20:22:56.334    Service scanning
20:23:06.489    Modules scanning
20:23:06.505    Disk 0 trace - called modules:
20:23:06.521    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:23:06.536    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bdc790]
20:23:06.536    3 CLASSPNP.SYS[fffff8800198343f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80049a2060]
20:23:06.895    AVAST engine scan C:\Windows
20:23:08.127    AVAST engine scan C:\Windows\system32
20:25:37.279    AVAST engine scan C:\Windows\system32\drivers
20:25:42.240    AVAST engine scan C:\Users\Tina
20:26:15.250    Disk 0 MBR has been saved successfully to "C:\Users\Tina\Desktop\MBR.dat"
20:26:15.265    The log file has been saved successfully to "C:\Users\Tina\Desktop\aswMBR.txt"


 



#8 Supergirl73

Supergirl73
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:30 AM

Posted 06 April 2013 - 08:31 PM

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/06/2013 08:28:07 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\Tina\Desktop\rkill\rkill-04-06-2013-08-28-09.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 04/06/2013 08:28:13 PM
Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:30 AM

Posted 06 April 2013 - 09:11 PM

Does MBAm still find a svchost item?

 

 

You need to remove this and update JAVA

Java™ 7 Update 5 (Version: 7.0.50)

http://java.com/en/download/index.jsp

 

If you do not use this ,GoToAssist,  then remove it.

 

As you had a svchost infection we should run ESET here also.

 

Now I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Supergirl73

Supergirl73
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:30 AM

Posted 06 April 2013 - 11:30 PM

Malware Bytes did not find anything, so in the clear there. 

 

Removed GoToAssist. 
 

Removed Old Java....DL updated. 

 

ESET found the following:

C:\TDSSKiller_Quarantine\04.04.2013_17.35.32\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.04.2013_17.35.32\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.04.2013_17.35.32\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.04.2013_17.35.32\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.04.2013_17.35.32\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.04.2013_17.35.32\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Default\aadcdhdjgggbdhggdfdfdadadedcdadi\background.js Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting - quarantined
C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Default\aadcdhdjgggbdhggdfdfdadadedcdadi\ContentScript.js Win32/Boaxxe.U trojan cleaned by deleting - quarantined
C:\Users\Tina\Documents\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
 



#11 Supergirl73

Supergirl73
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:30 AM

Posted 06 April 2013 - 11:40 PM

Malware Bytes did not find anything, so in the clear there.

 

Removed GoToAssist.

Removed Old Java....DL updated.

 

ESET found the following:

C:\TDSSKiller_Quarantine\04.04.2013_17.35.32\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.04.2013_17.35.32\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.04.2013_17.35.32\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.04.2013_17.35.32\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.04.2013_17.35.32\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.04.2013_17.35.32\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Default\aadcdhdjgggbdhggdfdfdadadedcdadi\background.js Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting - quarantined
C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Default\aadcdhdjgggbdhggdfdfdadadedcdadi\ContentScript.js Win32/Boaxxe.U trojan cleaned by deleting - quarantined
C:\Users\Tina\Documents\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:30 AM

Posted 07 April 2013 - 11:47 AM

Hi, this looks good now. You need to change any passwords like for your Email and any banking/financials.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users