Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have a virus that won't seem to go away


  • This topic is locked This topic is locked
9 replies to this topic

#1 SomeguyCB

SomeguyCB

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 10 May 2013 - 02:22 AM

I seem to have gotten some kind of virus on my laptop. Every time I start up the following files appear and get automatically quarantined by Webroot. I'm using Windows 7 Home Premium Service Pack 1.

 

pthreadgc2[1].dll

svchost[1].exe

libusb-1.0[1].dll

zlib1[1].dll

libidn-11[1].dll

libcurl-4[1].dll

ssleay32[1].dll

 

I ran Rkill and got the following results.

 

 

 

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 05/10/2013 03:20:03 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
  * HKCU\SOFTWARE\Classes\.exe has been deleted!
  * HKCU\SOFTWARE\Classes\exefile has been deleted!
 
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 05/10/2013 03:20:24 AM
Execution time: 0 hours(s), 0 minute(s), and 21 seconds(s)
 

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:33 PM

Posted 10 May 2013 - 10:38 AM

Hello, lets see what these say.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

>>>>>

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
>>>>

ADW Cleaner

Please download AdwCleaner by Xplode onto your desktop.
•Close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with Ok.
•You will be prompted to restart your computer. A text file will open after the restart.
•Please post the contents of that logfile with your next reply.
•You can find the logfile at C:\AdwCleaner[S1].txt as well.


>>>>

Now I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 SomeguyCB

SomeguyCB
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 11 May 2013 - 05:12 AM

MiniToolBox log

 

 

MiniToolBox by Farbar  Version:21-04-2013
Ran by Owner (administrator) on 10-05-2013 at 18:45:27
Running from "C:\Users\Owner\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
#       ::1             localhost
 
========================= IP Configuration: ================================
 
Intel® Centrino® Advanced-N 6230 = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.1.5 metric=1 publish=Yes
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Owner-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : E8-03-9A-B0-75-BD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : 88-53-2E-89-BB-70
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 88-53-2E-89-BB-70
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6230
   Physical Address. . . . . . . . . : 88-53-2E-89-BB-6F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::ac76:201d:694a:45ef%13(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.12(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, May 10, 2013 6:32:26 PM
   Lease Expires . . . . . . . . . . : Saturday, May 11, 2013 6:32:29 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 294146862
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-DB-58-8B-88-53-2E-89-BB-6F
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 88-53-2E-89-BB-73
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{9826AEF0-9470-4CED-ADE4-F3AD3E6C0F69}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 13:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:1c66:3328:3f57:fef3(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::1c66:3328:3f57:fef3%16(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:4006:802::1008
 173.194.43.3
 173.194.43.2
 173.194.43.1
 173.194.43.5
 173.194.43.9
 173.194.43.6
 173.194.43.0
 173.194.43.4
 173.194.43.8
 173.194.43.7
 173.194.43.14
 
 
Pinging google.com [173.194.43.2] with 32 bytes of data:
Reply from 173.194.43.2: bytes=32 time=12ms TTL=55
Reply from 173.194.43.2: bytes=32 time=11ms TTL=55
 
Ping statistics for 173.194.43.2:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 11ms, Maximum = 12ms, Average = 11ms
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=158ms TTL=50
Reply from 98.138.253.109: bytes=32 time=459ms TTL=49
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 158ms, Maximum = 459ms, Average = 308ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 17...e8 03 9a b0 75 bd ......Realtek PCIe GBE Family Controller
 15...88 53 2e 89 bb 70 ......Microsoft Virtual WiFi Miniport Adapter #2
 14...88 53 2e 89 bb 70 ......Microsoft Virtual WiFi Miniport Adapter
 13...88 53 2e 89 bb 6f ......Intel® Centrino® Advanced-N 6230
 11...88 53 2e 89 bb 73 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.12     30
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0      192.168.1.5     192.168.1.12     31
      192.168.1.0    255.255.255.0         On-link      192.168.1.12    286
     192.168.1.12  255.255.255.255         On-link      192.168.1.12    286
    192.168.1.255  255.255.255.255         On-link      192.168.1.12    286
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.12    286
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.12    286
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
      169.254.0.0      255.255.0.0      192.168.1.5       1
===========================================================================
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 16     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 16     58 2001::/32                On-link
 16    306 2001:0:9d38:953c:1c66:3328:3f57:fef3/128
                                    On-link
 13    286 fe80::/64                On-link
 16    306 fe80::/64                On-link
 16    306 fe80::1c66:3328:3f57:fef3/128
                                    On-link
 13    286 fe80::ac76:201d:694a:45ef/128
                                    On-link
  1    306 ff00::/8                 On-link
 16    306 ff00::/8                 On-link
 13    286 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/10/2013 06:32:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/10/2013 02:20:56 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108
 
Error: (05/10/2013 01:54:11 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (05/10/2013 00:12:48 AM) (Source: Application Error) (User: )
Description: Faulting application name: SuperMeatBoy.exe, version: 0.0.0.0, time stamp: 0x4ee3490b
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x00038dc9
Faulting process id: 0x13e4
Faulting application start time: 0xSuperMeatBoy.exe0
Faulting application path: SuperMeatBoy.exe1
Faulting module path: SuperMeatBoy.exe2
Report Id: SuperMeatBoy.exe3
 
Error: (05/09/2013 11:44:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/09/2013 07:06:17 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (05/09/2013 06:02:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/08/2013 06:56:10 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (05/08/2013 06:34:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: Pen_Tablet.exe, version: 5.2.5.5, time stamp: 0x4e694ecd
Faulting module name: MSVCR100.dll, version: 10.0.30319.1, time stamp: 0x4ba220dc
Exception code: 0x40000015
Fault offset: 0x00000000000760d9
Faulting process id: 0x81c
Faulting application start time: 0xPen_Tablet.exe0
Faulting application path: Pen_Tablet.exe1
Faulting module path: Pen_Tablet.exe2
Report Id: Pen_Tablet.exe3
 
Error: (05/08/2013 06:33:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (05/10/2013 06:33:39 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (05/10/2013 06:32:24 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SASDIFSV
SASKUTIL
 
Error: (05/09/2013 11:43:08 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (05/09/2013 11:41:54 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SASDIFSV
SASKUTIL
 
Error: (05/09/2013 11:41:42 PM) (Source: BugCheck) (User: )
Description: 0x0000007e (0xffffffffc0000005, 0xfffff88019d93220, 0xfffff8801a3267c8, 0xfffff8801a326020)C:\Windows\MEMORY.DMP050913-25662-01
 
Error: (05/09/2013 11:41:28 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:16:33 PM on ?5/?9/?2013 was unexpected.
 
Error: (05/09/2013 06:03:47 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (05/09/2013 06:02:34 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SASDIFSV
SASKUTIL
 
Error: (05/08/2013 06:35:17 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (05/08/2013 06:33:56 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SASDIFSV
SASKUTIL
 
 
Microsoft Office Sessions:
=========================
Error: (05/10/2013 06:32:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/10/2013 02:20:56 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 90080108
 
Error: (05/10/2013 01:54:11 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
 
Error: (05/10/2013 00:12:48 AM) (Source: Application Error)(User: )
Description: SuperMeatBoy.exe0.0.0.04ee3490bntdll.dll6.1.7601.177254ec49b8fc000000500038dc913e401ce4d349a6e0da5C:\Games\Team Meat\SuperMeatBoy\SuperMeatBoy.exeC:\Windows\SysWOW64\ntdll.dlldf1cbc43-b927-11e2-a3f5-88532e89bb73
 
Error: (05/09/2013 11:44:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/09/2013 07:06:17 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
 
Error: (05/09/2013 06:02:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/08/2013 06:56:10 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
 
Error: (05/08/2013 06:34:08 PM) (Source: Application Error)(User: )
Description: Pen_Tablet.exe5.2.5.54e694ecdMSVCR100.dll10.0.30319.14ba220dc4000001500000000000760d981c01ce4c3c1fbeb6daC:\Program Files\Tablet\Pen\Pen_Tablet.exeC:\Program Files\Tablet\Pen\MSVCR100.dll652c8ced-b82f-11e2-aa8f-e8039ab075bd
 
Error: (05/08/2013 06:33:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-03-13 02:04:33.145
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\ADMINI~1\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-03-13 02:04:33.041
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\ADMINI~1\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-03-12 22:03:55.502
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\ADMINI~1\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-03-12 22:03:55.436
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\ADMINI~1\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-03-12 21:59:58.555
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\ADMINI~1\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-03-12 21:59:58.449
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\ADMINI~1\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-03-12 19:02:07.425
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\ADMINI~1\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-03-12 19:02:07.317
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\ADMINI~1\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-01 14:18:12.530
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\WeMade Entertainment\DigimonBattle\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-01 14:18:12.501
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\WeMade Entertainment\DigimonBattle\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
7-Zip 9.20
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.6)
Adobe AIR (Version: 3.7.0.1530)
Adobe Community Help (Version: 3.4.980)
Adobe Content Viewer (Version: 1.4.0)
Adobe Creative Suite 5.5 Design Premium (Version: 5.5)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Widget Browser (Version: 2.0 Build 230)
Adobe Widget Browser (Version: 2.0.230)
Album List for Winamp v1.43 (remove only) (Version: 1.43)
Alien Swarm
Aliens versus Predator Classic 2000
AMD APP SDK Runtime (Version: 10.0.898.1)
AMD Catalyst Install Manager (Version: 3.0.868.0)
Amnesia: The Dark Descent
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.14.3.0)
Bamboo (Version: 5.2.5-5)
Bamboo Dock (Version: 3.3.0)
Bamboo Dock 3.3 (Version: 3.3)
Bastion (Version: 1.0.2)
BIT.TRIP RUNNER (remove only) (Version: 1.0)
Braid (Version 1.015)
Canon Easy-WebPrint EX
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool (Version: 3.1.0)
Canon IJ Scan Utility
CANON iMAGE GATEWAY MyCamera Download Plugin (Version: 3.1.1.2)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.9.0.9)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (Version: 4.0.0)
Canon MG5400 series MP Drivers (Version: 1.00)
Canon MG5400 series On-screen Manual (Version: 7.5.0)
Canon MG5400 series User Registration
Canon MOV Decoder (Version: 1.8.0.7)
Canon MOV Encoder (Version: 1.6.0.1)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.7.0.4)
Canon My Image Garden (Version: 1.0.0)
Canon My Image Garden Design Files (Version: 1.0.0)
Canon My Printer (Version: 3.0.0)
Canon Quick Menu (Version: 2.0.0)
Canon Utilities Digital Photo Professional 3.10 (Version: 3.10.2.0)
Canon Utilities EOS Sample Music (Version: 1.0.0.204)
Canon Utilities EOS Utility (Version: 2.10.2.0)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (Version: 1.0.0.10)
Canon Utilities Movie Uploader for YouTube (Version: 1.2.0.7)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities Picture Style Editor (Version: 1.9.0.0)
Canon Utilities ZoomBrowser EX (Version: 6.7.0.24)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.5.0.9)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.0418.645.10054)
Catalyst Control Center InstallProxy (Version: 2012.0418.645.10054)
Catalyst Control Center Localization All (Version: 2012.0418.645.10054)
Catalyst Control Center Profiles Mobile (Version: 2012.0418.645.10054)
CCC Help Chinese Standard (Version: 2012.0418.0644.10054)
CCC Help Chinese Traditional (Version: 2012.0418.0644.10054)
CCC Help Czech (Version: 2012.0418.0644.10054)
CCC Help Danish (Version: 2012.0418.0644.10054)
CCC Help Dutch (Version: 2012.0418.0644.10054)
CCC Help English (Version: 2012.0418.0644.10054)
CCC Help Finnish (Version: 2012.0418.0644.10054)
CCC Help French (Version: 2012.0418.0644.10054)
CCC Help German (Version: 2012.0418.0644.10054)
CCC Help Greek (Version: 2012.0418.0644.10054)
CCC Help Hungarian (Version: 2012.0418.0644.10054)
CCC Help Italian (Version: 2012.0418.0644.10054)
CCC Help Japanese (Version: 2012.0418.0644.10054)
CCC Help Korean (Version: 2012.0418.0644.10054)
CCC Help Norwegian (Version: 2012.0418.0644.10054)
CCC Help Polish (Version: 2012.0418.0644.10054)
CCC Help Portuguese (Version: 2012.0418.0644.10054)
CCC Help Russian (Version: 2012.0418.0644.10054)
CCC Help Spanish (Version: 2012.0418.0644.10054)
CCC Help Swedish (Version: 2012.0418.0644.10054)
CCC Help Thai (Version: 2012.0418.0644.10054)
CCC Help Turkish (Version: 2012.0418.0644.10054)
ccc-utility64 (Version: 2012.0418.645.10054)
CCleaner (Version: 3.26)
CDex - Open Source Digital Audio CD Extractor (Version: 1.70.4.2009)
CDisplayEx 1.8
DAEMON Tools Lite (Version: 4.46.1.0327)
Daikatana (Version: 2.0.0.3)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Deus Ex: Game of the Year Edition
DEVIL MAY CRY 4 (Version: 1.00.000)
Dropbox (Version: 2.0.8)
Dungeons & Dragons Online®
Easy Settings (Version: 1.1)
ESET Online Scanner v3
ExpressCache (Version: 1.0.86)
Fallout 2
Google Chrome (Version: 26.0.1410.64)
Google Update Helper (Version: 1.3.21.145)
Gratuitous Space Battles
G-Senjou no Maou English (Version: 1.0.0.716)
Hitman: Codename 47
InFlac 1.1.1 (Version: 1.1.1)
Intel PROSet Wireless
Intel® Processor Graphics (Version: 9.17.10.2932)
Intel® Rapid Storage Technology (Version: 10.1.5.1001)
Intel® SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149)
Intel® PROSet/Wireless WiFi Software (Version: 15.00.0000.0642)
Jamestown: Legend of the Lost Colony (Version: 1.0.1)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
Katawa Shoujo
Left 4 Dead 2
Legend of Grimrock
LIMBO
Livestream Procaster (Version: 20.3.25)
Mark of the Ninja
Mass Effect
Metro 2033
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Moonbase Alpha
MotoHelper 2.0.45 Driver 5.0.0 (Version: 2.0.45)
MotoHelper MergeModules (Version: 1.2.0)
Motorola Mobile Drivers Installation 5.0.0 (Version: 5.0.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nitronic Rush (2012-12-21) version 20121221.0 (Version: 20121221.0)
NVIDIA PhysX (Version: 9.10.0222)
OpenAL
PaintTool SAI Ver.1
PCSX2 - Playstation 2 Emulator
PDF Settings CS5 (Version: 10.0)
Prince of Persia: The Sands of Time
PX Profile Update (Version: 1.00.1.)
QuickTime (Version: 7.73.80.64)
Realtek Ethernet Controller Driver (Version: 7.45.516.2011)
Resonance version 1.0 (Version: 1.0)
Rochard (Version: 1.1)
RollerCoaster Tycoon Deluxe
Skype™ 6.3 (Version: 6.3.105)
Snapshot version 0.1 (Version: 0.1)
Source SDK Base 2007
Star Wars: Knights of the Old Republic II
Steam (Version: 1.0.0.0)
Super Meat Boy v1.5
System Requirements Lab CYRI (Version: 5.0.6.0)
System Requirements Lab for Intel (Version: 4.5.13.0)
The Complete Ultima VII
The Witcher: Enhanced Edition
Torchlight (Version: 1.15)
Ultima Second Trilogy
Ultima Underworld 1 and 2
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.0 (Version: 2.0.0)
Vuze (Version: 4.9.0.0)
Webroot SecureAnywhere (Version: 8.0.2.127)
WebTablet FB Plugin (Version: 2.0.0.1)
WebTablet IE Plugin (Version: 1.1.0.12)
WebTablet Netscape Plugin (Version: 1.1.0.10)
Winamp (Version: 5.63 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Worlds of Ultima - Martian Dreams
Worlds of Ultima - The Savage Empire
 
========================= Memory info: ===================================
 
Percentage of memory in use: 45%
Total physical RAM: 8105.55 MB
Available physical RAM: 4430.96 MB
Total Pagefile: 16209.28 MB
Available Pagefile: 12069.18 MB
Total Virtual: 4095.88 MB
Available Virtual: 3966.68 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:931.41 GB) (Free:483.31 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\OWNER-PC
 
Administrator            Guest                    Owner                    
 
 
**** End of log ****


#4 SomeguyCB

SomeguyCB
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 11 May 2013 - 05:14 AM

TDSSKiller log

 

 

19:04:54.0014 1816  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:04:54.0986 1816  ============================================================
19:04:54.0986 1816  Current date / time: 2013/05/10 19:04:54.0986
19:04:54.0986 1816  SystemInfo:
19:04:54.0986 1816  
19:04:54.0986 1816  OS Version: 6.1.7601 ServicePack: 1.0
19:04:54.0986 1816  Product type: Workstation
19:04:54.0986 1816  ComputerName: OWNER-PC
19:04:54.0987 1816  UserName: Owner
19:04:54.0987 1816  Windows directory: C:\Windows
19:04:54.0987 1816  System windows directory: C:\Windows
19:04:54.0987 1816  Running under WOW64
19:04:54.0987 1816  Processor architecture: Intel x64
19:04:54.0987 1816  Number of processors: 8
19:04:54.0987 1816  Page size: 0x1000
19:04:54.0987 1816  Boot type: Normal boot
19:04:54.0987 1816  ============================================================
19:04:55.0666 1816  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:04:55.0667 1816  Drive \Device\Harddisk1\DR1 - Size: 0x1DD936000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CA5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
19:04:55.0682 1816  ============================================================
19:04:55.0682 1816  \Device\Harddisk0\DR0:
19:04:55.0682 1816  MBR partitions:
19:04:55.0682 1816  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:04:55.0682 1816  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
19:04:55.0682 1816  \Device\Harddisk1\DR1:
19:04:55.0682 1816  MBR partitions:
19:04:55.0682 1816  ============================================================
19:04:55.0737 1816  C: <-> \Device\Harddisk0\DR0\Partition2
19:04:55.0737 1816  ============================================================
19:04:55.0737 1816  Initialize success
19:04:55.0737 1816  ============================================================
19:05:45.0073 4672  ============================================================
19:05:45.0073 4672  Scan started
19:05:45.0073 4672  Mode: Manual; 
19:05:45.0073 4672  ============================================================
19:05:45.0387 4672  ================ Scan system memory ========================
19:05:45.0387 4672  System memory - ok
19:05:45.0390 4672  ================ Scan services =============================
19:05:45.0655 4672  [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
19:05:45.0659 4672  !SASCORE - ok
19:05:46.0700 4672  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:05:46.0709 4672  1394ohci - ok
19:05:46.0799 4672  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:05:46.0805 4672  ACPI - ok
19:05:46.0836 4672  [ 12C5274CD87449A2A37A607CDB321922 ] acpials         C:\Windows\system32\DRIVERS\acpials.sys
19:05:46.0843 4672  acpials - ok
19:05:46.0881 4672  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:05:46.0886 4672  AcpiPmi - ok
19:05:47.0030 4672  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:05:47.0032 4672  AdobeARMservice - ok
19:05:47.0624 4672  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:05:47.0632 4672  AdobeFlashPlayerUpdateSvc - ok
19:05:47.0785 4672  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:05:47.0885 4672  adp94xx - ok
19:05:48.0262 4672  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:05:48.0273 4672  adpahci - ok
19:05:48.0506 4672  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:05:48.0512 4672  adpu320 - ok
19:05:48.0685 4672  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:05:48.0688 4672  AeLookupSvc - ok
19:05:48.0728 4672  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:05:48.0736 4672  AFD - ok
19:05:48.0772 4672  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:05:48.0773 4672  agp440 - ok
19:05:48.0833 4672  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:05:48.0845 4672  ALG - ok
19:05:48.0953 4672  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:05:48.0974 4672  aliide - ok
19:05:49.0004 4672  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:05:49.0011 4672  amdide - ok
19:05:49.0028 4672  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:05:49.0032 4672  AmdK8 - ok
19:05:49.0062 4672  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:05:49.0065 4672  AmdPPM - ok
19:05:49.0108 4672  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:05:49.0112 4672  amdsata - ok
19:05:49.0144 4672  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:05:49.0151 4672  amdsbs - ok
19:05:49.0247 4672  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:05:49.0248 4672  amdxata - ok
19:05:49.0286 4672  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:05:49.0288 4672  AppID - ok
19:05:49.0326 4672  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:05:49.0328 4672  AppIDSvc - ok
19:05:49.0356 4672  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
19:05:49.0412 4672  Appinfo - ok
19:05:49.0470 4672  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
19:05:49.0530 4672  arc - ok
19:05:49.0555 4672  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:05:49.0582 4672  arcsas - ok
19:05:49.0644 4672  [ 22842362DF890F5492F85AA60916A697 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
19:05:49.0646 4672  asmthub3 - ok
19:05:49.0825 4672  [ 08E2D77766CC05E75A0707207D9FC684 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
19:05:49.0832 4672  asmtxhci - ok
19:05:49.0934 4672  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:05:49.0937 4672  aspnet_state - ok
19:05:50.0010 4672  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:05:50.0011 4672  AsyncMac - ok
19:05:50.0034 4672  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:05:50.0036 4672  atapi - ok
19:05:50.0082 4672  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:05:50.0100 4672  AudioEndpointBuilder - ok
19:05:50.0120 4672  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:05:50.0131 4672  AudioSrv - ok
19:05:50.0163 4672  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:05:50.0168 4672  AxInstSV - ok
19:05:50.0197 4672  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:05:50.0210 4672  b06bdrv - ok
19:05:50.0238 4672  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:05:50.0247 4672  b57nd60a - ok
19:05:50.0281 4672  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:05:50.0285 4672  BDESVC - ok
19:05:50.0310 4672  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:05:50.0311 4672  Beep - ok
19:05:50.0407 4672  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:05:50.0424 4672  BFE - ok
19:05:50.0472 4672  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:05:50.0489 4672  BITS - ok
19:05:50.0525 4672  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:05:50.0528 4672  blbdrive - ok
19:05:50.0560 4672  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:05:50.0563 4672  bowser - ok
19:05:50.0587 4672  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:05:50.0590 4672  BrFiltLo - ok
19:05:50.0611 4672  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:05:50.0613 4672  BrFiltUp - ok
19:05:50.0636 4672  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:05:50.0639 4672  Browser - ok
19:05:50.0675 4672  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:05:50.0684 4672  Brserid - ok
19:05:50.0704 4672  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:05:50.0707 4672  BrSerWdm - ok
19:05:50.0731 4672  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:05:50.0733 4672  BrUsbMdm - ok
19:05:50.0758 4672  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:05:50.0761 4672  BrUsbSer - ok
19:05:50.0802 4672  [ FF7C57973EEAD140062238C5A0B7D455 ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
19:05:50.0805 4672  BTCFilterService - ok
19:05:50.0882 4672  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
19:05:50.0884 4672  BthEnum - ok
19:05:50.0909 4672  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:05:50.0913 4672  BTHMODEM - ok
19:05:50.0957 4672  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
19:05:50.0960 4672  BthPan - ok
19:05:50.0990 4672  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
19:05:50.0999 4672  BTHPORT - ok
19:05:51.0059 4672  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:05:51.0063 4672  bthserv - ok
19:05:51.0081 4672  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
19:05:51.0084 4672  BTHUSB - ok
19:05:51.0114 4672  [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
19:05:51.0120 4672  btmhsf - ok
19:05:51.0159 4672  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:05:51.0161 4672  cdfs - ok
19:05:51.0233 4672  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:05:51.0236 4672  cdrom - ok
19:05:51.0267 4672  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:05:51.0270 4672  CertPropSvc - ok
19:05:51.0294 4672  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
19:05:51.0297 4672  circlass - ok
19:05:51.0329 4672  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:05:51.0339 4672  CLFS - ok
19:05:51.0421 4672  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:05:51.0424 4672  clr_optimization_v2.0.50727_32 - ok
19:05:51.0475 4672  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:05:51.0479 4672  clr_optimization_v2.0.50727_64 - ok
19:05:51.0536 4672  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:05:51.0540 4672  clr_optimization_v4.0.30319_32 - ok
19:05:51.0570 4672  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:05:51.0573 4672  clr_optimization_v4.0.30319_64 - ok
19:05:51.0629 4672  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:05:51.0630 4672  CmBatt - ok
19:05:51.0651 4672  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:05:51.0654 4672  cmdide - ok
19:05:51.0710 4672  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
19:05:51.0724 4672  CNG - ok
19:05:51.0732 4672  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:05:51.0734 4672  Compbatt - ok
19:05:51.0757 4672  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:05:51.0760 4672  CompositeBus - ok
19:05:51.0770 4672  COMSysApp - ok
19:05:51.0828 4672  [ 4F19119C392210244FC0108E76939DC5 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
19:05:51.0836 4672  cphs - ok
19:05:51.0863 4672  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:05:51.0865 4672  crcdisk - ok
19:05:51.0922 4672  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:05:51.0927 4672  CryptSvc - ok
19:05:51.0986 4672  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:05:51.0998 4672  DcomLaunch - ok
19:05:52.0044 4672  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:05:52.0052 4672  defragsvc - ok
19:05:52.0142 4672  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:05:52.0146 4672  DfsC - ok
19:05:52.0167 4672  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:05:52.0177 4672  Dhcp - ok
19:05:52.0200 4672  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:05:52.0201 4672  discache - ok
19:05:52.0245 4672  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
19:05:52.0247 4672  Disk - ok
19:05:52.0280 4672  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:05:52.0287 4672  Dnscache - ok
19:05:52.0312 4672  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:05:52.0319 4672  dot3svc - ok
19:05:52.0356 4672  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:05:52.0363 4672  DPS - ok
19:05:52.0404 4672  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:05:52.0405 4672  drmkaud - ok
19:05:52.0454 4672  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:05:52.0459 4672  dtsoftbus01 - ok
19:05:52.0547 4672  dump_wmimmc - ok
19:05:52.0602 4672  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:05:52.0618 4672  DXGKrnl - ok
19:05:52.0668 4672  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:05:52.0673 4672  EapHost - ok
19:05:52.0784 4672  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:05:52.0866 4672  ebdrv - ok
19:05:52.0906 4672  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:05:52.0909 4672  EFS - ok
19:05:52.0977 4672  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:05:53.0078 4672  ehRecvr - ok
19:05:53.0114 4672  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:05:53.0118 4672  ehSched - ok
19:05:53.0164 4672  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:05:53.0179 4672  elxstor - ok
19:05:53.0201 4672  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:05:53.0203 4672  ErrDev - ok
19:05:53.0252 4672  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:05:53.0260 4672  EventSystem - ok
19:05:53.0393 4672  [ 64D25284A4E9D11CA0722AF3F30FD970 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:05:53.0403 4672  EvtEng - ok
19:05:53.0433 4672  [ D2EAA04AF43154B62FA85B08BAD0A7CA ] excfs           C:\Windows\system32\DRIVERS\excfs.sys
19:05:53.0434 4672  excfs - ok
19:05:53.0443 4672  [ E6082A6C109238A725D83184724C4A36 ] excsd           C:\Windows\system32\DRIVERS\excsd.sys
19:05:53.0447 4672  excsd - ok
19:05:53.0477 4672  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:05:53.0483 4672  exfat - ok
19:05:53.0500 4672  [ 68030FF4B7669E15916910885E2E6160 ] ExpressCache    C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
19:05:53.0502 4672  ExpressCache - ok
19:05:53.0564 4672  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:05:53.0568 4672  fastfat - ok
19:05:53.0667 4672  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:05:53.0682 4672  Fax - ok
19:05:53.0699 4672  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
19:05:53.0701 4672  fdc - ok
19:05:53.0735 4672  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:05:53.0737 4672  fdPHost - ok
19:05:53.0795 4672  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:05:53.0798 4672  FDResPub - ok
19:05:53.0825 4672  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:05:53.0828 4672  FileInfo - ok
19:05:53.0850 4672  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:05:53.0854 4672  Filetrace - ok
19:05:53.0864 4672  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:05:53.0866 4672  flpydisk - ok
19:05:53.0905 4672  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:05:53.0911 4672  FltMgr - ok
19:05:54.0017 4672  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
19:05:54.0048 4672  FontCache - ok
19:05:54.0094 4672  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:05:54.0096 4672  FontCache3.0.0.0 - ok
19:05:54.0122 4672  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:05:54.0126 4672  FsDepends - ok
19:05:54.0159 4672  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:05:54.0160 4672  Fs_Rec - ok
19:05:54.0219 4672  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:05:54.0225 4672  fvevol - ok
19:05:54.0268 4672  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:05:54.0272 4672  gagp30kx - ok
19:05:54.0340 4672  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:05:54.0362 4672  gpsvc - ok
19:05:54.0433 4672  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:05:54.0436 4672  gupdate - ok
19:05:54.0448 4672  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:05:54.0450 4672  gupdatem - ok
19:05:54.0459 4672  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:05:54.0462 4672  hcw85cir - ok
19:05:54.0501 4672  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:05:54.0511 4672  HdAudAddService - ok
19:05:54.0529 4672  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:05:54.0533 4672  HDAudBus - ok
19:05:54.0554 4672  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:05:54.0557 4672  HidBatt - ok
19:05:54.0576 4672  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:05:54.0580 4672  HidBth - ok
19:05:54.0618 4672  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:05:54.0621 4672  HidIr - ok
19:05:54.0664 4672  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:05:54.0668 4672  hidserv - ok
19:05:54.0687 4672  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:05:54.0689 4672  HidUsb - ok
19:05:54.0726 4672  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:05:54.0732 4672  hkmsvc - ok
19:05:54.0766 4672  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:05:54.0774 4672  HomeGroupListener - ok
19:05:54.0815 4672  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:05:54.0824 4672  HomeGroupProvider - ok
19:05:54.0850 4672  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:05:54.0853 4672  HpSAMD - ok
19:05:54.0910 4672  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:05:54.0923 4672  HTTP - ok
19:05:54.0937 4672  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:05:54.0939 4672  hwpolicy - ok
19:05:54.0962 4672  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:05:54.0964 4672  i8042prt - ok
19:05:55.0001 4672  [ 53CC5BF8B5A219119953C7ABB19A7705 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
19:05:55.0009 4672  iaStor - ok
19:05:55.0063 4672  [ F5C0317AF600F8C0D7E4202EB04232B1 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:05:55.0065 4672  IAStorDataMgrSvc - ok
19:05:55.0115 4672  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:05:55.0127 4672  iaStorV - ok
19:05:55.0156 4672  [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex      C:\Windows\system32\DRIVERS\iBtFltCoex.sys
19:05:55.0158 4672  iBtFltCoex - ok
19:05:55.0196 4672  [ 83FF82FE209E7997067B375DAD6CF23D ] ICCS            C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
19:05:55.0200 4672  ICCS - ok
19:05:55.0266 4672  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:05:55.0283 4672  idsvc - ok
19:05:55.0455 4672  [ 348214F96642FD4FEF630DE021BA3540 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
19:05:55.0589 4672  igfx - ok
19:05:55.0625 4672  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:05:55.0628 4672  iirsp - ok
19:05:55.0738 4672  [ EDCCC8C13B1EB882F77BA0ABB84566E7 ] IJPLMSVC        C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
19:05:55.0741 4672  IJPLMSVC - ok
19:05:55.0794 4672  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:05:55.0816 4672  IKEEXT - ok
19:05:55.0858 4672  [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
19:05:55.0863 4672  IntcDAud - ok
19:05:55.0891 4672  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:05:55.0892 4672  intelide - ok
19:05:56.0238 4672  [ F4F91789C7C7A159CE8215C1F69F2A85 ] intelkmd        C:\Windows\system32\DRIVERS\igdpmd64.sys
19:05:56.0544 4672  intelkmd - ok
19:05:56.0604 4672  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:05:56.0606 4672  intelppm - ok
19:05:56.0634 4672  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:05:56.0638 4672  IPBusEnum - ok
19:05:56.0665 4672  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:05:56.0667 4672  IpFilterDriver - ok
19:05:56.0728 4672  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:05:56.0744 4672  iphlpsvc - ok
19:05:56.0774 4672  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:05:56.0778 4672  IPMIDRV - ok
19:05:56.0796 4672  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:05:56.0799 4672  IPNAT - ok
19:05:56.0822 4672  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:05:56.0823 4672  IRENUM - ok
19:05:56.0848 4672  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:05:56.0850 4672  isapnp - ok
19:05:56.0878 4672  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:05:56.0887 4672  iScsiPrt - ok
19:05:56.0896 4672  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:05:56.0898 4672  kbdclass - ok
19:05:56.0927 4672  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:05:56.0930 4672  kbdhid - ok
19:05:56.0954 4672  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:05:56.0957 4672  KeyIso - ok
19:05:56.0989 4672  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:05:56.0992 4672  KSecDD - ok
19:05:57.0040 4672  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:05:57.0045 4672  KSecPkg - ok
19:05:57.0060 4672  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:05:57.0062 4672  ksthunk - ok
19:05:57.0116 4672  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:05:57.0130 4672  KtmRm - ok
19:05:57.0169 4672  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:05:57.0179 4672  LanmanServer - ok
19:05:57.0201 4672  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:05:57.0209 4672  LanmanWorkstation - ok
19:05:57.0234 4672  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:05:57.0237 4672  lltdio - ok
19:05:57.0271 4672  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:05:57.0280 4672  lltdsvc - ok
19:05:57.0317 4672  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:05:57.0321 4672  lmhosts - ok
19:05:57.0361 4672  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:05:57.0366 4672  LSI_FC - ok
19:05:57.0381 4672  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:05:57.0386 4672  LSI_SAS - ok
19:05:57.0401 4672  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:05:57.0405 4672  LSI_SAS2 - ok
19:05:57.0423 4672  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:05:57.0428 4672  LSI_SCSI - ok
19:05:57.0451 4672  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:05:57.0455 4672  luafv - ok
19:05:57.0496 4672  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:05:57.0501 4672  Mcx2Svc - ok
19:05:57.0541 4672  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:05:57.0544 4672  megasas - ok
19:05:57.0563 4672  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:05:57.0572 4672  MegaSR - ok
19:05:57.0608 4672  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
19:05:57.0609 4672  MEIx64 - ok
19:05:57.0677 4672  Microsoft SharePoint Workspace Audit Service - ok
19:05:57.0699 4672  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:05:57.0704 4672  MMCSS - ok
19:05:57.0712 4672  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:05:57.0714 4672  Modem - ok
19:05:57.0738 4672  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:05:57.0740 4672  monitor - ok
19:05:57.0783 4672  [ 5D1080DBD8EC5F2D6E550E01398E17CF ] motccgp         C:\Windows\system32\DRIVERS\motccgp.sys
19:05:57.0786 4672  motccgp - ok
19:05:57.0813 4672  [ D51E009BAEDA07EBC107D49D224C2414 ] motccgpfl       C:\Windows\system32\DRIVERS\motccgpfl.sys
19:05:57.0815 4672  motccgpfl - ok
19:05:57.0864 4672  [ C030F9E822A057C1A7A9BB4EA3E8877E ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
19:05:57.0869 4672  MotioninJoyXFilter - ok
19:05:57.0916 4672  [ 6CBC0F4005593C96C9AECAD39F0690FC ] motmodem        C:\Windows\system32\DRIVERS\motmodem.sys
19:05:57.0919 4672  motmodem - ok
19:05:57.0967 4672  [ 2443B978E80F8A3D1F39855AA25882AF ] MotoHelper      C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
19:05:57.0971 4672  MotoHelper - ok
19:05:57.0996 4672  [ EBD05F60CAFC5BBA2602B8D7101082D3 ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
19:05:57.0998 4672  MotoSwitchService - ok
19:05:58.0022 4672  [ 87701078C3F720AC7A028E937994CC49 ] Motousbnet      C:\Windows\system32\DRIVERS\Motousbnet.sys
19:05:58.0025 4672  Motousbnet - ok
19:05:58.0063 4672  [ 307727F9829FB46FF4BE0E4D1DAC5002 ] motusbdevice    C:\Windows\system32\DRIVERS\motusbdevice.sys
19:05:58.0066 4672  motusbdevice - ok
19:05:58.0090 4672  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:05:58.0092 4672  mouclass - ok
19:05:58.0117 4672  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:05:58.0119 4672  mouhid - ok
19:05:58.0139 4672  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:05:58.0141 4672  mountmgr - ok
19:05:58.0171 4672  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:05:58.0177 4672  mpio - ok
19:05:58.0201 4672  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:05:58.0205 4672  mpsdrv - ok
19:05:58.0253 4672  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:05:58.0276 4672  MpsSvc - ok
19:05:58.0302 4672  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:05:58.0305 4672  MRxDAV - ok
19:05:58.0331 4672  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:05:58.0335 4672  mrxsmb - ok
19:05:58.0361 4672  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:05:58.0370 4672  mrxsmb10 - ok
19:05:58.0381 4672  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:05:58.0385 4672  mrxsmb20 - ok
19:05:58.0393 4672  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:05:58.0394 4672  msahci - ok
19:05:58.0419 4672  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:05:58.0425 4672  msdsm - ok
19:05:58.0445 4672  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:05:58.0453 4672  MSDTC - ok
19:05:58.0469 4672  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:05:58.0471 4672  Msfs - ok
19:05:58.0484 4672  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:05:58.0486 4672  mshidkmdf - ok
19:05:58.0494 4672  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:05:58.0495 4672  msisadrv - ok
19:05:58.0537 4672  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:05:58.0543 4672  MSiSCSI - ok
19:05:58.0551 4672  msiserver - ok
19:05:58.0582 4672  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:05:58.0583 4672  MSKSSRV - ok
19:05:58.0591 4672  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:05:58.0592 4672  MSPCLOCK - ok
19:05:58.0600 4672  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:05:58.0601 4672  MSPQM - ok
19:05:58.0637 4672  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:05:58.0648 4672  MsRPC - ok
19:05:58.0666 4672  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:05:58.0667 4672  mssmbios - ok
19:05:58.0686 4672  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:05:58.0689 4672  MSTEE - ok
19:05:58.0708 4672  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:05:58.0711 4672  MTConfig - ok
19:05:58.0729 4672  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:05:58.0731 4672  Mup - ok
19:05:58.0763 4672  [ E3B58E3011B207C5289D11173B30E298 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
19:05:58.0770 4672  MyWiFiDHCPDNS - ok
19:05:58.0815 4672  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:05:58.0831 4672  napagent - ok
19:05:58.0850 4672  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:05:58.0860 4672  NativeWifiP - ok
19:05:58.0920 4672  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:05:58.0934 4672  NDIS - ok
19:05:58.0952 4672  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:05:58.0955 4672  NdisCap - ok
19:05:58.0991 4672  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:05:58.0993 4672  NdisTapi - ok
19:05:59.0014 4672  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:05:59.0016 4672  Ndisuio - ok
19:05:59.0030 4672  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:05:59.0033 4672  NdisWan - ok
19:05:59.0052 4672  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:05:59.0054 4672  NDProxy - ok
19:05:59.0062 4672  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:05:59.0064 4672  NetBIOS - ok
19:05:59.0081 4672  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:05:59.0086 4672  NetBT - ok
19:05:59.0106 4672  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:05:59.0110 4672  Netlogon - ok
19:05:59.0143 4672  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:05:59.0151 4672  Netman - ok
19:05:59.0213 4672  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:05:59.0217 4672  NetMsmqActivator - ok
19:05:59.0229 4672  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:05:59.0232 4672  NetPipeActivator - ok
19:05:59.0260 4672  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:05:59.0270 4672  netprofm - ok
19:05:59.0280 4672  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:05:59.0283 4672  NetTcpActivator - ok
19:05:59.0292 4672  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:05:59.0295 4672  NetTcpPortSharing - ok
19:05:59.0600 4672  [ B51E9AD4F4E4F8DBE0AB882756BC5DAB ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
19:05:59.0876 4672  NETwNs64 - ok
19:05:59.0932 4672  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:05:59.0935 4672  nfrd960 - ok
19:05:59.0964 4672  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:05:59.0975 4672  NlaSvc - ok
19:06:00.0002 4672  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:06:00.0004 4672  Npfs - ok
19:06:00.0011 4672  npggsvc - ok
19:06:00.0020 4672  NPPTNT2 - ok
19:06:00.0046 4672  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:06:00.0051 4672  nsi - ok
19:06:00.0074 4672  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:06:00.0076 4672  nsiproxy - ok
19:06:00.0170 4672  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:06:00.0196 4672  Ntfs - ok
19:06:00.0227 4672  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:06:00.0228 4672  Null - ok
19:06:00.0270 4672  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:06:00.0276 4672  nvraid - ok
19:06:00.0330 4672  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:06:00.0337 4672  nvstor - ok
19:06:00.0363 4672  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:06:00.0369 4672  nv_agp - ok
19:06:00.0400 4672  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:06:00.0404 4672  ohci1394 - ok
19:06:00.0481 4672  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:06:00.0485 4672  ose - ok
19:06:00.0692 4672  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:06:00.0824 4672  osppsvc - ok
19:06:00.0877 4672  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:06:00.0887 4672  p2pimsvc - ok
19:06:00.0926 4672  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:06:00.0938 4672  p2psvc - ok
19:06:00.0991 4672  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
19:06:00.0994 4672  Parport - ok
19:06:01.0027 4672  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:06:01.0029 4672  partmgr - ok
19:06:01.0057 4672  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:06:01.0065 4672  PcaSvc - ok
19:06:01.0077 4672  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:06:01.0081 4672  pci - ok
19:06:01.0107 4672  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:06:01.0109 4672  pciide - ok
19:06:01.0140 4672  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:06:01.0144 4672  pcmcia - ok
19:06:01.0152 4672  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:06:01.0154 4672  pcw - ok
19:06:01.0195 4672  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:06:01.0213 4672  PEAUTH - ok
19:06:01.0330 4672  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:06:01.0334 4672  PerfHost - ok
19:06:01.0413 4672  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:06:01.0444 4672  pla - ok
19:06:01.0481 4672  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:06:01.0495 4672  PlugPlay - ok
19:06:01.0515 4672  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:06:01.0520 4672  PNRPAutoReg - ok
19:06:01.0554 4672  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:06:01.0562 4672  PNRPsvc - ok
19:06:01.0604 4672  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:06:01.0613 4672  PolicyAgent - ok
19:06:01.0644 4672  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:06:01.0652 4672  Power - ok
19:06:01.0680 4672  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:06:01.0682 4672  PptpMiniport - ok
19:06:01.0716 4672  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
19:06:01.0718 4672  Processor - ok
19:06:01.0764 4672  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:06:01.0773 4672  ProfSvc - ok
19:06:01.0801 4672  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:06:01.0805 4672  ProtectedStorage - ok
19:06:01.0825 4672  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:06:01.0829 4672  Psched - ok
19:06:01.0890 4672  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:06:01.0929 4672  ql2300 - ok
19:06:01.0956 4672  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:06:01.0961 4672  ql40xx - ok
19:06:02.0010 4672  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:06:02.0019 4672  QWAVE - ok
19:06:02.0045 4672  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:06:02.0048 4672  QWAVEdrv - ok
19:06:02.0082 4672  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:06:02.0083 4672  RasAcd - ok
19:06:02.0119 4672  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:06:02.0120 4672  RasAgileVpn - ok
19:06:02.0155 4672  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:06:02.0161 4672  RasAuto - ok
19:06:02.0173 4672  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:06:02.0176 4672  Rasl2tp - ok
19:06:02.0222 4672  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:06:02.0233 4672  RasMan - ok
19:06:02.0246 4672  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:06:02.0248 4672  RasPppoe - ok
19:06:02.0268 4672  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:06:02.0271 4672  RasSstp - ok
19:06:02.0293 4672  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:06:02.0299 4672  rdbss - ok
19:06:02.0318 4672  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
19:06:02.0321 4672  rdpbus - ok
19:06:02.0336 4672  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:06:02.0337 4672  RDPCDD - ok
19:06:02.0352 4672  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:06:02.0354 4672  RDPENCDD - ok
19:06:02.0367 4672  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:06:02.0368 4672  RDPREFMP - ok
19:06:02.0417 4672  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:06:02.0422 4672  RDPWD - ok
19:06:02.0451 4672  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:06:02.0458 4672  rdyboost - ok
19:06:02.0513 4672  [ F3AF2B43F35DBB3A0EB9FEEEC7D62217 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:06:02.0516 4672  RegSrvc - ok
19:06:02.0540 4672  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:06:02.0545 4672  RemoteAccess - ok
19:06:02.0588 4672  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:06:02.0594 4672  RemoteRegistry - ok
19:06:02.0637 4672  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
19:06:02.0643 4672  RFCOMM - ok
19:06:02.0663 4672  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:06:02.0668 4672  RpcEptMapper - ok
19:06:02.0692 4672  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:06:02.0695 4672  RpcLocator - ok
19:06:02.0723 4672  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:06:02.0735 4672  RpcSs - ok
19:06:02.0764 4672  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:06:02.0767 4672  rspndr - ok
19:06:02.0802 4672  [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
19:06:02.0811 4672  RTL8167 - ok
19:06:02.0858 4672  [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI            C:\Windows\system32\Drivers\SABI.sys
19:06:02.0860 4672  SABI - ok
19:06:02.0877 4672  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:06:02.0880 4672  SamSs - ok
19:06:02.0955 4672  [ 5E66ABD041D76C46CBF55AEF910FCA56 ] SamsungDeviceConfigurationWinService C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
19:06:02.0957 4672  SamsungDeviceConfigurationWinService - ok
19:06:03.0004 4672  SASDIFSV - ok
19:06:03.0010 4672  SASKUTIL - ok
19:06:03.0036 4672  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:06:03.0041 4672  sbp2port - ok
19:06:03.0086 4672  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:06:03.0094 4672  SCardSvr - ok
19:06:03.0111 4672  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:06:03.0114 4672  scfilter - ok
19:06:03.0160 4672  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:06:03.0181 4672  Schedule - ok
19:06:03.0224 4672  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:06:03.0227 4672  SCPolicySvc - ok
19:06:03.0273 4672  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:06:03.0282 4672  SDRSVC - ok
19:06:03.0315 4672  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:06:03.0317 4672  secdrv - ok
19:06:03.0344 4672  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:06:03.0349 4672  seclogon - ok
19:06:03.0376 4672  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:06:03.0382 4672  SENS - ok
19:06:03.0390 4672  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:06:03.0395 4672  SensrSvc - ok
19:06:03.0421 4672  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
19:06:03.0422 4672  Serenum - ok
19:06:03.0432 4672  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
19:06:03.0435 4672  Serial - ok
19:06:03.0461 4672  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:06:03.0464 4672  sermouse - ok
19:06:03.0499 4672  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:06:03.0506 4672  SessionEnv - ok
19:06:03.0526 4672  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:06:03.0528 4672  sffdisk - ok
19:06:03.0548 4672  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:06:03.0551 4672  sffp_mmc - ok
19:06:03.0570 4672  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:06:03.0572 4672  sffp_sd - ok
19:06:03.0594 4672  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:06:03.0596 4672  sfloppy - ok
19:06:03.0644 4672  [ 2FE1CD3AA602414841DB10AD96C95A5E ] SGDrv           C:\Windows\system32\DRIVERS\SGdrv64.sys
19:06:03.0646 4672  SGDrv - ok
19:06:03.0700 4672  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:06:03.0710 4672  SharedAccess - ok
19:06:03.0753 4672  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:06:03.0762 4672  ShellHWDetection - ok
19:06:03.0784 4672  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:06:03.0787 4672  SiSRaid2 - ok
19:06:03.0818 4672  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:06:03.0822 4672  SiSRaid4 - ok
19:06:03.0897 4672  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:06:03.0900 4672  SkypeUpdate - ok
19:06:03.0928 4672  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:06:03.0933 4672  Smb - ok
19:06:03.0961 4672  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:06:03.0966 4672  SNMPTRAP - ok
19:06:03.0980 4672  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:06:03.0981 4672  spldr - ok
19:06:04.0020 4672  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:06:04.0032 4672  Spooler - ok
19:06:04.0151 4672  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:06:04.0212 4672  sppsvc - ok
19:06:04.0234 4672  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:06:04.0240 4672  sppuinotify - ok
19:06:04.0290 4672  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:06:04.0298 4672  srv - ok
19:06:04.0314 4672  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:06:04.0327 4672  srv2 - ok
19:06:04.0345 4672  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:06:04.0351 4672  srvnet - ok
19:06:04.0381 4672  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:06:04.0388 4672  SSDPSRV - ok
19:06:04.0406 4672  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:06:04.0413 4672  SstpSvc - ok
19:06:04.0448 4672  Steam Client Service - ok
19:06:04.0495 4672  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:06:04.0498 4672  stexstor - ok
19:06:04.0548 4672  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:06:04.0561 4672  stisvc - ok
19:06:04.0574 4672  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:06:04.0576 4672  swenum - ok
19:06:04.0607 4672  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:06:04.0625 4672  swprv - ok
19:06:04.0678 4672  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:06:04.0722 4672  SysMain - ok
19:06:04.0742 4672  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:06:04.0749 4672  TabletInputService - ok
19:06:04.0964 4672  [ C4C20CFA4F42E9B7454E895C5C47BCD3 ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
19:06:05.0068 4672  TabletServicePen - ok
19:06:05.0101 4672  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:06:05.0110 4672  TapiSrv - ok
19:06:05.0130 4672  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:06:05.0135 4672  TBS - ok
19:06:05.0228 4672  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:06:05.0257 4672  Tcpip - ok
19:06:05.0302 4672  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:06:05.0330 4672  TCPIP6 - ok
19:06:05.0378 4672  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:06:05.0380 4672  tcpipreg - ok
19:06:05.0413 4672  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:06:05.0414 4672  TDPIPE - ok
19:06:05.0442 4672  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:06:05.0444 4672  TDTCP - ok
19:06:05.0467 4672  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:06:05.0469 4672  tdx - ok
19:06:05.0498 4672  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:06:05.0500 4672  TermDD - ok
19:06:05.0554 4672  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:06:05.0568 4672  TermService - ok
19:06:05.0601 4672  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:06:05.0607 4672  Themes - ok
19:06:05.0630 4672  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:06:05.0634 4672  THREADORDER - ok
19:06:05.0687 4672  [ 7625DCF246E488E523DC1F64C38ABDA2 ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
19:06:05.0695 4672  TouchServicePen - ok
19:06:05.0713 4672  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:06:05.0721 4672  TrkWks - ok
19:06:05.0775 4672  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:06:05.0779 4672  TrustedInstaller - ok
19:06:05.0806 4672  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:06:05.0810 4672  tssecsrv - ok
19:06:05.0842 4672  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:06:05.0846 4672  TsUsbFlt - ok
19:06:05.0861 4672  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:06:05.0864 4672  TsUsbGD - ok
19:06:05.0889 4672  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:06:05.0894 4672  tunnel - ok
19:06:05.0925 4672  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:06:05.0928 4672  uagp35 - ok
19:06:05.0957 4672  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:06:05.0963 4672  udfs - ok
19:06:06.0016 4672  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:06:06.0023 4672  UI0Detect - ok
19:06:06.0049 4672  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:06:06.0053 4672  uliagpkx - ok
19:06:06.0085 4672  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:06:06.0087 4672  umbus - ok
19:06:06.0110 4672  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:06:06.0112 4672  UmPass - ok
19:06:06.0158 4672  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:06:06.0167 4672  upnphost - ok
19:06:06.0217 4672  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:06:06.0220 4672  usbaudio - ok
19:06:06.0255 4672  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:06:06.0258 4672  usbccgp - ok
19:06:06.0280 4672  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:06:06.0285 4672  usbcir - ok
19:06:06.0304 4672  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:06:06.0306 4672  usbehci - ok
19:06:06.0320 4672  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:06:06.0326 4672  usbhub - ok
19:06:06.0350 4672  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:06:06.0353 4672  usbohci - ok
19:06:06.0372 4672  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
19:06:06.0375 4672  usbprint - ok
19:06:06.0403 4672  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:06:06.0406 4672  USBSTOR - ok
19:06:06.0423 4672  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:06:06.0425 4672  usbuhci - ok
19:06:06.0463 4672  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
19:06:06.0469 4672  usbvideo - ok
19:06:06.0493 4672  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:06:06.0499 4672  UxSms - ok
19:06:06.0515 4672  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:06:06.0519 4672  VaultSvc - ok
19:06:06.0539 4672  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:06:06.0541 4672  vdrvroot - ok
19:06:06.0573 4672  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:06:06.0587 4672  vds - ok
19:06:06.0609 4672  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:06:06.0612 4672  vga - ok
19:06:06.0628 4672  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:06:06.0629 4672  VgaSave - ok
19:06:06.0659 4672  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:06:06.0667 4672  vhdmp - ok
19:06:06.0691 4672  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:06:06.0694 4672  viaide - ok
19:06:06.0702 4672  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:06:06.0706 4672  volmgr - ok
19:06:06.0721 4672  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:06:06.0731 4672  volmgrx - ok
19:06:06.0759 4672  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:06:06.0764 4672  volsnap - ok
19:06:06.0796 4672  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:06:06.0803 4672  vsmraid - ok
19:06:06.0880 4672  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:06:06.0909 4672  VSS - ok
19:06:06.0929 4672  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:06:06.0931 4672  vwifibus - ok
19:06:06.0970 4672  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:06:06.0974 4672  vwififlt - ok
19:06:07.0000 4672  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
19:06:07.0001 4672  vwifimp - ok
19:06:07.0051 4672  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:06:07.0061 4672  W32Time - ok
19:06:07.0108 4672  [ FE75777289278A4941FE6139E82B3BD9 ] wacmoumonitor   C:\Windows\system32\DRIVERS\wacmoumonitor.sys
19:06:07.0111 4672  wacmoumonitor - ok
19:06:07.0157 4672  [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
19:06:07.0159 4672  wacommousefilter - ok
19:06:07.0176 4672  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:06:07.0179 4672  WacomPen - ok
19:06:07.0197 4672  [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid       C:\Windows\system32\DRIVERS\wacomvhid.sys
19:06:07.0198 4672  wacomvhid - ok
19:06:07.0207 4672  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:06:07.0210 4672  WANARP - ok
19:06:07.0217 4672  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:06:07.0220 4672  Wanarpv6 - ok
19:06:07.0283 4672  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:06:07.0315 4672  WatAdminSvc - ok
19:06:07.0397 4672  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:06:07.0430 4672  wbengine - ok
19:06:07.0453 4672  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:06:07.0461 4672  WbioSrvc - ok
19:06:07.0493 4672  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:06:07.0505 4672  wcncsvc - ok
19:06:07.0525 4672  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:06:07.0531 4672  WcsPlugInService - ok
19:06:07.0562 4672  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
19:06:07.0565 4672  Wd - ok
19:06:07.0605 4672  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:06:07.0625 4672  Wdf01000 - ok
19:06:07.0649 4672  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:06:07.0655 4672  WdiServiceHost - ok
19:06:07.0662 4672  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:06:07.0668 4672  WdiSystemHost - ok
19:06:07.0698 4672  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:06:07.0708 4672  WebClient - ok
19:06:07.0751 4672  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:06:07.0760 4672  Wecsvc - ok
19:06:07.0786 4672  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:06:07.0791 4672  wercplsupport - ok
19:06:07.0809 4672  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:06:07.0816 4672  WerSvc - ok
19:06:07.0845 4672  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:06:07.0847 4672  WfpLwf - ok
19:06:07.0862 4672  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:06:07.0864 4672  WIMMount - ok
19:06:07.0897 4672  WinDefend - ok
19:06:07.0911 4672  WinHttpAutoProxySvc - ok
19:06:07.0968 4672  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:06:07.0976 4672  Winmgmt - ok
19:06:08.0062 4672  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:06:08.0107 4672  WinRM - ok
19:06:08.0166 4672  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:06:08.0168 4672  WinUsb - ok
19:06:08.0216 4672  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:06:08.0241 4672  Wlansvc - ok
19:06:08.0262 4672  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:06:08.0265 4672  WmiAcpi - ok
19:06:08.0303 4672  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:06:08.0310 4672  wmiApSrv - ok
19:06:08.0326 4672  WMPNetworkSvc - ok
19:06:08.0338 4672  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:06:08.0343 4672  WPCSvc - ok
19:06:08.0365 4672  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:06:08.0371 4672  WPDBusEnum - ok
19:06:08.0397 4672  [ BDDB40E48E1401A4BDF4E2A4FF948E7A ] WRkrn           C:\Windows\system32\drivers\WRkrn.sys
19:06:08.0401 4672  WRkrn - ok
19:06:08.0431 4672  [ A2330EAF671F637CCB19A0F082A400CD ] WRSVC           C:\Program Files\Webroot\WRSA.exe
19:06:08.0443 4672  WRSVC - ok
19:06:08.0480 4672  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:06:08.0481 4672  ws2ifsl - ok
19:06:08.0524 4672  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:06:08.0530 4672  wscsvc - ok
19:06:08.0581 4672  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
19:06:08.0584 4672  WSDPrintDevice - ok
19:06:08.0607 4672  [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
19:06:08.0610 4672  WSDScan - ok
19:06:08.0616 4672  WSearch - ok
19:06:08.0714 4672  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:06:08.0764 4672  wuauserv - ok
19:06:08.0814 4672  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:06:08.0817 4672  WudfPf - ok
19:06:08.0837 4672  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:06:08.0844 4672  WUDFRd - ok
19:06:08.0895 4672  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:06:08.0902 4672  wudfsvc - ok
19:06:08.0941 4672  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:06:08.0950 4672  WwanSvc - ok
19:06:08.0994 4672  [ BDDB40E48E1401A4BDF4E2A4FF948E7A ] xNTXcVEi        C:\Windows\system32\drivers\xNTXcVEi.sys
19:06:08.0997 4672  xNTXcVEi - ok
19:06:09.0041 4672  [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
19:06:09.0046 4672  xusb21 - ok
19:06:09.0111 4672  [ 74713CB32792F9C7632DAA7DA22CA974 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
19:06:09.0121 4672  ZeroConfigService - ok
19:06:09.0153 4672  ================ Scan global ===============================
19:06:09.0168 4672  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:06:09.0204 4672  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:06:09.0222 4672  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:06:09.0266 4672  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:06:09.0295 4672  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:06:09.0303 4672  [Global] - ok
19:06:09.0305 4672  ================ Scan MBR ==================================
19:06:09.0318 4672  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:06:09.0524 4672  \Device\Harddisk0\DR0 - ok
19:06:09.0531 4672  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
19:06:09.0597 4672  \Device\Harddisk1\DR1 - ok
19:06:09.0602 4672  ================ Scan VBR ==================================
19:06:09.0607 4672  [ 148DF1D8EB60E113D0DB4C3E7F592221 ] \Device\Harddisk0\DR0\Partition1
19:06:09.0610 4672  \Device\Harddisk0\DR0\Partition1 - ok
19:06:09.0631 4672  [ 631F298773E873E4E1F6A93E2C5674E4 ] \Device\Harddisk0\DR0\Partition2
19:06:09.0635 4672  \Device\Harddisk0\DR0\Partition2 - ok
19:06:09.0636 4672  ============================================================
19:06:09.0636 4672  Scan finished
19:06:09.0636 4672  ============================================================
19:06:09.0663 3620  Detected object count: 0
19:06:09.0663 3620  Actual detected object count: 0
19:06:25.0237 0208  Deinitialize success


#5 SomeguyCB

SomeguyCB
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 11 May 2013 - 05:20 AM

ADWCLeaner log

 

I'm sorry I forgot about this. But I did run this about a month ago, this is the most current one, would you need the older one as well?

 

 

# AdwCleaner v2.300 - Logfile created 05/10/2013 at 19:09:06
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\StartSearch
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
[OK] Registry is clean.
 
-\\ Google Chrome v26.0.1410.64
 
File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [1011 octets] - [31/03/2013 08:26:33]
AdwCleaner[S2].txt - [931 octets] - [10/05/2013 19:09:06]
 
########## EOF - C:\AdwCleaner[S2].txt - [990 octets] ##########


ESET Scan results

 

C:\Users\Owner\Downloads\winamp563_full_emusic-7plus_en-us.exe Win32/OpenCandy application cleaned by deleting - quarantined


Edited by SomeguyCB, 11 May 2013 - 05:20 AM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:33 PM

Posted 11 May 2013 - 09:13 AM

Looks good .. is webroot still complaining.

This is a backdorr infecteion and you will need to change passwords on here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 SomeguyCB

SomeguyCB
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 11 May 2013 - 09:33 AM

I just rebooted and yes the files showed up and got automatically quarantined on startup.

 

Do you mean my login passwords for the computer or for this site? (Sorry for the dumb question)



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:33 PM

Posted 11 May 2013 - 10:01 AM

Yes , but more important... email and any Banking..

this malware wants your personal info..

 

As it is re running we need to make a new topic. There we can get a deeper look and get it out.

 

Please follow this Preparation Guide

 

Let me know if that went well.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 SomeguyCB

SomeguyCB
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 12 May 2013 - 03:21 AM

I did as you said and everything went well so far.

 

http://www.bleepingcomputer.com/forums/t/494291/infected-with-virus-that-wont-go-away/



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:33 PM

Posted 13 May 2013 - 07:34 PM

Thank you!

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 2 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users